diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..28fb0786b07ee506cf6a8b512018b2d4d9f82d6e Binary files /dev/null and b/.DS_Store differ diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..03d05707a2ee869bad3ed7089b048f3780fd564b --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +/node_modules +package-lock.json +.idea/ + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000000000000000000000000000000000..3b7b82d0da2db857eda1a798dbd908ea136f07b5 --- /dev/null +++ b/LICENSE @@ -0,0 +1,427 @@ +Attribution-ShareAlike 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More_considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution-ShareAlike 4.0 International Public +License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution-ShareAlike 4.0 International Public License ("Public +License"). To the extent this Public License may be interpreted as a +contract, You are granted the Licensed Rights in consideration of Your +acceptance of these terms and conditions, and the Licensor grants You +such rights in consideration of benefits the Licensor receives from +making the Licensed Material available under these terms and +conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. BY-SA Compatible License means a license listed at + creativecommons.org/compatiblelicenses, approved by Creative + Commons as essentially the equivalent of this Public License. + + d. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + e. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + f. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + g. License Elements means the license attributes listed in the name + of a Creative Commons Public License. The License Elements of this + Public License are Attribution and ShareAlike. + + h. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + i. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + j. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + k. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + l. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + m. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. Additional offer from the Licensor -- Adapted Material. + Every recipient of Adapted Material from You + automatically receives an offer from the Licensor to + exercise the Licensed Rights in the Adapted Material + under the conditions of the Adapter's License You apply. + + c. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + b. ShareAlike. + + In addition to the conditions in Section 3(a), if You Share + Adapted Material You produce, the following conditions also apply. + + 1. The Adapter's License You apply must be a Creative Commons + license with the same License Elements, this version or + later, or a BY-SA Compatible License. + + 2. You must include the text of, or the URI or hyperlink to, the + Adapter's License You apply. You may satisfy this condition + in any reasonable manner based on the medium, means, and + context in which You Share Adapted Material. + + 3. You may not offer or impose any additional or different terms + or conditions on, or apply any Effective Technological + Measures to, Adapted Material that restrict exercise of the + rights granted under the Adapter's License You apply. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material, + + including for purposes of Section 3(b); and + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public +licenses. Notwithstanding, Creative Commons may elect to apply one of +its public licenses to material it publishes and in those instances +will be considered the “Licensor.” The text of the Creative Commons +public licenses is dedicated to the public domain under the CC0 Public +Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the +public licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/PATH_OWNER_MAPPING.YAML b/PATH_OWNER_MAPPING.YAML new file mode 100644 index 0000000000000000000000000000000000000000..677cd30ea3479765556b8d83ef1166891c848714 --- /dev/null +++ b/PATH_OWNER_MAPPING.YAML @@ -0,0 +1,75 @@ +relations: + - path: + - PATH_OWNER_MAPPING.yaml + - docs/zh/docs/A-Ops + - docs/zh/docs/Administration + - docs/zh/docs/ApplicationDev + - docs/zh/docs/Installation + - docs/zh/docs/K3s + - docs/zh/docs/Kernel + - docs/zh/docs/KubeEdge + - docs/zh/docs/Memory-fabric + - docs/zh/docs/Quickstart + - docs/zh/docs/Releasenotes + - docs/zh/docs/SecHarden + - docs/zh/docs/SystemOptimization + - docs/zh/docs/astream + - docs/zh/docs/certification + - docs/zh/docs/desktop + - docs/zh/docs/ops_guide + - docs/zh/docs/thirdparty_migration + - docs/zh/docs/userguide + - docs/en/docs/A-Ops + - docs/en/docs/ApplicationDev + - docs/en/docs/Pin + - docs/en/docs/GCC + - docs/en/docs/EulerMaker + - docs/zh/docs/NestOS + - docs/zh/docs/ROS + - docs/en/docs/UADK + - docs/zh/docs/oepkgs + - docs/zh/docs/memsafety + - docs/zh/docs/Migration-tools + - docs/zh/docs/CPDS + - docs/zh/docs/PilotGo + - docs/zh/docs/CVE-ease + - docs/zh/docs/GMEM + + owner: + - gitee_id: hujunjune + name: hujun + + - path: + - PATH_OWNER_MAPPING.yaml + - docs/zh/docs/A-Tune + - docs/zh/docs/Container + - docs/zh/docs/DPUOffload + - docs/zh/docs/Gazelle + - docs/zh/docs/HSAK + - docs/zh/docs/KernelLiveUpgrade + - docs/zh/docs/KubeOS + - docs/zh/docs/Kubernetes + - docs/zh/docs/ShangMi + - docs/zh/docs/StratoVirt + - docs/zh/docs/TailorCustom + - docs/zh/docs/Virtualization + - docs/zh/docs/oncn-bwm + - docs/zh/docs/rubik + - docs/zh/docs/secGear + - docs/zh/docs/SysCare + - docs/en/docs/A-Tune + - docs/en/docs/Container + - docs/en/docs/DPUOffload + - docs/zh/docs/Kmesh + - docs/zh/docs/sysBoost + + owner: + - gitee_id: amy_mayun + name: zhuyanting + + - path: + - PATH_OWNER_MAPPING.yaml + - docs/zh/docs/Embedded + owner: + - gitee_id: Youmi + name: x00352700 \ No newline at end of file diff --git a/README.en.md b/README.en.md deleted file mode 100644 index 57d177c634f69207c69c906247eac259c560241f..0000000000000000000000000000000000000000 --- a/README.en.md +++ /dev/null @@ -1,36 +0,0 @@ -# docs - -#### Description -To build and enrich documentation for openEuler project. - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README.md b/README.md deleted file mode 100644 index f4e13b3549095a827c5f9e3fcc431f6cf1cd3d11..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# docs - -#### 介绍 -To build and enrich documentation for openEuler project. - -#### 软件架构 -软件架构说明 - - -#### 安装教程 - -1. xxxx -2. xxxx -3. xxxx - -#### 使用说明 - -1. xxxx -2. xxxx -3. xxxx - -#### 参与贡献 - -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request - - -#### 特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目 -5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git "a/archive/Kernel/\345\206\205\345\255\230\345\217\257\351\235\240\346\200\247\345\210\206\347\272\247\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/archive/Kernel/\345\206\205\345\255\230\345\217\257\351\235\240\346\200\247\345\210\206\347\272\247\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..b2358623310d2b2b7421be671fa87670772e87c0 --- /dev/null +++ "b/archive/Kernel/\345\206\205\345\255\230\345\217\257\351\235\240\346\200\247\345\210\206\347\272\247\347\211\271\346\200\247\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -0,0 +1,353 @@ +# 内存可靠性分级管理 + +[1.1 概述](#概述) + +[1.2 约束限制](#约束限制) + +[1.3 使用方法](#使用方法) + +## 概述 + +本特性可以支撑使用者按照需求分配在对应可靠性的内存上,并对部分可能的UCE或CE故障影响进行一定程度的缓解,达到部分MR内存(address range mirror)的情况下,支撑业务整体可靠性不下降。 + +## 约束限制 + +本章节介绍该特性的通用约束,每个子特性会有具体的约束,在对应的小节中详细说明。 + +### 兼容性限制 + +1. 本特性目前仅适用于ARM64。 +2. 硬件需支持部分MR内存(address range mirror),即通过UEFI标准接口上报属性为EFI_MEMORY_MORE_RELIABLE的内存,普通内存无需额外置位。镜像内存(MR)对应为高可靠内存,普通内存对应为低可靠内存。 +3. 高低可靠内存分级借助内核的内存管理区(zone)来实现,两者无法进行动态流动(即页面不能在不同zone之间移动)。 +4. 不同可靠性的连续物理内存会被分隔到不同的memblock,可能会导致原本可以申请大块连续物理内存的场景在使能内存分级后受到限制。 +5. 使能本特性,需要依赖启动参数kernelcore的取值为“kernelcore=reliable”,与该参数其他取值均不兼容。 + +### 设计规格限制 + +1. 内核态开发时,内存申请操作需要注意: + + - 若内存申请接口支持指定gfp_flag,只有gfp_flag包含__GFP_HIGHMEM且__GFP_MOVABLE的内存申请会强制普通内存区域分配或者将这次内存分配重定向可靠内存区域,其他gfp_flag都不会进行干预。 + + - 从slab/slub/slob申请获取的都是高可靠内存(一次性申请内存大于KMALLOC_MAX_CACHE_SIZE时且gfp_flag指定为普通内存区域时可能申请到低可靠内存)。 + +2. 用户态开发时,内存申请操作需要注意: + + - 更改普通进程属性为关键进程后,实际物理内存分配阶段(page fault)才会使用高可靠内存,此前已分配的内存属性不会改变,反之亦然。因此普通进程被拉起到更改关键进程属性期间申请的内存可能不是高可靠内存。是否生效可以通过查询虚拟地址对应的物理地址是否属于高可靠内存段来验证。 + - Libc库如glibc中chunk等类似机制(ptmalloc、tcmalloc、dpdk)为了提高性能存在使用cache的逻辑,而内存cache会导致用户申请内存与内核内存申请逻辑不能完全对应,普通进程变成关键进程时并不能真正使能(该标记仅仅在内核实际发生内存申请时使能)。 + +3. 当上层业务申请内存的时发现高可靠内存不足(触发zone原生min水线)或者触发对应limit限制,会优先释放pagecache以尝试回收高可靠内存。如果仍然申请不到,内核会根据fallback的开关选择oom或fallback到低可靠内存区域完成内存申请。(fallback指某个内存管理区/节点内存不足时,到其他内存管理区/节点申请内存的情况。) + +4. 类似于NUMA_BALANCING的内存动态迁移机制,可能导致已经分配的高/低可靠内存被迁移到别的节点,由于该迁移操作丢失内存申请的上下文,且目标node可能没有对应可靠性的内存,因此可能导致迁移后的内存可靠性与预期不符。 + +5. 按照用户态高可靠内存用途引入如下三个配置文件: + + - /proc/sys/vm/task_reliable_limit: 关键进程(包含systemd)使用的高可靠内存上限。包含匿名页和文件页。进程使用的shmem也会被统计到其中(包含在匿名页中)。 + + - /proc/sys/vm/reliable_pagecache_max_bytes:全局pagecache使用的高可靠内存软上限。约束普通进程使用的高可靠pagecache的数量,系统默认不限制pagecache使用的高可靠内存的量。高可靠进程和文件系统元数据等场景不受此约束。无论fallback开关是否开启,普通进程触发该上限时,会默认申请低可靠内存,若低可靠内存申请不到,则遵循原生流程处理。 + + - /proc/sys/vm/shmem_reliable_bytes_limit:全局shmem使用的高可靠内存软上限。约束普通进程shmem使用高可靠内存的数量,系统默认不限制shmem使用的高可靠内存的量。高可靠进程不受此约束。关闭fallback时,普通进程触发该上限会导致内存申请失败,但不会OOM(与原生流程一致)。 + + 触及这些值可能会导致内存申请fallback或者OOM。 + + 关键进程在tmpfs或pagecache流程产生缺页引发的内存申请,有可能触发多个limit,多个limit之间交互关系情况详见表格。 + + | 是否触及task_reliable_limit | 是否触及reliable_pagecache_max_bytes或者shmem_reliable_bytes_limit | 内存申请处理策略 | + | --------------------------- | ------------------------------------------------------------ | ------------------------------------------------ | + | 是 | 是 | 优先回收pagecache以满足申请,否则Fallback或者OOM | + | 是 | 否 | 优先回收pagecache以满足申请,否则Fallback或者OOM | + | 否 | 否 | 先高可靠内存,失败Fallback或者OOM | + | 否 | 是 | 先高可靠内存,失败Fallback或者OOM | + + 关键进程会遵循task_reliable_limit的限制,如果task_reliable_limit高于tmpfs或pagecachelimit时,由关键进程产生的pagecache、tmpfs依旧会使用高可靠内存,由此会产生pagecache、tmpfs使用高可靠内存数量高于对应Limit的情况。 + + 当触发task_reliable_limit,如果高可靠filecache低于4M,不会进行同步回收。如果pagecache产生时,高可靠filecache低于4M,那么会fallback到低可靠内存完成申请,如果高于4M那么会优先回收pagecache满足此次申请。但接近4M时,会触发更频繁的cache直接回收,由于cache直接回收锁开销大,会导致高cpu占用率,此时文件读写性能接近裸盘性能。 + +6. 即使系统存在足够申请的高可靠内存,在如下场景下也存在fallback到低可靠内存区域内存申请的场景。 + + - 如果进行无法迁移到其他节点进行内存申请,那么会fallback当前节点的低可靠内存,常用场景举例如下: + - 如果内存申请带上了__GFP_THISNODE(如透明大页申请),代表只能从当前节点申请内存,如果此节点高可靠内存不满足申请情况,那么会尝试从本内存节点的低可靠内存区域进行内存申请。 + - 进程通过taskset、numactl等命令运行在某个包含普通内存节点。 + - 进程在系统内存原生的调度机制下调度到了某个包含普通内存节点。 + - 高可靠内存申请触发高可靠内存使用水线也会导致fallback到低可靠。 + +7. 内存分级fallback关闭时,高可靠内存将不能向低可靠内存扩展,有可能导致用户态应用对内存用量的判断与本特性不兼容,比如通过MemFree判断可用内存量。 + +8. 内存分级fallback开启时,对原生fallback有影响,主要区别在于内存管理区zone与NUMA节点的选择上,列举如下: + +- **普通用户进程**fallback流程将会是: 本节点低可靠内存->远端节点低可靠内存。 +- **关键用户进程**fallback流程将会是:本节点高可靠内存-> 远端节点高可靠内存。如果还未申请到内存且开启了memory reliable的fallback功能,将会额外重试: 本节点低可靠内存-> 远端节点低可靠内存。 + +### 场景限制 + +1. 默认页面大小(PAGE_SIZE)只支持4K页面大小。 +2. Numa Node0上低4G内存必须要为高可靠且高可靠内存大小与低可靠内存大小满足内核使用,否则可能导致系统无法启动。其他node的高可靠内存空间大小无要求,但需注意: + 某个node上没有高可靠内存或者高可靠内存不足,可能导致per-node管理结构位于其他node的高可靠内存上(因为其为内核数据结构需要在高可靠区域),由此会产生内核warning,如vmemmap会产生vmemmap_verify相关告警且存在性能影响。 +3. 本特性部分统计值(比如tmpfs高可靠总量)使用percpu技术进行统计,会有额外开销,计算总和时考虑到减少性能影响。因此存在一定的误差,误差10%内属于正常。 +4. 大页限制: + - 启动阶段静态大页为低可靠内存,运行时申请的静态大页默认为低可靠内存,如果内存申请发生在关键进程上下文,那么申请到的大页为高可靠内存。 + - 透明大页THP场景下,通过扫描进行合并大页(2M页为例)时如果待合并的512个4k页面中某一个为高可靠页面,那么新申请的2M大页会使用高可靠内存,透明大页会导致使用更多高可靠内存。 + - 2M大页预留申请遵循原生的fallback流程,如果当前node缺少低可靠内存,那么会fallback高可靠区间申请高可靠完成内存申请。 + - 启动阶段进行2M大页预留,如果没有指定内存节点,那么会负载均衡到每个内存节点进行大页的预留。如果某个内存节点缺少低可靠内存,那么会遵循原生流程使用高可靠。 +5. 当前仅仅支持正常系统启动场景。部分异常场景内核启动可能与内存分级功能不兼容,如kdump启动阶段(当前kdump已支持自动关闭,其他场景需要上层业务关闭。) +6. SWAP换入换出、内存offline、KSM、cma、giganic page流程下新申请的页面类型没有基于分级内存进行考量,可能出现未定义情况(未定义情况包括高可靠用量统计不准、申请到的内存可靠性等级与预期不符等)。 + +### 性能影响 + +- 物理页申请因分级管理的引入而增加了判断逻辑,会有一些性能影响,具体影响程度与系统状况、申请内存类型、各节点高低可靠内存余量有关。 +- 本特性引入高可靠内存相关用量统计值,会对系统性能产生影响。 +- 触发task_reliable_limit时,会对位于高可靠区域的cache同步回收,会增加CPU占用率。pagecache申请(文件读写操作,比如dd)触发task_reliable_limit的场景下,如果当前高可靠内存可用量(ReliableFileCache视为可用内存)接近4M时,会触发更频繁的cache直接回收,由于cache直接回收锁开销大,会导致高cpu占用率。此时文件读写性能接近裸盘性能。 + +## 使用方法 + +### OS支持内存分级管理 + +#### 概述 + +由于内存按照高低可靠性分为两段,内存的申请释放也需要按照高低可靠来进行分开管理。OS需要能够控制内存申请路径,用户态进程使用低可靠内存,内核态使用高可靠内存。高可靠内存不足时需要能够fallback到低可靠区申请或者直接申请失败。 + +同时对于进程部分内存段的可靠性需求与进程本身的性质,也需要能够支持按需指定申请高低可靠内存。如指定关键进程使用高可靠内存,减少关键进程遇到内存错误的概率。目前内核使用的都是高可靠内存,用户态进程使用的都是低可靠内存。如此会造成一些关键或者核心服务的不稳定,如业务转发进程,如果发生故障,会造成IO中断,影响业务的稳定性。因此需要对这些关键服务特殊处理,使其使用高可靠内存,提高关键进程运行的稳定性。 + +在系统遇到内存错误,OS应对未分配的低可靠内存进行覆盖写,以清除未发现的内存错误。 + +#### 约束限制 + +- **关键进程使用高可靠内存** + + 1. /proc//reliable 接口的滥用可能存在高可靠内存被过多使用的风险。 + 2. 用户态进程 reliable 属性只能在进程被拉起后,通过 proc 接口修改或者直接继承父进程该属性。systemd(pid=1)使用高可靠内存,其 reliable 属性无作用,也不继承,内核态线程reliable属性无效。 + 3. 进程的程序段和数据使用高可靠内存,高可靠不足,使用低可靠启动。 + 4. 普通进程在某些场景也会使用到高可靠内存,如hugetlb、pagecache、vdso、tmpfs等。 + +- **未分配内存覆盖写特性** + + 未分配内存覆盖写特性只能执行一次,不支持并发操作,如果执行会有如下影响: + + 1. 该特性耗时较大,每个 Node 有一个 CPU 被覆盖写线程所占用,其他任务在该 CPU 上无法调度。 + 2. 覆盖写过程需获取 Zone lock,其他业务进程内存申请要等待覆盖写完成,可能导致内存分配不及时。 + 3. 并发执行情况下会排队阻塞,产生更大的延时。 + + 如果机器性能不佳,将有可能触发内核RCU stall或soft lockup警告,以及进程内存申请操作被阻塞。因此请限制该特性在必要时只在物理机环境下使用,虚拟机等场景大概率出现如上现象。 + + 物理机参考数据可见下表(实际耗时与硬件性能、当前系统负载有关系)。 + +表:基于物理机TaiShan 2280 V2空载状态下测试数据 + +| 测试项 | Node 0 | Node 1 | Node 2 | Node 3 | +| ------------- | ------ | ------ | ------ | ------ | +| Free Mem (MB) | 109290 | 81218 | 107365 | 112053 | + +总耗时 3.2s + +#### 使用方法 + +本子特性提供较多接口,使能特性并校验只需要步骤1-6即可。 + +1. 配置启动参数“kernelcore=reliable”,代表打开内存分级管理开关,CONFIG_MEMORY_RELIABLE是必要的配置,否则整个系统的内存可靠性分级管理不使能。 + +2. 根据需要,可以通过启动参数reliable_debug=[F][,S][,P]来选择性关闭fallback功能(F)、关闭tmpfs使用高可靠内存(S)以及关闭读写缓存使用高可靠内存(P),默认以上功能都使能。 + +3. 根据BIOS上报的地址段,查找高可靠内存,并进行标记,对于NUMA系统,不一定每个node上都要预留可靠内存,但是node 0上低4G物理空间必须为高可靠的内存,系统启动过程中会申请内存,如果无法分到高可靠内存,则会 fallback 到低可靠内存进行分配(mirror功能自带的fallback逻辑)或导致系统无法启动。如果使用低可靠内存,整个系统都不稳定,所以要保留node0上的高可靠内存且低4G物理空间必须为高可靠的内存。 + +4. 启动后,用户可以通过启动日志判断内存分级是否使能,应出现如下打印: + + ```Shell + mem reliable: init succeed, mirrored memory + ``` + +5. 高可靠内存对应的物理地址段可以通过启动日志来查询,观察efi上报memory map里的属性,带有“MR”的即为高可靠内存段,如下为启动日志节选,其中内存段mem06为高可靠内存,mem07为低可靠内存,其物理地址范围也列举在后(其他方式无法直接查询高低可靠内存地址范围)。 + + ```text + [ 0.000000] efi: mem06: [Conventional Memory| |MR| | | | | | |WB| | | ] range=[0x0000000100000000-0x000000013fffffff] (1024MB) + [ 0.000000] efi: mem07: [Conventional Memory| | | | | | | | |WB| | | ] range=[0x0000000140000000-0x000000083eb6cfff] (28651MB) + ``` + +6. 内核态开发时,对于一个页面struct page,可以通过其所处的 zone来判断,ZONE_MOVABLE为低可靠内存区,zone编号小于ZONE_MOVABLE的均为高可靠内存区,判断方式举例如下。 + + ```c + bool page_reliable(struct page *page) + { + if (!mem_reliable_status() || !page) + return false; + return page_zonenum(page) < ZONE_MOVABLE; + } + ``` + + 此外提供的若干接口按照功能点分类列举如下: + + 1. **代码层面判断可靠性是否使能:**在内核模块中通过如下接口来判断,返回 true 表示内存分级功能真正使能,返回false则未使能。 + + ```c + #include + bool mem_reliable_status(void); + ``` + + 2. **内存热插拔:**如果内核本身使能内存热插拔操作(Logical Memory hot-add),高低可靠内存也支持该操作,操作单位为memory block,与原生流程一致。 + + ```Shell + # 上线内存到高可靠区 + echo online_kernel > /sys/devices/system/memory/auto_online_blocks + # 上线内存到低可靠区 + echo online_movable > /sys/devices/system/memory/auto_online_blocks + ``` + + 3. **动态关闭某项分级管理功能:**使用long类型控制根据每个bit判断内存分级功能开关与关闭某项功能: + + - bit0:内存可靠性分级管理功能。 + - bit1:禁止fallback到低可靠区域。 + - bit2:关闭tmpfs使用高可靠内存。 + - bit3:关闭pagecache使用高可靠内存。 + + 其他bit预留,用于扩展。如需更改,可通过如下proc接口(权限为600),取值范围0-15,(只有当总功能bit0为1时才会处理后续功能,否则直接关闭所有功能)。 + + ```Shell + echo 15 > /proc/sys/vm/reliable_debug + # 关闭所有功能,因为bit0为0 + echo 14 > /proc/sys/vm/reliable_debug + ``` + + 此命令只能用于关闭功能,不能打开。对于已经关闭的功能或者运行时关闭的功能,这个命令不能将其打开。 + + 注:此功能用于逃生使用,仅异常场景或者调测阶段需要关闭内存可靠性特性时配置,禁止作为常规功能直接使用。 + + 4. **查看高可靠内存部分统计信息:**可以通过原生/proc/meminfo来查看,其中: + + - ReliableTotal:内核管理可靠内存总大小。 + - ReliableUsed:系统使用可靠内存总大小,包含系统阶段reserved使用。 + - ReliableBuddyMem:伙伴系统剩余可靠总内存大小。 + - ReliableTaskUsed:表示当前关键用户进程,systemd使用的高可靠内存大小,包括匿名页与文件页。 + - ReliableShmem:表示共享内存高可靠用量,包括共享内存、tmpfs、rootfs使用高可靠内存总大小。 + - ReliableFileCache:表示读写缓存高可靠内存用量。 + + 5. **未分配内存覆盖写:**该功能需要打开配置项。 + + CONFIG_CLEAR_FREELIST_PAGE,并且添加启动参数clear_freelist,两者具备才会使能。通过proc接口触发,取值范围只能为1(权限为0200)。 + + ```Shell + echo 1 > /proc/sys/vm/clear_freelist_pages + ``` + + 注:该特性依赖启动参数clear_freelist,内核对启动参数只匹配前缀,故诸如“clear_freelisttt”也会生效该特性。 + + 为防止误操作,加入内核模块参数cfp_timeout_ms,代表调用覆盖写功能的最长执行时长(超时则没写完也退出),通过sys接口触发,默认取值为2000ms(权限为0644): + + ```Shell + echo 500 > /sys/module/clear_freelist_page/parameters/cfp_timeout_ms # 设置超时为500ms + ``` + + 6. **查看更改当前进程高低可靠属性:**可以通过/proc//reliable来查看该进程是否是高可靠进程;运行写入,该标识会继承,如果子进程不需要,则手动修改子进程属性;systemd和内核线程不支持该属性的读写;可以写0或 者1,默认为0,代表低可靠进程(权限为0644)。 + + ```Shell + # 更改pid=1024的进程为高可靠进程,从更改之后开始进程缺页申请的内存是从高可靠内存区域申请,申请不到有可能fallback到低可靠 + echo 1 > /proc/1024/reliable + ``` + + 7. **设置用户态高可靠进程申请上限:**通过/proc/sys/vm/task_reliable_limit来修改用户态进程申请高可靠内存的上限,对应取值范围为[ReliableTaskUsed, ReliableTotal],单位为Byte(权限为0644)。需注意: + + - 缺省值为ulong_max,代表不受限制。 + - 当该值为0,可靠进程不可使用高可靠内存,fallback模式下,fallback到低可靠内存区域申请,否则直接OOM。 + - 当该值不为0并且触发该limit, 使能fallback功能,fallback到低可靠内存区域申请内存,不使能fallback功能,则返回OOM。 + +### 读写缓存使用高可靠内存 + +#### 概述 + +Page cache 也叫页缓冲或文件缓冲,在linux读写文件时,它用于缓存文件的逻辑内容,从而加快对磁盘上映像和数据的访问。Page cache申请如果使用低可靠内存,当访问时可能触发UCE导致系统异常。因此,需要将读写缓存(page cache)放到高可靠内存区域,同时为了防止Page cache申请过多(默认无限制)将高可靠内存耗尽,需要对page cache的总量及使用可靠内存总量进行限制。 + +#### 约束限制 + +1. page cache超过限制后,page cache会进行定期回收,如果page cache的产生的速度大于page cache回收的速度则无法保证page cache的数量在指定的限制之下。 +2. /proc/sys/vm/reliable_pagecache_max_bytes的使用有一定限制,有部分场景的page cache会强制使用可靠内存,如读文件系统的元数据(inode, dentry等),会导致page cache使用的可靠内存超过接口的限制,可以通过 echo 2 \> /proc/sys/vm/drop_caches 来释放inode和dentry。 +3. page cache使用的高可靠内存超过reliable_pagecache_max_bytes限制时,会默认申请低可靠内存,若低可靠内存申请不到,则遵循原生流程处理。 +4. FileCache的统计会先统计到per cpu的缓存中,当缓存中的值超过阈值时才会加到整个系统中,之后才能在/proc/meminfo中体现,ReliableFileCache在/proc/meminfo中没有上述的阈值,会导致有时ReliableFileCache比FileCache的统计值稍大。 +5. 写缓存场景会被dirty_limit限制(由/proc/sys/vm/dirty_ratio限制,代表单个内存节点脏页百分比),超过阈值会跳过当前zone。对于内存分级而言,由于高低可靠内存处于不同的zone,写缓存有可能触发本节点的fallback,使用本节点的低可靠内存。可以通过echo 100 > /proc/sys/vm/dirty_ratio来取消限制。 +6. 读写缓存使用高可靠内存的特性中会限制page cache的使用量,如下几种情况会导致系统性能受影响: + - 如果page cache的上限值限制的过小,会导致IO增加,影响系统性能。 + - 如果page cache 回收的过于频繁,则可能会导致系统卡顿。 + - 如果page cache超过限制后每次回收量过大,则可能导致系统卡顿。 + +#### 使用方法 + +读写缓存使用高可靠内存默认使能,如需关闭,可通过启动项参数设置reliable_debug=P。且page cache不能无限使用,需要限制page cache的使用量。限制page cache量的功能依赖的config开关为CONFIG_SHRINK_PAGECACHE。 + +/proc/meminfo中的FileCache可以用来查询page cache的使用量,ReliableFileCache可以用来查询page cache中可靠内存的使用量。 + +限制page cache量的功能依赖若干proc接口,接口定义在/proc/sys/vm/下,用来控制page cache的使用量,具体如下表: + +| 接口名称(原生/新增) | 权限 | 说明 | 缺省值 | +| ------------------------------------ | ---- | ------------------------------------------------------------ | ------------------------------------------ | +| cache_reclaim_enable(原生) | 644 | 表示page cache限制的功能的使能开关。 **取值范围:**0 或者 1,输入非法值,返回错误。 **示例:**echo 1 > cache_reclaim_enable | 1 | +| cache_limit_mbytes(新增) | 644 | **含义:**表示cache的上限,以M为单位,最小值0(表示关闭限制功能),最大值为meminfo中的MemTotal值(以M为单位换算后)。 **取值范围:**最小值0(表示关闭限制功能),最大值为内存大小(以M为单位,如free –m看到的值)。 **示例:** echo 1024 \> cache_limit_mbytes **其他:**建议cache上限不要低于总内存的一半,否则cache过小可能影响IO性能。 | 0 | +| cache_reclaim_s(原生) | 644 | **含义:**表示定期触发cache回收的时间,以秒为单位系统会根据当前online的cpu个数来创建工作队列,如果有n个cpu则创建n个工作队列,每个工作队列每隔cache_reclaim_s秒进行一次回收。该参数与cpu上下线功能兼容,如果cpu offline,则会减少工作队列个数,cpu online,则会增加。 **取值范围:**最小值0(表示关闭定期回收功能),最大43200,输入非法值,返回错误。 **示例:**echo 120 \> cache_reclaim_s **其他:**建议定期回收时间设成几分钟的级别(如2分钟),否则频繁回收可能导致系统卡顿。 | 0 | +| cache_reclaim_weight(原生) | 644 | **含义:**表示每次回收的权值,内核每个CPU每次期望回收32 \* cache_reclaim_weight个page。该权值同时作用于page上限触发的回收和定期page cache回收。 **取值范围:**最小值1,最大值100,输入非法值,返回错误。 **示例:**echo 10 \> cache_reclaim_weight **其他:**建议设为10或以下,否则每次回收过多内存时,系统可能卡顿。 | 1 | +| reliable_pagecache_max_bytes(新增) | 644 | **含义:**该接口用于控制page cache中高可靠内存的总量。 **取值范围**:0 \~ 高可靠内存最大值,单位为Bytes,高可靠内存的最大值可以通过/proc/meminfo查询,输入非法值返回错误。 **示例:**echo 4096000 \> reliable_pagecache_max_bytes | unsigned long 类型的最大值,代表不限制用量 | + +### tmpfs使用高可靠内存 + +#### 概述 + +对于使用tmpfs做rootfs,rootfs中存放的操作系统使用的核心文件和数据。但是tmpfs默认使用的是低可靠内存,这样会造成核心文件和数据的不可靠。因此需要tmpfs整体使用高可靠内存。 + +#### 使用方法 + +tmpfs使用高可靠内存默认使能,如需关闭,可通过启动项参数设置reliable_debug=S,可以通过/proc/sys/vm/reliable_debug动态关闭,但不能动态打开。 + +在使能tmpfs使用高可靠内存时,可通过/proc/meminfo中ReliableShmem查看当前tmpfs已经使用的高可靠内存。 + +默认tmpfs使用上限是物理内存的一半(rootfs使用tmpfs时除外)。基于传统的SYS V的共享内存,它的使用同时受/proc/sys/kernel/shmmax以及/proc/sys/kernel/shmall的限制,可以动态配置。同时他们也受tmpfs使用高可靠内存的限制。详见下表. + +| **参数** | **说明** | +|---------------------------------|--------------------------------| +| /proc/sys/kernel/shmmax(原生) | SysV共享内存单个段可使用的大小 | +| /proc/sys/kernel/shmall(原生) | SysV共享内存总的可使用的大小 | + +新增接口 /proc/sys/vm/shmem_reliable_bytes_limit 用户设置系统级别 tmpfs 可用的高可靠大小(单位为Byte),缺省值为LONG_MAX,代表用量不受限。可设置的范围为[0, 系统可靠内存总大小],权限为644。fallback关闭时,在达到该使用上限时,返回没有内存的错误,fallback开启时会尝试从低可靠区域申请。使用示例: + +```Shell +echo 10000000 > /proc/sys/vm/shmem_reliable_bytes_limit +``` + +### 用户态穿越内核UCE不复位 + +#### 概述 + +按照内存可靠性分级的方案,内核以及关键进程使用高可靠内存。大部分用户态进程使用低可靠内存。系统运行时,涉及大量的用户态与内核态数据交换,数据传入内核态时,即发生低可靠内存上数据拷贝到高可靠内存区域。拷贝动作发生在内核态,如果这时在读取用户态数据时发生UCE错误,即发生内核态消费内存UCE,系统会触发panic。本子特性对部分用户态穿越内核UCE场景提供解决方案,避免系统复位,包括COW场景、copy_to_user场景、copy_from_user场景、get_user场景、put_user场景、coredump场景,其余场景均不支持。 + +#### 约束限制 + +1. ARMv8.2及以上版本支持的RAS特性。 +2. 本特性更改的是同步异常处理策略,因此本特性的生效依赖于内核收到Firmware上报的同步异常。 +3. 内核处理依赖BIOS上报的错误类型,不能处理fatal级别硬件错误,可以处理recoverable级别的硬件错误。 +4. 仅支持COW场景、copy_to_user场景(包含读缓存pagecache)、copy_from_user场景、get_user场景、put_user场景、coredump场景六个用户态穿越内核态场景,其余场景不支持。 +5. 在coredump场景中,因为需要在文件系统的write接口上做UCE容错,本特性只支持常用的三个文件系统:ext4、tmpfs、pipefs,对应的容错接口如下: + - pipefs:copy_page_from_iter + - ext4/tmpfs:iov_iter_copy_from_user_atomic + +#### 使用方法 + +确保内核开启config开关CONFIG_ARCH_HAS_COPY_MC,/proc/sys/debug/machine_check_safe值为1时代表全场景使能,改为0代表不使能,其他值均为非法。 + +当前各场景容错处理机制如下: + +| 序号 | 场景 | 现象 | 应对措施 | +| ---- | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | +| 1 | copy_from/to_user:最基本的用户态穿越,主要涉及syscall,sysctl,procfs的操作 | 如果在拷贝时出现UCE异常,会导致内核复位 | 出现 UCE 异常时,kill 当前进程,内核不主动复位 | +| 2 | get/put_user:用于简单的变量拷贝,主要是netlink的场景用的比较多 | 如果在拷贝时出现UCE异常,会导致内核复位 | 出现 UCE 异常时,kill 当前进程,内核不主动复位 | +| 3 | COW:fork子进程,触发写时拷贝 | 触发写时拷贝,如果出现UCE会导致内核复位 | 出现 UCE 异常时,kill 相关进程,内核不主动复位 已实现,见36节 | +| 4 | 读缓存:用户态使用了低可靠内存,用户态程序读写文件时,操作系统会使用空闲内存缓存硬盘文件,提升性能。但用户态程序对文件的读取会先经过内核访问缓存 | 出现UCE异常,会导致内核复位 | 出现 UCE 错误时,kill 当前进程,内核不主动复位 已实现,见36节 | +| 5 | coredump时内存访问触发UCE | 出现UCE异常,会导致内核复位 | 出现 UCE 错误时,kill 当前进程,内核不主动复位 | +| 6 | 写缓存:写缓存回刷到磁盘时,触发UCE | 回刷缓存其实就是磁盘DMA数据的搬移,如果在此过程中触发UCE,超时结束后,页面写失败,这样会造成数据不一致,进而会导致文件系统不可用,如果是关键的数据,会出现内核复位 | 没有解决方案,不支持,内核会发生复位 | +| 7 | 内核启动参数、模块参数使用的都是高可靠内存 | / | 不支持,且本身风险降低 | +| 8 | relayfs:是一个快速的转发数据的文件系统,用于从内核态转发数据到用户态, | / | 不支持,且本身风险降低 | +| 9 | seq_file:将内核数据通过文件的形式传输到用户态 | / | 不支持,且本身风险降低 | + +由于用户态数据大多使用低可靠内存,本项目只涉及内核态读取用户态数据的场景。Linux系统下用户空间与内核空间数据交换有九种方式, 包括内核启动参数、模块参数与 sysfs、sysctl、syscall(系统调用)、netlink、procfs、seq_file、debugfs和relayfs。另有两种情况,进程创建时,COW(copy on write,写时复制)场景,和读写文件缓存(pagecache)场景。 + +其中sysfs,syscall, netlink, procfs 等方式从用户态传输数据到内核都是通过copy_from_user或者get_user的方式。 + +因此用户态穿越到内核有如下几种场景: + +copy_from_user、get_user、COW、读缓存、写缓存回刷。 + +内核态传到用户态有如下几种场景: + +relayfs、seq_file、copy_to_user、put_user。 diff --git "a/archive/LLM/LLM\347\224\250\346\210\267\346\214\207\345\215\227.md" "b/archive/LLM/LLM\347\224\250\346\210\267\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..86c8d9a978644a24ca2a131981efd0043b8ba36e --- /dev/null +++ "b/archive/LLM/LLM\347\224\250\346\210\267\346\214\207\345\215\227.md" @@ -0,0 +1,5 @@ +# LLM 用户指南 + +本文档介绍openEuler大语言模型(Large Language Model, LLM)的安装、开发等,帮助用户快速了解并使用LLM。LLM是一种人工智能模型,旨在理解和生成人类语言。它们在大量的文本数据上进行训练,可以执行广泛的任务,包括文本总结、翻译、情感分析等等。 + +本文档适用于使用openEuler系统并希望了解和使用LLM的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备基本的Linux操作系统知识。 diff --git "a/archive/LLM/chatglm-cpp\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/archive/LLM/chatglm-cpp\344\275\277\347\224\250\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..659397166377d5527a68d2bea862f8a28e584419 --- /dev/null +++ "b/archive/LLM/chatglm-cpp\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -0,0 +1,119 @@ +# chatglm-cpp 使用指南 + +## 介绍 + +chatglm-cpp 是基于 C/C++ 实现的 ChatGLM 大模型接口,可以支持用户在CPU机器上完成开源大模型的部署和使用。 + +chatglm-cpp 支持多个中文开源大模型的部署,如 ChatGLM-6B,ChatGLM2-6B ,Baichuan-13B 等。 + +## 软件架构 + +chatglm-cpp 核心架构分为两层 + +- 模型量化层:可以量化开源模型,减少模型大小; +- 模型启动层:可以启动量化后的模型。 + +特性: + +- 基于 ggml 的 C/C++ 实现; +- 通过 int4/int8 量化、优化的 KV 缓存和并行计算等多种方式加速 CPU 推理; +- 互动界面是流媒体生成,具有打字机效果; +- 无需 GPU,可只用 CPU 运行。 + +## 安装教程 + +### 软硬件要求 + +处理器架构:支持 AArch64 和 X86_64 处理器架构; + +操作系统:openEuler 23.09; + +内存:根据不同开源模型的大小,不低于4G。 + +### 安装组件 + +使用 chatglm-cpp 部署大模型,需要安装 chatglm-cpp 软件包。安装前,请确保已经配置了 openEuler yum 源。 + +1. 安装: + +```bash +yum install chatglm-cpp +``` + +1. 查看是否安装成功: + +```bash +chatglm_cpp_main -h +``` + +若成功显示 help 信息则安装成功。 + +## 使用说明 + +### 不使用容器 + +1. 需要安装 chatglm-cpp 软件包: + +```bash +yum install chatglm-cpp +``` + +2. 需要下载开源大模型,如ChatGLM-6B、ChatGLM2-6B等。并将下载的开源大模型通过chatglm_convert.py进行模型量化: + +```bash +python3 /usr/bin/chatglm_convert.py -i model_path/ -t q4_0 -o chatglm-ggml_1.bin +``` + +其中`model_path`为开源大模型的存放路径,q4_0 为开源大模型量化的精度,chatglm-ggml_1.bin 是输出的量化模型的名称。 + +3. 启动模型,进行对话: + +```bash +chatglm_cpp_main -m model_path -i +``` + +其中`model_path`为量化模型的存放路径。 + +可通过以下命令查看命令行选项用法: + +```bash +chatglm_cpp_main -h +``` + +### 使用容器 + +1. 拉取容器镜像: + +```bash +docker pull hub.oepkgs.net/openeuler/chatglm_image +``` + +2. 运行容器镜像,进行对话: + +```bash +docker run -it --security-opt seccomp=unconfined hub.oepkgs.net/openeuler/chatglm_image +``` + +### 正常启动界面 + +模型启动后的界面如图1所示: + +**图1** 模型启动界面 + +![模型启动界面](figures/chatglm.png) + +## 规格说明 + +本项目可支持在 CPU 级别的机器上进行大模型的部署和推理,但是模型推理速度对硬件仍有一定的要求,硬件配置过低可能会导致推理速度过慢,降低使用效率。 + +表1可作为不同机器配置下推理速度的参考: + +表格中 Q4_0,Q4_1,Q5_0,Q5_1 代表模型的量化精度;ms/token 代表模型的推理速度,含义为每个token推理耗费的毫秒数,该值越小推理速度越快; + +**表1** 模型推理速度的测试数据 + +| ChatGLM-6B | Q4_0 | Q4_1 | Q5_0 | Q5_1 | +|--------------------------------|------|------|------|------| +| ms/token (CPU @ Platinum 8260) | 74 | 77 | 86 | 89 | +| 模型大小 | 3.3G | 3.7G | 4.0G | 4.4G | +| 内存占用 | 4.0G | 4.4G | 4.7G | 5.1G | diff --git a/archive/LLM/figures/chatglm.png b/archive/LLM/figures/chatglm.png new file mode 100644 index 0000000000000000000000000000000000000000..bad255b5fd2ade512d291cdd871c6f7f1262560a Binary files /dev/null and b/archive/LLM/figures/chatglm.png differ diff --git a/archive/LLM/figures/llama.png b/archive/LLM/figures/llama.png new file mode 100644 index 0000000000000000000000000000000000000000..184dbf6f0632565477d45077d926f61da1c6ee5a Binary files /dev/null and b/archive/LLM/figures/llama.png differ diff --git "a/archive/LLM/llama.cpp\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/archive/LLM/llama.cpp\344\275\277\347\224\250\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..edceb58d034fffbef32c31f35da5af737b13556d --- /dev/null +++ "b/archive/LLM/llama.cpp\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -0,0 +1,119 @@ +# llama.cpp 使用指南 + +## 介绍 + +llama.cpp 是基于 C/C++ 实现的 LLaMa 英文大模型接口,可以支持用户在CPU机器上完成开源大模型的部署和使用。 + +llama.cpp 支持多个英文开源大模型的部署,如LLaMa,LLaMa2,Vicuna等。 + +## 软件架构 + +llama.cpp 核心架构分为两层: + +- 模型量化层:可以量化开源模型,减少模型大小; +- 模型启动层:可以启动量化后的模型。 + +特性: + +- 基于 ggml的C/C++ 实现 +- 通过 int4/int8 量化、优化的KV缓存和并行计算等多种方式加速 CPU 推理; +- 互动界面是流媒体生成,具有打字机效果; +- 无需 GPU,可只用 CPU 运行。 + +## 安装教程 + +### 软硬件要求 + +处理器架构:支持 AArch64 和 X86_64 处理器架构; + +操作系统:openEuler 23.09; + +内存:根据不同开源模型的大小,不低于 4G 。 + +### 安装组件 + +使用llama.cpp部署大模型,需要安装 llama.cpp 软件包。安装前,请确保已经配置了 openEuler yum 源。 + +1. 安装: + +```bash +yum install llama.cpp +``` + +2. 查看是否安装成功: + +```bash +llama_cpp_main -h +``` + +若成功显示 help 信息则安装成功。 + +## 使用说明 + +### 不使用容器 + +1. 需要安装 llama.cpp 软件包: + +```bash +yum install llama.cpp +``` + +2. 需要下载开源大模型,如LLaMa、LLaMa2等。并将下载的开源大模型通过 llama_convert.py 进行模型量化: + +```bash +python3 /usr/bin/llama_convert.py model_path/ +``` + +其中`model_path`为开源大模型的存放路径。 + +3. 启动模型,进行对话: + +```bash +llama_cpp_main -m model_path --color --ctx_size 2048 -n -1 -ins -b 256 --top_k 10000 --temp 0.2 --repeat_penalty 1.1 -t 8 +``` + +其中`model_path`为量化模型的存放路径。 + +可通过以下命令查看命令行选项用法: + +```bash +llama_cpp_main -h +``` + +### 使用容器 + +1. 拉取容器镜像: + +```bash +docker pull hub.oepkgs.net/openeuler/llama_image +``` + +2. 运行容器镜像,进行对话: + +```bash +docker run -it --security-opt seccomp=unconfined hub.oepkgs.net/openeuler/llama_image +``` + +### 正常启动界面 + +模型启动后的界面如图1所示: + +**图1** 模型启动界面 + +![模型启动界面](figures/llama.png) + +## 规格说明 + +本项目可支持在CPU级别的机器上进行大模型的部署和推理,但是模型推理速度对硬件仍有一定的要求,硬件配置过低可能会导致推理速度过慢,降低使用效率。 + +表1可作为不同机器配置下推理速度的参考: + +表格中 Q4_0,Q4_1,Q5_0,Q5_1 代表模型的量化精度;ms/token 代表模型的推理速度,含义为每个token推理耗费的毫秒数,该值越小推理速度越快; + +**表1** 模型推理速度的测试数据 + +| LLaMa-7B | Q4_0 | Q4_1 | Q5_0 | Q5_1 | +|--------------------------------|------|------|------|------| +| ms/token (CPU @ Platinum 8260) | 55 | 54 | 76 | 83 | +| 模型大小 | 3.5G | 3.9G | 4.3G | 6.7G | +| 内存占用 | 3.9G | 4.2G | 4.5G | 5.0G | diff --git "a/archive/Memory-fabric/Memory-Fabric\347\224\250\346\210\267\346\214\207\345\215\227.md" "b/archive/Memory-fabric/Memory-Fabric\347\224\250\346\210\267\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..71945d53012aedf602ac4844613afe56a7840dee --- /dev/null +++ "b/archive/Memory-fabric/Memory-Fabric\347\224\250\346\210\267\346\214\207\345\215\227.md" @@ -0,0 +1,96 @@ +# Memory Fabric用户文档 + +- [简介](简介.md) +- [部署](部署.md) +- [启动](启动.md) +- [接口](接口.md) + +# 简介 + +内存池套件是基于内存型介质和新型网络技术,构建高性能的分布式内存资源池,并通过BigMemory、MemPlog、MemKV等语义对应用提供服务。 + +内存池套件使用和管理的资源来自计算节点或者单独资源节点提供的可共享的DRAM/Persistent Memory/内存盘等(不支持普通disk直接互联池化),结合新型互联协议(RDMA,CXL,UBUS)us级传输时延,期望内存池套件通过极低的软件时延和节点CPU开销带来整体性能提升。 + +# 部署 + +Memory Fabric需要根据节点类型、资源分布情况和应用需求做到多场景应用集成部署,具体描述如下: + +- 计算和MF资源共节点时支持client和server同节点部署,如[图1](#fig17349154610267)node1、node2所示。 +- 资源独立提供时也支持client、server分离节点部署,如[图1](#fig17349154610267)node3、node4所示。 +- 支持同节点部署和分离节点部署两种场景混合部署。 +- 节点内支持多client,也支持多server模式部署,如[图1](#fig17349154610267)node2所示。 +- client与同节点的server通信使用IPC,配置支持连接远端server时使用RPC通信。 +- server端接入集群管理服务中,用于统一的节点编号和资源信息广播。 + +**图 1** 集成部署 +![](images/IntegratedDeployment.png) + +# 启动 + +Memory Fabric启动分为server和client两个部分。在节点上优先启动server端,完成集群注册、监控流程,然后启动本地资源注册\(总容量通过配置文件获取\)和通信建链流程,初始化完成后支持本地多client与server建立连接,可对外启动业务服务。 + +# 接口 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

接口

+

说明

+

int BM_Init(char *ockPath, int flags);

+

int BM_InitWithExtAttr(char*ockPath, int flags, void *attr); int BM_Exit(void);

+

初始化

+

带属性的初始化

+

退出

+

int BM_CreateNSSec(const char*poolName, const char *ns, int attribute, const char*secId);

+

int BM_DestroyNSSec(const char *poolName, const char*ns, const char *secId);

+

int BM_QueryNSCache(QueryNsCache*buff, size_t buffLen);

+

Namespace创建和销毁、查询

+

int BM_AllocSec(BmInfo *bminfo, size_t size, int flags, BmAffinity* affinity);

+

int BM_FreeSec(BmInfo *bminfo, int flags);

+

int BM_BatchFreeSec(char*bmIdArray[], int num, int flags, const char *ns, const char*secId);

+

Bigmemory对象申请和释放

+

int BM_ExpandSec(BmInfo *bminfo, size_t size, int flags);

+

bigMemory扩容

+

int BM_MapSec(BmInfo*bminfo, int prot, int flags, void **ptr);

+

int BM_Unmap(char *bmId, void*ptr);

+

bigMemory到连续虚拟空间map和unmap

+

int BM_CopySec(BmInfo *srcBM, size_t srcOffset, BmInfo*dstBM, size_t dstOffset, size_t length, int flags);

+

bigMemory对象间拷贝

+

int BM_SpecificObjSwapInSec(DiskFileDesc *file, BmInfo*bminfo, int flags, size_t offset, size_t length);

+

文件内容换入bigmemory对象

+

int BM_ReadSec(BmInfo *bminfo, size_t offset, size_t length, void*buffer, int flags);

+

int BM_WriteSec(BmInfo *bminfo, size_t offset, size_t length, const void*buffer, int flags);

+

Bigmemory读写

+

int BM_GatherSec(intptr_t *inputInfo, BmOperatorCode operatorCode, int flags, BmInfo*bminfo, size_t *bmLen);

+

聚合操作接口

+
diff --git a/archive/Memory-fabric/images/.keep b/archive/Memory-fabric/images/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/archive/Memory-fabric/images/IntegratedDeployment.png b/archive/Memory-fabric/images/IntegratedDeployment.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc7d1b0a3d3cf31a2da0bff64bf03f576234771 Binary files /dev/null and b/archive/Memory-fabric/images/IntegratedDeployment.png differ diff --git "a/archive/NfsMultipath/NFS\345\244\232\350\267\257\345\276\204.md" "b/archive/NfsMultipath/NFS\345\244\232\350\267\257\345\276\204.md" new file mode 100644 index 0000000000000000000000000000000000000000..a6deafffe98fb1c4400b3a97ed82ddccf8607146 --- /dev/null +++ "b/archive/NfsMultipath/NFS\345\244\232\350\267\257\345\276\204.md" @@ -0,0 +1,6 @@ + +# NFS多路径用户指南 + +本文档介绍NFS客户端多路径特性的安装部署与使用方法,以指导用户快速了解并使用NFS多路径。 + +本文档适用于使用openEuler系统并希望了解和使用NFS多路径特性的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备基本的NFS知识。 diff --git "a/archive/NfsMultipath/\344\275\277\347\224\250\346\226\271\346\263\225.md" "b/archive/NfsMultipath/\344\275\277\347\224\250\346\226\271\346\263\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..9ec27431e135e35ec2cb5c21f95179d665d6b435 --- /dev/null +++ "b/archive/NfsMultipath/\344\275\277\347\224\250\346\226\271\346\263\225.md" @@ -0,0 +1,39 @@ +# 使用方法 + +## 使用多路径参数挂载 + +```shell +多路径挂载命令 +mount -t nfs -o localaddrs=1.1.1.1~2.2.2.2,remoteaddrs=1.1.1.10~2.2.2.10 1.1.1.1:/test /mnt/fs1 + +新增可选参数localaddrs和remoteaddrs用于指定多路径: +localaddrs表示客户端IP地址; +remoteaddrs表示服务端IP地址; +IP地址支持网段或者多个IP地址,网段使用"-",多个IP地址使用"~". +例如:remoteaddrs=1.1.1.1-1.1.1.3表示指定3个服务端地址,分别为1.1.1.1, 1.1.1.2, 1.1.1.3; +localaddrs=1.1.1.1~1.1.1.3表示指定2个客户端地址,分别为1.1.1.1, 1.1.1.3. + +localaddrs和remoteaddrs均为可选参数,可指定其中的任意一个参数或者两个参数都指定,若都不指定,则未使能多路径功能。 +``` + +## 多路径信息查询 + +```shell +查询多路径信息命令 +cat /proc/fs/nfs/mutipath/conn_info +回显如下所示: +===============================Id:4 count 5 proto 3 start======================== +index:0, client_ip:1.1.1.1, server_ip:1.1.1.10, status:connect, load:3 +index:1, client_ip:1.1.1.1, server_ip:1.1.1.11, status:connect, load:3 +index:2, client_ip:1.1.1.1, server_ip:1.1.1.12, status:connect, load:3 +index:3, client_ip:1.1.1.1, server_ip:1.1.1.13, status:disconnect, load:0 +index:4, client_ip:1.1.1.1, server_ip:1.1.1.14, status:disconnect, load:0 +=========================================Id:4 end================================ +status表示该条链路连接状态,connect表示连接可用,disconnect表示连接不可用 +load表示在该条链路上发送的NFS请求数量。 +``` + +## 注意事项 + +* 客户端或者服务端IP地址最多支持8个IP地址,指定超过8个IP地址无法挂载。 +* 最多支持8条多路径链路。 diff --git "a/archive/NfsMultipath/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" "b/archive/NfsMultipath/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" new file mode 100644 index 0000000000000000000000000000000000000000..b41f2f438c4c0970947c8aa92a4f5a2fa7a10418 --- /dev/null +++ "b/archive/NfsMultipath/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" @@ -0,0 +1,24 @@ +# 安装与部署 + +## 硬件要求 + +* x86_64架构 +* ARM架构 + +## 环境准备 + +*安装openEuler系统,安装方法参考 《[安装指南](../Installation/installation.md)》。 + +## 安装NFS多路径 + +```shell +插入NFS多路径KO,参考命令如下: +modprobe nfs_multipath + +查看NFS多路径KO,参考命令如下: +lsmod | grep nfs_multipath +nfs_multipath 36864 1 +nfs 544768 3 nfs_multipath,nfsv3 +sunrpc 704512 30 nfs_multipath,lockd,nfsv3,nfs_acl,nfs +存在nfs_multipath则表示安装成功 +``` diff --git "a/archive/NfsMultipath/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\345\212\236\346\263\225.md" "b/archive/NfsMultipath/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\345\212\236\346\263\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..ed22eafb95d826fd2ada7f3dc7d61596022946e6 --- /dev/null +++ "b/archive/NfsMultipath/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\345\212\236\346\263\225.md" @@ -0,0 +1,26 @@ +# 常见问题与解决办法 + +## 问题1:指定NFS多路径挂载失败,lsmod无法查询到多路径KO + +```shell +报错信息如下: +mount.nfs: an incorrect mount option was specified +执行lsmod | grep nfs_multipath无法查询到多路径KO。 + +可能原因:未安装NFS多路径。 + +解决方案:参考《安装与部署》章节安装NFS多路径。 +``` + +## 问题2:指定NFS多路径挂载失败 + +```shell +界面报错信息如下: +mount.nfs: an incorrect mount option was specified +/var/log/messages日志报错信息: +Mar 18 23:38:22 localhost kernel: [ 635.016793] [MULTIPATH:nfs_multipath_parse_ip_range] iplist for remote reached 8, more than supported limit 8 + +原因:挂载时指定IP地址个数超过8个。 + +解决方案:NFS挂载时,指定IP地址个数小于等于8个。 +``` diff --git "a/archive/NfsMultipath/\350\256\244\350\257\206NFS\345\244\232\350\267\257\345\276\204.md" "b/archive/NfsMultipath/\350\256\244\350\257\206NFS\345\244\232\350\267\257\345\276\204.md" new file mode 100644 index 0000000000000000000000000000000000000000..e2048d54e555ea1662ede08a77c82c391f5d5260 --- /dev/null +++ "b/archive/NfsMultipath/\350\256\244\350\257\206NFS\345\244\232\350\267\257\345\276\204.md" @@ -0,0 +1,18 @@ +# 认识NFS多路径 + +## 简介 + +网络文件系统 (NFS) 是一种分布式文件系统协议,最初由 Sun Microsystems (Sun) 于 1984 年开发,允许NFS客户端上的用户通过计算机网络访问NFS服务端上文件。随着NFS服务广泛应用于金融,EDA,AI,容器等行业,对NFS的性能和可靠性提出了更高的诉求。传统NFS存在以下缺点: + +* 单个主机上的单个挂载点只能通过一个客户端IP和一个服务端IP进行访问,在客户端和服务端之间存在多条物理链路时,无法发挥多条链路的性能。 +* 由于单个挂载点单条链路的缺陷,单挂载点下的单条链路故障后,无法进行链路切换,导致主机业务中断。 + +NFS多路径的诞生主要解决上述传统NFS在使用过程中遇到的缺陷,提出单个挂载点下客户端和服务端之间建立多条链路,支持IO在多条链路中进行传输,进而提升单个挂载点性能,同时周期性检测链路状态信息,支持链路故障IO快速切换。 + +NFS多路径具有以下功能: + +* NFSv3支持Round Robin链路选路算法,实现多条链路性能均衡。 +* NFSv3和NFSv4支持链路故障快速切换,提升NFS可靠性。 +* 提供链路选路算法注册接口,支持NFS服务端开发者自定义选路算法。 +* 支持周期性链路可用性检测。 +* 支持查看链路状态。 diff --git a/archive/Open-Source-Software-Notice/openEuler-Open-Source-Software-Notice.zip b/archive/Open-Source-Software-Notice/openEuler-Open-Source-Software-Notice.zip new file mode 100644 index 0000000000000000000000000000000000000000..fe9f84a2c5bccdf516d06a160c80a9347dfdcc77 Binary files /dev/null and b/archive/Open-Source-Software-Notice/openEuler-Open-Source-Software-Notice.zip differ diff --git "a/archive/Pin/\346\217\222\344\273\266\346\241\206\346\236\266\347\211\271\346\200\247\347\224\250\346\210\267\346\214\207\345\215\227.md" "b/archive/Pin/\346\217\222\344\273\266\346\241\206\346\236\266\347\211\271\346\200\247\347\224\250\346\210\267\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..9ee8066e59313e2b7618230ed12031328d8ffc0e --- /dev/null +++ "b/archive/Pin/\346\217\222\344\273\266\346\241\206\346\236\266\347\211\271\346\200\247\347\224\250\346\210\267\346\214\207\345\215\227.md" @@ -0,0 +1,112 @@ +# 安装与部署 +## 软件要求 +* 操作系统:openEuler 24.03 +## 硬件要求 +* x86_64架构 +* ARM架构 +## 环境准备 +<<<<<<<< HEAD:archive/Pin/插件框架特性用户指南.md +* 安装openEuler系统,安装方法参考 《[安装指南](../Installation/installation.md)》。 +======== +* 安装openEuler系统,安装方法参考 《[安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md)》。 +>>>>>>>> 6b124a04c (文档整改):docs/zh/docs/tools/community_tools/pin/pin_user_guide.md +### 安装依赖软件 +#### 安装插件框架GCC客户端依赖软件 +```shell +yum install -y grpc +yum install -y grpc-devel +yum install -y grpc-plugins +yum install -y protobuf-devel +yum install -y jsoncpp +yum install -y jsoncpp-devel +yum install -y gcc-plugin-devel +yum install -y llvm-mlir +yum install -y llvm-mlir-devel +yum install -y llvm-devel +``` +#### 安装插件框架服务端依赖软件 +```shell +yum install -y grpc +yum install -y grpc-devel +yum install -y grpc-plugins +yum install -y protobuf-devel +yum install -y jsoncpp +yum install -y jsoncpp-devel +yum install -y llvm-mlir +yum install -y llvm-mlir-devel +yum install -y llvm-devel +``` +## 安装Pin +### rpm构建 +#### 构建插件框架GCC客户端 +```shell +git clone https://gitee.com/src-openeuler/pin-gcc-client.git +cd pin-gcc-client +mkdir -p ~/rpmbuild/SOURCES +cp *.path pin-gcc-client.tar.gz ~/rpmbuild/SOURCES +rpmbuild -ba pin-gcc-client.spec +cd ~/rpmbuild/RPMS +rpm -ivh pin-gcc-client.rpm +``` +#### 构建插件框架服务端 +```shell +git clone https://gitee.com/src-openeuler/pin-server.git +cd pin-server +mkdir -p ~/rpmbuild/SOURCES +cp *.path pin-server.tar.gz ~/rpmbuild/SOURCES +rpmbuild -ba pin-server.spec +cd ~/rpmbuild/RPMS +rpm -ivh pin-server.rpm +``` +### 编译构建 +#### 构建插件框架GCC客户端 +```shell +git clone https://gitee.com/openeuler/pin-gcc-client.git +cd pin-gcc-client +mkdir build +cd build +cmake ../ -DMLIR_DIR=${MLIR_PATH} -DLLVM_DIR=${LLVM_PATH} +make +``` +#### 构建插件框架服务端 +```shell +git clone https://gitee.com/openeuler/pin-server.git +cd pin-server +mkdir build +cd build +cmake ../ -DMLIR_DIR=${MLIR_PATH} -DLLVM_DIR=${LLVM_PATH} +make +``` + +# 使用方法 +用户可以通过`-fplugin`和`-fplugin-arg-libpin_xxx`使能插件工具。 +命令如下: +```shell +$(TARGET): $(OBJS) + $(CXX) -fplugin=${CLIENT_PATH}/build/libpin_gcc_client.so \ + -fplugin-arg-libpin_gcc_client-server_path=${SERVER_PATH}/build/pin_server \ + -fplugin-arg-libpin_gcc_client-log_level="1" \ + -fplugin-arg-libpin_gcc_client-arg1="xxx" +``` + +为了方便用户使用,可以通过`${INSTALL_PATH}/bin/pin-gcc-client.json`文件,进行插件配置。配置选项如下: + +`path` : 配置插件框架服务端可执行文件路径 + +`sha256file` : 配置插件工具的校验文件`xxx.sha256`路径 + +`timeout` : 配置跨进程通信超时时间,单位`ms` + +编译选项: + +`-fplugin`:指定插件客户端.so所在路径 + +`-fplugin-arg-libpin_gcc_client-server_path`:指定插件服务端可执行程序所在路径 + +`-fplugin-arg-libpin_gcc_client-log_level`:指定日志系统默认记录等级,取值`0~3`。默认为`1` + +`-fplugin-arg-libpin_gcc_client-argN`:用户可以根据插件工具要求,指定其他参数。argN代指插件工具要求的参数字段。 + +# 兼容性说明 +此节主要列出当前一些特殊场景下的兼容性问题。本项目持续迭代中,会尽快进行修复,也欢迎广大开发者加入。 +* 插件框架在`-flto`阶段使能时,不支持使用`make -j`多进程编译。建议改用`make -j1`进行编译。 diff --git "a/archive/SystemOptimization/MySQL\346\200\247\350\203\275\350\260\203\344\274\230\346\214\207\345\215\227.md" "b/archive/SystemOptimization/MySQL\346\200\247\350\203\275\350\260\203\344\274\230\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..8377e53b5fc243bb92c5c099f43daab24e9ca4d9 --- /dev/null +++ "b/archive/SystemOptimization/MySQL\346\200\247\350\203\275\350\260\203\344\274\230\346\214\207\345\215\227.md" @@ -0,0 +1,361 @@ +# MySQL性能调优指南 + +## 调优概述 + +### 调优原则 + +性能调优一方面在系统设计之初,需考虑硬件的选择,操作系统的选择,基础软件的选择;另一方面,包括每个子系统的设计,算法选择,如何使用编译器的选项,如何发挥硬件最大的性能等等。 + +在性能优化时,必须遵循一定的原则,否则,有可能得不到正确的调优结果。主要有以下几个方面: + +对性能进行分析时,要多方面分析系统的资源瓶颈所在,因为系统某一方面性能低,也许并非自身造成的,而是其他方面造成的。如CPU利用率是100%时,很可能是内存容量太小,因为CPU忙于处理内存调度。 + +- 一次只对影响性能的某方面的一个参数进行调整,多个参数同时调整的话,很难界定性能的影响是由哪个参数造成的。 + +- 在进行系统性能分析时,性能分析工具本身会占用一定的系统资源,如CPU、内存等,所以分析工具本身运行可能会导致系统某方面的资源瓶颈情况更加严重。 +- 必须保证调优后的程序运行正确。 +- 调优过程是持续的过程,每一次调优的结果都有反馈到后续的版本开发中去。 +- 性能调优不能以牺牲代码的可读性和可维护性为代价。 + +### 调优思路 + +性能优化首先要较为精准的定位问题,分析系统性能瓶颈,然后根据其性能指标以及所处层级选择优化的方式方法。 + +下面介绍MySQL数据库具体的调优思路和分析过程,如下图所示。 + + + +调优分析思路如下: + +- 很多情况下压测流量并没有完全进入到服务端,在网络上可能就会出现由于各种规格(带宽、最大连接数、新建连接数等)限制,导致压测结果达不到预期。 +- 接着看关键指标是否满足要求,如果不满足,需要确定是哪个地方有问题,一般情况下,服务器端问题可能性比较大,也有可能是客户端问题(这种情况比较小)。 +- 对于服务器端问题,需要定位的是硬件相关指标,例如CPU,Memory,Disk I/O,Network I/O,如果是某个硬件指标有问题,需要深入的进行分析。 +- 如果硬件指标都没有问题,需要查看数据库相关指标,例如:等待事件、内存命中率等。 +- 如果以上指标都正常,应用程序的算法、缓冲、缓存、同步或异步可能有问题,需要具体深入的分析。 + +## 硬件调优 + +### 目的 + +针对不同的服务器硬件设备,通过设置BIOS中的一些高级配置选项,可以有效提升服务器性能。 + +### 方法 + +以下方法针对鲲鹏服务器进行调优,X86,例如Intel服务器,可选择保持默认BIOS配置。 + +1. 关闭SMMU(鲲鹏服务器特有)。 +2. 重启服务器过程中,单击**Delete**键进入BIOS,选择“Advanced \> MISC Config”,单击**Enter**键进入。 +3. 将“**Support Smmu**”设置为“Disable” 。 + + 注:此优化项只在非虚拟化场景使用,在虚拟化场景,则开启SMMU。 + +4. 关闭预取 + + - 在BIOS中,选择“Advanced\>MISC Config”,单击**Enter**键进入。 + + - 将“CPU Prefetching Configuration”设置为“Disabled”,单击F10键保存退出。 + +## 操作系统调优 + +### 网卡中断绑核 + +#### 目的 + +通过关闭irqbalance服务,使用手动绑定网卡中断到部分专用核上,隔离网卡中断请求和业务请求,可以有效提升系统的网络性能。 + +#### 方法 + +对于不同的硬件配置,用于绑中断的最佳CPU数量会有差异,例如,鲲鹏920 5250上最佳CPU数量为5,可通过观察这5个CPU的使用情况以决定是否再调整用于绑中断的CPU数量。 + +以下脚本是在华为鲲鹏920 5250处理器+ Huawei TM280 25G网卡上的MySQL的最佳绑中断设置,其中第一个参数`$1`是网卡名称,第二个参数`$2`是队列数目5,第三个参数`$3`是网卡对应的总线名,可以用`ethtool -i <网卡名>`查询出: + +```shell +#!/bin/bash +eth1=$1 +cnt=$2 +bus=$3 +ethtool -L $eth1 combined $cnt + +irq1=`cat /proc/interrupts| grep -E ${bus} | head -n$cnt | awk -F ':' '{print $1}'` +irq1=`echo $irq1` +cpulist=(91 92 93 94 95) # 根据所选定的用于处理中断请求的核修改 +c=0 +forirq in $irq1 +do + echo ${cpulist[c]} "->" $irq + echo ${cpulist[c]} > /proc/irq/$irq/smp_affinity_list + let "c++" +done +``` + +**注:若采用下述的gazelle调优方法,则无需使用本节手段。** + +### NUMA绑核 + +#### 目的 + +通过NUMA绑核,减少跨NUMA访问内存,可以有效提升系统的访存性能。 + +#### 方法 + +基于前一节的网卡中断设置,在鲲鹏920 5250上,MySQL启动命令前设置NUMA绑核范围为剩余其他核,即0-90,其中`$mysql_path`为MySQL的安装路径: + +```shell +numactl -C 0-90 -i 0-3 $mysql_path/bin/mysqld --defaults-file=/etc/my.cnf & +``` + +**注:若采用下述的gazelle调优方法,则无需使用本节手段。** + +### 调度参数调优 + +#### 目的 + +在高负载场景下,CPU利用率并不能达到100%,深入分析每个线程的调度轨迹发现内核在做负载均衡时,经常无法找到一个合适的进程来迁移,导致CPU在间断空闲负载均衡失败,空转浪费CPU资源,通过使能openEuler调度特性STEAL模式,可以进一步提高CPU利用率,从而有效提升系统性能。 + +#### 方法 + +1)在/etc/grub2-efi.cfg中内核系统启动项末尾添加参数`sched_steal_node_limit=4`,修改后如下图所示: + + + +修改完成后,reboot重启生效。 + +2)设置STEAL模式 + +重启后设置STEAL调度特性如下: + +```shell +echo STEAL > /sys/kernel/debug/sched_features +``` + +### 大页调优 + +#### 目的 + +TLB(Translation lookaside buffer)为页表(存放虚拟地址的页地址和物理地址的页地址的映射关系)在CPU内部的高速缓存。TLB的命中率越高,页表查询性能就越好。内存页面越大,相同业务场景下的TLB命中率越高,访问效率提高,可以有效提升服务器性能。 + +#### 方法 + +- 调整内核的内存页大小。 + + 通过命令`getconf PAGESIZE`查看当前系统的内存页大小,如果大小是4096(4K),则可通过修改linux内核的内存页大小来使用更大的内存页,需要在修改内核编译选项后重新编译内核。简要步骤如下: + + 1. 执行`make menuconfig`。 + + 2. 选择PAGESIZE大小为64K(Kernel Features--\>Page size(64KB)。 + + 3. 编译和安装内核。 + +### Gazelle协议栈调优 + +#### 目的 + +原生内核网络协议栈层次深,开销较大,且系统调用的成本也较高。通过gazelle用户态协议栈替代内核协议栈,且通过hook posix接口,避免系统调用带来的开销,能够大幅提高应用的网络I/O吞吐能力。 + +#### 方法 + +1)安装依赖包。 + +配置openEuler的yum源,直接使用yum命令安装 + +```shell +yum install dpdk libconfig numactl libboundsheck libcap gazelle +``` + +2)使用root权限安装ko。 + +网卡从内核驱动绑为用户态驱动的ko,根据实际情况选择一种。mlx4和mlx5网卡不需要绑定vfio或uio驱动。 + +```shell +#若IOMMU能使用 +modprobe vfio-pci +#若IOMMU不能使用,且VFIO支持noiommu +modprobe vfio enable_unsafe_noiommu_mode=1 +modprobe vfio-pci +#其他情况 +modprobe igb_uio +``` + +3)dpdk绑定网卡。 + +将所使用的业务网卡(下面以enp3s0为例)绑定到步骤2选择的驱动,为用户态网卡驱动提供网卡资源访问接口。 + +```shell +#拔业务网卡enp3s0 +ip link set enp3s0 down + +#使用vfio-pci +dpdk-devbind -b vfio-pci enp3s0 + +#使用igb_uio +dpdk-devbind -b igb_uio enp3s0 +``` + +4)大页内存配置。 + +Gazelle使用大页内存提高效率。使用root权限配置系统预留大页内存,根据实际情况,选择一种页大小,配置足够的大页内存即可。如下默认每个内存节点配置2G大页内存,每个大页 2M: + +```shell +#配置2M大页内存:系统静态分配 2M * 1024*4 = 8G +echo 8192 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages + +#查看配置结果 +grep Huge /proc/meminfo +``` + +5)挂载大页内存。 + +创建一个目录,供lstack进程访问大页内存时使用,操作步骤如下: + +```shell +mkdir -p /mnt/hugepages-gazelle +chmod -R 700 /mnt/hugepages-gazelle +mount -t hugetlbfs nodev /mnt/hugepages-gazelle -o pagesize=2M +``` + +6)应用程序使用gazelle。 + +使用LD_PRELOAD预加载Gazelle动态库,`GAZELLE_BIND_PROCNAME`环境变量用于指定MySQL进程名: + +```shell +GAZELLE_BIND_PROCNAME=mysqld LD_PRELOAD=/usr/lib64/liblstack.so $mysql_path/bin/mysqld --defaults-file=/etc/my.cnf --bind-address=192.168.1.10 & +``` + +其中bind-address为服务端业务网卡ip,需同gazelle配置文件的host_addr保持一致。 + +7)修改gazelle配置文件。 + +使能gazelle需要根据硬件环境及软件需求定制gazelle配置文件/etc/gazelle/lstack.conf,示例如下: + +```shell +dpdk_args=["--socket-mem", "2048,2048,2048,2048", "--huge-dir", "/mnt/hugepages-gazelle", "--proc-type", "primary", "--legacy-mem", "--map-perfect"] + +use_ltran=0 +kni_switch=0 +low_power_mode=0 +listen_shadow=1 + +num_cpus="18,38,58,78 " +host_addr="192.168.1.10" +mask_addr="255.255.255.0" +gateway_addr="192.168.1.1" +devices="aa:bb:cc:dd:ee:ff" +``` + +其中,参数`--socket-mem`表示给每个内存节点分配的内存,默认2048M,例子中表示4个内存节点,每个内存节点分配2G(2048);参数`--huge-dir`为先前建立的挂载了大页内存的目录;`num_cpus`记录lstack线程绑定的cpu编号,可按NUMA选择CPU。参数`host_addr`、`mask_addr`、`gateway_addr`和`devices`分别表示业务网卡的IP地址、掩码、网关地址和mac地址。 + +更详细的使用指导详见:[Gazelle用户指南]() + +## MySQL调优 + +### 数据库参数调优 + +#### 目的 + +通过调整数据库的参数配置,可以有效提升服务器性能。 + +#### 方法 + +默认配置文件路径为`/etc/my.cnf`,可使用如下配置文件参数启动数据库: + +```shell +[mysqld_safe] +log-error=/data/mysql/log/mysql.log +pid-file=/data/mysql/run/mysqld.pid + +[client] +socket=/data/mysql/run/mysql.sock +default-character-set=utf8 + +[mysqld] +basedir=/usr/local/mysql +tmpdir=/data/mysql/tmp +datadir=/data/mysql/data +socket=/data/mysql/run/mysql.sock +port=3306 +user=root +default_authentication_plugin=mysql_native_password +ssl=0 #关闭ssl +max_connections=2000 #设置最大连接数 +back_log=2048 #设置会话请求缓存个数 +performance_schema=OFF #关闭性能模式 +max_prepared_stmt_count=128000 + +#file +innodb_file_per_table=on #设置每个表一个文件 +innodb_log_file_size=1500M #设置logfile大小 +innodb_log_files_in_group=32 #设置logfile组个数 +innodb_open_files=4000 #设置最大打开表个数 + +#buffers +innodb_buffer_pool_size=230G #设置buffer pool size,一般为服务器内存60% +innodb_buffer_pool_instances=16 #设置buffer pool instance个数,提高并发能力 +innodb_log_buffer_size=64M #设置log buffer size大小 + +#tune +sync_binlog=1 #设置每次sync_binlog事务提交刷盘 +innodb_flush_log_at_trx_commit=1 #每次事务提交时MySQL都会把log buffer的数据写入log file,并且flush(刷到磁盘)中去 +innodb_use_native_aio=1 #开启异步IO +innodb_spin_wait_delay=180 #设置spin_wait_delay 参数,防止进入系统自旋 +innodb_sync_spin_loops=25 #设置spin_loops 循环次数,防止进入系统自旋 +innodb_spin_wait_pause_multiplier=25 #设置spin lock循环随机数 +innodb_flush_method=O_DIRECT #设置innodb数据文件及redo log的打开、刷写模式 +innodb_io_capacity=20000 # 设置innodb 后台线程每秒最大iops上限 +innodb_io_capacity_max=40000 #设置压力下innodb 后台线程每秒最大iops上限 +innodb_lru_scan_depth=9000 #设置page cleaner线程每次刷脏页的数量 +innodb_page_cleaners=16 #设置将脏数据写入到磁盘的线程数 +table_open_cache_instances=32 #设置打开句柄分区数 +table_open_cache=30000 #设置打开表的数量 + +#perf special +innodb_flush_neighbors=0 #检测该页所在区(extent)的所有页,如果是脏页,那么一起进行刷新,SSD关闭该功能 +innodb_write_io_threads=16 #设置写线程数 +innodb_read_io_threads=16 #设置读线程数 +innodb_purge_threads=32 #设置回收已经使用并分配的undo页线程数 +innodb_adaptive_hash_index=0 + +sql_mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION,NO_AUTO_VALUE_ON_ZERO,STRICT_ALL_TABLES +``` + +表1 数据库调优参数 + +| 参数名称 | 参数含义 | 优化建议 | +| --------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| innodb_thread_concurrency | InnoDB使用操作系统线程来处理用户的事务请求。 | 建议取缺省值为0,它表示默认情况下不限制线程并发执行的数量。 | +| innodb_read_io_threads | 执行请求队列中的读请求操作的线程数。 | 根据CPU核数及读写比例进一步更改来提高性能。 | +| innodb_write_io_threads | 执行请求队列中的写请求操作的线程数。 | 根据CPU核数及读写比例进一步更改来提高性能。 | +| innodb_buffer_pool_instances | 开启多个内存缓冲池,把需要缓冲的数据hash到不同的缓冲池中,这样可以并行的内存读写 | 建议设置8\~32。 | +| innodb_open_files | 在innodb_file_per_table模式下,限制Innodb能打开的文件数量。 | 建议此值调大一些,尤其是表特别多的情况。 | +| innodb_buffer_pool_size | 缓存数据和索引的地方。 | 通常建议内存的60%左右。 | +| innodb_log_buffer_size | 缓存重做日志。 | 缺省值是64M,建议通过查看innodb_log_wait,调整innodb_log_buffer_size大小。 | +| innodb_io_capacity | innodb 后台线程每秒最大iops上限。 | 建议为IO QPS总能力的75%。 | +| innodb_log_files_in_group | 重做日志组的个数。 | - | +| innodb_log_file_size | 重做日志文件大小。 | 如果存在大量写操作,建议增加日志文件大小,但日志文件过大,会影响数据恢复时间。 如果是非生产环境,测试极限性能时,尽量调大日志文件。 如果是商用场景,需要考虑数据恢复时间,综合折中后设置日志文件大小。 | +| innodb_flush_method | Log和数据刷新磁盘的方法: datasync模式:写数据时,write这一步并不需要真正写到磁盘才算完成(可能写入到操作系统buffer中就会返回完成),真正完成是flush操作,buffer交给操作系统去flush,并且文件的元数据信息也都需要更新到磁盘。 O_DSYNC模式:写日志操作是在write这步完成,而数据文件的写入是在flush这步通过fsync完成。 O_DIRECT模式:数据文件的写入操作是直接从mysql innodb buffer到磁盘的,并不用通过操作系统的缓冲,而真正的完成也是在flush这步,日志还是要经过OS缓冲。 | 建议O_DIRECT模式。 | +| innodb_spin_wait_delay | 控制轮询的间隔。 | 根据真实场景调试,直到看不到spin_lock热点函数等。优化建议180。 | +| innodb_sync_spin_loops | 控制轮询的循环次数。 | 根据真实场景调试,直到看不到spin_lock热点函数等。优化建议25。 | +| innodb_spin_wait_pause_multiplier | 控制轮询间隔随机数。 | 根据真实场景调试,直到看不到spin_lock热点函数等。缺省值50,优化建议25-50。 | +| innodb_lru_scan_depth | LRU列表的可用页数量。 | 缺省值是1024,非生产环境,测试极限性能可以适当调大,减少checkpoint次数。 | +| innodb_page_cleaners | 刷新脏数据的线程数。 | 建议与innodb_buffer_pool_instances相等。 | +| innodb_purge_threads | 回收undo的线程数。 | - | +| innodb_flush_log_at_trx_commit | 不管有没有提交,每秒钟都写到binlog日志里. 每次提交事务,都会把log buffer的内容写到磁盘里去,对日志文件做到磁盘刷新,安全性最好。 每次提交事务,都写到操作系统缓存,由OS刷新到磁盘,性能最好。 | 非生产环境,测试极限性能,可以设置为0。 | +| innodb_doublewrite | 是否开启二次写。 | 非生产环境,测试极限性能,可以设置为0,关闭二次写。 | +| ssl | 是否开启安全连接。 | 安全连接对性能影响较大,非生产环境,测试极限性能,可以设置为0;商用场景,根据客户需求调整。 | +| table_open_cache_instances | MySQL 缓存 table 句柄的分区的个数。 | 建议设置16-32。 | +| table_open_cache | Mysqld打开表的数量。 | 建议设置成30000。 | +| skip_log_bin | 是否开启binlog。 | 非生产环境,测试极限性能在参数文件中增加此参数,关闭binlog选项(添加至配置文件中: skip_log_bin \#log-bin=mysql-bin)。 | +| performance_schema | 是否开启性能模式。 | 非生产环境,测试极限性能设置为OFF,关闭性能模式。 | + +### 数据库内核调优 + +#### 目的 + +数据库内核优化是指通过修改MySQL数据库源码,提升数据库性能。使用数据库内核优化patch,需重新编译数据库。 + +#### 方法 + +MySQL数据库内核优化分为两个不同的场景,一个是OLTP场景,一个是OLAP场景,不同的场景采用不同的优化patch。 + +OLTP场景是指主要面向交易的处理系统,以小的事物及小的查询为主,快速响应用户操作。OLTP内核优化patch参考[MySQL细粒度锁优化](https://support.huaweicloud.com/fg-kunpengdbs/kunpengpatch_20_0004.html)。 + +OLAP场景是指主要对用户当前及历史数据进行分析、查询和生成报表,支持管理决策。OLAP内核优化patch参考[MySQL OLAP并行优化](https://support.huaweicloud.com/fg-kunpengdbs/kunpengolap_20_0002.html)。 diff --git "a/archive/SystemOptimization/figures/mysql\350\260\203\344\274\230\346\200\235\350\267\257.png" "b/archive/SystemOptimization/figures/mysql\350\260\203\344\274\230\346\200\235\350\267\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..93c82f764024334412c8aca006ce0b4651513e83 Binary files /dev/null and "b/archive/SystemOptimization/figures/mysql\350\260\203\344\274\230\346\200\235\350\267\257.png" differ diff --git "a/archive/SystemOptimization/figures/pci\347\275\221\345\215\241\346\211\200\345\261\236NUMA NODE.png" "b/archive/SystemOptimization/figures/pci\347\275\221\345\215\241\346\211\200\345\261\236NUMA NODE.png" new file mode 100644 index 0000000000000000000000000000000000000000..401028d9f88ea936c4e08bc572aeee573ce84b92 Binary files /dev/null and "b/archive/SystemOptimization/figures/pci\347\275\221\345\215\241\346\211\200\345\261\236NUMA NODE.png" differ diff --git "a/archive/SystemOptimization/figures/pci\350\256\276\345\244\207\345\217\267.png" "b/archive/SystemOptimization/figures/pci\350\256\276\345\244\207\345\217\267.png" new file mode 100644 index 0000000000000000000000000000000000000000..02dab7ffc45389886a5a7aec7222b1a53b62d509 Binary files /dev/null and "b/archive/SystemOptimization/figures/pci\350\256\276\345\244\207\345\217\267.png" differ diff --git a/archive/SystemOptimization/figures/ring_buffer.png b/archive/SystemOptimization/figures/ring_buffer.png new file mode 100644 index 0000000000000000000000000000000000000000..4b4a608150554bf677f503213d0a0227310b0a17 Binary files /dev/null and b/archive/SystemOptimization/figures/ring_buffer.png differ diff --git "a/archive/SystemOptimization/figures/swapoff\344\277\256\346\224\271\345\211\215\345\220\216\345\257\271\346\257\224.png" "b/archive/SystemOptimization/figures/swapoff\344\277\256\346\224\271\345\211\215\345\220\216\345\257\271\346\257\224.png" new file mode 100644 index 0000000000000000000000000000000000000000..080c9f9bd79a0090d0ed962358e9da2457afdc77 Binary files /dev/null and "b/archive/SystemOptimization/figures/swapoff\344\277\256\346\224\271\345\211\215\345\220\216\345\257\271\346\257\224.png" differ diff --git "a/archive/SystemOptimization/figures/\345\206\205\346\240\270\345\220\257\345\212\250\351\241\271\346\267\273\345\212\240\345\217\202\346\225\260.png" "b/archive/SystemOptimization/figures/\345\206\205\346\240\270\345\220\257\345\212\250\351\241\271\346\267\273\345\212\240\345\217\202\346\225\260.png" new file mode 100644 index 0000000000000000000000000000000000000000..30bafb334c64617d4963b6781e8976a08de5b553 Binary files /dev/null and "b/archive/SystemOptimization/figures/\345\206\205\346\240\270\345\220\257\345\212\250\351\241\271\346\267\273\345\212\240\345\217\202\346\225\260.png" differ diff --git "a/archive/SystemOptimization/figures/\345\210\233\345\273\272raid0.png" "b/archive/SystemOptimization/figures/\345\210\233\345\273\272raid0.png" new file mode 100644 index 0000000000000000000000000000000000000000..31fc68e727aa3e1f3e9e29851e13ee2e05568735 Binary files /dev/null and "b/archive/SystemOptimization/figures/\345\210\233\345\273\272raid0.png" differ diff --git "a/archive/SystemOptimization/figures/\346\237\245\347\234\213LRO\345\217\202\346\225\260\346\230\257\345\220\246\345\274\200\345\220\257.png" "b/archive/SystemOptimization/figures/\346\237\245\347\234\213LRO\345\217\202\346\225\260\346\230\257\345\220\246\345\274\200\345\220\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..351e0d41ec47d790d4f3556d840e9c951e480680 Binary files /dev/null and "b/archive/SystemOptimization/figures/\346\237\245\347\234\213LRO\345\217\202\346\225\260\346\230\257\345\220\246\345\274\200\345\220\257.png" differ diff --git "a/archive/SystemOptimization/figures/\346\267\273\345\212\240\345\206\205\346\240\270\345\220\257\345\212\250\351\241\271.png" "b/archive/SystemOptimization/figures/\346\267\273\345\212\240\345\206\205\346\240\270\345\220\257\345\212\250\351\241\271.png" new file mode 100644 index 0000000000000000000000000000000000000000..b674ab4a93e3fb2abd3f30749d96e724fd77019c Binary files /dev/null and "b/archive/SystemOptimization/figures/\346\267\273\345\212\240\345\206\205\346\240\270\345\220\257\345\212\250\351\241\271.png" differ diff --git "a/archive/SystemOptimization/figures/\347\273\221\346\240\270.png" "b/archive/SystemOptimization/figures/\347\273\221\346\240\270.png" new file mode 100644 index 0000000000000000000000000000000000000000..627d0ba137a169c37afa1cc6dd81a2fffd9a0085 Binary files /dev/null and "b/archive/SystemOptimization/figures/\347\273\221\346\240\270.png" differ diff --git "a/archive/SystemOptimization/figures/\347\273\221\346\240\270\346\210\220\345\212\237\351\252\214\350\257\201.png" "b/archive/SystemOptimization/figures/\347\273\221\346\240\270\346\210\220\345\212\237\351\252\214\350\257\201.png" new file mode 100644 index 0000000000000000000000000000000000000000..342e691a50fc63ea8a71fdf752a6df46daafe14c Binary files /dev/null and "b/archive/SystemOptimization/figures/\347\273\221\346\240\270\346\210\220\345\212\237\351\252\214\350\257\201.png" differ diff --git a/archive/SystemOptimization/overview.md b/archive/SystemOptimization/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..a0b9ac93e37a594663b6fd901782afcb5c7f5453 --- /dev/null +++ b/archive/SystemOptimization/overview.md @@ -0,0 +1,9 @@ +# 系统分析与调优 + +系统分析与调优包含MySQL性能调优指南和大数据调优指南,其中大数据调优指南具体包括: + +- spark 调优指南 +- hive调优指南 +- hbase调优指南 + +上述指南旨在帮助用户在openEuler上进行调优,包含调优手段、调优建议、调优方向等。 diff --git "a/archive/SystemOptimization/\345\244\247\346\225\260\346\215\256\350\260\203\344\274\230\346\214\207\345\215\227.md" "b/archive/SystemOptimization/\345\244\247\346\225\260\346\215\256\350\260\203\344\274\230\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..52d1c1d4da5a07a90b9e49ab4181558063267e0d --- /dev/null +++ "b/archive/SystemOptimization/\345\244\247\346\225\260\346\215\256\350\260\203\344\274\230\346\214\207\345\215\227.md" @@ -0,0 +1,808 @@ + +## 硬件调优 + +### 配置BIOS + +#### 目的 + +针对不同的服务器硬件设备,通过设置BIOS中的一些高级配置选项,可以有效提升服务器性能。 + +#### 方法 + +以下方法针对鲲鹏服务器进行调优,X86,例如Intel服务器,可选择保持默认BIOS配置。 + +1. 关闭SMMU(鲲鹏服务器特有)。 +2. 重启服务器过程中,单击**Delete**键进入BIOS,选择“Advanced \> MISC Config”,单击**Enter**键进入。 +3. 将“**Support Smmu**”设置为“**Disable**”。 + + 注:此优化项只在非虚拟化场景使用,在虚拟化场景,则开启SMMU。 + +4. 关闭预取 + + - 在BIOS中,选择“Advanced\>MISC Config”,单击**Enter**键进入。 + + - 将“CPU Prefetching Configuration”设置为“Disabled”,单击F10键保存退出。 + +### 创建RAID0 + +#### 目的 + +磁盘创建RAID可以提供磁盘的整体存取性能,环境上若使用的是LSI 3108/3408/3508系列RAID卡,推荐创建单盘RAID 0/RAID 5,充分利用RAID卡的Cache(LSI 3508卡为2GB),提高读写速率。 + +#### 方法 + +1. 使用storcli64_arm文件检查RAID组创建情况。 + + ```shell + ./storcli64_arm /c0 show + ``` + + 注:storcli64_arm文件放在任意目录下执行皆可。文件下载路径: + +2. 创建RAID 0,命令表示为第2块1.2T硬盘创建RAID 0,其中,c0表示RAID卡所在ID、r0表示组RAID 0。依次类推,对除了系统盘之外的所有盘做此操作。 + + ```shell + ./storcli64_arm /c0 add vd r0 drives=65:1 + ``` + + + +### 开启RAID卡Cache + +#### 目的 + +使用RAID卡的RAWBC(无超级电容)/RWBC(有超级电容)性能更佳。 + +使用storcli工具修改RAID组的Cache设置。Read Policy设置为Read ahead,使用RAID卡的Cache做预读。Write Policy设置为Write back,使用RAID卡的Cache做回写,而不是Write through透写。将IO policy设置为Cached IO,使用RAID卡的Cache缓存IO。 + +#### 方法 + +1. 配置RAID卡的cache,其中vx是卷组号(v0/v1/v2....),根据环境上的实际情况进行设置。 + +```shell +./storcli64_arm /c0/vx set rdcache=RA +./storcli64_arm /c0/vx set wrcache=WB/AWB +./storcli64_arm /c0/vx set iopolicy=Cached +``` + +2. 检查配置是否生效。 + +```shell +./storcli64_arm /c0 show +``` + +### 调整rx_buff + +#### 目的 + +以1822网卡为例,默认的rx_buff配置为2KB,在聚合64KB报文的时候需要多片不连续的内存,使用率较低。该参数可以配置为2/4/8/16KB,修改后可以减少不连续的内存,提高内存使用率。 + +#### 方法 + +1. 查看rx_buff参数值,默认为2。 + + ```shell + cat /sys/bus/pci/drivers/hinic/module/parameters/rx_buff + ``` + +2. 在目录“/etc/modprobe.d/”中增加文件hinic.conf,修改rx_buff值为8。 + + ```shell + options hinic rx_buff=8 + ``` + +3. 重新挂载hinic驱动,使得新参数生效。 + + ```shell + rmmod hinic + modprobe hinic + ``` + +4. 查看rx_buff参数是否更新成功。 + + ```shell + cat /sys/bus/pci/drivers/hinic/module/parameters/rx_buff + ``` + +### 调整Ring Buffer + +#### 目的 + +以1822网卡为例,网卡队列深度Ring Buffer最大支持4096,默认配置为1024,可以增大buffer大小用于提高网卡Ring大小。 + +#### 方法 + +1. 查看Ring Buffer默认大小,假设当前网卡名为enp131s0。 + + ```shell + ethtool -g enp131s0 + ``` + +2. 修改Ring Buffer值为4096。 + + ```shell + ethtool -G enp131s0 rx 4096 tx 4096 + ``` + +3. 查看Ring Buffer值是否更新成功。 + + ```shell + ethtool -g enp131s0 + ``` + + + +4. 减少队列数。 + + ```shell + ethtool -L enp131s0 combined 4 + ethtool -l enp131s0 + ``` + +### 开启LRO + +#### 目的 + +以1822网卡为例,支持LRO(Large Receive Offload),可以打开该选项,并合理配置1822 LRO参数。 + +#### 方法 + +1. 查看LRO参数是否开启,默认为off,假设当前网卡名为enp131s0。 + + ```shell + ethtool -k enp131s0 + ``` + +2. 打开LRO。 + + ```shell + ethtool -K enp131s0 lro on + ``` + +3. 查看LRO参数是否开启。 + + ```shell + ethtool -k enp131s0 + ``` + + + +### 配置网卡中断绑核 + +#### 目的 + +相比使用内核的irqbalance使网卡中断在所有核上进行调度,使用手动绑核将中断固定更能有效提高业务网络收发包的能力。 + +#### 方法 + +1. 关闭irqbalance。 + + 若要对网卡进行绑核操作,则需要关闭irqbalance。 + + 执行如下命令: + + ```shell + systemctl stop irqbalance.service #(停止irqbalance,重启失效) + systemctl disable irqbalance.service #(关闭irqbalance,永久生效) + systemctl status irqbalance.service #(查看irqbalance服务状态是否已关闭) + ``` + +2. 查看网卡pci设备号,假设当前网卡名为enp131s0。 + + ```shell + ethtool -i enp131s0 + ``` + + + +3. 查看pcie网卡所属NUMA node。 + + ```shell + lspci -vvvs + ``` + + + +4. 查看NUMA node对应的core的区间,例如此处在鲲鹏920 5250上就可以绑到48\~63。 + + + +5. 进行中断绑核,1822网卡共有16个队列,将这些中断逐个绑至所在NumaNode的16个Core上(例如此处是绑到NUMA node1对应48-63上)。 + + ```shell + bash smartIrq.sh + ``` + + 脚本内容如下: + + ```shell + #!/bin/bash + irq_list=(`cat /proc/interrupts | grep enp131s0 | awk -F: '{print $1}'`) + cpunum=48 # 修改为所在node的第一个Core + for irq in ${irq_list[@]} + do + echo $cpunum > /proc/irq/$irq/smp_affinity_list + echo `cat /proc/irq/$irq/smp_affinity_list` + (( cpunum+=1 )) + done + ``` + +6. 利用脚本查看是否绑核成功。 + + ```shell + sh irqCheck.sh enp131s0 + ``` + + + + 脚本内容如下: + + ```shell + #!/bin/bash + # 网卡名 + intf=$1 + log=irqSet-`date "+%Y%m%d-%H%M%S"`.log + # 可用的CPU数 + cpuNum=$(cat /proc/cpuinfo |grep processor -c) + # RX TX中断列表 + irqListRx=$(cat /proc/interrupts | grep ${intf} | awk -F':' '{print $1}') + irqListTx=$(cat /proc/interrupts | grep ${intf} | awk -F':' '{print $1}') + # 绑定接收中断rx irq + for irqRX in ${irqListRx[@]} + do + cat /proc/irq/${irqRX}/smp_affinity_list + done + # 绑定发送中断tx irq + for irqTX in ${irqListTx[@]} + do + cat /proc/irq/${irqTX}/smp_affinity_list + done + ``` + +## 操作系统调优 + +### 关闭内存透明大页 + +#### 目的 + +关闭内存透明大页,防止内存泄漏,减少卡顿。 + +#### 方法 + +关闭内存透明大页。 + +```shell +echo never > /sys/kernel/mm/transparent_hugepage/enabled +echo never > /sys/kernel/mm/transparent_hugepage/defrag +``` + +### 关闭swap分区 + +#### 目的 + +Linux的虚拟内存会根据系统负载自动调整,内存页(page)swap到磁盘swap分区会影响测试性能。 + +#### 方法 + +```shell +swapoff -a +``` + +修改前后对比如下。 + + + +## spark组件调优 + +### IO配置项调优 + +- IO队列调整 + + - 目的 + + 使用单队列(软队列)模式,单队列模式在spark测试时会有更佳的性能。 + + - 方法 + + 在/etc/grub2-efi.cfg的内核启动命令行中添加`scsi_mod.use_blk_mq=0`,重启生效。 + + + +- 内核IO参数配置 + + ```shell + #! /bin/bash + + echo 3000 > /proc/sys/vm/dirty_expire_centisecs + echo 500 > /proc/sys/vm/dirty_writeback_centisecs + + echo 15000000 > /proc/sys/kernel/sched_wakeup_granularity_ns + echo 10000000 > /proc/sys/kernel/sched_min_granularity_ns + + systemctl start tuned + sysctl -w kernel.sched_autogroup_enabled=0 + sysctl -w kernel.numa_balancing=0 + + echo 11264 > /proc/sys/vm/min_free_kbytes + echo 60 > /proc/sys/vm/dirty_ratio + echo 5 > /proc/sys/vm/dirty_background_ratio + + list="b c d e f g h i j k l m" #按需修改 + for i in $list + do + echo 1024 > /sys/block/sd$i/queue/max_sectors_kb + echo 32 > /sys/block/sd$i/device/queue_depth + echo 256 > /sys/block/sd$i/queue/nr_requests + echo mq-deadline > /sys/block/sd$i/queue/scheduler + echo 2048 > /sys/block/sd$i/queue/read_ahead_kb + echo 2 > /sys/block/sd$i/queue/rq_affinity + echo 0 > /sys/block/sd$i/queue/nomerges + done + ``` + +### JVM参数和版本适配 + +#### 目的 + +最新版本的JDK对Spark性能进行了优化。 + +#### 方法 + +可在spark-defaults.conf文件中添加以下配置来使用新的JDK,以使用新的JDK参数。 + +```shell +spark.executorEnv.JAVA_HOME /usr/local/jdk8u222-b10 +spark.yarn.appMasterEnv.JAVA_HOME /usr/local/jdk8u222-b10 +spark.executor.extraJavaOptions -XX:+UseNUMA -XX:BoxTypeCachedMax=100000 +spark.yarn.am.extraJavaOptions -XX:+UseNUMA -XX:BoxTypeCachedMax=100000 +``` + +注:X86架构,JVM参数`-XX:BoxTypeCachedMax`不适用。 + +### spark应用参数调优 + +#### 目的 + +在Spark基础配置值的基础上,按照理论公式得到一组较合理的Executor执行参数,使能后在鲲鹏上会带来明显的性能提升。 + +#### 方法 + +- 如果用Spark-Test-Tool工具测试sql1\~sql10场景,打开工具目录下的“script/spark-default.conf”文件,添加以下配置项: + + ```shell + yarn.executor.num 15 + yarn.executor.cores 19 + spark.executor.memory 44G + spark.driver.memory 36G + ``` + +- 如果使用HiBench工具测试wordcount、terasort、bayesian、kmeans场景,打开工具目录下的“conf/spark.conf”文件,可以根据实际环境对运行核数、内存大小做调整。 + + ```shell + yarn.executor.num 15 + yarn.executor.cores 19 + spark.executor.memory 44G + spark.driver.memory 36G + ``` + +### 专用场景优化项 + +#### SQL场景 + +##### sql1-IO密集型SQL + +- 目的 + + sql1是IO密集型场景,可以通过优化IO参数带来最佳性能。 + +- 方法 + + - 对以下IO相关参数进行设置,其中sd\$i指所有参与测试的磁盘名。 + + ```shell + echo 128 > /sys/block/sd$i/queue/nr_requests + echo 512 > /sys/block/sd$i/queue/read_ahead_kb + ``` + + - 对内存脏页参数进行设置。 + + ```shell + /proc/sys/vm/vm.dirty_expire_centisecs 500 + /proc/sys/vm/vm.dirty_writeback_centisecs 100 + ``` + + - 并行度在Spark-Test-Tool/script/spark-default.conf里设置。 + + ```shell + spark.sql.shuffle.partitions 350 + spark.default.parallelism 580 + ``` + + - 该场景其余参数都使用[spark应用参数调优](#spark应用参数调优)中的通用优化值。 + +##### sql2 & sql7 - CPU密集型SQL + +- 目的 + + ​sql2和sql7是CPU密集型场景,可以通过优化spark执行参数带来最佳性能。 + +- 方法 + + - Spark-Test-Tool在配置文件(script/spark-default.conf)中指定的运行核数、内存大小可以根据实际环境来做调整,从而达到最优性能。如对于鲲鹏920 5220处理器,sql2和sql7场景建议以下executor参数。 + + ```shell + yarn.executor.num 42 + yarn.executor.cores 6 + spark.executor.memory 15G + spark.driver.memory 36G + ``` + + - 并行度在Spark-Test-Tool/script/spark-default.conf里设置 + + 针对sql2,设置如下: + + ```shell + spark.sql.shuffle.partitions 150 + spark.default.parallelism 504 + ``` + + 针对sql7,设置如下: + + ```shell + spark.sql.shuffle.partitions 300 + spark.default.parallelism 504 + ``` + +##### sql3-IO + CPU + +- 目的 + + sql3是IO+CPU密集型场景,可以通过优化spark执行参数、调整IO参数来带来最佳性能。 + +- 方法 + + - Spark-Test-Tool在配置文件(script/spark-default.conf)中指定的运行核数、内存大小可以根据实际环境来做调整,来达到最优性能。比如对于鲲鹏920 5220处理器,sql3场景建议以下executor参数。 + + ```shell + yarn.executor.num 30 + yarn.executor.cores 6 + spark.executor.memory 24G + spark.driver.memory 36G + ``` + + - 调整IO预取值,其中sd\$i表示所有参与spark的磁盘名。 + + ```shell + echo 4096 > /sys/block/sd$i/queue/read_ahead_kb + ``` + + - 并行度在Spark-Test-Tool/script/spark-default.conf里设置。 + + ```shell + spark.sql.shuffle.partitions 150 + spark.default.parallelism 360 + ``` + +##### sql4 - CPU密集 + +- 目的 + + sql4是CPU密集型场景,可以优化spark执行参数、调整IO参数来带来最佳性能。 + +- 方法 + + Spark-Test-Tool在配置文件中指定的运行核数、内存大小可以根据实际环境来做调整,来达到最优性能。比如对于鲲鹏920 5220处理器,sql4场景建议以下executor参数。 + + - 打开工具目录下的script/spark-default.conf文件,添加以下配置项: + + ```shell + yarn.executor.num 42 + yarn.executor.cores 6 + spark.executor.memory 15G + spark.driver.memory 36G + ``` + + - 同时调整IO预取值,其中sd\$i表示所有参与spark的磁盘名: + + ```shell + echo 4096 > /sys/block/sd$i/queue/read_ahead_kb + ``` + + - 并行度在Spark-Test-Tool/script/spark-default.conf里设置。 + + ```shell + spark.sql.shuffle.partitions 150 + spark.default.parallelism 504 + ``` + +##### sql5 & sql6 & sql8 & sql9 & sql10 + +- 并行度在Spark-Test-Tool/script/spark-default.conf里设置。 + + ```shell + spark.sql.shuffle.partitions 300 + spark.default.parallelism 504 + ``` + +- 该场景其余参数都使用[spark应用参数调优](#spark应用参数调优)的通用优化值。 + +#### HiBench场景 + +##### Wordcount – IO + CPU密集型 + +- 目的 + + Wordcount是IO+CPU密集型场景,二者均衡,采用单队列的deadline调度算法反而不好,采用多队列的mq-deadline算法并调整相关io参数,能得到较好的性能结果。 + +- 方法 + + - 对以下配置进行修改,其中sd\$i指所有参与测试的磁盘名称: + + ```shell + echo mq-deadline > /sys/block/sd$i/queue/scheduler + echo 512 > /sys/block/sd$i/queue/nr_requests + echo 8192 > /sys/block/sd$i/queue/read_ahead_kb + echo 500 > /proc/sys/vm/dirty_expire_centisecs + echo 100 > /proc/sys/vm/dirty_writeback_centisecs + echo 5 > /proc/sys/vm/dirty_background_ratio + ``` + + - 该场景下采用3-5倍总核数作为数据分片的Partitions和 Parallelism进行数据分片,减小单Task文件大小,对性能有正面提升。可以使用以下分片设置: + + ```shell + spark.sql.shuffle.partitions 300 + spark.default.parallelism 600 + ``` + + - HiBench在配置文件中指定的运行核数、内存大小可以根据实际环境来做调整,来达到最优性能。比如对于鲲鹏920 5220处理器,Wordcount场景建议以下executor参数: + + ```shell + yarn.executor.num 51 + yarn.executor.cores 6 + spark.executor.memory 13G + spark.driver.memory 36G + ``` + +##### Terasort – IO + CPU 密集型 + +- 目的 + + ​Terasort是IO和CPU密集型场景,可以对IO参数和spark执行参数进行调整。另外,Terasort对网络的带宽要求也较高,可以通过优化网络参数,提升系统性能。 + +- 方法 + + - 对以下配置进行修改,其中sd\$i指所有参与测试的磁盘名称。 + + ```shell + echo bfq > /sys/block/sd$i/queue/scheduler + echo 512 > /sys/block/sd$i/queue/nr_requests + echo 8192 > /sys/block/sd$i/queue/read_ahead_kb + echo 4 > /sys/block/sd$i/queue/iosched/slice_idle + echo 500 > /proc/sys/vm/dirty_expire_centisecs + echo 100 > /proc/sys/vm/dirty_writeback_centisecs + ``` + + - 该场景下采用3-5倍总核数作为数据分片的Partitions和 Parallelism进行数据分片,减小单Task文件大小,对性能有正面提升。打开HiBench工具的“conf/spark.conf”文件,可以使用以下分片设置: + + ```shell + spark.sql.shuffle.partitions 1000 + spark.default.parallelism 2000 + ``` + + - 打开HiBench工具的“conf/spark.conf”文件,增加以下executor参数: + + ```shell + yarn.executor.num 27 + yarn.executor.cores 7 + spark.executor.memory 25G + spark.driver.memory 36G + ``` + + - 优化网络参数。 + + ```shell + ethtool -K enp131s0 gro on + ethtool -K enp131s0 tso on + ethtool -K enp131s0 gso on + ethtool -G enp131s0 rx 4096 tx 4096 + ethtool -G enp131s0 rx 4096 tx 4096 + # TM 280网卡最大可支持MTU=9000 + ifconfig enp131s0 mtu 9000 up + ``` + +##### Bayesian – CPU密集型 + +- 目的 + + ​Bayesian是CPU密集型场景,可以对IO参数和spark执行参数进行调整。 + +- 方法 + + - 该场景可以使用以下分片设置: + + ```shell + spark.sql.shuffle.partitions 1000 + spark.default.parallelism 2500 + ``` + + - 打开HiBench工具的“conf/spark.conf”文件,增加以下executor参数: + + ```shell + yarn.executor.num 9 + yarn.executor.cores 25 + spark.executor.memory 73G + spark.driver.memory 36G + ``` + + - 该场景使用以下内核参数: + + ```shell + echo mq-deadline > /sys/block/sd$i/queue/scheduler + echo 0 > /sys/module/scsi_mod/parameters/use_blk_mq + echo 50 > /proc/sys/vm/dirty_background_ratio + echo 80 > /proc/sys/vm/dirty_ratio + echo 500 > /proc/sys/vm/dirty_expire_centisecs + echo 100 > /proc/sys/vm/dirty_writeback_centisecs + ``` + +##### Kmeans – 纯计算密集型 + +- 目的 + + ​Kmeans是CPU密集型场景,可以对IO参数和spark执行参数进行调整。 + +- 方法 + + - 主要是调整spark executor参数适配到一个较优值,该场景可以使用以下分片设置: + + ```shell + spark.sql.shuffle.partitions 1000 + spark.default.parallelism 2500 + ``` + + - 调整IO预取值,其中sd\$i表示所有参与spark的磁盘名: + + ```shell + echo 4096 > /sys/block/sd$i/queue/read_ahead_kb + ``` + + - 打开HiBench工具的“conf/spark.conf”文件,增加以下executor参数: + + ```shell + yarn.executor.num 42 + yarn.executor.cores 6 + spark.executor.memory 15G + spark.driver.memory 36G + spark.locality.wait 10s + ``` + +## Hive组件调优 + +### IO配置项调优 + +主要涉及scheduler、read_ahead_kb、sector_size配置。 + +- scheduler推荐使用mq-deadline,可以达到更高的IO效率,从而提高性能。 + +- 块设备的预读推荐设置为4M,读性能更佳,缺省值一般为128KB。 + +- 块设备的sector_size应与物理盘的扇区大小进行匹配。可通过hw_sector_size、max_hw_sectors_kb、max_sectors_kb三者进行匹配,前两者是从硬件中读取出来的值,第三者是内核块设备的聚合最大块大小,推荐与硬件保持一致,即后两者参数保证一致。 + +对涉及的所有数据盘统一设置如下: + +```shell +list="b c d e f g h i j k l m" #按需修改 +for i in $list +do + echo mq-deadline > /sys/block/sd$i/queue/scheduler + echo 4096 > /sys/block/sd$i/queue/read_ahead_kb + echo 512 > sys/block/sd$i/queue/hw_sector_size + echo 1024 > /sys/block/sd$i/queue/max_hw_sectors_kb + echo 256 > /sys/block/sd$i/queue/max_sectors_kb +done +``` + +### 内存脏页参数调优 + +```shell +echo 500 > /proc/sys/vm/dirty_expire_centisecs +echo 100 > /proc/sys/vm/dirty_writeback_centisecs +``` + +### Hive调优 + +#### 组件参数配置 + +| 组件 | 参数名 | 推荐值 | 修改原因 | +| ----------------------------------------- | --------------------------------------------- | ------------------------------------------------ | ------------------------------------------------------------ | +| Yarn-\>NodeManager Yarn-\>ResourceManager | ResourceManager Java heap size | 1024 | 修改JVM内存大小,保证内存水平较高,减少GC的频率。 **说明:** 非固定值,需要根据GC的释放情况来调大或调小Xms及Xmx的值。 | +|Yarn-\>NodeManager Yarn-\>ResourceManager | NodeManager Java heap size | 1024 | |内存大小,保证内存水平较高,减少GC的频率。 **说明:** 非固定值,需要根据GC的释放情况来调大或调小Xms及Xmx的值。 +| Yarn-\>NodeManager | yarn.nodemanager.resource.cpu-vcores | 与实际数据节点的总物理核数相等。 | 可分配给Container的CPU核数。 | +|Yarn->NodeManager | yarn.nodemanager.resource.memory-mb | 与实际数据节点物理内存总量相等。 | 可分配给Container的内存。 | +| Yarn->NodeManager | yarn.nodemanager.numa-awareness.enabled | true | NodeManager启动Container时的Numa感知,需手动添加。 | +|Yarn->NodeManager | yarn.nodemanager.numa-awareness.read-topology | true | NodeManager的Numa拓扑自动感知,需手动添加。 | +| MapReduce2 | mapreduce.map.memory.mb | 7168 | 一个Map Task可使用的内存上限。 | +|MapReduce2 | mapreduce.reduce.memory.mb | 14336 | 一个Reduce Task可使用的资源上限。 | +| MapReduce2 | mapreduce.job.reduce.slowstart.completedmaps | 0.35 | 当Map完成的比例达到该值后才会为Reduce申请资源。 | +| HDFS-\>NameNode | NameNode Java heap size | 3072 | 修改JVM内存大小,保证内存水平较高,减少GC的频率。 | +| HDFS->NameNode | NameNode new generation size | 384 | |修改JVM内存大小,保证内存水平较高,减少GC的频率。 +|HDFS->NameNode | NameNode maximum new generation size | 384 | |修改JVM内存大小,保证内存水平较高,减少GC的频率。 +|HDFS->NameNode | dfs.namenode.service.handler.count | 32 | NameNode RPC服务端监测DataNode和其他请求的线程数,可适量增加。 | +|HDFS->NameNode | dfs.namenode.handler.count | 1200 | NameNode RPC服务端监测客户端请求的线程数,可适量增加。 | +| HDFS-\>DataNode | dfs.datanode.handler.count | 512 | DataNode服务线程数,可适量增加。 | +| TEZ | tez.am.resource.memory.mb | 7168 | 等同于yarn.scheduler.minimum-allocation-mb,默认7168。 | +| TEZ | tez.runtime.io.sort.mb | SQL1: 32 SQL2: 256 SQL3: 256 SQL4: 128 SQL5: 64 | 根据不同的场景进行调整。 | +|TEZ | tez.am.container.reuse.enabled | true | Container重用开关。 | +|TEZ | tez.runtime.unordered.output.buffer.size-mb | 537 | 10%\* hive.tez.container.size。 | +|TEZ | tez.am.resource.cpu.vcores | 10 | 使用的虚拟CPU数量,默认1,需要手动添加。 | +|TEZ | tez.container.max.java.heap.fraction | 0.85 | 基于Yarn提供的内存,分配给java进程的百分比,默认是0.8,需要手动添加。 | + +#### numa特性开启 + +Yarn组件在3.1.0版本合入的新特性支持,支持Yarn组件在启动Container时使能NUMA感知功能,原理是读取系统物理节点上每个NUMA节点的CPU核、内存容量,使用Numactl命令指定启动container的CPU范围和membind范围,减少跨片访问。 + +1. 安装numactl + +```shell +yum install numactl.aarch64 +``` + +2. 开启NUMA感知 + +``` +yarn.nodemanager.numa-awareness.enabled true +yarn.nodemanager.numa-awareness.read-topology true +``` + +在组件参数配置已列出。 + +## Hbase组件调优 + +### Hbase调优 + +#### 组件参数配置 + +如下参数为本次测试所配置参数,x86计算平台和鲲鹏920计算平台参数仅有Yarn部分参数有差异(差异处表格中有体现),hbase和hdfs采用同一套参数进行测试。 + +| 组件 | 参数名 | 推荐值 | 修改原因 | +| ----------------------------------------- | --------------------------------------------- | -------------------------------- | ------------------------------------------------------------ | +| Yarn-\>NodeManager Yarn-\>ResourceManager | ResourceManager Java heap size | 1024 | 修改JVM内存大小,保证内存水平较高,减少GC的频率。 | +| Yarn-\>NodeManager Yarn-\>ResourceManager | NodeManager Java heap size | 1024 | | +| Yarn-\>NodeManager | yarn.nodemanager.resource.cpu-vcores | 与实际数据节点的总物理核数相等。 | 可分配给Container的CPU核数。 | +|Yarn->NodeManager | yarn.nodemanager.resource.memory-mb | 与实际数据节点物理内存总量相等。 | 可分配给Container的内存。 | +|Yarn->NodeManager | yarn.nodemanager.numa-awareness.enabled | true | NodeManager启动Container时的Numa感知,需手动添加。 | +|Yarn->NodeManager | yarn.nodemanager.numa-awareness.read-topology | true | NodeManager的Numa拓扑自动感知,需手动添加。 | +| MapReduce2 | mapreduce.map.memory.mb | 7168 | 一个Map Task可使用的内存上限。 | +|MapReduce2 | mapreduce.reduce.memory.mb | 14336 | 一个Reduce Task可使用的资源上限。 | +|MapReduce2 | mapreduce.job.reduce.slowstart.completedmaps | 0.35 | 当Map完成的比例达到该值后才会为Reduce申请资源。 | +| HDFS-\>NameNode | NameNode Java heap size | 3072 | 修改JVM内存大小,保证内存水平较高,减少GC的频率。 | +| HDFS-\>NameNode | NameNode new generation size | 384 | |修改JVM内存大小,保证内存水平较高,减少GC的频率。 +| HDFS-\>NameNode | NameNode maximum new generation size | 384 | |修改JVM内存大小,保证内存水平较高,减少GC的频率。 +| HDFS-\>NameNode | dfs.namenode.service.handler.count | 128 | NameNode RPC服务端监测DataNode和其他请求的线程数,可适量增加。 | +| HDFS-\>NameNode | dfs.namenode.handler.count | 1200 | NameNode RPC服务端监测客户端请求的线程数,可适量增加。 | +| HDFS-\>DataNode | dfs.datanode.handler.count | 512 | DataNode服务线程数,可适量增加。 | +| HBase-\>RegionServer | HBase RegionServer Maximum Memory | 31744 | 修改JVM内存大小,保证内存水平较高,减少GC的频率。 | +|HBase-\>RegionServer | hbase.regionserver.handler.count | 150 | RegionServer上的RPC服务器实例数量。 | +|HBase-\>RegionServer | hbase.regionserver.metahandler.count | 150 | RegionServer中处理优先请求的程序实例的数量。 | +| HBase-\>RegionServer | hbase.regionserver.global.memstore.size | 0.4 | 最大JVM堆大小(Java -Xmx设置)分配给MemStore的比例。 | +|HBase-\>RegionServer | hfile.block.cache.size | 0.4 | 数据缓存所占的RegionServer GC -Xmx百分比。 | +|HBase-\>RegionServer | hbase.hregion.memstore.flush.size | 267386880 | Regionserver memstore大小,增大可以减小阻塞。 | + +#### numa特性开启 + +Yarn组件在3.1.0版本合入的新特性支持,支持Yarn组件在启动Container时使能NUMA感知功能,原理是读取系统物理节点上每个NUMA节点的CPU核、内存容量,使用Numactl命令指定启动container的CPU范围和membind范围,减少跨片访问。 + +1. 安装numactl + +```shell +yum install numactl.aarch64 +``` + +2. 开启NUMA感知 + +``` +yarn.nodemanager.numa-awareness.enabled true +yarn.nodemanager.numa-awareness.read-topology true +``` + +在组件参数配置已列出。 diff --git a/archive/X-diagnosis/X-diagnosis.md b/archive/X-diagnosis/X-diagnosis.md new file mode 100644 index 0000000000000000000000000000000000000000..e9e5b89395f34788df2aeb6fe174e54171d12149 --- /dev/null +++ b/archive/X-diagnosis/X-diagnosis.md @@ -0,0 +1,433 @@ +# x-diagnose + +## 概述 + +X-diagnose基于EulerOS维护团队多年运维经验,通过对案例的总结/分析形成的系统运维工具集, +主要功能包含问题定位、系统巡检/监控、ftrace增强、一键收集日志等功能,是一款集成分析、 +流程跟踪、信息定时记录、历史经验固化等功能于一体的OS内核问题定位工具。 + +## 安装x-diagnose + +**(1) 依赖软件** + +* python 3.7+ + +**(2) 下载rpm包** + +``` +rpm -ivh xdiagnose-1.x-x.rpm +```P + +## 1. 命令汇总 + +* xdiag +* xd_tcpreststackPF +* xd_tcpskinfo +* xd_arpstormcheck +* xd_sysinspect +* xd_scsiiocount +* xd_scsiiotrace + +### 1.0 xdiag + +```shell +usage: xdiag [-h] [--inspect] {tcphandcheck,eftrace,ntrace,hook} ... + +xdiagnose tool + +optional arguments: + -h, --help show this help message and exit + --inspect inspector module + +select module: + {tcphandcheck,eftrace,ntrace,hook} + tcphandcheck tcp_hand_check module + eftrace eftrace module + ntrace net trace module + hook hook module +``` + +**--inspect :系统异常巡检(可以和select module一起使用)支持如下检测项:** + +* ipv6路由缓存满 +* TIMEWAIT状态连接满 +* arp、连接跟踪满 +* snmp或者stat异常 +* 网卡异常统计pause帧、tx_timeout、drop、error +* bond4异常检测: +1)网卡速率不相等 +2)lacp协商没有成功 +* tcp、udp、ip分片等内存满 +* dns无法解析(gethostbyname) +* cron没法运行 +* ntp时钟不准 +* ip冲突检测 +* cpu冲高检测 +* 磁盘满、inode句柄不足 +* 内存不足、sysctl/sshd配置运行过程中修改 + +**tcphandcheck:跟踪tcp的3次握手阶段经常会出现问题,支持定位如下问题:** + +* 连接队列满 +* bind失败 +* timewait连接复用失败 +* 文件句柄超出导致无法创建socket +* 端口复用场景下连接闪断后seq序号异常导致的无法建链 + +**eftrace** + +#### 概述 + +eftrace是ftrace命令生成的偏移计算辅助工具。用户可以使用eftrace方便地生成不同内核版本下的ftrace命令。 + +#### 使用方法 + +#### (1) 举例 + +生成在协议栈调用`ip_rcv_core`函数时打印源地址为`192.168.56.102`的命令: + +```shell +xdiag eftrace 'p:ip_rcv_core ip_rcv_core srcip=(struct iphdr *)($r0->data)->saddr f:srcip==0x6638a8c0' +``` + +生成在协议栈调用`inet_csk_accept`函数结束时返回值为0的命令: + +```shell +xdiag eftrace 'r:inet_csk_accept inet_csk_accept ret=$retval f:ret==0' +``` + +#### (2) 命令解析 + +* `p:` 表示kprobe event +* `r:` 表示kretprobe event +* `f:` 表示kprobe filter过滤 +* `$rx` 表示函数参数,x为参数位置,第一个参数为`$r0` + +#### (3) 可以使用强制类型转换,以及手动指定偏移 + +```shell +xdiag eftrace 'p:ip_rcv_finish ip_rcv_finish +srcip=(struct iphdr *)($r2->data)->saddr +srcport=(struct tcphdr *)($r2->data + 20)->source' +``` + +在函数`ip_rcv_finish`中,`sk_buff`的`data`成员是`unsigned char *`类型,指向报文的ip头,可以强制转换为`iphdr *`获取ip头的内容。 + +当想获取tcp头的内容时,对`data`进行ip头长度的偏移后可指向tcp头并获取信息。 + +额外的偏移可以直接指定,或者使用`sizeof`的方式获取偏移长度: + +`srcport=(struct tcphdr *)($r2->data + sizeof(struct iphdr))->source` + +**xd_sysinspect** + +#### 参数说明 + +xd_sysinspect [-i interval] [-r rotate] [-d dest] [-z gzip] [-s size] [-c cpu_thresh] [-m mem_thresh] [-o] + +* -i interval: + 收集日志的时间间隔,单位秒 +* -r rotate: + 保留日志的份数 +* -d dest: + 日志文件保存的路径 +* -z gzip: + 用于压缩日志文件的命令,默认gzip +* -s size: + 指定该参数后使用日志文件的大小(MB)进行日志分割,超过设定值后会被压缩保存。不指定该参数默认按照小时压缩分割 +* -o: + 只记录触发CPU、内存阈值门限时的日志。如不指定该参数,则按照时间间隔收集日志 +* -c cpu_thresh: + CPU使用率的阈值,超过阈值、恢复阈值会触发日志记录 +* -m mem_thresh: + 内存使用率的阈值,超过阈值、恢复阈值会触发日志记录 + +#### 日志收集方式 + +* 每个interval在系统内收集一次信息 +* cpu,mem统计以interval为间隔,通过读取/proc下的数据计算使用率 + +#### 使用示例 + +#### 以时间为单位抓取日志 + +`xd_sysinspect -i 30 -r 48` + +* -i 30: + 每30秒收集一次日志 +* -r 48: + 每小时分割一次日志文件,保留48份日志 + +#### 以CPU、内存使用率阈值抓取日志 + +`xd_sysinspect -i 30 -r 20 -s 10 -c 80` + +* -i 30 + CPU、内存检查时间间隔30秒 +* -r 20 + 日志文件保留20份 +* -s 10 + 日志文件分割大小10(MB)。当日志文件达到指定值10MB时会进行分割 +* -c 80 + 指定CPU阈值,CPU使用率达到80%时记录一次日志;当使用率降至阈值以下,并重新冲高超过阈值,会再次记录 + +**ntrace:** + +```shell +usage: xdiag ntrace [-h] [-r READ_FILE] [-w WRITE_FILE] [-t TIMEOUT] [--qlen QLEN] [--cpu_mask CPU_MASK] [-b] [-i INTERFACE] {tcp,udp,icmp} ... + +optional arguments: + -h, --help show this help message and exit + -r READ_FILE, --read_file READ_FILE + read an existing trace file + -w WRITE_FILE, --write_file WRITE_FILE + trace write to a specified file + -t TIMEOUT, --timeout TIMEOUT + specify a running time of process + --cpu_mask CPU_MASK set ftrace cpu tracing_mask + -i INTERFACE, --interface INTERFACE + specify an interface + +select protocol: + {tcp,udp,icmp} + tcp tcp protocol + udp udp protocol + icmp icmp protocol +``` + +**expression** :指定一个过滤报文的表达式,协议[tcp|udp],地址[host|src|dst],端口号[port|sport|dport],逻辑运算符[and|or]。 +**-r** READFILE:读取一个已存在的trace输出文件,比如/var/log/x-diagnose/rawlog/raw_diag.log +**-w** WRITEFILE:将trace命令日志写入文件 +**-i** INTERFACE:指定抓取的网卡 +**-t** TIMEOUT:运行时间,单位为秒 +**--cpu_mask** CPU_MASK:设置ftrace的cpumask用以跟踪指定的cpu + +***说明***: +由于使用ftrace实现,xdiag下的select module功能模块不能复用 + +**hook:在定位问题时,方便确认各hook点的流程,跟踪这些钩子函数:** + +```shell +Usage: hook [ OPTIONS ] + --dev 网络设备过滤 + --host IP地址过滤 +``` + +### 1.1 xd_tcpreststack + +```shell +Usage: xd_tcpreststack [ OPTIONS ] + -h,--help this message + -t,--time The frequency of the probe/ms + -d,--depth Kernel stack Depth\n +``` + +#### 功能 + +监控tcp协议栈(v4/v6)reset信息。 + +#### -t,--time + +监控的时间间隔,单位ms, 建议保持默认值500ms; + +#### -d,--depth + +内核调用栈深度,默认3层 + +### 1.2 xd_tcpskinfo + +```shell +Usage: xd_tcpskinfo [ OPTIONS ] + -h,--help this message + -a,--addr filter IP addr + -p,--port filter port +``` + +#### 功能 + +查看tcp连接socket关键的信息,ss命令抓的信息不够全部一些关键信息没有包含。该工具总结tcp连接在debug过程中经常需要的信息,用来辅助协议栈问题定位。包括如下信息: + +#### -a,--addr + +IP地址过滤,不区分源地址或者目的地。 + +#### -p,--port + +端口过滤,不区分源端口或者目的端口。 + +### 1.3 xd_arpstormcheck + +```shell +Usage: xd_arpstormcheck [ OPTIONS ] + -h,--help this message + -i,--interval The interval time of the probe/s + -c,--count check count, default 1 + -f,--freq filter freq, $$ times per second +``` + +#### 功能 + +监控当前网络是否发发生网络风暴。 + +#### -i,--interval + +监控的时间间隔,默认1s。 + +#### -c,--count + +总监控的次数,监控次数完成后监控工具自动退出。 + +#### -f,--freq + +监控的告警阈值,每秒收到的报文,超过了此阈值,则告警提示网络风暴相关信息; + +### 1.4 xd_scsiiotrace + +```shell +USAGE: xd_scsiiotrace [--help] [-d h:c:t:l] [-E] + +EXAMPLES: + xd_scsiiotrace # Report all scsi cmnd result + xd_scsiiotrace -E # Report error/timeout scsi cmnd result + xd_scsiiotrace -p 0x8000002 # Parse the scsi cmnd result. + xd_scsiiotrace -d 0:0:0:1 # Trace the scsi device only. + + -d, --device=h:c:t:l Trace this scsi device only + -E, --error Trace error/timeout scsi cmnd. (default trace all + scsi cmnd) + -p, --parse=result Parse the scsi cmnd result.(format hex) + -?, --help Give this help list + --usage Give a short usage message +``` + +#### 功能 + +用于监控scsi命令执行结果: +DRIVER_RESULT: 驱动返回结果 +SCSI_RESULT: SCSI转换后的结果。 +DISPOSION: +1)SUCCESS:成功 +2)NEEDS_RETRY/ADD_TO_MLQUEUE:重新入队列 +3)TIMEOUT_ERROR: 命令超时 + +#### -d,--device + +指定需要监控的设备,默认监控所有。 + +#### -E,--error + +只监控不成功的命令(错误或者超时),默认监控所有命令。 + +#### -p,--parse + +用于解析 DRIVER_RESULT或者SCSI_RESULT值具体含义. 默认显示hex值 + +### 1.5 xd_scsiiocount + +```shell +USAGE: xd_scsiiocount [--help] [-t times] [-d device] [-i interval] + +EXAMPLES: + xd_scsiiocount # report all scsi device I/O scsi cmnd count + xd_scsiiocount -i 10 # print 10 second summaries + xd_scsiiocount -d sdc # Trace sdc only + xd_scsiiocount -t 5 # report times + + -d, --device=device Trace this disk only + -i, --interval=interval refresh interval(secs) + -t, --times=times report scsi device I/O times + -?, --help Give this help list + --usage Give a short usage message +``` + +#### 功能 + +用于监控scsi命令下发的命令统计. + +#### -d,--device + +指定需要监控的设备,默认监控所有。 + +#### -i,--interval + +监控的时间间隔,默认5s。 + +#### -t,--times + +监控的次数. 次数达到后,则结束本次监控 + +### 1.6 xd_ext4fsstat + +```shell +USAGE: xd_ext4fstat [--help] [-t times] [-i interval] [-s SORT] [-o opcode] + +EXAMPLES: + xd_ext4fsstat#Trace file read/write stat for ext4 filesystem + xd_ext4fsstat -i 10#printf 10 second summaries + xd_ext4fsstat -m /mnt/test#Trace the special mount point for ext4 filesystem. + xd_ext4fsstat -s r#Sort the read bytes + xd_ext4fsstat -o r#Trace read only, default read and wriete + xd_ext4fsstat -t 5#Trace 5 times + xd_ext4fsstat -v p#show the pid view + + -c, --clean Clean the trace data + -C, --clear Clear the screen + -i, --interval=INTERVAL Refreash interval(secs), default 5s. + -m, --mnt=MNTPOINT the special mount point + -o, --opcode=OPCODE Trace file r/w, defalut both. + -p, --pid=PID Trace the pid only + -s, --sort=SORT Sort r/w/wb, default read + -t, --times=TIMES Trace times + -T, --top=TOP show the topN (1~8192) + -v, --view=VIEW p:pids view, f: files view, defaut file view + -?, --help Give this help list + --usage Give a short usage message +``` + +#### 功能 + +用于监控ext4 文件系统读/写数据量统计. + +#### -c,--clean + +每个周期统计完数据后,历史数据将被清空,重新统计,默认是累积. + +#### -C,--clear + +每个周期显示统结果后,清理屏幕 + +#### -i,--interval + +监控的时间间隔,默认5s. + +#### -m,--mnt + +指定监控特定ext4挂载点数据. + +#### -o,--opcode + +指定监控read或者write,默认两者都监控. + +#### -p,--pid + +指定监控特定pid. + +#### -s,--sort + +指定对监控数据进行排序,默认对read进行排序. + +#### -t,--times + +监控的次数. 次数达到后,则结束本次监控. + +#### -T,--top + +指定只显示top数据,默认显示所有监控到的数据. + +#### -v,--view + +指定显示模式,p:进程模式,f:文件默认,默认只显示文件模式 +注:进程模式下,多进程对同一有写入场景下,显示的writeback数据为文件写入总数据 + 非该单进程写入总数据. + +#### diff --git "a/archive/astream/astream\345\272\224\347\224\250\344\272\216MySQL\346\214\207\345\257\274.md" "b/archive/astream/astream\345\272\224\347\224\250\344\272\216MySQL\346\214\207\345\257\274.md" new file mode 100644 index 0000000000000000000000000000000000000000..8b5b0b04019982df0a05c7bf154038ecf7722814 --- /dev/null +++ "b/archive/astream/astream\345\272\224\347\224\250\344\272\216MySQL\346\214\207\345\257\274.md" @@ -0,0 +1,572 @@ +# astream使能MySQL测试步骤 + +## 1 环境要求 + +### 1.1 硬件 + +要求服务端(server)和客户端(client)各一台。 + +| | Server | Client | +| :------- | :-----------------------------: | :-----------------------: | +| CPU | Kunpeng 920-6426 * 2 | Kunpeng 920-6426 * 2 | +| 核数 | 64cores*2 | 64cores*2 | +| 主频 | 2600MHz | 2600MHz | +| 内存大小 | 16 * 32G Samsung 2666 MHz | 16 * 32G Samsung 2666 MHz | +| 网络 | SP580 10GE | SP580 10GE | +| 系统盘 | 1.2T HDD TOSHIBA | 1.12 HDD TOSHIBA | +| 数据盘 | 1.6T ES3000 V5 NVMe PCIe SSD*2 | NA | + +### 1.2 软件 + +| 软件名称 | 版本 | +| :----------: | :----: | +| mysql | 8.0.20 | +| benchmarksql | 5.0 | + +### 1.3 组网 + +\ + +## 2. Server端部署 + +### 2.1 安装mysql依赖包 + +```shell +yum install -y cmake doxygen bison ncurses-devel openssl-devel libtool tar rpcgen libtirpc-devel bison bc unzip git gcc-c++ libaio libaio-devel numactl +``` + +### 2.2 编译安装mysql + +- 从[官网下载](https://downloads.mysql.com/archives/community/)下载源码包。 + +- 下载优化补丁: [细粒度锁优化特性补丁](https://github.com/kunpengcompute/mysql-server/releases/download/tp_v1.0.0/0001-SHARDED-LOCK-SYS.patch) 、 [NUMA调度补丁](https://github.com/kunpengcompute/mysql-server/releases/download/21.0.RC1.B031/0001-SCHED-AFFINITY.patch) 、 [无锁优化特性补丁](https://github.com/kunpengcompute/mysql-server/releases/download/tp_v1.0.0/0002-LOCK-FREE-TRX-SYS.patch)。 + +- 编译mysql。编译前确保已安装`libaio-devel`包。 + + ```shell + tar zxvf mysql-boost-8.0.20.tar.gz + cd mysql-8.0.20/ + patch -p1 < ../0001-SHARDED-LOCK-SYS.patch + patch -p1 < ../0001-SCHED-AFFINITY.patch + patch -p1 < ../0002-LOCK-FREE-TRX-SYS.patch + cd cmake + make clean + cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-8.0.20 -DWITH_BOOST=../boost -DDOWNLOAD_BOOST=1 + make -j 64 + make install + ``` + +### 2.3 配置mysql参数 + +为了使磁盘压力足够大,测试过程中采用**mysql双实例**跑法。其中实例1对应的配置文件为/etc/my-1.cnf,实例2对应的配置文件为/etc/my-2.cnf。 + +- /etc/my-1.cnf + +```cnf +[mysqld_safe] +log-error=/data/mysql-1/log/mysql.log +pid-file=/data/mysql-1/run/mysqld.pid + +[client] +socket=/data/mysql-1/run/mysql.sock +default-character-set=utf8 + +[mysqld] +server-id=3306 +#log-error=/data/mysql-1/log/mysql.log +#basedir=/usr/local/mysql +socket=/data/mysql-1/run/mysql.sock +tmpdir=/data/mysql-1/tmp +datadir=/data/mysql-1/data +default_authentication_plugin=mysql_native_password +port=3306 +user=root +#innodb_page_size=4k + +max_connections=2000 +back_log=4000 +performance_schema=OFF +max_prepared_stmt_count=128000 +#transaction_isolation=READ-COMMITTED +#skip-grant-tables + +#file +innodb_file_per_table +innodb_log_file_size=2048M +innodb_log_files_in_group=32 +innodb_open_files=10000 +table_open_cache_instances=64 + +#buffers +innodb_buffer_pool_size=150G # 根据系统内存大小可调整 +innodb_buffer_pool_instances=16 +innodb_log_buffer_size=2048M +#innodb_undo_log_truncate=OFF + +#tune +default_time_zone=+8:00 +#innodb_numa_interleave=1 +thread_cache_size=2000 +sync_binlog=1 +innodb_flush_log_at_trx_commit=1 +innodb_use_native_aio=1 +innodb_spin_wait_delay=180 +innodb_sync_spin_loops=25 +innodb_flush_method=O_DIRECT +innodb_io_capacity=30000 +innodb_io_capacity_max=40000 +innodb_lru_scan_depth=9000 +innodb_page_cleaners=16 +#innodb_spin_wait_pause_multiplier=25 + +#perf special +innodb_flush_neighbors=0 +innodb_write_io_threads=24 +innodb_read_io_threads=16 +innodb_purge_threads=32 + +sql_mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION,NO_AUTO_VALUE_ON_ZERO,STRICT_ALL_TABLES + +#skip_log_bin +log-bin=mysql-bin # 开启mysql-bin +binlog_expire_logs_seconds=1800 # 根据需要生成的数据量能够维持长时间运行可调整 +ssl=0 +table_open_cache=30000 +max_connect_errors=2000 +innodb_adaptive_hash_index=0 + +mysqlx=0 +``` + +- /etc/my-2.cnf + +```cnf +[mysqld_safe] +log-error=/data/mysql-2/log/mysql.log +pid-file=/data/mysql-2/run/mysqld.pid + +[client] +socket=/data/mysql-2/run/mysql.sock +default-character-set=utf8 + +[mysqld] +server-id=3307 +#log-error=/data/mysql-2/log/mysql.log +#basedir=/usr/local/mysql +socket=/data/mysql-2/run/mysql.sock +tmpdir=/data/mysql-2/tmp +datadir=/data/mysql-2/data +default_authentication_plugin=mysql_native_password +port=3307 +user=root +#innodb_page_size=4k + +max_connections=2000 +back_log=4000 +performance_schema=OFF +max_prepared_stmt_count=128000 +#transaction_isolation=READ-COMMITTED +#skip-grant-tables + +#file +innodb_file_per_table +innodb_log_file_size=2048M +innodb_log_files_in_group=32 +innodb_open_files=10000 +table_open_cache_instances=64 + +#buffers +innodb_buffer_pool_size=150G # 根据系统内存大小可调整 +innodb_buffer_pool_instances=16 +innodb_log_buffer_size=2048M +#innodb_undo_log_truncate=OFF + +#tune +default_time_zone=+8:00 +#innodb_numa_interleave=1 +thread_cache_size=2000 +sync_binlog=1 +innodb_flush_log_at_trx_commit=1 +innodb_use_native_aio=1 +innodb_spin_wait_delay=180 +innodb_sync_spin_loops=25 +innodb_flush_method=O_DIRECT +innodb_io_capacity=30000 +innodb_io_capacity_max=40000 +innodb_lru_scan_depth=9000 +innodb_page_cleaners=16 +#innodb_spin_wait_pause_multiplier=25 + +#perf special +innodb_flush_neighbors=0 +innodb_write_io_threads=24 +innodb_read_io_threads=16 +innodb_purge_threads=32 + +sql_mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION,NO_AUTO_VALUE_ON_ZERO,STRICT_ALL_TABLES + +log-bin=mysql-bin +#skip_log_bin # 开启mysql-bin +binlog_expire_logs_seconds=1800 # 根据需要生成的数据量能够维持长时间运行可调整 +ssl=0 +table_open_cache=30000 +max_connect_errors=2000 +innodb_adaptive_hash_index=0 + +mysqlx=0 +``` + +### 2.4 部署mysql + +```shell +#!/bin/bash +systemctl stop firewalld +systemctl disable irqbalance +echo 3 > /proc/sys/vm/drop_caches +mysql=mysql-8.0.20 +prepare_mysql_data() +{ + umount /dev/nvme0n1 + rm -rf /data + mkfs.xfs /dev/nvme0n1 -f + groupadd mysql + useradd -g mysql mysql + mkdir /data + mount /dev/nvme0n1 /data + mkdir -p /data/{mysql-1,mysql-2} + mkdir -p /data/mysql-1/{data,run,share,tmp,log} + mkdir -p /data/mysql-2/{data,run,share,tmp,log} + chown -R mysql:mysql /data + chown -R mysql:mysql /data/mysql-1 + chown -R mysql:mysql /data/mysql-2 + touch /data/mysql-1/log/mysql.log + touch /data/mysql-2/log/mysql.log + chown -R mysql:mysql /data/mysql-1/log/mysql.log + chown -R mysql:mysql /data/mysql-2/log/mysql.log +} +init_mysql() +{ + /usr/local/$mysql/bin/mysqld --defaults-file=/etc/my.cnf --user=root --initialize + /usr/local/$mysql/support-files/mysql.server start + sed -i 's/#skip-grant-tables/skip-grant-tables/g' /etc/my.cnf + /usr/local/$mysql/support-files/mysql.server restart + /usr/local/$mysql/bin/mysql -u root -p123456 < + +重启后,设置开启STEAL模式即可。 + +```shell +echo STEAL > /sys/kernel/debug/sched_features +``` + +### 4.2 关闭测试影响项 + +```shell +#关闭irqbalance +systemctl stop irqbalance.service +systemctl disable irqbalance.service + +#关闭防火墙 +systemctl stop iptables +systemctl stop firewalld +``` + +### 4.3 网卡中断绑核 + +```shell +#服务端绑中断(根据环境替换网卡名称、绑核cpu核) +ethtool -L enp4s0 combined 6 +irq1=`cat /proc/interrupts| grep -E enp4s0 | head -n5 | awk -F ':' '{print $1}'` +cpulist=(61 62 63 64 65 66) ## 自行根据环境调整为需要固定处理网卡中断请求的核 +c=0 +for irq in $irq1 +do +echo ${cpulist[c]} "->" $irq +echo ${cpulist[c]} > /proc/irq/$irq/smp_affinity_list +let "c++" +done +``` + +### 4.4 安装nvme-cli工具 + +nvme-cli是一个用于监控和配置管理NVMe设备的命令行工具。可用于开启NVMe SSD多流功能以及通过log相关的命令获取控制器的各类日志记录等功能。 + +```shell +yum install nvme-cli +``` + +### 4.5 开启NVMe 磁盘的多流特性 + +- 查询NVMe SSD磁盘当前的多流使能情况。 + + ```shell + nvme dir-receive /dev/nvme0n1 -n 0x1 -D 0 -O 1 -H + ``` + + \ + + 回显结果表示,当前NVMe SSD支持Stream Directive,即支持开启多流特性,当前的状态为关闭状态。 + +- 启用多流功能。 + + ```shell + modprobe -r nvme + modprobe nvme-core streams=1 + modprobe nvme + ``` + +- 再次查询NVMe SSD磁盘当前的多流使能情况。 + + \ + + 回显结果表示,当前NVMe SSD已开启多流特性。 + +### 4.6 mysql双实例数据准备 + +为了统一基线测试和多流测试的流程,每次测试前格式化磁盘,统一从/bak目录下拷贝两份数据到两个mysql实例的对应数据目录下。 + +```shell +prepare_mysql_data() +{ + umount /dev/nvme0n1 + rm -rf /data + mkfs.xfs /dev/nvme0n1 -f + mkdir /data + mount /dev/nvme0n1 /data + mkdir -p /data/{mysql-1,mysql-2} + mkdir -p /data/mysql-1/{data,run,share,tmp,log} + mkdir -p /data/mysql-2/{data,run,share,tmp,log} + chown -R mysql:mysql /data + chown -R mysql:mysql /data/mysql-1 + chown -R mysql:mysql /data/mysql-2 + touch /data/mysql-1/log/mysql.log + touch /data/mysql-2/log/mysql.log + chown -R mysql:mysql /data/mysql-1/log/mysql.log + chown -R mysql:mysql /data/mysql-2/log/mysql.log +} + +prepare_mysql_data() +# 格式化后,创建mysql双实例对应的数据目录,即可启动astream +astream -i /data/mysql-1/data /data/mysql-2/data -r rule1.txt rule2.txt# ---->该步骤测试基线时请去掉 +cp -r /bak/* /data/mysql-1/data +cp -r /bak/* /data/mysql-2/data +``` + +然后,查看待测磁盘/dev/nvme0n1的空间占用率情况(`df -h`)是否在60%-70%左右即可。 + +### 4.7 绑核启动mysql服务 + +```shell +#启动mysql双实例 +numactl -C 0-60 -i 0-3 /usr/local/bin/mysqld --defaults-file=/etc/my-1.cnf & +numactl -C 67-127 -i 0-3 /usr/local/bin/mysqld --defaults-file=/etc/my-2.cnf & +``` + +### 4.8 设置定时任务 + +拷贝数据或生成数据成功后,在执行mysql测试前,为了衡量磁盘的写放大水平,在12小时(720mins)的测试过程中,每隔1小时利用定时器`crontab`执行计算磁盘WA的脚本`calculate_wa.sh`。 + +```shell +#!/bin/bash + +source /etc/profile +source ~/.bash_profile + +BASE_PATH=$(cd $(dirname $0);pwd) +diskName=$1 + +echo 0x`/usr/bin/nvme get-log /dev/${diskName}n1 -i 0xc0 -n 0xffffffff -l 800|grep "01c0:"|awk '{print $13$12$11$10$9$8$7$6}'` >> ${BASE_PATH}/host_tmp +echo 0x`/usr/bin/nvme get-log /dev/${diskName}n1 -i 0xc0 -n 0xffffffff -l 800|grep "01d0:"|awk '{print $9$8$7$6$5$4$3$2}'` >> ${BASE_PATH}/gc_tmp + +# IO write counts,unit:4K # +hostWriteHexSectorTemp=`tail -1 ${BASE_PATH}/host_tmp` +# GC write counts,unit 4k # +gcWriteHexSectorTemp=`tail -1 ${BASE_PATH}/gc_tmp` +hostWriteDecSectorTemp=`printf "%llu" ${hostWriteHexSectorTemp}` +gcWriteDecSectorTemp=`printf "%llu" ${gcWriteHexSectorTemp}` +preHostValue=`tail -2 ${BASE_PATH}/host_tmp|head -1` +preGcValue=`tail -2 ${BASE_PATH}/gc_tmp|head -1` +preHostValue=`printf "%llu" ${preHostValue}` +preGcValue=`printf "%llu" ${preGcValue}` + +# IO write counts for a period of time +hostWrittenSector=$(echo ${hostWriteDecSectorTemp}-${preHostValue} | bc -l) +# Gc write counts for a period of time +gcWrittenSector=$(echo ${gcWriteDecSectorTemp}-${preGcValue} | bc -l) +nandSector=$(echo ${hostWrittenSector}+${gcWrittenSector} | bc -l) + +# unit from kB->MB +hostWrittenMB=$((${hostWrittenSector}/256)) +nandWrittenMB=$((${nandSector}/256)) + +# compute the WA +WA=$(echo "scale=5;${nandSector}/${hostWrittenSector}" | bc) +echo $nandWrittenMB $hostWrittenMB $WA >> ${BASE_PATH}/result_WA.txt +``` + +可执行`crontab -e`,加入每隔1小时执行脚本命令的定时任务,命令如下: + +```shell +0 */1 * * * bash /root/calculate_wa.sh nvme0 +``` + +若所测的`NVMe`磁盘盘符名为`/dev/nvme0n1`,则定时任务中脚本的参数传入`nvme0`即可。 + +### 4.9 启动mysql双实例测试 + +执行测试前,确保已使能NVMe SSD磁盘的多流特性。 + +客户端工具根目录下执行测试如下: + +```shell +cd benchmarksql5.0-for-mysql +./runBenchmark.sh props.conf +./runBenchmark.sh props-2.conf +``` + +### 4.10 停止astream进程 + +本步骤测试基线时无需操作,若测试多流结束后,执行如下命令停止astream进程: + +```shell +astream stop +``` + +## 5 测试结果 + +使用定时器脚本的结果,在脚本所在目录的result_WA.txt下输出。每次测试结束后,从中选择最近12条非0数据即可。 + +当磁盘有数据写入时,result_WA.txt中每一行有三个值,其意义如下: + +- 1小时内磁盘实际写入的数据量。 +- 1小时内主机提交的写入量。 +- 当前的磁盘WA,根据附录中的公式即可算出每个小时内磁盘的WA水平。 + +**当前实测,在使用astream情况下,mysql长稳运行后期,NVMe SSD磁盘稳定保持12%的WA下降幅度,即性能较前提升12%**。 + +## 6 附录 + +**写入放大**(英语:Write amplification,简称**WA**)是闪存和固态硬盘(SSD)中一种不良的现象,即磁盘实际写入的数据量是写入数据量的多倍。其公式为: + +$$ +WA=\frac{磁盘实际写入的数据量}{主机提交的写入数据量} +$$ + +一般来说,随着数据的存储以及磁盘的碎片化愈演愈烈,WA的值将越来越大,如果WA的值能够延迟升高,那么将有助于延长磁盘的使用寿命。 diff --git a/archive/astream/figures/STEAL.png b/archive/astream/figures/STEAL.png new file mode 100644 index 0000000000000000000000000000000000000000..3c6aeab2a69f76353eb02e8b10299488c995d4c1 Binary files /dev/null and b/archive/astream/figures/STEAL.png differ diff --git "a/archive/astream/figures/\345\244\232\346\265\201\347\211\271\346\200\247\345\267\262\344\275\277\350\203\275.PNG" "b/archive/astream/figures/\345\244\232\346\265\201\347\211\271\346\200\247\345\267\262\344\275\277\350\203\275.PNG" new file mode 100644 index 0000000000000000000000000000000000000000..1590dff910f5a35542d2ac06c07addceaf7888bb Binary files /dev/null and "b/archive/astream/figures/\345\244\232\346\265\201\347\211\271\346\200\247\345\267\262\344\275\277\350\203\275.PNG" differ diff --git "a/archive/astream/figures/\345\244\232\346\265\201\347\211\271\346\200\247\346\234\252\344\275\277\350\203\275.PNG" "b/archive/astream/figures/\345\244\232\346\265\201\347\211\271\346\200\247\346\234\252\344\275\277\350\203\275.PNG" new file mode 100644 index 0000000000000000000000000000000000000000..8f08500a44f1dc658870e5aa3702defee004d3b4 Binary files /dev/null and "b/archive/astream/figures/\345\244\232\346\265\201\347\211\271\346\200\247\346\234\252\344\275\277\350\203\275.PNG" differ diff --git "a/archive/astream/figures/\351\203\250\347\275\262.png" "b/archive/astream/figures/\351\203\250\347\275\262.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5ff9f187348eaecd17f2c1b380bb782a38710ad Binary files /dev/null and "b/archive/astream/figures/\351\203\250\347\275\262.png" differ diff --git a/archive/astream/overview.md b/archive/astream/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..809a80d3447ccffe5c6cd03a3b6530a95b1f4b1a --- /dev/null +++ b/archive/astream/overview.md @@ -0,0 +1,3 @@ +# astream用户指南 + +astream是一款延长磁盘使用寿命的工具。它基于Linux提供的inotify机制进行目录监控,同时配合用户针对应用场景定义的流分配规则,为匹配到的文件在创建时设置流信息,而后通过内核透传流信息至已使能多流特性的NVMe SSD磁盘,最终使得文件的存储能够根据流信息的标识进行更优的分类存储,降低磁盘垃圾回收的工作量,从而降低磁盘的写放大水平,最终达到延长磁盘使用寿命。专注于具有明显具有相同或相似生命周期的workload特征的数据库场景应用,如MySQL。 \ No newline at end of file diff --git "a/archive/astream/\345\256\211\350\243\205\344\270\216\344\275\277\347\224\250\346\226\271\346\263\225.md" "b/archive/astream/\345\256\211\350\243\205\344\270\216\344\275\277\347\224\250\346\226\271\346\263\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..b2d41b6f4a9b0226440cc03459766a80529e096a --- /dev/null +++ "b/archive/astream/\345\256\211\350\243\205\344\270\216\344\275\277\347\224\250\346\226\271\346\263\225.md" @@ -0,0 +1,106 @@ +# astream + +## 简介 + +astream是一款延长磁盘使用寿命的工具。它基于Linux提供的inotify机制进行目录监控,同时配合用户针对应用场景定义的流分配规则,为匹配到的文件在创建时设置流信息,而后通过内核透传流信息至已使能多流特性的NVMe SSD磁盘,最终使得文件的存储能够根据流信息的标识进行更优的分类存储,降低磁盘垃圾回收的工作量,从而降低磁盘的写放大水平,最终达到延长磁盘使用寿命。专注于具有明显具有相同或相似生命周期的workload特征的数据库场景应用,如MySQL。 + +## 安装 + +配置 openEuler 的yum源,直接使用yum命令安装 + +```shell +yum install astream +``` + +## 使用方法 + +在介绍astream的使用方法前,首先介绍astream启动所需要的流分配规则文件。 + +### 流分配规则文件与完整示例 + +#### 1.介绍 + +流分配规则文件是用户根据自身对workload特征的理解,针对其中具有相同或相似生命周期的一类数据定义的流信息规则集合的文件。 + +在一个流分配规则文件中,每一行表示定义的一条规则,每条规则示例如下: `^/data/mysql/data/undo 4` 。它表示为路径`/data/mysql/data`下的所有以`undo`为前缀的文件都分配流信息4。 + +#### 2.完整示例 + +如下示例为一个具体的MySQL的流分配规则文件。 + +```text +^/data/mysql/data/ib_logfile 2 +^/data/mysql/data/ibdata1$ 3 +^/data/mysql/data/undo 4 +^/data/mysql/data/mysql-bin 5 +``` + +该规则文件定义了如下四条规则: + +- 以`/data/mysql/data/ib_logfile`为前缀的文件绝对路径对应的文件配置流信息2 + +- 以`/data/mysql/data/ibdata1`为文件绝对路径对应的文件配置流信息3 + +- 以`/data/mysql/data/undo`为前缀的文件绝对路径对应的文件配置流信息4 + +- 以`/data/mysql/data/mysql-bin`为前缀的文件绝对路径对应的文件配置流信息5 + +## 使用说明 + +### 启动astream守护进程 + +假设规则文件`stream_rule1.txt`和`stream_rule2.txt` 位于`/home`下,则 + +- 监控单目录 + + ```shell + astream -i /data/mysql/data -r /home/stream_rule1.txt + ``` + +- 监控多目录 + + 本工具支持同时监控多个目录,即每个监控目录都需要传入与之匹配的流分配规则文件。 + + 如下示例同时监控两个目录: + + ```shell + astream -i /data/mysql-1/data /data/mysql-2/data -r /home/stream_rule1.txt /home/stream_rule2.txt + ``` + +上述命令中监控以下两个目录: + - 目录1`/data/mysql-1/data`,对应的流分配规则文件为`/home/stream_rule1.txt`。 + - 目录2`/data/mysql-2/data`,对应的流分配规则文件为`/home/stream_rule2.txt`。 + +## 命令行参数说明 + +```shell +astream [options] +``` + +| 选项 | 选项含义 | 示例 | +| ---- | ------------------------------------------------------------ | ---------------------------------------------------- | +| -h | 显示astream使用说明 | `astream -h` | +| -l | 设置astream监控过程中的日志显示级别, debug(1), info(2), warn(3), error(4) | `astream -i /data/mysql/data -r /home/rule.txt -l 2` | +| -i | 指定当前需要监控的目录,多个目录可以以空格间隔输入 | 该参数配合-r使用, 示例见下 | +| -r | 指定监控目录对应的流分配规则文件,传入的个数取决于-i,互相对应 | `astream -i /data/mysql/data -r /home/rule.txt` | +| stop | 正常停止astream守护进程 | astream stop | + +## 约束限制 + +使用astream存在一些约束限制: + +### 功能约束 + +- 仅支持实现了NVMe协议的多流(multi-stream)特性的NVMe SSD。 +- 仅支持分配5个流,其约束受内核定义的常量`BLK_MAX_WRITE_HINTS`所约束,以及NVMe SSD支持的最大流个数有关。 + +### 操作约束 + +- 提供的命令行以root权限运行astream守护进程,在测试过程中,常驻系统。 +- 待测磁盘的IO压力需要足够大,且磁盘空间占用较高,因此写放大恶化越明显,使用本工具的多流收益也就越明显。 + +## 注意事项 + +- 在启动astream守护进程后,不能删除受监控的目录然后创建相同目录,需要重新启动astream; +- 规则文件中支持正则匹配一组文件,用户需具备一定的正则匹配知识。 +- 测试时的NVMe SSD磁盘实现了基于NVMe 1.3协议描述的多流功能。 diff --git a/archive/desktop/.keep b/archive/desktop/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git "a/archive/desktop/HA\347\232\204\344\275\277\347\224\250\345\256\236\344\276\213.md" "b/archive/desktop/HA\347\232\204\344\275\277\347\224\250\345\256\236\344\276\213.md" new file mode 100644 index 0000000000000000000000000000000000000000..91e06a2cce8a7d7ab1636a642c88f7d01fe57d12 --- /dev/null +++ "b/archive/desktop/HA\347\232\204\344\275\277\347\224\250\345\256\236\344\276\213.md" @@ -0,0 +1,713 @@ +# HA使用实例 + +本章介绍如何快速使用HA高可用集群,以及添加一个实例。若不了解怎么安装,请参考[HA的安装与部署文档](./HA的安装与部署.md\)。 + +## 快速使用指南 + +- 以下操作均以社区新开发的管理平台为例。 + +### 登录页面 + +用户名为`hacluster`,密码为该用户在主机上设置的密码。 + +![](./figures/HA-api.png) + +### 主页面 + +登录系统后显示主页面,主页面由四部分组成:侧边导航栏、顶部操作区、资源节点列表区以及节点操作浮动区。 + +以下将详细介绍这四部分的特点与使用方法。 + +![](./figures/HA-home-page.png) + +#### 导航栏 + +侧边导航栏由两部分组成:高可用集群软件名称和 logo 以及系统导航。系统导航由三项组成:【系统】、【集群配置】和【工具】。【系统】是默认选项,也是主页面的对应项,主要展示系统中所有资源的相关信息以及操作入口;【集群配置】下设【首选项配置】和【心跳配置】两项;【工具】下设【日志下载】和【集群快捷操作】两项,点击后以弹出框的形式出现。 + +#### 顶部操作区 + +登录用户是静态显示,鼠标滑过用户图标,出现操作菜单项,包括【刷新设置】和【退出登录】两项,点击【刷新设置】,弹出【刷新设置】对话框,包含【刷新设置】选项,可以设置系统的自动刷新模式,包括【不自动刷新】、【每 5 秒刷新】和【每 10 秒刷新】三种选择,默认选择【不自动刷新】、【退出登录】即可注销本次登录,系统将自动跳到登录页面,此时,如果希望继续访问系统,则需要重新进行登录。 + +![](./figures/HA-refresh.png) + +#### 资源节点列表区 + +资源节点列表集中展现系统中所有资源的【资源名】、【状态】、【资源类型】、【服务】、【运行节点】等资源信息,以及系统中所有的节点和节点的运行情况等节点信息。同时提供资源的【添加】、【编辑】、【启动】、【停止】、【清理】、【迁移】、【回迁】、【删除】和【关系】操作。 + +#### 节点操作浮动区 + +节点操作浮动区域默认是收起的状态,每当点击资源节点列表表头中的节点时,右侧会弹出节点操作扩展区域,如图所示,该区域由收起按钮、节点名称、停止和备用四个部分组成,提供节点的【停止】和【备用】操作。点击区域左上角的箭头,该区域收起。 + +### 首选项配置 + +以下操作均可用命令行配置,现只做简单示例,若想使用更多命令可以使用``pcs --help``进行查询。 + +```sh +# pcs property set stonith-enabled=false +# pcs property set no-quorum-policy=ignore +``` + +``pcs property``查看全部设置 + +![](./figures/HA-firstchoice-cmd.png) + +- 点击侧边导航栏中的【首选项配置】按钮,弹出【首选项配置】对话框。将No Quorum Policy和Stonith Enabled由默认状态改为如下对应状态;修改完成后,点击【确定】按钮完成配置。 + +![](./figures/HA-firstchoice.png) + +#### 添加资源 + +##### 添加普通资源 + +鼠标点击【添加普通资源】,弹出【创建资源】对话框,其中资源的所有必填配置项均在【基本】页面内,选择【基本】页面内的【资源类型】后会进一步给出该类资源的其他必填配置项以及选填配置项。填写资源配置信息时,对话框右侧会出现灰色文字区域,对当前的配置项进行解释说明。全部必填项配置完毕后,点击【确定】按钮即可创建普通资源,点击【取消】按钮,取消本次添加动作。【实例属性】、【元属性】或者【操作属性】页面中的选填配置项为选填项,不配置不会影响资源的创建过程,可以根据场景需要可选择修改,否则将按照系统缺省值处理。 + +下面以apache为例,添加apache资源 + +```sh +# pcs resource create httpd ocf:heartbeat:apache +``` + +查看资源运行状态 + +```sh +# pcs status +``` + +![](./figures/HA-pcs-status.png) + +- 添加apache资源 + +![](./figures/HA-add-resource.png) + +- 若回显为如下,则资源添加成功 + +![](./figures/HA-apache-suc.png) + +- 资源创建成功并启动,运行于其中一个节点上,例如ha1;成功访问apache界面。 + +![](./figures/HA-apache-show.png) + +##### 添加组资源 + +添加组资源时,集群中需要至少存在一个普通资源。鼠标点击【添加组资源】,弹出【创建资源】对话框。【基本】页面内均为必填项,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + +- **注:组资源的启动是按照子资源的顺序启动的,所以选择子资源时需要注意按照顺序选择。** + +![](./figures/HA-group.png) + +若回显为如下,则资源添加成功 + +![](./figures/HA-group-suc.png) + +##### 添加克隆资源 + +鼠标点击【添加克隆资源】,弹出【创建资源】对话框。【基本】页面内填写克隆对象,资源名称会自动生成,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + +![](./figures/HA-clone.png) + +若回显为如下,则资源添加成功 + +![](./figures/HA-clone-suc.png) + +#### 编辑资源 + +- 启动资源:资源节点列表中选中一个目标资源,要求:该资源处于非运行状态。对该资源执行启动动作。 +- 停止资源:资源节点列表中选中一个目标资源,要求:该资源处于运行状态。对该资源执行停止操作。 +- 清理资源:资源节点列表中选中一个目标资源,对该资源执行清理操作。 +- 迁移资源:资源节点列表中选中一个目标资源,要求:该资源为处于运行状态的普通资源或者组资源,执行迁移操作可以将资源迁移到指定节点上运行。 +- 回迁资源:资源节点列表中选中一个目标资源,要求:该资源已经完成迁移动作,执行回迁操作,可以清除该资源的迁移设置,资源重新迁回到原来的节点上运行。 +点击按钮后,列表中该资源项的变化状态与启动资源时一致。 +- 删除资源:资源节点列表中选中一个目标资源,对该资源执行删除操作。 + +#### 设置资源关系 + +资源关系即为目标资源设定限制条件,资源的限制条件分为三种:资源位置、资源协同和资源顺序。 + +- 资源位置:设置集群中的节点对于该资源的运行级别,由此确定启动或者切换时资源在哪个节点上运行,运行级别按照从高到低的顺序依次为:Master Node、Slave 1。 +- 资源协同:设置目标资源与集群中的其他资源是否运行在同一节点上,同节点资源表示该资源与目标资源必须运行在相同节点上,互斥节点资源表示该资源与目标资源不能运行在相同的节点上。 +- 资源顺序:设置目标资源与集群中的其他资源启动时的先后顺序,前置资源是指目标资源运行之前,该资源必须已经运行;后置资源是指目标资源运行之后,该资源才能运行。 + +## 高可用mysql实例配置 + +- 先单独配置三个普通资源,待成功后添加为组资源。 + +### 配置虚拟IP + +在首页中点击添加-->添加普通资源,并按如下进行配置。 + +![](./figures/HA-vip.png) + +- 资源创建成功并启动,运行于其中一个节点上,例如ha1;可以ping通并连接,登录后可正常执行各种操作;资源切换到ha2运行;能够正常访问。 +- 若回显为如下,则资源添加成功 + +![](./figures/HA-vip-suc.png) + +### 配置NFS存储 + +- 另外找一台机器作为nfs服务端进行配置 + +安装软件包 + +```sh +# yum install -y nfs-utils rpcbind +``` + +关闭防火墙 + +```sh +# systemctl stop firewalld && systemctl disable firewalld +``` + +修改/etc/selinux/config文件中SELINUX状态为disabled + +```Conf +SELINUX=disabled +``` + +启动服务 + +```sh +# systemctl start rpcbind && systemctl enable rpcbind +# systemctl start nfs-server && systemctl enable nfs-server +``` + +服务端创建一个共享目录 + +```sh +# mkdir -p /test +``` + +修改NFS配置文件 + +```sh +# vim /etc/exports +# /test *(rw,no_root_squash) +``` + +重新加载服务 + +```sh +# systemctl reload nfs +``` + +客户端安装软件包,先把mysql安装上,为了把下面nfs挂载到mysql数据路径 + +```sh +# yum install -y nfs-utils mariadb-server +``` + +在首页中点击添加-->添加普通资源,并按如下进行配置NFS资源。 + +![](./figures/HA-nfs.png) + +- 资源创建成功并启动,运行于其中一个节点上,例如ha1;nfs成功挂载到/var/lib/mysql路径下。资源切换到ha2运行;nfs从ha1节点取消挂载,并自动在ha2节点上挂载成功。 +- 若回显为如下,则资源添加成功 + +![](./figures/HA-nfs-suc.png) + +### 配置mysql + +在首页中点击添加-->添加普通资源,并按如下进行配置mysql资源。 + +![](./figures/HA-mariadb.png) + +- 若回显为如下,则资源添加成功 + +![](./figures/HA-mariadb-suc.png) + +### 添加上述资源为组资源 + +- 按资源启动顺序添加三个资源 + +在首页中点击添加-->添加组资源,并按如下进行配置组资源。 + +![](./figures/HA-group-new.png) + +- 组资源创建成功并启动,若回显与上述三个普通资源成功现象一致,则资源添加成功 + +![](./figures/HA-group-new-suc.png) + +- 将ha1节点备用,成功迁移到ha2节点,运行正常 + +![](./figures/HA-group-new-suc2.png) + +## 仲裁设备配置 + +注:现有集群状态正常,并设置集群属性 + +```sh +[root@ha1 ~]# pcs property set no-quorum-policy=stop +[root@ha1 ~]# pcs property set stonith-enabled=false +``` + +选择一台新的机器,作为仲裁设备。 + +### 安装仲裁所需软件包 + +- 安装corosync-qdevice在现有集群的节点上,以ha1节点为例 + +```sh +[root@ha1:~]# dnf install corosync-qdevice -y +``` + +- 安装pcs和corosync-qnetd在仲裁设备主机上 + +```sh +[root@qdevice:~]# dnf install pcs corosync-qnetd -y +``` + +- 在仲裁设备主机上启动pcsd服务并在系统启动时启用 + +```sh +[root@qdevice:~]# systemctl start pcsd && systemctl enable pcsd +``` + +### 修改主机名称及/etc/hosts文件 + +**注:三台主机均需要进行以下操作,现以其中一台为例。** + +在仲裁功能使用前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中,设置hacluster用户密码。 + +- 修改主机名 + +```sh +# hostnamectl set-hostname qdevice +``` + +- 编辑/etc/hosts文件并写入IP,主机名字段,三台机器都需要执行 + +```Conf +10.1.167.105 ha1 +10.1.167.105 ha2 +10.1.167.106 qdevice +``` + +- 设置hacluster用户密码 + +```sh +[root@qdevice:~]# passwd hacluster +``` + +### 配置仲裁设备并添加到集群 + +以下过程为配置仲裁设备并将该仲裁设备添加到集群中。 + +- 用于仲裁设备的节点是qdevice +- 仲裁设备的model为net +- 集群节点是ha1和ha2 + +#### 关闭防火墙 + +```sh +# systemctl stop firewalld && systemctl disable firewalld +``` + +- 临时禁用selinux + +```Conf +setenforce 0 +``` + +#### 配置仲裁设备 + +在将用于托管仲裁设备的节点上,使用以下命令配置仲裁设备。此命令配置和启动的仲裁设备model为net,并将设备配置为在引导时启动。 + +```sh +[root@qdevice ~]# pcs qdevice setup model net --enable --start +Quorum device 'net' initialized +quorum device enabled +Starting quorum device... +quorum device started +``` + +配置仲裁设备后,可以查看其状态。当前状态表明corosync-qnetd守护程序正在运行,此时没有客户端连接到它。使用--full命令可以展示详细的输出内容。 + +```sh +[root@qdevice ~]# pcs qdevice status net --full +QNetd address: *:5403 +TLS: Supported (client certificate required) +Connected clients: 0 +Connected clusters: 0 +Maximum send/receive size: 32768/32768 bytes +``` + +#### 进行身份认证 + +从现有集群中的一个hacluster节点,对托管仲裁设备的节点上的用户进行身份验证。这允许pcs集群上连接到pcs主机上qdevice,但不允许主机pcs上qdevice连接到pcs集群上。 + +```sh +[root@ha1 ~]# pcs host auth qdevice +Username: hacluster +Password: +qdevice: Authorized +``` + +#### 将仲裁设备添加到集群 + +在添加仲裁设备之前,可以通过 pcs quorum config 命令查看仲裁设备的当前配置,以便之后进行比较。 + +```sh +[root@ha1 ~]# pcs quorum config +Options: +``` + +通过 pcs quorum status 命令查看仲裁设备的当前状态,输出结果表明集群尚未使用仲裁设备,并且Qdevice每个节点的成员身份状态为NR(未注册)。 + +```sh +[root@ha1 ~]# pcs quorum status +Quorum information +------------------ +Date: Mon Sep 4 17:03:29 2023 +Quorum provider: corosync_votequorum +Nodes: 2 +Node ID: 1 +Ring ID: 1.e +Quorate: Yes + +Votequorum information +---------------------- +Expected votes: 2 +Highest expected: 2 +Total votes: 2 +Quorum: 1 +Flags: 2Node Quorate WaitForAll + +Membership information +---------------------- + Nodeid Votes Qdevice Name + 1 1 NR ha1 (local) + 2 1 NR ha2 +``` + +以下命令将之前创建的仲裁设备添加到集群中。注意不能在一个集群中同时使用多个仲裁设备。但是,一个仲裁设备可以同时被多个集群使用。此示例将仲裁设备配置为ffsplit算法。 + +```sh +[root@ha1 ~]# pcs quorum device add model net host=qdevice algorithm=ffsplit +Setting up qdevice certificates on nodes... +ha1: Succeeded +ha2: Succeeded +Enabling corosync-qdevice... +ha2: corosync-qdevice enabled +ha1: corosync-qdevice enabled +Sending updated corosync.conf to nodes... +ha1: Succeeded +ha2: Succeeded +ha1: Corosync configuration reloaded +Starting corosync-qdevice... +ha2: corosync-qdevice started +ha1: corosync-qdevice started +``` + +此时查看corosync-qdevice服务状态正常 + +```sh +[root@ha1 ~]# systemctl status corosync-qdevice +● corosync-qdevice.service - Corosync Qdevice daemon + Loaded: loaded (/usr/lib/systemd/system/corosync-qdevice.service; enabled; preset: disabled> + Active: active (running) since Mon 2023-09-04 17:03:49 CST; 20s ago + Docs: man:corosync-qdevice + Main PID: 12756 (corosync-qdevic) + Tasks: 2 (limit: 11872) + Memory: 1.6M + CGroup: /system.slice/corosync-qdevice.service + ├─12756 /usr/sbin/corosync-qdevice -f + └─12757 /usr/sbin/corosync-qdevice -f + +9月 04 17:03:49 ha1 systemd[1]: Starting Corosync Qdevice daemon... +9月 04 17:03:49 ha1 systemd[1]: Started Corosync Qdevice daemon. +``` + +#### 检查仲裁设备的配置状态 + +在集群端,执行以下命令来查看配置的变化情况。通过 pcs quorum config 命令显示已配置的仲裁设备信息。 + +```sh +[root@ha1 ~]# pcs quorum config +Options: +Device: + votes: 1 + Model: net + algorithm: ffsplit + host: qdevice +``` + +pcs quorum status命令显示仲裁运行时状态,表明仲裁设备正在使用中。每个集群节点的成员信息状态值的含义Qdevice如下: + +- A/NA— quorum device 是否存活,表示qdevice和之间是否有心跳corosync。这应始终表明仲裁设备处于活动状态。 +- V/NV—V当仲裁设备给一个节点投票时设置。在此示例中,两个节点都设置为,V因为它们可以相互通信。如果将集群拆分为两个单节点集群,则其中一个节点将设置为V,另一个节点将设置为NV。 +- MW/NMW— 内部仲裁设备标志已设置 ( MW) 或未设置 ( NMW)。默认情况下,未设置标志,值为NMW。 + +```sh +[root@ha1 ~]# pcs quorum status +Quorum information +------------------ +Date: Mon Sep 4 17:04:33 2023 +Quorum provider: corosync_votequorum +Nodes: 2 +Node ID: 1 +Ring ID: 1.e +Quorate: Yes + +Votequorum information +---------------------- +Expected votes: 3 +Highest expected: 3 +Total votes: 3 +Quorum: 2 +Flags: Quorate Qdevice + +Membership information +---------------------- + Nodeid Votes Qdevice Name + 1 1 A,V,NMW ha1 (local) + 2 1 A,V,NMW ha2 + 0 1 Qdevice +``` + +通过pcs quorum device status命令显示仲裁设备运行时状态。 + +```sh +[root@ha1 ~]# pcs quorum device status +Qdevice information +------------------- +Model: Net +Node ID: 1 +Configured node list: + 0 Node ID = 1 + 1 Node ID = 2 +Membership node list: 1, 2 + +Qdevice-net information +---------------------- +Cluster name: hacluster +QNetd host: qdevice:5403 +Algorithm: Fifty-Fifty split +Tie-breaker: Node with lowest node ID +State: Connected +``` + +在仲裁设备端,执行以下命令,显示corosync-qnetd守护程序的状态。 + +```sh +[root@qdevice ~]# pcs qdevice status net --full +QNetd address: *:5403 +TLS: Supported (client certificate required) +Connected clients: 2 +Connected clusters: 1 +Maximum send/receive size: 32768/32768 bytes +Cluster "hacluster": + Algorithm: Fifty-Fifty split (KAP Tie-breaker) + Tie-breaker: Node with lowest node ID + Node ID 1: + Client address: ::ffff:10.211.55.36:43186 + HB interval: 8000ms + Configured node list: 1, 2 + Ring ID: 1.e + Membership node list: 1, 2 + Heuristics: Undefined (membership: Undefined, regular: Undefined) + TLS active: Yes (client certificate verified) + Vote: No change (ACK) + Node ID 2: + Client address: ::ffff:10.211.55.37:55682 + HB interval: 8000ms + Configured node list: 1, 2 + Ring ID: 1.e + Membership node list: 1, 2 + Heuristics: Undefined (membership: Undefined, regular: Undefined) + TLS active: Yes (client certificate verified) + Vote: ACK (ACK) +``` + +### 管理仲裁设备服务 + +通过仲裁设备中corosync-qnetd服务的启动停止来管理仲裁设备。 + +```sh +[root@ha1 ~]# pcs quorum device status +Qdevice information +------------------- +Model: Net +Node ID: 1 +Configured node list: + 0 Node ID = 1 + 1 Node ID = 2 +Membership node list: 1, 2 + +Qdevice-net information +---------------------- +Cluster name: hacluster +QNetd host: qdevice:5403 +Algorithm: Fifty-Fifty split +Tie-breaker: Node with lowest node ID +State: Connected +``` + +```sh +[root@qdevice ~]# systemctl stop corosync-qnetd +[root@qdevice ~]# +[root@qdevice ~]# systemctl status corosync-qnetd +○ corosync-qnetd.service - Corosync Qdevice Network daemon + Loaded: loaded (/usr/lib/systemd/system/corosync-qnetd.service; enabled; preset: disabled> + Active: inactive (dead) since Mon 2023-09-04 17:07:57 CST; 1s ago + Duration: 5min 17.639s + Docs: man:corosync-qnetd + Process: 9297 ExecStart=/usr/bin/corosync-qnetd -f $COROSYNC_QNETD_OPTIONS (code=exited> + Main PID: 9297 (code=exited, status=0/SUCCESS) + +9月 04 17:02:39 qdevice systemd[1]: Starting Corosync Qdevice Network daemon... +9月 04 17:02:39 qdevice systemd[1]: Started Corosync Qdevice Network daemon. +9月 04 17:07:57 qdevice systemd[1]: Stopping Corosync Qdevice Network daemon... +9月 04 17:07:57 qdevice systemd[1]: corosync-qnetd.service: Deactivated successfully. +9月 04 17:07:57 qdevice systemd[1]: Stopped Corosync Qdevice Network daemon. +``` + +```sh +[root@ha1 ~]# pcs quorum device status +Qdevice information +------------------- +Model: Net +Node ID: 1 +Configured node list: + 0 Node ID = 1 + 1 Node ID = 2 +Membership node list: 1, 2 + +Qdevice-net information +---------------------- +Cluster name: hacluster +QNetd host: qdevice:5403 +Algorithm: Fifty-Fifty split +Tie-breaker: Node with lowest node ID +State: Connect failed +``` + +```sh +[root@qdevice ~]# systemctl start corosync-qnetd +[root@qdevice ~]# +[root@qdevice ~]# systemctl status corosync-qnetd +● corosync-qnetd.service - Corosync Qdevice Network daemon + Loaded: loaded (/usr/lib/systemd/system/corosync-qnetd.service; enabled; preset: disabled> + Active: active (running) since Mon 2023-09-04 17:08:09 CST; 3s ago + Docs: man:corosync-qnetd + Main PID: 9323 (corosync-qnetd) + Tasks: 1 (limit: 11872) + Memory: 6.2M + CGroup: /system.slice/corosync-qnetd.service + └─9323 /usr/bin/corosync-qnetd -f + +9月 04 17:08:09 qdevice systemd[1]: Starting Corosync Qdevice Network daemon... +9月 04 17:08:09 qdevice systemd[1]: Started Corosync Qdevice Network daemon. +``` + +```sh +[root@ha1 ~]# pcs quorum device status +Qdevice information +------------------- +Model: Net +Node ID: 1 +Configured node list: + 0 Node ID = 1 + 1 Node ID = 2 +Membership node list: 1, 2 + +Qdevice-net information +---------------------- +Cluster name: hacluster +QNetd host: qdevice:5403 +Algorithm: Fifty-Fifty split +Tie-breaker: Node with lowest node ID +State: Connected +``` + +### 管理集群中的仲裁设备 + +可以使用多种pcs命令来更改集群中的仲裁设备设置、禁用仲裁设备和删除仲裁设备。 + +#### 更改仲裁设备设置 + +**注意:要更改host中 quorum device model 的选项net,请使用 pcs quorum device remove 和 pcs quorum device add 命令正确设置配置,除非旧主机和新主机是同一台机器。** + +- 以下命令将仲裁设备算法更改为lms + +```sh +[root@ha1 ~]# pcs quorum device update model algorithm=lms +Sending updated corosync.conf to nodes... +ha1: Succeeded +ha2: Succeeded +ha1: Corosync configuration reloaded +Reloading qdevice configuration on nodes... +ha1: corosync-qdevice stopped +ha2: corosync-qdevice stopped +ha1: corosync-qdevice started +ha2: corosync-qdevice started +``` + +#### 删除仲裁设备 + +- 以下命令删除集群节点上配置的仲裁设备 + +```sh +[root@ha1 ~]# pcs quorum device remove +Disabling corosync-qdevice... +ha1: corosync-qdevice disabled +ha2: corosync-qdevice disabled +Stopping corosync-qdevice... +ha1: corosync-qdevice stopped +ha2: corosync-qdevice stopped +Removing qdevice certificates from nodes... +ha1: Succeeded +ha2: Succeeded +Sending updated corosync.conf to nodes... +ha1: Succeeded +ha2: Succeeded +ha1: Corosync configuration reloaded +``` + +删除仲裁设备后,在显示仲裁设备状态时应该会看到以下错误消息。 + +```sh +[root@ha1 ~]# pcs quorum device status +Error: Unable to get quorum status: corosync-qdevice-tool: Can't connect to QDevice socket (is QDevice running?): No such file or directory +``` + +#### 销毁仲裁设备 + +- 以下命令禁用和停止仲裁设备主机上的仲裁设备并删除其所有配置文件 + +```sh +[root@qdevice ~]# pcs qdevice destroy net +Stopping quorum device... +quorum device stopped +quorum device disabled +Quorum device 'net' configuration files removed +``` + +## corosync服务配置支持加密 + +集群正常启动后,两台机器均需要修改 /etc/corosync/corosync.conf 配置文件 + +```sh +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: aes256 + crypto_hash: sha256 +} +``` + +使用corosync-keygen命令生成corosync集群的密钥对,通过scp命令传到另一台机器上 + +```h +[root@ha1 ~]# corosync-keygen +Corosync Cluster Engine Authentication key generator. +Gathering 2048 bits for key from /dev/urandom. +Writing corosync key to /etc/corosync/authkey. +[root@ha1 ~]# +[root@ha1 ~]# scp -r /etc/corosync/authkey root@10.211.55.37:/etc/corosync/ +``` + +两台机器均重启corosync服务即可 + +```h +systemctl restart corosync +``` diff --git "a/archive/desktop/HA\347\232\204\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" "b/archive/desktop/HA\347\232\204\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" new file mode 100644 index 0000000000000000000000000000000000000000..970233bb035086ad440fc63d153d9ad6de6c0be7 --- /dev/null +++ "b/archive/desktop/HA\347\232\204\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" @@ -0,0 +1,214 @@ +# HA的安装与部署 + +本章介绍如何安装和部署HA高可用集群。 + + +- [HA的安装与部署](#ha的安装与部署) + - [安装与部署](#安装与部署) + - [修改主机名称及/etc/hosts文件](#修改主机名称及etchosts文件) + - [配置yum源](#配置yum源) + - [安装HA软件包组件](#安装ha软件包组件) + - [设置hacluster用户密码](#设置hacluster用户密码) + - [修改`/etc/corosync/corosync.conf`文件](#修改etccorosynccorosyncconf文件) + - [管理服务](#管理服务) + - [关闭防火墙](#关闭防火墙) + - [管理pcs服务](#管理pcs服务) + - [管理pacemaker服务](#管理pacemaker服务) + - [管理corosync服务](#管理corosync服务) + - [节点鉴权](#节点鉴权) + - [访问前端管理平台](#访问前端管理平台) + + +## 安装与部署 + +- 环境准备:需要至少两台安装了 openEuler 的物理机/虚拟机(现以两台为例),安装方法参考《[安装指南](../Installation/installation.md)》。 + +### 修改主机名称及/etc/hosts文件 + +- **注:两台主机均需要进行以下操作,现以其中一台为例。** + +在使用HA软件之前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中。 + +- 修改主机名 + +```shell +# hostnamectl set-hostname ha1 +``` + +- 编辑`/etc/hosts`文件并写入以下字段 + +```conf +172.30.30.65 ha1 +172.30.30.66 ha2 +``` + +### 配置yum源 + +成功安装系统后,会默认配置好yum源,文件位置存放在`/etc/yum.repos.d/openEuler.repo`文件中,HA软件包会用到以下源: + +```conf +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-{version}/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### 安装HA软件包组件 + +```shell +# yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### 设置hacluster用户密码 + +```shell +# passwd hacluster +``` + +### 修改`/etc/corosync/corosync.conf`文件 + +```conf +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### 管理服务 + +#### 关闭防火墙 + +```shell +# systemctl stop firewalld +``` + +修改/etc/selinux/config文件中SELINUX状态为disabled + +```conf +# SELINUX=disabled +``` + +#### 管理pcs服务 + +- 启动pcs服务: + +```shell +# systemctl start pcsd +``` + +- 查询pcs服务状态: + +```shell +# systemctl status pcsd +``` + +若回显为如下,则服务启动成功。 + +![](./figures/HA-pcs.png) + +#### 管理pacemaker服务 + +- 启动pacemaker服务: + +```shell +# systemctl start pacemaker +``` + +- 查询pacemaker服务状态: + +```shell +# systemctl status pacemaker +``` + +若回显为如下,则服务启动成功。 + +![](./figures/HA-pacemaker.png) + +#### 管理corosync服务 + +- 启动corosync服务: + +```shell +# systemctl start corosync +``` + +- 查询corosync服务状态: + +```shell +# systemctl status corosync +``` + +若回显为如下,则服务启动成功。 + +![](./figures/HA-corosync.png) + +### 节点鉴权 + +- **注:一个节点上执行即可** + +```shell +# pcs host auth ha1 ha2 +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器(建议使用:Chrome,Firefox),在浏览器导航栏中输入`https://localhost:2224`即可。 + +- 此界面为原生管理平台 + +![](./figures/HA-login.png) + +若安装社区新开发的管理平台请参考此文档 + +- 下面为社区新开发的管理平台 + +![](./figures/HA-api.png) + +- 下一章将介绍如何快速使用HA高可用集群,以及添加一个实例。请参考[HA的使用实例文档](./HA的使用实例.md\)。 diff --git a/archive/desktop/Install_Cinnamon.md b/archive/desktop/Install_Cinnamon.md new file mode 100644 index 0000000000000000000000000000000000000000..a9e63ce52b34578ce15bd5f358291b5789651e9b --- /dev/null +++ b/archive/desktop/Install_Cinnamon.md @@ -0,0 +1,72 @@ +# 在 openEuler 上安装 Cinnamon + +Cinnamon是运行在类Unix操作系统中最常用的桌面环境,也是一个功能完善、操作简单、界面友好、集使用和开发为一身的桌面环境,还是GNU计划的正式桌面。 + +从用户的角度看,Cinnamon是一个集成桌面环境和应用程序的套件。从开发者的角度看,Cinnamon是一个应用程序开发框架(由数目众多的实用函数库组成)。即使用户不运行Cinnamon桌面环境,用Cinnamon编写的应用程序也可以正常运行。 + +Cinnamon既包含文件管理器,应用商店,文本编辑器等基础软件,也包含系统采样分析,系统日志,软件工程IDE,web浏览器,简洁虚拟机监视器,开发者文档浏览器等高级应用和工具。 + +安装时,建议新建一个管理员用户。 + +## 1. 配置源并更新系统 +[下载](https://openeuler.org/zh/download/) openEuler ISO镜像并安装系统,更新软件源(需要配置Everything源,以及EPOL源,如下命令是在最小化安装系统的情况下安装Cinnamon) + +``` +sudo dnf update +``` + +## 2. 安装字库 + +``` +sudo dnf install dejavu-fonts liberation-fonts gnu-*-fonts google-*-fonts +``` + +## 3. 安装Xorg + +``` +sudo dnf install xorg-* +``` + +安装时,可能会安装无用的包,可使用如下命令安装必要的xorg相关包。 + +``` +sudo dnf install xorg-x11-apps xorg-x11-drivers xorg-x11-drv-ati \ + xorg-x11-drv-dummy xorg-x11-drv-evdev xorg-x11-drv-fbdev xorg-x11-drv-intel \ + xorg-x11-drv-libinput xorg-x11-drv-nouveau xorg-x11-drv-qxl \ + xorg-x11-drv-synaptics-legacy xorg-x11-drv-v4l xorg-x11-drv-vesa \ + xorg-x11-drv-vmware xorg-x11-drv-wacom xorg-x11-fonts xorg-x11-fonts-others \ + xorg-x11-font-utils xorg-x11-server xorg-x11-server-utils xorg-x11-server-Xephyr \ + xorg-x11-server-Xspice xorg-x11-util-macros xorg-x11-utils xorg-x11-xauth \ + xorg-x11-xbitmaps xorg-x11-xinit xorg-x11-xkb-utils +``` + +## 4. 安装Cinnamon及组件 + +``` +sudo dnf install cinnamon cinnamon-control-center cinnamon-desktop \ + cinnamon-menus cinnamon-screensaver cinnamon-session \ + cinnamon-settings-daemon cinnamon-themes cjs \ + nemo nemo-extensions muffin cinnamon-translations inxi \ + perl-XML-Dumper xapps mint-x-icons mint-y-icons mintlocale \ + python3-plum-py caribou mozjs78 python3-pam \ + python3-tinycss2 python3-xapp tint2 gnome-terminal \ + lightdm lightdm-gtk +``` + +## 5. 开机自动启动登录管理器 + +``` +sudo systemctl enable lightdm +``` + +## 6. 设置系统默认以图形界面登录 + +``` +sudo systemctl set-default graphical.target +``` + +重启验证 + +``` +sudo reboot +``` diff --git a/archive/desktop/desktop.md b/archive/desktop/desktop.md new file mode 100644 index 0000000000000000000000000000000000000000..c6fec706be46c109d4a6bb176952410d55b8a475 --- /dev/null +++ b/archive/desktop/desktop.md @@ -0,0 +1,3 @@ +# 桌面环境用户指南 + +本文介绍四种常用的桌面环境(UKUI、DDE、XFCE、GNOME)的安装和使用方法,它们提供美观易用、安全可靠的图形化操作界面,给用户带来更好的体验。 diff --git a/archive/desktop/figures/.keep b/archive/desktop/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/archive/desktop/figures/1.png b/archive/desktop/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/archive/desktop/figures/1.png differ diff --git a/archive/desktop/figures/10.png b/archive/desktop/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/archive/desktop/figures/10.png differ diff --git a/archive/desktop/figures/11.png b/archive/desktop/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/archive/desktop/figures/11.png differ diff --git a/archive/desktop/figures/12.png b/archive/desktop/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/archive/desktop/figures/12.png differ diff --git a/archive/desktop/figures/13.png b/archive/desktop/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/archive/desktop/figures/13.png differ diff --git a/archive/desktop/figures/14.png b/archive/desktop/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/archive/desktop/figures/14.png differ diff --git a/archive/desktop/figures/15.png b/archive/desktop/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/archive/desktop/figures/15.png differ diff --git a/archive/desktop/figures/16.png b/archive/desktop/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/archive/desktop/figures/16.png differ diff --git a/archive/desktop/figures/17.png b/archive/desktop/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/archive/desktop/figures/17.png differ diff --git a/archive/desktop/figures/18.png b/archive/desktop/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/archive/desktop/figures/18.png differ diff --git a/archive/desktop/figures/19.png b/archive/desktop/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/archive/desktop/figures/19.png differ diff --git a/archive/desktop/figures/2.png b/archive/desktop/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/archive/desktop/figures/2.png differ diff --git a/archive/desktop/figures/20.png b/archive/desktop/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/archive/desktop/figures/20.png differ diff --git a/archive/desktop/figures/21.png b/archive/desktop/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/archive/desktop/figures/21.png differ diff --git a/archive/desktop/figures/22.png b/archive/desktop/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/archive/desktop/figures/22.png differ diff --git a/archive/desktop/figures/23.png b/archive/desktop/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/archive/desktop/figures/23.png differ diff --git a/archive/desktop/figures/24.png b/archive/desktop/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/archive/desktop/figures/24.png differ diff --git a/archive/desktop/figures/25.png b/archive/desktop/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/archive/desktop/figures/25.png differ diff --git a/archive/desktop/figures/26.png b/archive/desktop/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/archive/desktop/figures/26.png differ diff --git a/archive/desktop/figures/27.png b/archive/desktop/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/archive/desktop/figures/27.png differ diff --git a/archive/desktop/figures/28.png b/archive/desktop/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/archive/desktop/figures/28.png differ diff --git a/archive/desktop/figures/29.png b/archive/desktop/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/archive/desktop/figures/29.png differ diff --git a/archive/desktop/figures/3.png b/archive/desktop/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/archive/desktop/figures/3.png differ diff --git a/archive/desktop/figures/30.png b/archive/desktop/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/archive/desktop/figures/30.png differ diff --git a/archive/desktop/figures/31.png b/archive/desktop/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/archive/desktop/figures/31.png differ diff --git a/archive/desktop/figures/32.png b/archive/desktop/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/archive/desktop/figures/32.png differ diff --git a/archive/desktop/figures/33.png b/archive/desktop/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/archive/desktop/figures/33.png differ diff --git a/archive/desktop/figures/34.png b/archive/desktop/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/archive/desktop/figures/34.png differ diff --git a/archive/desktop/figures/35.png b/archive/desktop/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/archive/desktop/figures/35.png differ diff --git a/archive/desktop/figures/36.png b/archive/desktop/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/archive/desktop/figures/36.png differ diff --git a/archive/desktop/figures/37.png b/archive/desktop/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/archive/desktop/figures/37.png differ diff --git a/archive/desktop/figures/38.png b/archive/desktop/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/archive/desktop/figures/38.png differ diff --git a/archive/desktop/figures/39.png b/archive/desktop/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/archive/desktop/figures/39.png differ diff --git a/archive/desktop/figures/4.png b/archive/desktop/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/archive/desktop/figures/4.png differ diff --git a/archive/desktop/figures/40.png b/archive/desktop/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/archive/desktop/figures/40.png differ diff --git a/archive/desktop/figures/41.png b/archive/desktop/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/archive/desktop/figures/41.png differ diff --git a/archive/desktop/figures/42.png b/archive/desktop/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/archive/desktop/figures/42.png differ diff --git a/archive/desktop/figures/43.jpg b/archive/desktop/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/archive/desktop/figures/43.jpg differ diff --git a/archive/desktop/figures/44.png b/archive/desktop/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/archive/desktop/figures/44.png differ diff --git a/archive/desktop/figures/45.png b/archive/desktop/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/archive/desktop/figures/45.png differ diff --git a/archive/desktop/figures/46.png b/archive/desktop/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/archive/desktop/figures/46.png differ diff --git a/archive/desktop/figures/47.jpg b/archive/desktop/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/archive/desktop/figures/47.jpg differ diff --git a/archive/desktop/figures/48.png b/archive/desktop/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/archive/desktop/figures/48.png differ diff --git a/archive/desktop/figures/49.png b/archive/desktop/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/archive/desktop/figures/49.png differ diff --git a/archive/desktop/figures/5.png b/archive/desktop/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/archive/desktop/figures/5.png differ diff --git a/archive/desktop/figures/50.png b/archive/desktop/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/archive/desktop/figures/50.png differ diff --git a/archive/desktop/figures/51.png b/archive/desktop/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/archive/desktop/figures/51.png differ diff --git a/archive/desktop/figures/52.png b/archive/desktop/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/archive/desktop/figures/52.png differ diff --git a/archive/desktop/figures/53.png b/archive/desktop/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/archive/desktop/figures/53.png differ diff --git a/archive/desktop/figures/54.png b/archive/desktop/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/archive/desktop/figures/54.png differ diff --git a/archive/desktop/figures/56.png b/archive/desktop/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/archive/desktop/figures/56.png differ diff --git a/archive/desktop/figures/57.png b/archive/desktop/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/archive/desktop/figures/57.png differ diff --git a/archive/desktop/figures/58.png b/archive/desktop/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/archive/desktop/figures/58.png differ diff --git a/archive/desktop/figures/59.png b/archive/desktop/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/archive/desktop/figures/59.png differ diff --git a/archive/desktop/figures/6.png b/archive/desktop/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/archive/desktop/figures/6.png differ diff --git a/archive/desktop/figures/60.jpg b/archive/desktop/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/archive/desktop/figures/60.jpg differ diff --git a/archive/desktop/figures/61.png b/archive/desktop/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/archive/desktop/figures/61.png differ diff --git a/archive/desktop/figures/62.png b/archive/desktop/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/archive/desktop/figures/62.png differ diff --git a/archive/desktop/figures/63.jpg b/archive/desktop/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/archive/desktop/figures/63.jpg differ diff --git a/archive/desktop/figures/63.png b/archive/desktop/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/archive/desktop/figures/63.png differ diff --git a/archive/desktop/figures/64.png b/archive/desktop/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/archive/desktop/figures/64.png differ diff --git a/archive/desktop/figures/7.png b/archive/desktop/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/archive/desktop/figures/7.png differ diff --git a/archive/desktop/figures/8.png b/archive/desktop/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/archive/desktop/figures/8.png differ diff --git a/archive/desktop/figures/9.png b/archive/desktop/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/archive/desktop/figures/9.png differ diff --git a/archive/desktop/figures/Cinnamon-01.png b/archive/desktop/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-01.png differ diff --git a/archive/desktop/figures/Cinnamon-02.png b/archive/desktop/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/archive/desktop/figures/Cinnamon-02.png differ diff --git a/archive/desktop/figures/Cinnamon-03.png b/archive/desktop/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-03.png differ diff --git a/archive/desktop/figures/Cinnamon-04.png b/archive/desktop/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/archive/desktop/figures/Cinnamon-04.png differ diff --git a/archive/desktop/figures/Cinnamon-05.png b/archive/desktop/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-05.png differ diff --git a/archive/desktop/figures/Cinnamon-06.png b/archive/desktop/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-06.png differ diff --git a/archive/desktop/figures/Cinnamon-07.png b/archive/desktop/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/archive/desktop/figures/Cinnamon-07.png differ diff --git a/archive/desktop/figures/Cinnamon-08.png b/archive/desktop/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-08.png differ diff --git a/archive/desktop/figures/Cinnamon-09.png b/archive/desktop/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-09.png differ diff --git a/archive/desktop/figures/Cinnamon-10.png b/archive/desktop/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/archive/desktop/figures/Cinnamon-10.png differ diff --git a/archive/desktop/figures/Cinnamon-11.png b/archive/desktop/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-11.png differ diff --git a/archive/desktop/figures/Cinnamon-12.png b/archive/desktop/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-12.png differ diff --git a/archive/desktop/figures/Cinnamon-13.png b/archive/desktop/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-13.png differ diff --git a/archive/desktop/figures/Cinnamon-14.png b/archive/desktop/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-14.png differ diff --git a/archive/desktop/figures/Cinnamon-15.png b/archive/desktop/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/archive/desktop/figures/Cinnamon-15.png differ diff --git a/archive/desktop/figures/Cinnamon-16.png b/archive/desktop/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-16.png differ diff --git a/archive/desktop/figures/Cinnamon-17.png b/archive/desktop/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-17.png differ diff --git a/archive/desktop/figures/Cinnamon-18.png b/archive/desktop/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-18.png differ diff --git a/archive/desktop/figures/Cinnamon-19.png b/archive/desktop/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/archive/desktop/figures/Cinnamon-19.png differ diff --git a/archive/desktop/figures/Cinnamon-20.png b/archive/desktop/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-20.png differ diff --git a/archive/desktop/figures/Cinnamon-21.png b/archive/desktop/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-21.png differ diff --git a/archive/desktop/figures/Cinnamon-22.png b/archive/desktop/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/archive/desktop/figures/Cinnamon-22.png differ diff --git a/archive/desktop/figures/Cinnamon-23.png b/archive/desktop/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/archive/desktop/figures/Cinnamon-23.png differ diff --git a/archive/desktop/figures/Cinnamon-24.png b/archive/desktop/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-24.png differ diff --git a/archive/desktop/figures/Cinnamon-25.png b/archive/desktop/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/archive/desktop/figures/Cinnamon-25.png differ diff --git a/archive/desktop/figures/Cinnamon-26.png b/archive/desktop/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-26.png differ diff --git a/archive/desktop/figures/Cinnamon-27.png b/archive/desktop/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-27.png differ diff --git a/archive/desktop/figures/Cinnamon-28.png b/archive/desktop/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-28.png differ diff --git a/archive/desktop/figures/Cinnamon-29.png b/archive/desktop/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/archive/desktop/figures/Cinnamon-29.png differ diff --git a/archive/desktop/figures/Cinnamon-30-0.png b/archive/desktop/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-30-0.png differ diff --git a/archive/desktop/figures/Cinnamon-30-1.png b/archive/desktop/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-30-1.png differ diff --git a/archive/desktop/figures/Cinnamon-31.png b/archive/desktop/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/archive/desktop/figures/Cinnamon-31.png differ diff --git a/archive/desktop/figures/Cinnamon-32.png b/archive/desktop/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-32.png differ diff --git a/archive/desktop/figures/Cinnamon-33.png b/archive/desktop/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/archive/desktop/figures/Cinnamon-33.png differ diff --git a/archive/desktop/figures/Cinnamon-34.png b/archive/desktop/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/archive/desktop/figures/Cinnamon-34.png differ diff --git a/archive/desktop/figures/Cinnamon-35-0.png b/archive/desktop/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-35-0.png differ diff --git a/archive/desktop/figures/Cinnamon-35-1.png b/archive/desktop/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/archive/desktop/figures/Cinnamon-35-1.png differ diff --git a/archive/desktop/figures/Cinnamon-36.png b/archive/desktop/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/archive/desktop/figures/Cinnamon-36.png differ diff --git a/archive/desktop/figures/Cinnamon-37.png b/archive/desktop/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-37.png differ diff --git a/archive/desktop/figures/Cinnamon-38.png b/archive/desktop/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-38.png differ diff --git a/archive/desktop/figures/Cinnamon-39.png b/archive/desktop/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/archive/desktop/figures/Cinnamon-39.png differ diff --git a/archive/desktop/figures/Cinnamon-40.png b/archive/desktop/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-40.png differ diff --git a/archive/desktop/figures/Cinnamon-41-0.png b/archive/desktop/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-41-0.png differ diff --git a/archive/desktop/figures/Cinnamon-41-1.png b/archive/desktop/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/archive/desktop/figures/Cinnamon-41-1.png differ diff --git a/archive/desktop/figures/Cinnamon-42.png b/archive/desktop/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/archive/desktop/figures/Cinnamon-42.png differ diff --git a/archive/desktop/figures/Cinnamon-43.png b/archive/desktop/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-43.png differ diff --git a/archive/desktop/figures/Cinnamon-44.png b/archive/desktop/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-44.png differ diff --git a/archive/desktop/figures/Cinnamon-45.png b/archive/desktop/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-45.png differ diff --git a/archive/desktop/figures/Cinnamon-46.png b/archive/desktop/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-46.png differ diff --git a/archive/desktop/figures/Cinnamon-47.png b/archive/desktop/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-47.png differ diff --git a/archive/desktop/figures/Cinnamon-48.png b/archive/desktop/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-48.png differ diff --git a/archive/desktop/figures/Cinnamon-49.png b/archive/desktop/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/archive/desktop/figures/Cinnamon-49.png differ diff --git a/archive/desktop/figures/Cinnamon-50.png b/archive/desktop/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-50.png differ diff --git a/archive/desktop/figures/Cinnamon-51.png b/archive/desktop/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/archive/desktop/figures/Cinnamon-51.png differ diff --git a/archive/desktop/figures/Cinnamon-52.png b/archive/desktop/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-52.png differ diff --git a/archive/desktop/figures/Cinnamon-53.png b/archive/desktop/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-53.png differ diff --git a/archive/desktop/figures/Cinnamon-54.png b/archive/desktop/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/archive/desktop/figures/Cinnamon-54.png differ diff --git a/archive/desktop/figures/HA-add-resource.png b/archive/desktop/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/archive/desktop/figures/HA-add-resource.png differ diff --git a/archive/desktop/figures/HA-apache-show.png b/archive/desktop/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/archive/desktop/figures/HA-apache-show.png differ diff --git a/archive/desktop/figures/HA-apache-suc.png b/archive/desktop/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/archive/desktop/figures/HA-apache-suc.png differ diff --git a/archive/desktop/figures/HA-api.png b/archive/desktop/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/archive/desktop/figures/HA-api.png differ diff --git a/archive/desktop/figures/HA-clone-suc.png b/archive/desktop/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/archive/desktop/figures/HA-clone-suc.png differ diff --git a/archive/desktop/figures/HA-clone.png b/archive/desktop/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/archive/desktop/figures/HA-clone.png differ diff --git a/archive/desktop/figures/HA-corosync.png b/archive/desktop/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/archive/desktop/figures/HA-corosync.png differ diff --git a/archive/desktop/figures/HA-firstchoice-cmd.png b/archive/desktop/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/archive/desktop/figures/HA-firstchoice-cmd.png differ diff --git a/archive/desktop/figures/HA-firstchoice.png b/archive/desktop/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/archive/desktop/figures/HA-firstchoice.png differ diff --git a/archive/desktop/figures/HA-group-new-suc.png b/archive/desktop/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/archive/desktop/figures/HA-group-new-suc.png differ diff --git a/archive/desktop/figures/HA-group-new-suc2.png b/archive/desktop/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/archive/desktop/figures/HA-group-new-suc2.png differ diff --git a/archive/desktop/figures/HA-group-new.png b/archive/desktop/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/archive/desktop/figures/HA-group-new.png differ diff --git a/archive/desktop/figures/HA-group-suc.png b/archive/desktop/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/archive/desktop/figures/HA-group-suc.png differ diff --git a/archive/desktop/figures/HA-group.png b/archive/desktop/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/archive/desktop/figures/HA-group.png differ diff --git a/archive/desktop/figures/HA-home-page.png b/archive/desktop/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/archive/desktop/figures/HA-home-page.png differ diff --git a/archive/desktop/figures/HA-login.png b/archive/desktop/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/archive/desktop/figures/HA-login.png differ diff --git a/archive/desktop/figures/HA-mariadb-suc.png b/archive/desktop/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/archive/desktop/figures/HA-mariadb-suc.png differ diff --git a/archive/desktop/figures/HA-mariadb.png b/archive/desktop/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/archive/desktop/figures/HA-mariadb.png differ diff --git a/archive/desktop/figures/HA-nfs-suc.png b/archive/desktop/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/archive/desktop/figures/HA-nfs-suc.png differ diff --git a/archive/desktop/figures/HA-nfs.png b/archive/desktop/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/archive/desktop/figures/HA-nfs.png differ diff --git a/archive/desktop/figures/HA-pacemaker.png b/archive/desktop/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/archive/desktop/figures/HA-pacemaker.png differ diff --git a/archive/desktop/figures/HA-pcs-status.png b/archive/desktop/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/archive/desktop/figures/HA-pcs-status.png differ diff --git a/archive/desktop/figures/HA-pcs.png b/archive/desktop/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/archive/desktop/figures/HA-pcs.png differ diff --git a/archive/desktop/figures/HA-qdevice.png b/archive/desktop/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/archive/desktop/figures/HA-qdevice.png differ diff --git a/archive/desktop/figures/HA-refresh.png b/archive/desktop/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/archive/desktop/figures/HA-refresh.png differ diff --git a/archive/desktop/figures/HA-vip-suc.png b/archive/desktop/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/archive/desktop/figures/HA-vip-suc.png differ diff --git a/archive/desktop/figures/HA-vip.png b/archive/desktop/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/archive/desktop/figures/HA-vip.png differ diff --git a/archive/desktop/figures/dde-1.png b/archive/desktop/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/archive/desktop/figures/dde-1.png differ diff --git a/archive/desktop/figures/dde-2.png b/archive/desktop/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/archive/desktop/figures/dde-2.png differ diff --git a/archive/desktop/figures/gnome-1.png b/archive/desktop/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/archive/desktop/figures/gnome-1.png differ diff --git a/archive/desktop/figures/gnome-10.png b/archive/desktop/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/archive/desktop/figures/gnome-10.png differ diff --git a/archive/desktop/figures/gnome-11.png b/archive/desktop/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/archive/desktop/figures/gnome-11.png differ diff --git a/archive/desktop/figures/gnome-12.png b/archive/desktop/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/archive/desktop/figures/gnome-12.png differ diff --git a/archive/desktop/figures/gnome-13.png b/archive/desktop/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/archive/desktop/figures/gnome-13.png differ diff --git a/archive/desktop/figures/gnome-14.png b/archive/desktop/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/archive/desktop/figures/gnome-14.png differ diff --git a/archive/desktop/figures/gnome-15.png b/archive/desktop/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/archive/desktop/figures/gnome-15.png differ diff --git a/archive/desktop/figures/gnome-16.png b/archive/desktop/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/archive/desktop/figures/gnome-16.png differ diff --git a/archive/desktop/figures/gnome-17.png b/archive/desktop/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/archive/desktop/figures/gnome-17.png differ diff --git a/archive/desktop/figures/gnome-18.png b/archive/desktop/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/archive/desktop/figures/gnome-18.png differ diff --git a/archive/desktop/figures/gnome-19.png b/archive/desktop/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/archive/desktop/figures/gnome-19.png differ diff --git a/archive/desktop/figures/gnome-2.png b/archive/desktop/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/archive/desktop/figures/gnome-2.png differ diff --git a/archive/desktop/figures/gnome-20.png b/archive/desktop/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/archive/desktop/figures/gnome-20.png differ diff --git a/archive/desktop/figures/gnome-21.png b/archive/desktop/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/archive/desktop/figures/gnome-21.png differ diff --git a/archive/desktop/figures/gnome-22.png b/archive/desktop/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/archive/desktop/figures/gnome-22.png differ diff --git a/archive/desktop/figures/gnome-23.png b/archive/desktop/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/archive/desktop/figures/gnome-23.png differ diff --git a/archive/desktop/figures/gnome-24.png b/archive/desktop/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/archive/desktop/figures/gnome-24.png differ diff --git a/archive/desktop/figures/gnome-25.png b/archive/desktop/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/archive/desktop/figures/gnome-25.png differ diff --git a/archive/desktop/figures/gnome-26.png b/archive/desktop/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/archive/desktop/figures/gnome-26.png differ diff --git a/archive/desktop/figures/gnome-27.png b/archive/desktop/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/archive/desktop/figures/gnome-27.png differ diff --git a/archive/desktop/figures/gnome-28.png b/archive/desktop/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/archive/desktop/figures/gnome-28.png differ diff --git a/archive/desktop/figures/gnome-29.png b/archive/desktop/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/archive/desktop/figures/gnome-29.png differ diff --git a/archive/desktop/figures/gnome-3.png b/archive/desktop/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/archive/desktop/figures/gnome-3.png differ diff --git a/archive/desktop/figures/gnome-30.png b/archive/desktop/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/archive/desktop/figures/gnome-30.png differ diff --git a/archive/desktop/figures/gnome-31.png b/archive/desktop/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/archive/desktop/figures/gnome-31.png differ diff --git a/archive/desktop/figures/gnome-32.png b/archive/desktop/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/archive/desktop/figures/gnome-32.png differ diff --git a/archive/desktop/figures/gnome-33.png b/archive/desktop/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/archive/desktop/figures/gnome-33.png differ diff --git a/archive/desktop/figures/gnome-34.png b/archive/desktop/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/archive/desktop/figures/gnome-34.png differ diff --git a/archive/desktop/figures/gnome-35.png b/archive/desktop/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/archive/desktop/figures/gnome-35.png differ diff --git a/archive/desktop/figures/gnome-36.png b/archive/desktop/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/archive/desktop/figures/gnome-36.png differ diff --git a/archive/desktop/figures/gnome-37.png b/archive/desktop/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/archive/desktop/figures/gnome-37.png differ diff --git a/archive/desktop/figures/gnome-38.png b/archive/desktop/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/archive/desktop/figures/gnome-38.png differ diff --git a/archive/desktop/figures/gnome-39.png b/archive/desktop/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/archive/desktop/figures/gnome-39.png differ diff --git a/archive/desktop/figures/gnome-4.png b/archive/desktop/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/archive/desktop/figures/gnome-4.png differ diff --git a/archive/desktop/figures/gnome-40.png b/archive/desktop/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/archive/desktop/figures/gnome-40.png differ diff --git a/archive/desktop/figures/gnome-41.png b/archive/desktop/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/archive/desktop/figures/gnome-41.png differ diff --git a/archive/desktop/figures/gnome-42.png b/archive/desktop/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/archive/desktop/figures/gnome-42.png differ diff --git a/archive/desktop/figures/gnome-43.png b/archive/desktop/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/archive/desktop/figures/gnome-43.png differ diff --git a/archive/desktop/figures/gnome-44.png b/archive/desktop/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/archive/desktop/figures/gnome-44.png differ diff --git a/archive/desktop/figures/gnome-45.png b/archive/desktop/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/archive/desktop/figures/gnome-45.png differ diff --git a/archive/desktop/figures/gnome-46.png b/archive/desktop/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/archive/desktop/figures/gnome-46.png differ diff --git a/archive/desktop/figures/gnome-47.png b/archive/desktop/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/archive/desktop/figures/gnome-47.png differ diff --git a/archive/desktop/figures/gnome-48.png b/archive/desktop/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/archive/desktop/figures/gnome-48.png differ diff --git a/archive/desktop/figures/gnome-49.png b/archive/desktop/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/archive/desktop/figures/gnome-49.png differ diff --git a/archive/desktop/figures/gnome-5.png b/archive/desktop/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/archive/desktop/figures/gnome-5.png differ diff --git a/archive/desktop/figures/gnome-50.png b/archive/desktop/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/archive/desktop/figures/gnome-50.png differ diff --git a/archive/desktop/figures/gnome-51.png b/archive/desktop/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/archive/desktop/figures/gnome-51.png differ diff --git a/archive/desktop/figures/gnome-52.png b/archive/desktop/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/archive/desktop/figures/gnome-52.png differ diff --git a/archive/desktop/figures/gnome-53.png b/archive/desktop/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/archive/desktop/figures/gnome-53.png differ diff --git a/archive/desktop/figures/gnome-54.png b/archive/desktop/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/archive/desktop/figures/gnome-54.png differ diff --git a/archive/desktop/figures/gnome-55.png b/archive/desktop/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/archive/desktop/figures/gnome-55.png differ diff --git a/archive/desktop/figures/gnome-56.png b/archive/desktop/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/archive/desktop/figures/gnome-56.png differ diff --git a/archive/desktop/figures/gnome-57.png b/archive/desktop/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/archive/desktop/figures/gnome-57.png differ diff --git a/archive/desktop/figures/gnome-58.png b/archive/desktop/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/archive/desktop/figures/gnome-58.png differ diff --git a/archive/desktop/figures/gnome-59.png b/archive/desktop/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/archive/desktop/figures/gnome-59.png differ diff --git a/archive/desktop/figures/gnome-6.png b/archive/desktop/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/archive/desktop/figures/gnome-6.png differ diff --git a/archive/desktop/figures/gnome-7.png b/archive/desktop/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/archive/desktop/figures/gnome-7.png differ diff --git a/archive/desktop/figures/gnome-8.png b/archive/desktop/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/archive/desktop/figures/gnome-8.png differ diff --git a/archive/desktop/figures/gnome-9.png b/archive/desktop/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/archive/desktop/figures/gnome-9.png differ diff --git a/archive/desktop/figures/icon1.png b/archive/desktop/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/archive/desktop/figures/icon1.png differ diff --git a/archive/desktop/figures/icon10-o.png b/archive/desktop/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/archive/desktop/figures/icon10-o.png differ diff --git a/archive/desktop/figures/icon101-o.svg b/archive/desktop/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/archive/desktop/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/archive/desktop/figures/icon103-o.svg b/archive/desktop/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/archive/desktop/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon105-o.svg b/archive/desktop/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/archive/desktop/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon107-o.svg b/archive/desktop/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/archive/desktop/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon11-o.png b/archive/desktop/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/archive/desktop/figures/icon11-o.png differ diff --git a/archive/desktop/figures/icon110-o.svg b/archive/desktop/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/archive/desktop/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon111-o.svg b/archive/desktop/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/archive/desktop/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon112-o.svg b/archive/desktop/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/archive/desktop/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon116-o.svg b/archive/desktop/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/archive/desktop/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon12-o.png b/archive/desktop/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/archive/desktop/figures/icon12-o.png differ diff --git a/archive/desktop/figures/icon120-o.svg b/archive/desktop/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/archive/desktop/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon122-o.svg b/archive/desktop/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/archive/desktop/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/archive/desktop/figures/icon124-o.svg b/archive/desktop/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/archive/desktop/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon125-o.svg b/archive/desktop/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/archive/desktop/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon126-o.svg b/archive/desktop/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/archive/desktop/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon127-o.svg b/archive/desktop/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/archive/desktop/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon128-o.svg b/archive/desktop/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/archive/desktop/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon13-o.png b/archive/desktop/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/archive/desktop/figures/icon13-o.png differ diff --git a/archive/desktop/figures/icon132-o.svg b/archive/desktop/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/archive/desktop/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon133-o.svg b/archive/desktop/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/archive/desktop/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon134-o.svg b/archive/desktop/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/archive/desktop/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon135-o.svg b/archive/desktop/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/archive/desktop/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon136-o.svg b/archive/desktop/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/archive/desktop/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon14-o.png b/archive/desktop/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/archive/desktop/figures/icon14-o.png differ diff --git a/archive/desktop/figures/icon15-o.png b/archive/desktop/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/archive/desktop/figures/icon15-o.png differ diff --git a/archive/desktop/figures/icon16.png b/archive/desktop/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/archive/desktop/figures/icon16.png differ diff --git a/archive/desktop/figures/icon17.png b/archive/desktop/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/archive/desktop/figures/icon17.png differ diff --git a/archive/desktop/figures/icon18.png b/archive/desktop/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/archive/desktop/figures/icon18.png differ diff --git a/archive/desktop/figures/icon19-o.png b/archive/desktop/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/archive/desktop/figures/icon19-o.png differ diff --git a/archive/desktop/figures/icon2.png b/archive/desktop/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/archive/desktop/figures/icon2.png differ diff --git a/archive/desktop/figures/icon20.png b/archive/desktop/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/archive/desktop/figures/icon20.png differ diff --git a/archive/desktop/figures/icon21.png b/archive/desktop/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/archive/desktop/figures/icon21.png differ diff --git a/archive/desktop/figures/icon22.png b/archive/desktop/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/archive/desktop/figures/icon22.png differ diff --git a/archive/desktop/figures/icon23.png b/archive/desktop/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/archive/desktop/figures/icon23.png differ diff --git a/archive/desktop/figures/icon24.png b/archive/desktop/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/archive/desktop/figures/icon24.png differ diff --git a/archive/desktop/figures/icon25.png b/archive/desktop/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/archive/desktop/figures/icon25.png differ diff --git a/archive/desktop/figures/icon26-o.png b/archive/desktop/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/archive/desktop/figures/icon26-o.png differ diff --git a/archive/desktop/figures/icon27-o.png b/archive/desktop/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/archive/desktop/figures/icon27-o.png differ diff --git a/archive/desktop/figures/icon28-o.png b/archive/desktop/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/archive/desktop/figures/icon28-o.png differ diff --git a/archive/desktop/figures/icon29-o.png b/archive/desktop/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/archive/desktop/figures/icon29-o.png differ diff --git a/archive/desktop/figures/icon3.png b/archive/desktop/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/archive/desktop/figures/icon3.png differ diff --git a/archive/desktop/figures/icon30-o.png b/archive/desktop/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/archive/desktop/figures/icon30-o.png differ diff --git a/archive/desktop/figures/icon31-o.png b/archive/desktop/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/archive/desktop/figures/icon31-o.png differ diff --git a/archive/desktop/figures/icon32.png b/archive/desktop/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/archive/desktop/figures/icon32.png differ diff --git a/archive/desktop/figures/icon33.png b/archive/desktop/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/archive/desktop/figures/icon33.png differ diff --git a/archive/desktop/figures/icon34.png b/archive/desktop/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/archive/desktop/figures/icon34.png differ diff --git a/archive/desktop/figures/icon35.png b/archive/desktop/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/archive/desktop/figures/icon35.png differ diff --git a/archive/desktop/figures/icon36.png b/archive/desktop/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/archive/desktop/figures/icon36.png differ diff --git a/archive/desktop/figures/icon37.png b/archive/desktop/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/archive/desktop/figures/icon37.png differ diff --git a/archive/desktop/figures/icon38.png b/archive/desktop/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/archive/desktop/figures/icon38.png differ diff --git a/archive/desktop/figures/icon39.png b/archive/desktop/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/archive/desktop/figures/icon39.png differ diff --git a/archive/desktop/figures/icon4.png b/archive/desktop/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/archive/desktop/figures/icon4.png differ diff --git a/archive/desktop/figures/icon40.png b/archive/desktop/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/archive/desktop/figures/icon40.png differ diff --git a/archive/desktop/figures/icon41.png b/archive/desktop/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/archive/desktop/figures/icon41.png differ diff --git a/archive/desktop/figures/icon42-o.png b/archive/desktop/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/archive/desktop/figures/icon42-o.png differ diff --git a/archive/desktop/figures/icon42.png b/archive/desktop/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/archive/desktop/figures/icon42.png differ diff --git a/archive/desktop/figures/icon43-o.png b/archive/desktop/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/archive/desktop/figures/icon43-o.png differ diff --git a/archive/desktop/figures/icon44-o.png b/archive/desktop/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/archive/desktop/figures/icon44-o.png differ diff --git a/archive/desktop/figures/icon45-o.png b/archive/desktop/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/archive/desktop/figures/icon45-o.png differ diff --git a/archive/desktop/figures/icon46-o.png b/archive/desktop/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/archive/desktop/figures/icon46-o.png differ diff --git a/archive/desktop/figures/icon47-o.png b/archive/desktop/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/archive/desktop/figures/icon47-o.png differ diff --git a/archive/desktop/figures/icon49-o.svg b/archive/desktop/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/archive/desktop/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon5.png b/archive/desktop/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/archive/desktop/figures/icon5.png differ diff --git a/archive/desktop/figures/icon50-o.svg b/archive/desktop/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/archive/desktop/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon52-o.svg b/archive/desktop/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/archive/desktop/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon53-o.svg b/archive/desktop/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/archive/desktop/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon54-o.svg b/archive/desktop/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/archive/desktop/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon56-o.svg b/archive/desktop/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/archive/desktop/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon57-o.svg b/archive/desktop/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/archive/desktop/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon58-o.svg b/archive/desktop/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/archive/desktop/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon6.png b/archive/desktop/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/archive/desktop/figures/icon6.png differ diff --git a/archive/desktop/figures/icon62-o.svg b/archive/desktop/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/archive/desktop/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon63-o.svg b/archive/desktop/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/archive/desktop/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon66-o.svg b/archive/desktop/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/archive/desktop/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon68-o.svg b/archive/desktop/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/archive/desktop/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon69-o.svg b/archive/desktop/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/archive/desktop/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon7.png b/archive/desktop/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/archive/desktop/figures/icon7.png differ diff --git a/archive/desktop/figures/icon70-o.svg b/archive/desktop/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/archive/desktop/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon71-o.svg b/archive/desktop/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/archive/desktop/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon72-o.svg b/archive/desktop/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/archive/desktop/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon73-o.svg b/archive/desktop/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/archive/desktop/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon75-o.svg b/archive/desktop/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/archive/desktop/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/archive/desktop/figures/icon8.png b/archive/desktop/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/archive/desktop/figures/icon8.png differ diff --git a/archive/desktop/figures/icon83-o.svg b/archive/desktop/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/archive/desktop/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon84-o.svg b/archive/desktop/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/archive/desktop/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon86-o.svg b/archive/desktop/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/archive/desktop/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon88-o.svg b/archive/desktop/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/archive/desktop/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon9.png b/archive/desktop/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/archive/desktop/figures/icon9.png differ diff --git a/archive/desktop/figures/icon90-o.svg b/archive/desktop/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/archive/desktop/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon92-o.svg b/archive/desktop/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/archive/desktop/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/icon94-o.svg b/archive/desktop/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/archive/desktop/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon97-o.svg b/archive/desktop/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/archive/desktop/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/archive/desktop/figures/icon99-o.svg b/archive/desktop/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/archive/desktop/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/archive/desktop/figures/kiran-1.png b/archive/desktop/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/archive/desktop/figures/kiran-1.png differ diff --git a/archive/desktop/figures/kiran-10.png b/archive/desktop/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/archive/desktop/figures/kiran-10.png differ diff --git a/archive/desktop/figures/kiran-11.png b/archive/desktop/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/archive/desktop/figures/kiran-11.png differ diff --git a/archive/desktop/figures/kiran-12.png b/archive/desktop/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/archive/desktop/figures/kiran-12.png differ diff --git a/archive/desktop/figures/kiran-13.png b/archive/desktop/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/archive/desktop/figures/kiran-13.png differ diff --git a/archive/desktop/figures/kiran-14.png b/archive/desktop/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/archive/desktop/figures/kiran-14.png differ diff --git a/archive/desktop/figures/kiran-15.png b/archive/desktop/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/archive/desktop/figures/kiran-15.png differ diff --git a/archive/desktop/figures/kiran-16.png b/archive/desktop/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/archive/desktop/figures/kiran-16.png differ diff --git a/archive/desktop/figures/kiran-17.png b/archive/desktop/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/archive/desktop/figures/kiran-17.png differ diff --git a/archive/desktop/figures/kiran-18.png b/archive/desktop/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/archive/desktop/figures/kiran-18.png differ diff --git a/archive/desktop/figures/kiran-19.png b/archive/desktop/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/archive/desktop/figures/kiran-19.png differ diff --git a/archive/desktop/figures/kiran-2.png b/archive/desktop/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/archive/desktop/figures/kiran-2.png differ diff --git a/archive/desktop/figures/kiran-20.png b/archive/desktop/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/archive/desktop/figures/kiran-20.png differ diff --git a/archive/desktop/figures/kiran-21.png b/archive/desktop/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/archive/desktop/figures/kiran-21.png differ diff --git a/archive/desktop/figures/kiran-22.png b/archive/desktop/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/archive/desktop/figures/kiran-22.png differ diff --git a/archive/desktop/figures/kiran-23.png b/archive/desktop/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/archive/desktop/figures/kiran-23.png differ diff --git a/archive/desktop/figures/kiran-24.png b/archive/desktop/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/archive/desktop/figures/kiran-24.png differ diff --git a/archive/desktop/figures/kiran-25.png b/archive/desktop/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/archive/desktop/figures/kiran-25.png differ diff --git a/archive/desktop/figures/kiran-26.png b/archive/desktop/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/archive/desktop/figures/kiran-26.png differ diff --git a/archive/desktop/figures/kiran-27.png b/archive/desktop/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/archive/desktop/figures/kiran-27.png differ diff --git a/archive/desktop/figures/kiran-28.png b/archive/desktop/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/archive/desktop/figures/kiran-28.png differ diff --git a/archive/desktop/figures/kiran-29.png b/archive/desktop/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/archive/desktop/figures/kiran-29.png differ diff --git a/archive/desktop/figures/kiran-3.png b/archive/desktop/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/archive/desktop/figures/kiran-3.png differ diff --git a/archive/desktop/figures/kiran-30.png b/archive/desktop/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/archive/desktop/figures/kiran-30.png differ diff --git a/archive/desktop/figures/kiran-31.png b/archive/desktop/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/archive/desktop/figures/kiran-31.png differ diff --git a/archive/desktop/figures/kiran-32.png b/archive/desktop/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/archive/desktop/figures/kiran-32.png differ diff --git a/archive/desktop/figures/kiran-33.png b/archive/desktop/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/archive/desktop/figures/kiran-33.png differ diff --git a/archive/desktop/figures/kiran-34.png b/archive/desktop/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/archive/desktop/figures/kiran-34.png differ diff --git a/archive/desktop/figures/kiran-35.png b/archive/desktop/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/archive/desktop/figures/kiran-35.png differ diff --git a/archive/desktop/figures/kiran-36.png b/archive/desktop/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/archive/desktop/figures/kiran-36.png differ diff --git a/archive/desktop/figures/kiran-37.png b/archive/desktop/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/archive/desktop/figures/kiran-37.png differ diff --git a/archive/desktop/figures/kiran-38.png b/archive/desktop/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/archive/desktop/figures/kiran-38.png differ diff --git a/archive/desktop/figures/kiran-39.png b/archive/desktop/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/archive/desktop/figures/kiran-39.png differ diff --git a/archive/desktop/figures/kiran-4.png b/archive/desktop/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/archive/desktop/figures/kiran-4.png differ diff --git a/archive/desktop/figures/kiran-40.png b/archive/desktop/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/archive/desktop/figures/kiran-40.png differ diff --git a/archive/desktop/figures/kiran-41.png b/archive/desktop/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/archive/desktop/figures/kiran-41.png differ diff --git a/archive/desktop/figures/kiran-42.png b/archive/desktop/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/archive/desktop/figures/kiran-42.png differ diff --git a/archive/desktop/figures/kiran-43.png b/archive/desktop/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/archive/desktop/figures/kiran-43.png differ diff --git a/archive/desktop/figures/kiran-44.png b/archive/desktop/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/archive/desktop/figures/kiran-44.png differ diff --git a/archive/desktop/figures/kiran-45.png b/archive/desktop/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/archive/desktop/figures/kiran-45.png differ diff --git a/archive/desktop/figures/kiran-46.png b/archive/desktop/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/archive/desktop/figures/kiran-46.png differ diff --git a/archive/desktop/figures/kiran-47.png b/archive/desktop/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/archive/desktop/figures/kiran-47.png differ diff --git a/archive/desktop/figures/kiran-48.png b/archive/desktop/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/archive/desktop/figures/kiran-48.png differ diff --git a/archive/desktop/figures/kiran-49.png b/archive/desktop/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/archive/desktop/figures/kiran-49.png differ diff --git a/archive/desktop/figures/kiran-5.png b/archive/desktop/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/archive/desktop/figures/kiran-5.png differ diff --git a/archive/desktop/figures/kiran-50.png b/archive/desktop/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/archive/desktop/figures/kiran-50.png differ diff --git a/archive/desktop/figures/kiran-6.png b/archive/desktop/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/archive/desktop/figures/kiran-6.png differ diff --git a/archive/desktop/figures/kiran-7.png b/archive/desktop/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/archive/desktop/figures/kiran-7.png differ diff --git a/archive/desktop/figures/kiran-8.png b/archive/desktop/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/archive/desktop/figures/kiran-8.png differ diff --git a/archive/desktop/figures/kiran-9.png b/archive/desktop/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/archive/desktop/figures/kiran-9.png differ diff --git a/archive/desktop/figures/kubesphere-console.png b/archive/desktop/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/archive/desktop/figures/kubesphere-console.png differ diff --git a/archive/desktop/figures/kubesphere.png b/archive/desktop/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/archive/desktop/figures/kubesphere.png differ diff --git a/archive/desktop/figures/xfce-1.png b/archive/desktop/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/archive/desktop/figures/xfce-1.png differ diff --git a/archive/desktop/figures/xfce-2.png b/archive/desktop/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/archive/desktop/figures/xfce-2.png differ diff --git a/archive/desktop/figures/xfce-3.png b/archive/desktop/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/archive/desktop/figures/xfce-3.png differ diff --git a/archive/desktop/figures/xfce-4.png b/archive/desktop/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/archive/desktop/figures/xfce-4.png differ diff --git a/archive/desktop/figures/xfce-5.png b/archive/desktop/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/archive/desktop/figures/xfce-5.png differ diff --git a/archive/desktop/figures/xfce-6.png b/archive/desktop/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/archive/desktop/figures/xfce-6.png differ diff --git a/archive/desktop/figures/xfce-7.png b/archive/desktop/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/archive/desktop/figures/xfce-7.png differ diff --git a/archive/desktop/figures/xfce-71.png b/archive/desktop/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/archive/desktop/figures/xfce-71.png differ diff --git a/archive/desktop/figures/xfce-8.png b/archive/desktop/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/archive/desktop/figures/xfce-8.png differ diff --git a/archive/desktop/figures/xfce-81.png b/archive/desktop/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/archive/desktop/figures/xfce-81.png differ diff --git a/archive/desktop/figures/xfce-811.png b/archive/desktop/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/archive/desktop/figures/xfce-811.png differ diff --git a/archive/desktop/figures/xfce-812.png b/archive/desktop/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/archive/desktop/figures/xfce-812.png differ diff --git a/archive/desktop/figures/xfce-813.png b/archive/desktop/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/archive/desktop/figures/xfce-813.png differ diff --git a/archive/desktop/figures/xfce-814.png b/archive/desktop/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/archive/desktop/figures/xfce-814.png differ diff --git a/archive/desktop/figures/xfce-82.png b/archive/desktop/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/archive/desktop/figures/xfce-82.png differ diff --git a/archive/desktop/figures/xfce-821.png b/archive/desktop/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/archive/desktop/figures/xfce-821.png differ diff --git a/archive/desktop/figures/xfce-83.png b/archive/desktop/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/archive/desktop/figures/xfce-83.png differ diff --git a/archive/desktop/figures/xfce-831.png b/archive/desktop/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/archive/desktop/figures/xfce-831.png differ diff --git a/archive/desktop/figures/xfce-832.png b/archive/desktop/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/archive/desktop/figures/xfce-832.png differ diff --git a/archive/desktop/figures/xfce-84.png b/archive/desktop/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/archive/desktop/figures/xfce-84.png differ diff --git a/archive/desktop/figures/xfce-841.png b/archive/desktop/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/archive/desktop/figures/xfce-841.png differ diff --git a/archive/desktop/figures/xfce-842.png b/archive/desktop/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/archive/desktop/figures/xfce-842.png differ diff --git a/archive/desktop/figures/xfce-85.png b/archive/desktop/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/archive/desktop/figures/xfce-85.png differ diff --git a/archive/desktop/figures/xfce-851.png b/archive/desktop/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/archive/desktop/figures/xfce-851.png differ diff --git a/archive/desktop/figures/xfce-86.png b/archive/desktop/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/archive/desktop/figures/xfce-86.png differ diff --git a/archive/desktop/figures/xfce-861.png b/archive/desktop/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/archive/desktop/figures/xfce-861.png differ diff --git a/archive/desktop/figures/xfce-87.png b/archive/desktop/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/archive/desktop/figures/xfce-87.png differ diff --git a/archive/desktop/figures/xfce-9.png b/archive/desktop/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/archive/desktop/figures/xfce-9.png differ diff --git a/archive/desktop/figures/xfce-91.png b/archive/desktop/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/archive/desktop/figures/xfce-91.png differ diff --git a/archive/desktop/figures/xfce-911.png b/archive/desktop/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/archive/desktop/figures/xfce-911.png differ diff --git a/archive/desktop/figures/xfce-92.png b/archive/desktop/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/archive/desktop/figures/xfce-92.png differ diff --git a/archive/desktop/figures/xfce-921.png b/archive/desktop/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/archive/desktop/figures/xfce-921.png differ diff --git a/archive/desktop/figures/xfce-93.png b/archive/desktop/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/archive/desktop/figures/xfce-93.png differ diff --git a/archive/desktop/figures/xfce-931.png b/archive/desktop/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/archive/desktop/figures/xfce-931.png differ diff --git a/archive/desktop/figures/xfce-94.png b/archive/desktop/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/archive/desktop/figures/xfce-94.png differ diff --git a/archive/desktop/figures/xfce-941.png b/archive/desktop/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/archive/desktop/figures/xfce-941.png differ diff --git a/archive/desktop/figures/xfce-95.png b/archive/desktop/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/archive/desktop/figures/xfce-95.png differ diff --git a/archive/desktop/figures/xfce-951.png b/archive/desktop/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/archive/desktop/figures/xfce-951.png differ diff --git a/archive/desktop/figures/xfce-96.png b/archive/desktop/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/archive/desktop/figures/xfce-96.png differ diff --git a/archive/desktop/figures/xfce-961.png b/archive/desktop/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/archive/desktop/figures/xfce-961.png differ diff --git a/archive/desktop/figures/xfce-962.png b/archive/desktop/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/archive/desktop/figures/xfce-962.png differ diff --git a/archive/desktop/ha.md b/archive/desktop/ha.md new file mode 100644 index 0000000000000000000000000000000000000000..d50a900579f9f517ac0985bf7f7631185f91b509 --- /dev/null +++ b/archive/desktop/ha.md @@ -0,0 +1,3 @@ +# HA 用户指南 + +本节主要描述HA的安装和使用。 diff --git a/archive/desktop/ha_installation_and_deployment.md b/archive/desktop/ha_installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..8b1e3fe7d50dce8d013e8c32f4b6ccad0d1c6f20 --- /dev/null +++ b/archive/desktop/ha_installation_and_deployment.md @@ -0,0 +1,201 @@ +# HA的安装与部署 + +本文介绍如何安装和部署HA高可用集群。 + +## 安装与部署 + +### 环境准备 + +需要至少两台安装了openEuler 24.03 的物理机/虚拟机(现以两台为例),安装方法参考《[安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md)》。 + +### 修改主机名称及/etc/hosts文件 + +**注**:两台主机均需要进行以下操作,现以其中一台为例,下文中使用的IP仅供参考。** + +在使用HA软件之前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中。 + +1. 修改主机名 + + ```sh + # hostnamectl set-hostname ha1 + ``` + +2. 编辑`/etc/hosts`文件并写入以下字段 + + ```text + 172.30.30.65 ha1 + 172.30.30.66 ha2 + ``` + +### 配置yum源 + +成功安装系统后,会默认配置好yum源,文件位置存放在`/etc/yum.repos.d/openEuler.repo`文件中,HA软件包会用到以下源: + +```Conf +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-{version}/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### 安装HA软件包组件 + +```sh +# yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### 设置hacluster用户密码 + +```sh +# passwd hacluster +``` + +### 修改`/etc/corosync/corosync.conf`文件 + +```Conf +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### 管理服务 + +#### 关闭防火墙 + +1. 执行如下命令,关闭防火墙。 + + ```sh + # systemctl stop firewalld + ``` + +2. 修改`/etc/selinux/config`文件中SELINUX状态为disabled。 + + ```sh + # SELINUX=disabled + ``` + +#### 管理pcs服务 + +1. 启动pcs服务: + + ```sh + # systemctl start pcsd + ``` + +2. 查询pcs服务状态: + + ```sh + # systemctl status pcsd + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pcs.png) + +#### 管理pacemaker服务 + +1. 启动pacemaker服务: + + ```sh + # systemctl start pacemaker + ``` + +2. 查询pacemaker服务状态: + + ```sh + # systemctl status pacemaker + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pacemaker.png) + +#### 管理corosync服务 + +1. 启动corosync服务: + + ```sh + # systemctl start corosync + ``` + +2. 查询corosync服务状态: + + ```sh + # systemctl status corosync + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-corosync.png) + +### 节点鉴权 + +注:**任选一个节点上执行即可** + +```sh +# pcs host auth ha1 ha2 +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器(建议使用:Chrome,Firefox),在浏览器导航栏中输入`https://localhost:2224`即可。 + +- 以下界面为原生管理平台 + +![](./figures/HA-login.png) + +若安装社区新开发的管理平台请参考文档[https://gitee.com/openeuler/ha-api/blob/master/docs/build.md](https://gitee.com/openeuler/ha-api/blob/master/docs/build.md) + +- 以下为社区新开发的管理平台 + +![](./figures/HA-api.png) + +想了解如何快速使用HA高可用集群,以及添加一个实例。请参考[HA的使用实例文档](./ha_usecase_examples.md)。 diff --git a/archive/desktop/ha_usecase_examples.md b/archive/desktop/ha_usecase_examples.md new file mode 100644 index 0000000000000000000000000000000000000000..8fff8af0b4e2594ae1e95ebb4052fce4491712d8 --- /dev/null +++ b/archive/desktop/ha_usecase_examples.md @@ -0,0 +1,248 @@ +# HA使用实例 + +本章介绍如何快速使用HA高可用集群,以及添加一个实例。若不了解怎么安装,请参考[HA的安装与部署文档](./ha_installation_and_deployment.md)。 + +## 快速使用指南 + +以下操作均以社区新开发的管理平台为例。 + +### 登录页面 + +用户名为`hacluster`,密码为该用户在主机上设置的密码。 + +![](./figures/HA-api.png) + +### 主页面 + +登录系统后显示主页面,主页面由四部分组成:侧边导航栏、顶部操作区、资源节点列表区以及节点操作浮动区。 + +以下将详细介绍这四部分的特点与使用方法。 + +![](./figures/HA-home-page.png) + +#### 导航栏 + +侧边导航栏由两部分组成:高可用集群软件名称和 logo 以及系统导航。系统导航由三项组成:【系统】、【集群配置】和【工具】。【系统】是默认选项,也是主页面的对应项,主要展示系统中所有资源的相关信息以及操作入口;【集群配置】下设【首选项配置】和【心跳配置】两项;【工具】下设【日志下载】和【集群快捷操作】两项,点击后以弹出框的形式出现。 + +#### 顶部操作区 + +登录用户是静态显示,鼠标滑过用户图标,出现操作菜单项,包括【刷新设置】和【退出登录】两项,点击【刷新设置】,弹出【刷新设置】对话框,包含【刷新设置】选项,可以设置系统的自动刷新模式,包括【不自动刷新】、【每 5 秒刷新】和【每 10 秒刷新】三种选择,默认选择【不自动刷新】、【退出登录】即可注销本次登录,系统将自动跳到登录页面,此时,如果希望继续访问系统,则需要重新进行登录。 + +![](./figures/HA-refresh.png) + +#### 资源节点列表区 + +资源节点列表集中展现系统中所有资源的【资源名】、【状态】、【资源类型】、【服务】、【运行节点】等资源信息,以及系统中所有的节点和节点的运行情况等节点信息。同时提供资源的【添加】、【编辑】、【启动】、【停止】、【清理】、【迁移】、【回迁】、【删除】和【关系】操作。 + +#### 节点操作浮动区 + +节点操作浮动区域默认是收起的状态,每当点击资源节点列表表头中的节点时,右侧会弹出节点操作扩展区域,如图所示,该区域由收起按钮、节点名称、停止和备用四个部分组成,提供节点的【停止】和【备用】操作。点击区域左上角的箭头,该区域收起。 + +### 首选项配置 + +以下操作均可用命令行配置,现只做简单示例,若想使用更多命令可以使用``pcs --help``进行查询。 + +- 命令行方式 + + ```sh + # pcs property set stonith-enabled=false + # pcs property set no-quorum-policy=ignore + ``` + + 执行如下命令,可以查看全部配置。 + + ```sh + # pcs property + ``` + + ![](./figures/HA-firstchoice-cmd.png) + +- 图形界面方式 + 点击侧边导航栏中的【首选项配置】按钮,弹出【首选项配置】对话框。将No Quorum Policy和Stonith Enabled由默认状态改为如下对应状态;修改完成后,点击【确定】按钮完成配置。 + + ![](./figures/HA-firstchoice.png) + +### 添加资源 + +#### 添加普通资源 + +1. 点击【添加普通资源】,弹出【创建资源】对话框。 + 其中资源的所有必填配置项均在【基本】页面内,选择【基本】页面内的【资源类型】后会进一步给出该类资源的其他必填配置项以及选填配置项。 + +2. 填写资源配置信息。 + 对话框右侧会出现灰色文字区域,对当前的配置项进行解释说明。全部必填项配置完毕后,点击【确定】按钮即可创建普通资源,点击【取消】按钮,取消本次添加动作。 + 【实例属性】、【元属性】或者【操作属性】页面中的选填配置项为选填项,不配置不会影响资源的创建过程,可以根据场景需要可选择修改,否则将按照系统缺省值处理。 + +下面以Apache为例,分别以命令行方式和图形界面方式介绍添加资源的方法。 + +- 命令行方式 + + ```sh + # pcs resource create httpd ocf:heartbeat:apache + ``` + + 查看资源运行状态 + + ```sh + # pcs status + ``` + + ![](./figures/HA-pcs-status.png) + +- 图形界面方式 + +1. 填写资源名称和资源类型,如下图所示。 + + ![](./figures/HA-add-resource.png) + +2. 回显为如下,则资源添加成功并启动,运行于其中一个节点上,例如ha1。 + + ![](./figures/HA-apache-suc.png) +3. 访问apache界面成功。 + + ![](./figures/HA-apache-show.png) + +#### 添加组资源 + +>**须知:** +> 添加组资源时,集群中需要至少存在一个普通资源。 + +1. 点击【添加组资源】,弹出【创建资源】对话框。 + 【基本】页面内均为必填项,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-group.png) + + > **注意:** + > 组资源的启动是按照子资源的顺序启动的,所以选择子资源时需要注意按照顺序选择。 + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-group-suc.png) + +#### 添加克隆资源 + +1. 点击【添加克隆资源】,弹出【创建资源】对话框。 + 【基本】页面内填写克隆对象,资源名称会自动生成,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-clone.png) + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-clone-suc.png) + +### 编辑资源 + +- 启动资源:资源节点列表中选中一个目标资源,要求:该资源处于非运行状态。对该资源执行启动动作。 +- 停止资源:资源节点列表中选中一个目标资源,要求:该资源处于运行状态。对该资源执行停止操作。 +- 清理资源:资源节点列表中选中一个目标资源,对该资源执行清理操作。 +- 迁移资源:资源节点列表中选中一个目标资源,要求:该资源为处于运行状态的普通资源或者组资源,执行迁移操作可以将资源迁移到指定节点上运行。 +- 回迁资源:资源节点列表中选中一个目标资源,要求:该资源已经完成迁移动作,执行回迁操作,可以清除该资源的迁移设置,资源重新迁回到原来的节点上运行。(点击按钮后,列表中该资源项的变化状态与启动资源时一致。) +- 删除资源:资源节点列表中选中一个目标资源,对该资源执行删除操作。 + +### 设置资源关系 + +资源关系即为目标资源设定限制条件,资源的限制条件分为三种:资源位置、资源协同和资源顺序。 + +- 资源位置:设置集群中的节点对于该资源的运行级别,由此确定启动或者切换时资源在哪个节点上运行,运行级别按照从高到低的顺序依次为:Master Node、Slave 1。 +- 资源协同:设置目标资源与集群中的其他资源是否运行在同一节点上,同节点资源表示该资源与目标资源必须运行在相同节点上,互斥节点资源表示该资源与目标资源不能运行在相同的节点上。 +- 资源顺序:设置目标资源与集群中的其他资源启动时的先后顺序,前置资源是指目标资源运行之前,该资源必须已经运行;后置资源是指目标资源运行之后,该资源才能运行。 + +## 高可用mysql实例配置 + +### 配置虚拟IP + +1. 在首页中点击“添加”,再选择添加普通资源,并按如下进行配置。 + + ![](./figures/HA-vip.png) + +2. 资源创建成功并启动,运行于其中一个节点上,例如ha1。 +3. 可以ping通并连接,登录后可正常执行各种操作;资源切换到ha2运行;能够正常访问。如下图所示。 + ![](./figures/HA-vip-suc.png) + +### 配置NFS存储 + +另找一台机器作为nfs服务端进行配置,操作步骤如下: + +1. 安装软件包 + + ```sh + # yum install -y nfs-utils rpcbind + ``` + +2. 关闭防火墙 + + ```sh + # systemctl stop firewalld && systemctl disable firewalld + ``` + +3. 修改/etc/selinux/config文件中SELINUX状态为disabled + + ```Conf + SELINUX=disabled + ``` + +4. 启动服务 + + ```sh + # systemctl start rpcbind && systemctl enable rpcbind + # systemctl start nfs-server && systemctl enable nfs-server + ``` + +5. 服务端创建一个共享目录 + + ```sh + # mkdir -p /test + ``` + +6. 修改NFS配置文件 + + ```sh + # vim /etc/exports + # /test *(rw,no_root_squash) + ``` + +7. 重新加载服务 + + ```sh + # systemctl reload nfs + ``` + +8. 客户端安装软件包,需要先安装mysql,可以将nfs挂载到mysql数据路径。 + + ```sh + # yum install -y nfs-utils mariadb-server + ``` + +9. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置NFS资源。 + + ![](./figures/HA-nfs.png) + +10. 资源创建成功并启动,运行于其中一个节点上,例如ha1;nfs成功挂载到`/var/lib/mysql`路径下。资源切换到ha2运行;nfs从ha1节点取消挂载,并自动在ha2节点上挂载成功。如下图所示。 + + ![](./figures/HA-nfs-suc.png) + +### 配置mysql + +1. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置mysql资源。 + + ![](./figures/HA-mariadb.png) + +2. 若回显为如下,则资源添加成功。 + + ![](./figures/HA-mariadb-suc.png) + +### 添加上述资源为组资源 + +1. 按资源启动顺序添加三个资源 + + 在首页中依次点击“添加”,“添加组资源”,并按如下进行配置组资源。 + + ![](./figures/HA-group-new.png) + +2. 组资源创建成功并启动,若回显与上述三个普通资源成功现象一致,则资源添加成功。 + + ![](./figures/HA-group-new-suc.png) + +3. 将ha1节点备用,成功迁移到ha2节点,运行正常。 + + ![](./figures/HA-group-new-suc2.png) diff --git a/archive/desktop/installha.md b/archive/desktop/installha.md new file mode 100644 index 0000000000000000000000000000000000000000..cbef222f555d92008e63143c02df39186f302f97 --- /dev/null +++ b/archive/desktop/installha.md @@ -0,0 +1,207 @@ +# HA的安装与部署 + +本文介绍如何安装和部署HA高可用集群。 + +## 安装与部署 + +### 环境准备 + +需要至少两台安装了openEuler 的物理机/虚拟机(现以两台为例),安装方法参考《[安装指南](../Installation/installation.md)》。 + +### 修改主机名称及/etc/hosts文件 + +**注:两台主机均需要进行以下操作,现以其中一台为例,下文中使用的IP仅供参考。** + +在使用HA软件之前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中。 + +1. 修改主机名: + + ```shell + # hostnamectl set-hostname ha1 + ``` + +2. 编辑`/etc/hosts`文件并写入以下字段: + + ```text + 172.30.30.65 ha1 + 172.30.30.66 ha2 + ``` + +### 配置yum源 + +成功安装系统后,会默认配置好yum源,文件位置存放在`/etc/yum.repos.d/openEuler.repo`文件中,HA软件包会用到以下源: + +```text +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-{version}/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### 安装HA软件包组件 + +```shell +# yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### 设置hacluster用户密码 + +```shell +# passwd hacluster +``` + +### 修改`/etc/corosync/corosync.conf`文件 + +```text +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### 管理服务 + +#### 关闭防火墙 + +1. 执行如下命令,关闭防火墙: + + ```shell + # systemctl stop firewalld + ``` + +2. 修改`/etc/selinux/config`文件中SELINUX状态为disabled: + + ```text + # SELINUX=disabled + ``` + +#### 管理pcs服务 + +1. 启动pcs服务: + + ```shell + # systemctl start pcsd + ``` + +2. 查询pcs服务状态: + + ```shell + # systemctl status pcsd + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pcs-status.png) + +#### 管理pacemaker服务 + +1. 启动pacemaker服务: + + ```shell + # systemctl start pacemaker + ``` + +2. 查询pacemaker服务状态: + + ```shell + # systemctl status pacemaker + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/image.png) + +#### 管理corosync服务 + +1. 启动corosync服务: + + ```shell + # systemctl start corosync + ``` + +2. 查询corosync服务状态: + + ```shell + # systemctl status corosync + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/image3.png) + +### 节点鉴权 + +**注:任选一个节点上执行即可** + +```shell +使用pcs认证各节点的用户名和密码。 + +# pcs host auth ha1 ha2 +Username: hacluster +Password: +ha1: Authorized +ha2: Authorized +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器(建议使用:Chrome,Firefox),在浏览器导航栏中输入`https://localhost:2224`即可。 + +- 以下界面为原生管理平台 + +![](./figures/image4.png) + +若安装社区新开发的管理平台请参考文档。 + +- 以下为社区新开发的管理平台 + +![](./figures/HA-api.png) + +想了解如何快速使用HA高可用集群,以及添加一个实例。请参考[HA的使用实例文档](./HA的使用实例.md)。 diff --git a/archive/desktop/kubesphere.md b/archive/desktop/kubesphere.md new file mode 100644 index 0000000000000000000000000000000000000000..f241fc254c1818e503db2a3cc5e36db6d060c623 --- /dev/null +++ b/archive/desktop/kubesphere.md @@ -0,0 +1,60 @@ +# KubeSphere 安装指南 + +本文介绍如何在 openEuler 上安装和部署 Kubernetes 和 KubeSphere 集群。 + +### 什么是 KubeSphere + +[KubeSphere](https://kubesphere.io/) 是在 [Kubernetes](https://kubernetes.io/) 之上构建的面向云原生应用的**分布式操作系统**,完全开源,支持多云与多集群管理,提供全栈的 IT 自动化运维能力,简化企业的 DevOps 工作流。它的架构可以非常方便地使第三方应用与云原生生态组件进行即插即用(plug-and-play)的集成。有关更多信息,请参阅 [KubeSphere 官网](https://kubesphere.com.cn/)。 + +### 前提条件 + +您需要准备一台安装了 openEuler 的物理机/虚拟机,安装方法参考《[安装指南](../Installation/installation.md)》。 + +### 软件安装 + +1. 安装 KubeKey 。 + + ```bash + yum install kubekey + ``` + + > ![](../Virtualization/public_sys-resources/icon-note.gif)**说明:** + >开始部署前可预先在集群中每个节点部署 Docker,也可交由 KubeKey 自动部署 (KubeKey 自动部署的 Docker 版本为 20.10.8) 。 + +2. 部署 KubeSphere 集群。 + + ```bash + kk create cluster --with-kubesphere v3.1.1 + ``` + + > **说明:** + >此命令会默认安装 Kubernetes v1.19.8。如需指定 Kubernetes 版本,则需要在命令行后添加 `--with-kubernetes <版本号>`,支持的 Kubernetes 版本包括 `v1.17.9`、`v1.18.8`、 `v.1.19.8`、`v1.19.9`、`v1.20.6`。 + +3. 验证 KubeSphere 集群是否安装成功。 + + ```bash + kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f + ``` + + 若回显为如下,则 KubeSphere 集群安装成功。 + + ![](./figures/kubesphere.png) + + >![](../Virtualization/public_sys-resources/icon-note.gif) **说明:** + >本文档适用于在 x86 环境中安装 KubeSphere。ARM64 环境中需要先安装 Kubernetes 才能部署 KubeSphere。 + +### 访问 KubeSphere Web 控制台 + +**注意取决于您的网络环境,您可能需要配置端口转发规则和防火墙策略,请确保在防火墙规则中放行 `30880` 端口。** + +KubeSphere 集群部署成功后,在浏览器地址栏中输入 `<节点 IP 地址>:30880` 访问 KubeSphere Web 控制台。 + +![kubesphere-console](./figures/kubesphere-console.png) + +### 另请参见 + +[什么是 KubeSphere](https://v3-1.docs.kubesphere.io/zh/docs/introduction/what-is-kubesphere/) + +[在 Linux 上安装 KubeSphere](https://v3-1.docs.kubesphere.io/zh/docs/installing-on-linux/introduction/multioverview/) + +[启用可插拔组件](https://v3-1.docs.kubesphere.io/zh/docs/quick-start/enable-pluggable-components/) diff --git a/archive/desktop/usecase.md b/archive/desktop/usecase.md new file mode 100644 index 0000000000000000000000000000000000000000..83d46dc312d25be533c064046529b42c4f5922b6 --- /dev/null +++ b/archive/desktop/usecase.md @@ -0,0 +1,246 @@ +# HA使用实例 + +本章介绍如何快速使用HA高可用集群,以及添加一个实例。若不了解怎么安装,请参考[HA的安装与部署文档](./HA的安装与部署.md)。 + +## 快速使用指南 + +以下操作均以社区新开发的管理平台为例。 + +### 登录页面 + +用户名为`hacluster`,密码为该用户在主机上设置的密码。 + +![](./figures/HA-api.png) + +### 主页面 + +登录系统后显示主页面,主页面由四部分组成:侧边导航栏、顶部操作区、资源节点列表区以及节点操作浮动区。 + +以下将详细介绍这四部分的特点与使用方法。 + +![](./figures/HA-home-page.png) + +#### 导航栏 + +侧边导航栏由两部分组成:高可用集群软件名称和 logo 以及系统导航。系统导航由三项组成:【系统】、【集群配置】和【工具】。【系统】是默认选项,也是主页面的对应项,主要展示系统中所有资源的相关信息以及操作入口;【集群配置】下设【首选项配置】和【心跳配置】两项;【工具】下设【日志下载】和【集群快捷操作】两项,点击后以弹出框的形式出现。 + +#### 顶部操作区 + +登录用户是静态显示,鼠标滑过用户图标,出现操作菜单项,包括【刷新设置】和【退出登录】两项,点击【刷新设置】,弹出【刷新设置】对话框,包含【刷新设置】选项,可以设置系统的自动刷新模式,包括【不自动刷新】、【每 5 秒刷新】和【每 10 秒刷新】三种选择,默认选择【不自动刷新】。【退出登录】即可注销本次登录,系统将自动跳到登录页面,此时,如果希望继续访问系统,则需要重新进行登录。 + +![](./figures/HA-refresh.png) + +#### 资源节点列表区 + +资源节点列表集中展现系统中所有资源的【资源名】、【状态】、【资源类型】、【服务】、【运行节点】等资源信息,以及系统中所有的节点和节点的运行情况等节点信息。同时提供资源的【添加】、【编辑】、【启动】、【停止】、【清理】、【迁移】、【回迁】、【删除】和【关系】操作。 + +#### 节点操作浮动区 + +节点操作浮动区域默认是收起的状态,每当点击资源节点列表表头中的节点时,右侧会弹出节点操作扩展区域,如图所示,该区域由收起按钮、节点名称、停止和备用四个部分组成,提供节点的【停止】和【备用】操作。点击区域左上角的箭头,该区域收起。 + +### 首选项配置 + +以下操作均可用命令行配置,现只做简单示例,若想使用更多命令可以使用pcs \-\-help进行查询。 + +- 命令行方式 + + ```sh + # pcs property set stonith-enabled=false + # pcs property set no-quorum-policy=ignore + ``` + + 执行如下命令,可以查看全部配置。 + + ```sh + pcs property + ``` + + ![](./figures/HA-firstchoice-cmd.png) + +- 图形界面方式 + 点击侧边导航栏中的【首选项配置】按钮,弹出【首选项配置】对话框。将no-quorum-policy和stonith-enabled由默认状态改为如下对应状态;修改完成后,点击【确定】按钮完成配置。 + + ![](./figures/HA-firstchoice.png) + +### 添加资源 + +#### 添加普通资源 + +1. 点击【添加普通资源】,弹出【创建资源】对话框。 + 其中资源的所有必填配置项均在【基本】页面内,选择【基本】页面内的【资源类型】后会进一步给出该类资源的其他必填配置项以及选填配置项。 + +2. 填写资源配置信息。 + 对话框右侧会出现灰色文字区域,对当前的配置项进行解释说明。全部必填项配置完毕后,点击【确定】按钮即可创建普通资源,点击【取消】按钮,取消本次添加动作。 + 【实例属性】、【元属性】或者【操作属性】页面中的选填配置项为选填项,不配置不会影响资源的创建过程,可以根据场景需要可选择修改,否则将按照系统默认值处理。 + +下面以Apache为例,分别以命令行方式和图形界面方式介绍添加资源的方法。 + +- 命令行方式 + + ```sh + # pcs resource create httpd ocf:heartbeat:apache + ``` + + 查看资源运行状态 + + ```sh + # pcs status + ``` + + ![](./figures/HA-pcs-status.png) + +- 图形界面方式 + +1. 填写资源名称和资源类型,如下图所示。 + ![](./figures/HA-add-resource.png) +2. 回显为如下,则资源添加成功并启动,运行于其中一个节点上,例如ha1。 + + ![](./figures/HA-apache-suc.png) +3. 访问apache界面成功。 + + ![](./figures/HA-apache-show.png) + +#### 添加组资源 + +>**须知:** +> 添加组资源时,集群中需要至少存在一个普通资源。 + +1. 点击【添加组资源】,弹出【创建资源】对话框。 + 【基本】页面内均为必填项,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-group.png) + + >**注意:** + > 组资源的启动是按照子资源的顺序启动的,所以选择子资源时需要注意按照顺序选择。 + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-group-suc.png) + +#### 添加克隆资源 + +1. 点击【添加克隆资源】,弹出【创建资源】对话框。 + 【基本】页面内填写克隆对象,资源名称会自动生成,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-clone.png) + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-clone-suc.png) + +### 编辑资源 + +- 启动资源:资源节点列表中选中一个目标资源,要求:该资源处于非运行状态。对该资源执行启动动作。 +- 停止资源:资源节点列表中选中一个目标资源,要求:该资源处于运行状态。对该资源执行停止操作。 +- 清理资源:资源节点列表中选中一个目标资源,对该资源执行清理操作。 +- 迁移资源:资源节点列表中选中一个目标资源,要求:该资源为处于运行状态的普通资源或者组资源,执行迁移操作可以将资源迁移到指定节点上运行。 +- 回迁资源:资源节点列表中选中一个目标资源,要求:该资源已经完成迁移动作,执行回迁操作,可以清除该资源的迁移设置,资源重新迁回到原来的节点上运行。 +点击按钮后,列表中该资源项的变化状态与启动资源时一致。 +- 删除资源:资源节点列表中选中一个目标资源,对该资源执行删除操作。 + +### 设置资源关系 + +资源关系即为目标资源设定限制条件,资源的限制条件分为三种:资源位置、资源协同和资源顺序。 + +- 资源位置:设置集群中的节点对于该资源的运行级别,由此确定启动或者切换时资源在哪个节点上运行,运行级别按照从高到低的顺序依次为:Master Node、Slave 1。 +- 资源协同:设置目标资源与集群中的其他资源是否运行在同一节点上,同节点资源表示该资源与目标资源必须运行在相同节点上,互斥节点资源表示该资源与目标资源不能运行在相同的节点上。 +- 资源顺序:设置目标资源与集群中的其他资源启动时的先后顺序,前置资源是指目标资源运行之前,该资源必须已经运行;后置资源是指目标资源运行之后,该资源才能运行。 + +## 高可用mysql实例配置 + +### 配置虚拟IP + +1. 在首页中点击“添加”,再选择添加普通资源,并按如下进行配置。 + + ![](./figures/HA-vip.png) + +2. 资源创建成功并启动,运行于其中一个节点上,例如ha1。 +3. 可以ping通并连接,登录后可正常执行各种操作;资源切换到ha2运行;能够正常访问。如下图所示。 + ![](./figures/HA-vip-suc.png) + +### 配置NFS存储 + +另找一台机器作为nfs服务端进行配置,操作步骤如下: + +1. 安装软件包 + + ```sh + # yum install -y nfs-utils rpcbind + ``` + +2. 关闭防火墙 + + ```sh + # systemctl stop firewalld && systemctl disable firewalld + ``` + +3. 修改/etc/selinux/config文件中SELINUX状态为disabled + + ```Conf + SELINUX=disabled + ``` + +4. 启动服务 + + ```sh + # systemctl start rpcbind && systemctl enable rpcbind + # systemctl start nfs-server && systemctl enable nfs-server + ``` + +5. 服务端创建一个共享目录 + + ```sh + # mkdir -p /test + ``` + +6. 修改NFS配置文件 + + ```sh + # vim /etc/exports + # /test *(rw,no_root_squash) + ``` + +7. 重新加载服务 + + ```sh + # systemctl reload nfs + ``` + +8. 客户端安装软件包,需要先安装mysql,可以将nfs挂载到mysql数据路径。 + + ```sh + # yum install -y nfs-utils mariadb-server + ``` + +9. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置NFS资源。 + + ![](./figures/HA-nfs.png) + +10. 资源创建成功并启动,运行于其中一个节点上,例如ha1;nfs成功挂载到`/var/lib/mysql`路径下。资源切换到ha2运行;nfs从ha1节点取消挂载,并自动在ha2节点上挂载成功。如下图所示。 + ![](./figures/HA-nfs-suc.png) + +### 配置mysql + +1. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置mysql资源。 + + ![](./figures/HA-mariadb.png) + +2. 若回显为如下,则资源添加成功。 + + ![](./figures/HA-mariadb-suc.png) + +### 添加上述资源为组资源 + +1. 按资源启动顺序添加三个资源 + + 在首页中依次点击“添加”,“添加组资源”,并按如下进行配置组资源。 + + ![](./figures/HA-group-new.png) + +2. 组资源创建成功并启动,若回显与上述三个普通资源成功现象一致,则资源添加成功。 + + ![](./figures/HA-group-new-suc.png) + +3. 将ha1节点备用,成功迁移到ha2节点,运行正常。 + + ![](./figures/HA-group-new-suc2.png) diff --git a/archive/overview.md b/archive/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..23bc749dd9e7a8fd33390910f1fe2d4680332ca7 --- /dev/null +++ b/archive/overview.md @@ -0,0 +1,149 @@ +# Memory Management + +## Basic Concepts + +The memory is an important component of a computer, and is used to temporarily store operation data in the CPU and data exchanged with an external memory such as hardware. In particular, a non-uniform memory access architecture (NUMA) is a memory architecture designed for a multiprocessor computer. The memory access time depends on the location of the memory relative to the processor. In NUMA mode, a processor accesses the local memory faster than the non-local memory (the memory is located in another processor or shared between processors). + +## Memory Monitoring + +1. `free`: displays the system memory status. + Example: + + ```shell + # Display the system memory status in MB. + free -m + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# free -m + total used free shared buff/cache available + Mem: 2633 436 324 23 2072 2196 + Swap: 4043 0 4043 + ``` + + The fields in the command output are as follows: + + | Field | Description | + | ---------- | ----------------------------------------------------------------------- | + | total | Total memory size. | + | used | Used memory. | + | free | Free memory. | + | shared | Total memory shared by multiple processes. | + | buff/cache | Total number of buffers and caches. | + | available | Estimated available memory to start a new application without swapping. | + +2. `vmstat`: dynamically monitors the system memory and views the system memory usage. + + Example: + + ```shell + # Monitor the system memory and display active and inactive memory. + vmstat -a + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# vmstat -a + procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- + r b swpd free inact active si so bi bo in cs us sy id wa st + 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 + ``` + + In the command output, the field related to the memory is as follows: + + | Field | Description | + | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | memory | Memory information.
**-swpd**: usage of the virtual memory, in KB.
**-free**: free memory capacity, in KB.
**-inact**: inactive memory capacity, in KB.
**-active**: active memory capacity, in KB. | + +3. `sar`: monitors the memory usage of the system. + + Example: + + ```shell + # Monitor the memory usage in the sampling period in the system. Collect the statistics every two seconds for three times. + sar -r 2 3 + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# sar -r 2 3 + + 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb + dirty + 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + ``` + + The fields in the command output are described as follows: + + | Field | Description | + | --------- | ------------------------------------------------ | + | kbmemfree | Unused memory space. | + | kbmemused | Used memory space. | + | %memused | Percentage of the used space. | + | kbbuffers | Amount of data stored in the buffer. | + | kbcached | Data access volume in all domains of the system. | + +4. `numactl`: displays the NUMA node configuration and status. + + Example: + + ```shell + # Check the current NUMA configuration. + numactl -H + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# numactl -H + available: 1 nodes (0) + node 0 cpus: 0 1 2 3 + node 0 size: 2633 MB + node 0 free: 322 MB + node distances: + node 0 + 0: 10 + ``` + + The server contains one NUMA node. The NUMA node that contains four cores and 6 GB memory. + The command also displays the distance between NUMA nodes. The further the distance, the higher the latency of cross-node memory accesses, which should be avoided as much as possible. + + `numastat`: displays NUMA node status. + + ```shell + # Check the NUMA node status. + numastat + ``` + + ```shell + [root@openEuler ~]# numastat + node0 + numa_hit 5386186 + numa_miss 0 + numa_foreign 0 + interleave_hit 17483 + local_node 5386186 + other_node 0 + ``` + + The fields in the `numastat` command output are described as follows: + + | Field | Description | + | -------------- | ----------------------------------------------------------------------------------------------------------------------------------- | + | numa_hit | Number of times that the CPU core accesses the local memory on a node. | + | numa_miss | Number of times that the core of a node accesses the memory of other nodes. | + | numa_foreign | Number of pages that were allocated to the local node but moved to other nodes. Each numa_foreign corresponds to a numa_miss event. | + | interleave_hit | Number of pages of the interleave policy that are allocated to this node. | + | local_node | Size of memory that was allocated to this node by processes on this node. | + | other_node | Size of memory that was allocated to other nodes by processes on this node. | diff --git a/archive/thirdparty_migration/figures/2.png b/archive/thirdparty_migration/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/archive/thirdparty_migration/figures/2.png differ diff --git a/archive/thirdparty_migration/figures/HA-add-resource.png b/archive/thirdparty_migration/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-add-resource.png differ diff --git a/archive/thirdparty_migration/figures/HA-apache-show.png b/archive/thirdparty_migration/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-apache-show.png differ diff --git a/archive/thirdparty_migration/figures/HA-apache-suc.png b/archive/thirdparty_migration/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-apache-suc.png differ diff --git a/archive/thirdparty_migration/figures/HA-api.png b/archive/thirdparty_migration/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-api.png differ diff --git a/archive/thirdparty_migration/figures/HA-clone-suc.png b/archive/thirdparty_migration/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-clone-suc.png differ diff --git a/archive/thirdparty_migration/figures/HA-clone.png b/archive/thirdparty_migration/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-clone.png differ diff --git a/archive/thirdparty_migration/figures/HA-firstchoice-cmd.png b/archive/thirdparty_migration/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-firstchoice-cmd.png differ diff --git a/archive/thirdparty_migration/figures/HA-firstchoice.png b/archive/thirdparty_migration/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-firstchoice.png differ diff --git a/archive/thirdparty_migration/figures/HA-group-new-suc.png b/archive/thirdparty_migration/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-group-new-suc.png differ diff --git a/archive/thirdparty_migration/figures/HA-group-new-suc2.png b/archive/thirdparty_migration/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-group-new-suc2.png differ diff --git a/archive/thirdparty_migration/figures/HA-group-new.png b/archive/thirdparty_migration/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-group-new.png differ diff --git a/archive/thirdparty_migration/figures/HA-group-suc.png b/archive/thirdparty_migration/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-group-suc.png differ diff --git a/archive/thirdparty_migration/figures/HA-group.png b/archive/thirdparty_migration/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-group.png differ diff --git a/archive/thirdparty_migration/figures/HA-home-page.png b/archive/thirdparty_migration/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-home-page.png differ diff --git a/archive/thirdparty_migration/figures/HA-mariadb-suc.png b/archive/thirdparty_migration/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-mariadb-suc.png differ diff --git a/archive/thirdparty_migration/figures/HA-mariadb.png b/archive/thirdparty_migration/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-mariadb.png differ diff --git a/archive/thirdparty_migration/figures/HA-nfs-suc.png b/archive/thirdparty_migration/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-nfs-suc.png differ diff --git a/archive/thirdparty_migration/figures/HA-nfs.png b/archive/thirdparty_migration/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-nfs.png differ diff --git a/archive/thirdparty_migration/figures/HA-pcs-status.png b/archive/thirdparty_migration/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-pcs-status.png differ diff --git a/archive/thirdparty_migration/figures/HA-qdevice.png b/archive/thirdparty_migration/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-qdevice.png differ diff --git a/archive/thirdparty_migration/figures/HA-refresh.png b/archive/thirdparty_migration/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-refresh.png differ diff --git a/archive/thirdparty_migration/figures/HA-vip-suc.png b/archive/thirdparty_migration/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-vip-suc.png differ diff --git a/archive/thirdparty_migration/figures/HA-vip.png b/archive/thirdparty_migration/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/archive/thirdparty_migration/figures/HA-vip.png differ diff --git a/archive/thirdparty_migration/figures/image.png b/archive/thirdparty_migration/figures/image.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/archive/thirdparty_migration/figures/image.png differ diff --git a/archive/thirdparty_migration/figures/image3.png b/archive/thirdparty_migration/figures/image3.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/archive/thirdparty_migration/figures/image3.png differ diff --git a/archive/thirdparty_migration/figures/image4.png b/archive/thirdparty_migration/figures/image4.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/archive/thirdparty_migration/figures/image4.png differ diff --git a/archive/thirdparty_migration/figures/image5.png b/archive/thirdparty_migration/figures/image5.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/archive/thirdparty_migration/figures/image5.png differ diff --git a/archive/thirdparty_migration/ha.md b/archive/thirdparty_migration/ha.md new file mode 100644 index 0000000000000000000000000000000000000000..d50a900579f9f517ac0985bf7f7631185f91b509 --- /dev/null +++ b/archive/thirdparty_migration/ha.md @@ -0,0 +1,3 @@ +# HA 用户指南 + +本节主要描述HA的安装和使用。 diff --git a/archive/thirdparty_migration/installha.md b/archive/thirdparty_migration/installha.md new file mode 100644 index 0000000000000000000000000000000000000000..8b1e3fe7d50dce8d013e8c32f4b6ccad0d1c6f20 --- /dev/null +++ b/archive/thirdparty_migration/installha.md @@ -0,0 +1,201 @@ +# HA的安装与部署 + +本文介绍如何安装和部署HA高可用集群。 + +## 安装与部署 + +### 环境准备 + +需要至少两台安装了openEuler 24.03 的物理机/虚拟机(现以两台为例),安装方法参考《[安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md)》。 + +### 修改主机名称及/etc/hosts文件 + +**注**:两台主机均需要进行以下操作,现以其中一台为例,下文中使用的IP仅供参考。** + +在使用HA软件之前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中。 + +1. 修改主机名 + + ```sh + # hostnamectl set-hostname ha1 + ``` + +2. 编辑`/etc/hosts`文件并写入以下字段 + + ```text + 172.30.30.65 ha1 + 172.30.30.66 ha2 + ``` + +### 配置yum源 + +成功安装系统后,会默认配置好yum源,文件位置存放在`/etc/yum.repos.d/openEuler.repo`文件中,HA软件包会用到以下源: + +```Conf +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-{version}/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### 安装HA软件包组件 + +```sh +# yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### 设置hacluster用户密码 + +```sh +# passwd hacluster +``` + +### 修改`/etc/corosync/corosync.conf`文件 + +```Conf +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### 管理服务 + +#### 关闭防火墙 + +1. 执行如下命令,关闭防火墙。 + + ```sh + # systemctl stop firewalld + ``` + +2. 修改`/etc/selinux/config`文件中SELINUX状态为disabled。 + + ```sh + # SELINUX=disabled + ``` + +#### 管理pcs服务 + +1. 启动pcs服务: + + ```sh + # systemctl start pcsd + ``` + +2. 查询pcs服务状态: + + ```sh + # systemctl status pcsd + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pcs.png) + +#### 管理pacemaker服务 + +1. 启动pacemaker服务: + + ```sh + # systemctl start pacemaker + ``` + +2. 查询pacemaker服务状态: + + ```sh + # systemctl status pacemaker + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pacemaker.png) + +#### 管理corosync服务 + +1. 启动corosync服务: + + ```sh + # systemctl start corosync + ``` + +2. 查询corosync服务状态: + + ```sh + # systemctl status corosync + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-corosync.png) + +### 节点鉴权 + +注:**任选一个节点上执行即可** + +```sh +# pcs host auth ha1 ha2 +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器(建议使用:Chrome,Firefox),在浏览器导航栏中输入`https://localhost:2224`即可。 + +- 以下界面为原生管理平台 + +![](./figures/HA-login.png) + +若安装社区新开发的管理平台请参考文档[https://gitee.com/openeuler/ha-api/blob/master/docs/build.md](https://gitee.com/openeuler/ha-api/blob/master/docs/build.md) + +- 以下为社区新开发的管理平台 + +![](./figures/HA-api.png) + +想了解如何快速使用HA高可用集群,以及添加一个实例。请参考[HA的使用实例文档](./ha_usecase_examples.md)。 diff --git a/archive/thirdparty_migration/openstack.md b/archive/thirdparty_migration/openstack.md new file mode 100644 index 0000000000000000000000000000000000000000..12a6cbce8d096144d41d64509786a741dde07888 --- /dev/null +++ b/archive/thirdparty_migration/openstack.md @@ -0,0 +1,3 @@ +# openEuler OpenStack + +openEuler OpenStack相关文档已迁移至[OpenStack SIG官网文档](https://openstack-sig.readthedocs.io/zh/latest/)。请访问链接获取详细信息。 diff --git a/archive/thirdparty_migration/thidrparty.md b/archive/thirdparty_migration/thidrparty.md new file mode 100644 index 0000000000000000000000000000000000000000..b527407480315aee0884f138e5cedf961bc5d377 --- /dev/null +++ b/archive/thirdparty_migration/thidrparty.md @@ -0,0 +1,3 @@ +# 第三方软件安装指南 + +本文档适用于使用 openEuler 系统并希望了解和使用第三方软件的社区开发者、开源爱好者以及合作伙伴。使用人员需要具备基本的 Linux 操作系统知识。 diff --git a/archive/thirdparty_migration/usecase.md b/archive/thirdparty_migration/usecase.md new file mode 100644 index 0000000000000000000000000000000000000000..8fff8af0b4e2594ae1e95ebb4052fce4491712d8 --- /dev/null +++ b/archive/thirdparty_migration/usecase.md @@ -0,0 +1,248 @@ +# HA使用实例 + +本章介绍如何快速使用HA高可用集群,以及添加一个实例。若不了解怎么安装,请参考[HA的安装与部署文档](./ha_installation_and_deployment.md)。 + +## 快速使用指南 + +以下操作均以社区新开发的管理平台为例。 + +### 登录页面 + +用户名为`hacluster`,密码为该用户在主机上设置的密码。 + +![](./figures/HA-api.png) + +### 主页面 + +登录系统后显示主页面,主页面由四部分组成:侧边导航栏、顶部操作区、资源节点列表区以及节点操作浮动区。 + +以下将详细介绍这四部分的特点与使用方法。 + +![](./figures/HA-home-page.png) + +#### 导航栏 + +侧边导航栏由两部分组成:高可用集群软件名称和 logo 以及系统导航。系统导航由三项组成:【系统】、【集群配置】和【工具】。【系统】是默认选项,也是主页面的对应项,主要展示系统中所有资源的相关信息以及操作入口;【集群配置】下设【首选项配置】和【心跳配置】两项;【工具】下设【日志下载】和【集群快捷操作】两项,点击后以弹出框的形式出现。 + +#### 顶部操作区 + +登录用户是静态显示,鼠标滑过用户图标,出现操作菜单项,包括【刷新设置】和【退出登录】两项,点击【刷新设置】,弹出【刷新设置】对话框,包含【刷新设置】选项,可以设置系统的自动刷新模式,包括【不自动刷新】、【每 5 秒刷新】和【每 10 秒刷新】三种选择,默认选择【不自动刷新】、【退出登录】即可注销本次登录,系统将自动跳到登录页面,此时,如果希望继续访问系统,则需要重新进行登录。 + +![](./figures/HA-refresh.png) + +#### 资源节点列表区 + +资源节点列表集中展现系统中所有资源的【资源名】、【状态】、【资源类型】、【服务】、【运行节点】等资源信息,以及系统中所有的节点和节点的运行情况等节点信息。同时提供资源的【添加】、【编辑】、【启动】、【停止】、【清理】、【迁移】、【回迁】、【删除】和【关系】操作。 + +#### 节点操作浮动区 + +节点操作浮动区域默认是收起的状态,每当点击资源节点列表表头中的节点时,右侧会弹出节点操作扩展区域,如图所示,该区域由收起按钮、节点名称、停止和备用四个部分组成,提供节点的【停止】和【备用】操作。点击区域左上角的箭头,该区域收起。 + +### 首选项配置 + +以下操作均可用命令行配置,现只做简单示例,若想使用更多命令可以使用``pcs --help``进行查询。 + +- 命令行方式 + + ```sh + # pcs property set stonith-enabled=false + # pcs property set no-quorum-policy=ignore + ``` + + 执行如下命令,可以查看全部配置。 + + ```sh + # pcs property + ``` + + ![](./figures/HA-firstchoice-cmd.png) + +- 图形界面方式 + 点击侧边导航栏中的【首选项配置】按钮,弹出【首选项配置】对话框。将No Quorum Policy和Stonith Enabled由默认状态改为如下对应状态;修改完成后,点击【确定】按钮完成配置。 + + ![](./figures/HA-firstchoice.png) + +### 添加资源 + +#### 添加普通资源 + +1. 点击【添加普通资源】,弹出【创建资源】对话框。 + 其中资源的所有必填配置项均在【基本】页面内,选择【基本】页面内的【资源类型】后会进一步给出该类资源的其他必填配置项以及选填配置项。 + +2. 填写资源配置信息。 + 对话框右侧会出现灰色文字区域,对当前的配置项进行解释说明。全部必填项配置完毕后,点击【确定】按钮即可创建普通资源,点击【取消】按钮,取消本次添加动作。 + 【实例属性】、【元属性】或者【操作属性】页面中的选填配置项为选填项,不配置不会影响资源的创建过程,可以根据场景需要可选择修改,否则将按照系统缺省值处理。 + +下面以Apache为例,分别以命令行方式和图形界面方式介绍添加资源的方法。 + +- 命令行方式 + + ```sh + # pcs resource create httpd ocf:heartbeat:apache + ``` + + 查看资源运行状态 + + ```sh + # pcs status + ``` + + ![](./figures/HA-pcs-status.png) + +- 图形界面方式 + +1. 填写资源名称和资源类型,如下图所示。 + + ![](./figures/HA-add-resource.png) + +2. 回显为如下,则资源添加成功并启动,运行于其中一个节点上,例如ha1。 + + ![](./figures/HA-apache-suc.png) +3. 访问apache界面成功。 + + ![](./figures/HA-apache-show.png) + +#### 添加组资源 + +>**须知:** +> 添加组资源时,集群中需要至少存在一个普通资源。 + +1. 点击【添加组资源】,弹出【创建资源】对话框。 + 【基本】页面内均为必填项,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-group.png) + + > **注意:** + > 组资源的启动是按照子资源的顺序启动的,所以选择子资源时需要注意按照顺序选择。 + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-group-suc.png) + +#### 添加克隆资源 + +1. 点击【添加克隆资源】,弹出【创建资源】对话框。 + 【基本】页面内填写克隆对象,资源名称会自动生成,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-clone.png) + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-clone-suc.png) + +### 编辑资源 + +- 启动资源:资源节点列表中选中一个目标资源,要求:该资源处于非运行状态。对该资源执行启动动作。 +- 停止资源:资源节点列表中选中一个目标资源,要求:该资源处于运行状态。对该资源执行停止操作。 +- 清理资源:资源节点列表中选中一个目标资源,对该资源执行清理操作。 +- 迁移资源:资源节点列表中选中一个目标资源,要求:该资源为处于运行状态的普通资源或者组资源,执行迁移操作可以将资源迁移到指定节点上运行。 +- 回迁资源:资源节点列表中选中一个目标资源,要求:该资源已经完成迁移动作,执行回迁操作,可以清除该资源的迁移设置,资源重新迁回到原来的节点上运行。(点击按钮后,列表中该资源项的变化状态与启动资源时一致。) +- 删除资源:资源节点列表中选中一个目标资源,对该资源执行删除操作。 + +### 设置资源关系 + +资源关系即为目标资源设定限制条件,资源的限制条件分为三种:资源位置、资源协同和资源顺序。 + +- 资源位置:设置集群中的节点对于该资源的运行级别,由此确定启动或者切换时资源在哪个节点上运行,运行级别按照从高到低的顺序依次为:Master Node、Slave 1。 +- 资源协同:设置目标资源与集群中的其他资源是否运行在同一节点上,同节点资源表示该资源与目标资源必须运行在相同节点上,互斥节点资源表示该资源与目标资源不能运行在相同的节点上。 +- 资源顺序:设置目标资源与集群中的其他资源启动时的先后顺序,前置资源是指目标资源运行之前,该资源必须已经运行;后置资源是指目标资源运行之后,该资源才能运行。 + +## 高可用mysql实例配置 + +### 配置虚拟IP + +1. 在首页中点击“添加”,再选择添加普通资源,并按如下进行配置。 + + ![](./figures/HA-vip.png) + +2. 资源创建成功并启动,运行于其中一个节点上,例如ha1。 +3. 可以ping通并连接,登录后可正常执行各种操作;资源切换到ha2运行;能够正常访问。如下图所示。 + ![](./figures/HA-vip-suc.png) + +### 配置NFS存储 + +另找一台机器作为nfs服务端进行配置,操作步骤如下: + +1. 安装软件包 + + ```sh + # yum install -y nfs-utils rpcbind + ``` + +2. 关闭防火墙 + + ```sh + # systemctl stop firewalld && systemctl disable firewalld + ``` + +3. 修改/etc/selinux/config文件中SELINUX状态为disabled + + ```Conf + SELINUX=disabled + ``` + +4. 启动服务 + + ```sh + # systemctl start rpcbind && systemctl enable rpcbind + # systemctl start nfs-server && systemctl enable nfs-server + ``` + +5. 服务端创建一个共享目录 + + ```sh + # mkdir -p /test + ``` + +6. 修改NFS配置文件 + + ```sh + # vim /etc/exports + # /test *(rw,no_root_squash) + ``` + +7. 重新加载服务 + + ```sh + # systemctl reload nfs + ``` + +8. 客户端安装软件包,需要先安装mysql,可以将nfs挂载到mysql数据路径。 + + ```sh + # yum install -y nfs-utils mariadb-server + ``` + +9. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置NFS资源。 + + ![](./figures/HA-nfs.png) + +10. 资源创建成功并启动,运行于其中一个节点上,例如ha1;nfs成功挂载到`/var/lib/mysql`路径下。资源切换到ha2运行;nfs从ha1节点取消挂载,并自动在ha2节点上挂载成功。如下图所示。 + + ![](./figures/HA-nfs-suc.png) + +### 配置mysql + +1. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置mysql资源。 + + ![](./figures/HA-mariadb.png) + +2. 若回显为如下,则资源添加成功。 + + ![](./figures/HA-mariadb-suc.png) + +### 添加上述资源为组资源 + +1. 按资源启动顺序添加三个资源 + + 在首页中依次点击“添加”,“添加组资源”,并按如下进行配置组资源。 + + ![](./figures/HA-group-new.png) + +2. 组资源创建成功并启动,若回显与上述三个普通资源成功现象一致,则资源添加成功。 + + ![](./figures/HA-group-new-suc.png) + +3. 将ha1节点备用,成功迁移到ha2节点,运行正常。 + + ![](./figures/HA-group-new-suc2.png) diff --git a/archive/x_diagnosis/_toc.yaml b/archive/x_diagnosis/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f82bbffa855535399413297e0ec88f3f2596b7e7 --- /dev/null +++ b/archive/x_diagnosis/_toc.yaml @@ -0,0 +1,3 @@ +label: x_diagnosis +sections: + - href: ./x_diagnosis.md diff --git a/archive/x_diagnosis/x_diagnosis.md b/archive/x_diagnosis/x_diagnosis.md new file mode 100644 index 0000000000000000000000000000000000000000..e9e5b89395f34788df2aeb6fe174e54171d12149 --- /dev/null +++ b/archive/x_diagnosis/x_diagnosis.md @@ -0,0 +1,433 @@ +# x-diagnose + +## 概述 + +X-diagnose基于EulerOS维护团队多年运维经验,通过对案例的总结/分析形成的系统运维工具集, +主要功能包含问题定位、系统巡检/监控、ftrace增强、一键收集日志等功能,是一款集成分析、 +流程跟踪、信息定时记录、历史经验固化等功能于一体的OS内核问题定位工具。 + +## 安装x-diagnose + +**(1) 依赖软件** + +* python 3.7+ + +**(2) 下载rpm包** + +``` +rpm -ivh xdiagnose-1.x-x.rpm +```P + +## 1. 命令汇总 + +* xdiag +* xd_tcpreststackPF +* xd_tcpskinfo +* xd_arpstormcheck +* xd_sysinspect +* xd_scsiiocount +* xd_scsiiotrace + +### 1.0 xdiag + +```shell +usage: xdiag [-h] [--inspect] {tcphandcheck,eftrace,ntrace,hook} ... + +xdiagnose tool + +optional arguments: + -h, --help show this help message and exit + --inspect inspector module + +select module: + {tcphandcheck,eftrace,ntrace,hook} + tcphandcheck tcp_hand_check module + eftrace eftrace module + ntrace net trace module + hook hook module +``` + +**--inspect :系统异常巡检(可以和select module一起使用)支持如下检测项:** + +* ipv6路由缓存满 +* TIMEWAIT状态连接满 +* arp、连接跟踪满 +* snmp或者stat异常 +* 网卡异常统计pause帧、tx_timeout、drop、error +* bond4异常检测: +1)网卡速率不相等 +2)lacp协商没有成功 +* tcp、udp、ip分片等内存满 +* dns无法解析(gethostbyname) +* cron没法运行 +* ntp时钟不准 +* ip冲突检测 +* cpu冲高检测 +* 磁盘满、inode句柄不足 +* 内存不足、sysctl/sshd配置运行过程中修改 + +**tcphandcheck:跟踪tcp的3次握手阶段经常会出现问题,支持定位如下问题:** + +* 连接队列满 +* bind失败 +* timewait连接复用失败 +* 文件句柄超出导致无法创建socket +* 端口复用场景下连接闪断后seq序号异常导致的无法建链 + +**eftrace** + +#### 概述 + +eftrace是ftrace命令生成的偏移计算辅助工具。用户可以使用eftrace方便地生成不同内核版本下的ftrace命令。 + +#### 使用方法 + +#### (1) 举例 + +生成在协议栈调用`ip_rcv_core`函数时打印源地址为`192.168.56.102`的命令: + +```shell +xdiag eftrace 'p:ip_rcv_core ip_rcv_core srcip=(struct iphdr *)($r0->data)->saddr f:srcip==0x6638a8c0' +``` + +生成在协议栈调用`inet_csk_accept`函数结束时返回值为0的命令: + +```shell +xdiag eftrace 'r:inet_csk_accept inet_csk_accept ret=$retval f:ret==0' +``` + +#### (2) 命令解析 + +* `p:` 表示kprobe event +* `r:` 表示kretprobe event +* `f:` 表示kprobe filter过滤 +* `$rx` 表示函数参数,x为参数位置,第一个参数为`$r0` + +#### (3) 可以使用强制类型转换,以及手动指定偏移 + +```shell +xdiag eftrace 'p:ip_rcv_finish ip_rcv_finish +srcip=(struct iphdr *)($r2->data)->saddr +srcport=(struct tcphdr *)($r2->data + 20)->source' +``` + +在函数`ip_rcv_finish`中,`sk_buff`的`data`成员是`unsigned char *`类型,指向报文的ip头,可以强制转换为`iphdr *`获取ip头的内容。 + +当想获取tcp头的内容时,对`data`进行ip头长度的偏移后可指向tcp头并获取信息。 + +额外的偏移可以直接指定,或者使用`sizeof`的方式获取偏移长度: + +`srcport=(struct tcphdr *)($r2->data + sizeof(struct iphdr))->source` + +**xd_sysinspect** + +#### 参数说明 + +xd_sysinspect [-i interval] [-r rotate] [-d dest] [-z gzip] [-s size] [-c cpu_thresh] [-m mem_thresh] [-o] + +* -i interval: + 收集日志的时间间隔,单位秒 +* -r rotate: + 保留日志的份数 +* -d dest: + 日志文件保存的路径 +* -z gzip: + 用于压缩日志文件的命令,默认gzip +* -s size: + 指定该参数后使用日志文件的大小(MB)进行日志分割,超过设定值后会被压缩保存。不指定该参数默认按照小时压缩分割 +* -o: + 只记录触发CPU、内存阈值门限时的日志。如不指定该参数,则按照时间间隔收集日志 +* -c cpu_thresh: + CPU使用率的阈值,超过阈值、恢复阈值会触发日志记录 +* -m mem_thresh: + 内存使用率的阈值,超过阈值、恢复阈值会触发日志记录 + +#### 日志收集方式 + +* 每个interval在系统内收集一次信息 +* cpu,mem统计以interval为间隔,通过读取/proc下的数据计算使用率 + +#### 使用示例 + +#### 以时间为单位抓取日志 + +`xd_sysinspect -i 30 -r 48` + +* -i 30: + 每30秒收集一次日志 +* -r 48: + 每小时分割一次日志文件,保留48份日志 + +#### 以CPU、内存使用率阈值抓取日志 + +`xd_sysinspect -i 30 -r 20 -s 10 -c 80` + +* -i 30 + CPU、内存检查时间间隔30秒 +* -r 20 + 日志文件保留20份 +* -s 10 + 日志文件分割大小10(MB)。当日志文件达到指定值10MB时会进行分割 +* -c 80 + 指定CPU阈值,CPU使用率达到80%时记录一次日志;当使用率降至阈值以下,并重新冲高超过阈值,会再次记录 + +**ntrace:** + +```shell +usage: xdiag ntrace [-h] [-r READ_FILE] [-w WRITE_FILE] [-t TIMEOUT] [--qlen QLEN] [--cpu_mask CPU_MASK] [-b] [-i INTERFACE] {tcp,udp,icmp} ... + +optional arguments: + -h, --help show this help message and exit + -r READ_FILE, --read_file READ_FILE + read an existing trace file + -w WRITE_FILE, --write_file WRITE_FILE + trace write to a specified file + -t TIMEOUT, --timeout TIMEOUT + specify a running time of process + --cpu_mask CPU_MASK set ftrace cpu tracing_mask + -i INTERFACE, --interface INTERFACE + specify an interface + +select protocol: + {tcp,udp,icmp} + tcp tcp protocol + udp udp protocol + icmp icmp protocol +``` + +**expression** :指定一个过滤报文的表达式,协议[tcp|udp],地址[host|src|dst],端口号[port|sport|dport],逻辑运算符[and|or]。 +**-r** READFILE:读取一个已存在的trace输出文件,比如/var/log/x-diagnose/rawlog/raw_diag.log +**-w** WRITEFILE:将trace命令日志写入文件 +**-i** INTERFACE:指定抓取的网卡 +**-t** TIMEOUT:运行时间,单位为秒 +**--cpu_mask** CPU_MASK:设置ftrace的cpumask用以跟踪指定的cpu + +***说明***: +由于使用ftrace实现,xdiag下的select module功能模块不能复用 + +**hook:在定位问题时,方便确认各hook点的流程,跟踪这些钩子函数:** + +```shell +Usage: hook [ OPTIONS ] + --dev 网络设备过滤 + --host IP地址过滤 +``` + +### 1.1 xd_tcpreststack + +```shell +Usage: xd_tcpreststack [ OPTIONS ] + -h,--help this message + -t,--time The frequency of the probe/ms + -d,--depth Kernel stack Depth\n +``` + +#### 功能 + +监控tcp协议栈(v4/v6)reset信息。 + +#### -t,--time + +监控的时间间隔,单位ms, 建议保持默认值500ms; + +#### -d,--depth + +内核调用栈深度,默认3层 + +### 1.2 xd_tcpskinfo + +```shell +Usage: xd_tcpskinfo [ OPTIONS ] + -h,--help this message + -a,--addr filter IP addr + -p,--port filter port +``` + +#### 功能 + +查看tcp连接socket关键的信息,ss命令抓的信息不够全部一些关键信息没有包含。该工具总结tcp连接在debug过程中经常需要的信息,用来辅助协议栈问题定位。包括如下信息: + +#### -a,--addr + +IP地址过滤,不区分源地址或者目的地。 + +#### -p,--port + +端口过滤,不区分源端口或者目的端口。 + +### 1.3 xd_arpstormcheck + +```shell +Usage: xd_arpstormcheck [ OPTIONS ] + -h,--help this message + -i,--interval The interval time of the probe/s + -c,--count check count, default 1 + -f,--freq filter freq, $$ times per second +``` + +#### 功能 + +监控当前网络是否发发生网络风暴。 + +#### -i,--interval + +监控的时间间隔,默认1s。 + +#### -c,--count + +总监控的次数,监控次数完成后监控工具自动退出。 + +#### -f,--freq + +监控的告警阈值,每秒收到的报文,超过了此阈值,则告警提示网络风暴相关信息; + +### 1.4 xd_scsiiotrace + +```shell +USAGE: xd_scsiiotrace [--help] [-d h:c:t:l] [-E] + +EXAMPLES: + xd_scsiiotrace # Report all scsi cmnd result + xd_scsiiotrace -E # Report error/timeout scsi cmnd result + xd_scsiiotrace -p 0x8000002 # Parse the scsi cmnd result. + xd_scsiiotrace -d 0:0:0:1 # Trace the scsi device only. + + -d, --device=h:c:t:l Trace this scsi device only + -E, --error Trace error/timeout scsi cmnd. (default trace all + scsi cmnd) + -p, --parse=result Parse the scsi cmnd result.(format hex) + -?, --help Give this help list + --usage Give a short usage message +``` + +#### 功能 + +用于监控scsi命令执行结果: +DRIVER_RESULT: 驱动返回结果 +SCSI_RESULT: SCSI转换后的结果。 +DISPOSION: +1)SUCCESS:成功 +2)NEEDS_RETRY/ADD_TO_MLQUEUE:重新入队列 +3)TIMEOUT_ERROR: 命令超时 + +#### -d,--device + +指定需要监控的设备,默认监控所有。 + +#### -E,--error + +只监控不成功的命令(错误或者超时),默认监控所有命令。 + +#### -p,--parse + +用于解析 DRIVER_RESULT或者SCSI_RESULT值具体含义. 默认显示hex值 + +### 1.5 xd_scsiiocount + +```shell +USAGE: xd_scsiiocount [--help] [-t times] [-d device] [-i interval] + +EXAMPLES: + xd_scsiiocount # report all scsi device I/O scsi cmnd count + xd_scsiiocount -i 10 # print 10 second summaries + xd_scsiiocount -d sdc # Trace sdc only + xd_scsiiocount -t 5 # report times + + -d, --device=device Trace this disk only + -i, --interval=interval refresh interval(secs) + -t, --times=times report scsi device I/O times + -?, --help Give this help list + --usage Give a short usage message +``` + +#### 功能 + +用于监控scsi命令下发的命令统计. + +#### -d,--device + +指定需要监控的设备,默认监控所有。 + +#### -i,--interval + +监控的时间间隔,默认5s。 + +#### -t,--times + +监控的次数. 次数达到后,则结束本次监控 + +### 1.6 xd_ext4fsstat + +```shell +USAGE: xd_ext4fstat [--help] [-t times] [-i interval] [-s SORT] [-o opcode] + +EXAMPLES: + xd_ext4fsstat#Trace file read/write stat for ext4 filesystem + xd_ext4fsstat -i 10#printf 10 second summaries + xd_ext4fsstat -m /mnt/test#Trace the special mount point for ext4 filesystem. + xd_ext4fsstat -s r#Sort the read bytes + xd_ext4fsstat -o r#Trace read only, default read and wriete + xd_ext4fsstat -t 5#Trace 5 times + xd_ext4fsstat -v p#show the pid view + + -c, --clean Clean the trace data + -C, --clear Clear the screen + -i, --interval=INTERVAL Refreash interval(secs), default 5s. + -m, --mnt=MNTPOINT the special mount point + -o, --opcode=OPCODE Trace file r/w, defalut both. + -p, --pid=PID Trace the pid only + -s, --sort=SORT Sort r/w/wb, default read + -t, --times=TIMES Trace times + -T, --top=TOP show the topN (1~8192) + -v, --view=VIEW p:pids view, f: files view, defaut file view + -?, --help Give this help list + --usage Give a short usage message +``` + +#### 功能 + +用于监控ext4 文件系统读/写数据量统计. + +#### -c,--clean + +每个周期统计完数据后,历史数据将被清空,重新统计,默认是累积. + +#### -C,--clear + +每个周期显示统结果后,清理屏幕 + +#### -i,--interval + +监控的时间间隔,默认5s. + +#### -m,--mnt + +指定监控特定ext4挂载点数据. + +#### -o,--opcode + +指定监控read或者write,默认两者都监控. + +#### -p,--pid + +指定监控特定pid. + +#### -s,--sort + +指定对监控数据进行排序,默认对read进行排序. + +#### -t,--times + +监控的次数. 次数达到后,则结束本次监控. + +#### -T,--top + +指定只显示top数据,默认显示所有监控到的数据. + +#### -v,--view + +指定显示模式,p:进程模式,f:文件默认,默认只显示文件模式 +注:进程模式下,多进程对同一有写入场景下,显示的writeback数据为文件写入总数据 + 非该单进程写入总数据. + +#### diff --git a/docs/.DS_Store b/docs/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..4bdd29d12204ffca55b7e5f2e82f15a04d7bce1d Binary files /dev/null and b/docs/.DS_Store differ diff --git a/docs/en/_toc.yaml b/docs/en/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9c5fb46703e152bf1da75868963d78972cf54489 --- /dev/null +++ b/docs/en/_toc.yaml @@ -0,0 +1,10 @@ +label: Document Center +sections: + - href: ./server/_toc.yaml + - href: ./virtualization/_toc.yaml + - href: ./cloud/_toc.yaml + - href: ./edge_computing/_toc.yaml + - href: ./embedded/_toc.yaml + - href: ./devstation/_toc.yaml + - href: ./tools/_toc.yaml + diff --git a/docs/en/cloud/_toc.yaml b/docs/en/cloud/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b05d2437f2e16af7d296b748cc320b67081d6100 --- /dev/null +++ b/docs/en/cloud/_toc.yaml @@ -0,0 +1,59 @@ +label: Cloud +sections: + - label: Container Engines + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/container_engine/isula_container_engine/_toc.yaml + path: ./container_engine/isula_container_engine + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/container_engine/docker_engine/_toc.yaml + path: ./container_engine/docker_engine + - label: Container Forms + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/container_form/secure_container/_toc.yaml + path: ./container_form/secure_container + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/container_form/system_container/_toc.yaml + path: ./container_form/system_container + - label: Container Runtimes + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/container_runtime/kuasar/_toc.yaml + path: ./container_runtime/kuasar + - label: Container Image Building + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/image_builder/isula_build/_toc.yaml + path: ./image_builder/isula_build + - label: Cloud-Native OS + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/kubeos/kubeos/_toc.yaml + path: ./kubeos/kubeos + - label: Cloud Base OS + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/nestos/nestos/_toc.yaml + path: ./nestos/nestos + - label: Hybrid Deployment + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/hybrid_deployment/rubik/_toc.yaml + path: ./hybrid_deployment/rubik + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/hybrid_deployment/oncn_bwm/_toc.yaml + path: ./hybrid_deployment/oncn_bwm + - label: Cluster Deployment + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/cluster_deployment/kubernetes/_toc.yaml + path: ./cluster_deployment/kubernetes + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/cluster_deployment/isulad+k8s/_toc.yaml + path: ./cluster_deployment/isulad+k8s + - label: Service Mesh + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/en/docs/kmesh/kmesh/_toc.yaml + path: ./kmesh/kmesh diff --git a/docs/en/devstation/_toc.yaml b/docs/en/devstation/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..831bbf7061b9b6774a1e2f072ab28090a44390d7 --- /dev/null +++ b/docs/en/devstation/_toc.yaml @@ -0,0 +1,9 @@ +label: DevStation +sections: + - href: + upstream: https://gitee.com/src-openeuler/oeDeploy/blob/openEuler-24.03-LTS-SP2/docs/en/_toc.yaml + path: ./devstation/oedeploy + - href: + upstream: https://gitee.com/src-openeuler/oeGitExt/blob/openEuler-24.03-LTS-SP2/docs/en/_toc.yaml + path: ./devstation/oeGitExt + diff --git a/docs/en/edge_computing/_toc.yaml b/docs/en/edge_computing/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f53c8b7ca8029cafa2c93b6cf50096366405a54d --- /dev/null +++ b/docs/en/edge_computing/_toc.yaml @@ -0,0 +1,5 @@ +label: Edge Computing +sections: + - href: ./kube_edge/_toc.yaml + - href: ./k3s/_toc.yaml + - href: ./ros/_toc.yaml \ No newline at end of file diff --git a/docs/en/edge_computing/k3s/_toc.yaml b/docs/en/edge_computing/k3s/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6c6528e117542e48e4c1f4af7387467fd1a9662b --- /dev/null +++ b/docs/en/edge_computing/k3s/_toc.yaml @@ -0,0 +1,6 @@ +label: K3s Deployment Guide +isManual: true +description: K3s is a lightweight Kubernetes distribution designed for edge computing and similar use cases. +sections: + - label: K3s Deployment Guide + href: ./k3s_deployment_guide.md diff --git a/docs/en/edge_computing/k3s/figures/agent-install.png b/docs/en/edge_computing/k3s/figures/agent-install.png new file mode 100644 index 0000000000000000000000000000000000000000..dca1d64ec8aae821393bb715daf4c56b783a68e0 Binary files /dev/null and b/docs/en/edge_computing/k3s/figures/agent-install.png differ diff --git a/docs/en/edge_computing/k3s/figures/check-agent.png b/docs/en/edge_computing/k3s/figures/check-agent.png new file mode 100644 index 0000000000000000000000000000000000000000..aa467713353d70ad513e8ee13ac9d8b6520b7ee0 Binary files /dev/null and b/docs/en/edge_computing/k3s/figures/check-agent.png differ diff --git a/docs/en/edge_computing/k3s/figures/check-server.png b/docs/en/edge_computing/k3s/figures/check-server.png new file mode 100644 index 0000000000000000000000000000000000000000..06343de9a8b0eacb0f6194cf438b2b27af88cae4 Binary files /dev/null and b/docs/en/edge_computing/k3s/figures/check-server.png differ diff --git a/docs/en/edge_computing/k3s/figures/server-install.png b/docs/en/edge_computing/k3s/figures/server-install.png new file mode 100644 index 0000000000000000000000000000000000000000..7d30c8f4f73946c8b0555186c1736492039da731 Binary files /dev/null and b/docs/en/edge_computing/k3s/figures/server-install.png differ diff --git a/docs/en/edge_computing/k3s/figures/set-hostname.png b/docs/en/edge_computing/k3s/figures/set-hostname.png new file mode 100644 index 0000000000000000000000000000000000000000..32564d6159825b6d4131a6b138a493188ce88c6c Binary files /dev/null and b/docs/en/edge_computing/k3s/figures/set-hostname.png differ diff --git a/docs/en/edge_computing/k3s/figures/token.png b/docs/en/edge_computing/k3s/figures/token.png new file mode 100644 index 0000000000000000000000000000000000000000..79e5313bd1d5e707659cd08d4aafdf528b9df8f0 Binary files /dev/null and b/docs/en/edge_computing/k3s/figures/token.png differ diff --git a/docs/en/edge_computing/k3s/figures/yum-install.png b/docs/en/edge_computing/k3s/figures/yum-install.png new file mode 100644 index 0000000000000000000000000000000000000000..0e601a23a5a67e7927f12bc90d1a4137e1a3a567 Binary files /dev/null and b/docs/en/edge_computing/k3s/figures/yum-install.png differ diff --git a/docs/en/edge_computing/k3s/k3s_deployment_guide.md b/docs/en/edge_computing/k3s/k3s_deployment_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..11dd4c263eb74dc90098950b45382a115bead865 --- /dev/null +++ b/docs/en/edge_computing/k3s/k3s_deployment_guide.md @@ -0,0 +1,90 @@ +# K3s Deployment Guide + +## What Is K3s + +K3s is a lightweight Kubernetes distribution that is optimized for edge computing and IoT scenarios. The K3s provides the following enhanced features: + +- Packaged as a single binary file. +- Uses SQLite3-based lightweight storage backend as the default storage mechanism and supports etcd3, MySQL, and PostgreSQL. +- Encapsulated in a simple launcher that handles various complex TLS and options. +- Secure by default and has reasonable default values for lightweight environments. +- Batteries included, providing simple but powerful functions such as local storage providers, service load balancers, Helm controllers, and Traefik Ingress controllers. +- Encapsulates all operations of the Kubernetes control plane in a single binary file and process, capable of automating and managing complex cluster operations including certificate distribution. +- Minimizes external dependencies and requires only kernel and cgroup mounting. + +## Application Scenarios + +K3s is applicable to the following scenarios: + +- Edge computing +- IoT +- Continuous integration +- Development +- ARM +- Embedded Kubernetes + +The resources required for running K3s are small. Therefore, K3s is also suitable for development and test scenarios. In these scenarios, K3s facilitates function verification and problem reproduction by shortening cluster startup time and reducing resources consumed by the cluster. + +## Deploying K3s + +### Preparations + +- Ensure that the host names of the server node and agent node are different. + +You can run the `hostnamectl set-hostname "host name"` command to change the host name. + +![1661829534335](./figures/set-hostname.png) + +- Install K3s on each node using Yum. + + The K3s official website provides binary executable files of different architectures and the **install.sh** script for offline installation. The openEuler community migrates the compilation process of the binary file to the community and releases the compiled RPM package. You can run the `yum` command to download and install K3s. + +![1661830441538](./figures/yum-install.png) + +### Deploying the Server Node + +To install K3s on a single server, run the following command on the server node: + +```shell +INSTALL_K3S_SKIP_DOWNLOAD=true k3s-install.sh +``` + +![1661825352724](./figures/server-install.png) + +### Checking Server Deployment + +![1661825403705](./figures/check-server.png) + +### Deploying the Agent Node + +Query the token value of the server node. The token is stored in the **/var/lib/rancher/k3s/server/node-token** file on the server node. + +> **Note**: +> +> Only the second half of the token is used. + +![1661825538264](./figures/token.png) + +Add agents. Run the following command on each agent node: + +```shell +INSTALL_K3S_SKIP_DOWNLOAD=true K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken k3s-install.sh +``` + +> **Note:** +> +> Replace **myserver** with the IP address of the server or a valid DNS, and replace **mynodetoken** with the token of the server node. + +![1661829392357](./figures/agent-install.png) + +### Checking Agent Deployment + +After the installation is complete, run `kubectl get nodes` on the server node to check if the agent node is successfully registered. + +![1661826797319](./figures/check-agent.png) + +A basic K3S cluster is set up. + +### More + +For details about how to use K3s, visit the K3s [official website](https://rancher.com/docs/k3s/latest/en/). diff --git a/docs/en/edge_computing/kube_edge/_toc.yaml b/docs/en/edge_computing/kube_edge/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a094514fab80287b20fface803578985944dcf28 --- /dev/null +++ b/docs/en/edge_computing/kube_edge/_toc.yaml @@ -0,0 +1,11 @@ +label: KubeEdge User Guide +isManual: true +description: KubeEdge brings Kubernetes functionalities to edge environments. +sections: + - label: KubeEdge User Guide + href: ./overview.md + sections: + - label: KubeEdge Usage Guide + href: ./kube_edge_user_document.md + - label: KubeEdge Deployment Guide + href: ./kube_edge_deployment_guide.md diff --git a/docs/en/edge_computing/kube_edge/kube_edge_deployment_guide.md b/docs/en/edge_computing/kube_edge/kube_edge_deployment_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..5a306908787a285f8a23984b1a0191e0649a8484 --- /dev/null +++ b/docs/en/edge_computing/kube_edge/kube_edge_deployment_guide.md @@ -0,0 +1,224 @@ +# KubeEdge Deployment Guide + +## Description + +### KubeEdge + +KubeEdge is an open source system dedicated to solving problems in edge scenarios. It extends the capabilities of containerized application orchestration and device management to edge devices. Based on Kubernetes, KubeEdge provides core infrastructure support for networks, application deployment, and metadata synchronization between the cloud and the edge. KubeEdge supports MQTT and allows for custom logic to enable communication for the resource-constrained devices at the edge. KubeEdge consists of components deployed on the cloud and edge nodes. The components are now open source. + +> + +### iSulad + +iSulad is a lightweight container runtime daemon designed for IoT and cloud infrastructure. It is lightweight, fast, and is not restricted by hardware specifications or architectures. It is suitable for wide application in various scenarios, such as cloud, IoT, and edge computing. + +> + +## Cluster Overview + +### Component Versions + +| Component | Version | +| ---------- | --------------------------------- | +| OS | openEuler 22.03 | +| Kubernetes | 1.20.2-4 | +| iSulad | 2.0.11 | +| KubeEdge | v1.8.0 | + +### Node Planning Example + +| Node | Location | Components | +| -------------- | -------- | -------------------------------- | +| cloud.kubeedge | Cloud | Kubernetes (Master), iSulad, CloudCore | +| edge.kubeedge | Edge | iSulad, EdgeCore | + +> Note: You can run the `hostnamectl set-hostname [cloud,edge].kubeedge` command to set the cloud and edge node names in advance. + +## Preparations + +### Tool Package Download + +[kubeedge-tools](https://gitee.com/Poorunga/kubeedge-tools) provides complete offline installation packages and deployment scripts for easy and quick KubeEdge cluster deployment even if the node cannot access the Internet. + +```bash +# Download and decompress the kubeedge-tools package on both the cloud and edge nodes. +$ wget -O kubeedge-tools.zip https://gitee.com/Poorunga/kubeedge-tools/repository/archive/master.zip +$ unzip kubeedge-tools.zip + +# Go to the kubeedge-tools directory for all the subsequent operations. +$ cd kubeedge-tools-master +``` + +### Kubernetes Deployment + +Perform the following operations on the cloud node only. + +#### Initializing the Cloud Environment + +```bash +./setup-cloud.sh +``` + +#### Installing Kubernetes + +Use openEuler 22.03 SP2 to install Kubernetes. + +#### Configuring Network for the Cloud Container + +Container Network Interface (CNI) software that provides network for Kubernetes nodes include [flannel](https://github.com/flannel-io/flannel), [Calico](https://github.com/projectcalico/calico), [Cilium](https://github.com/cilium/cilium), and more. If you have not decided which CNI software to use, run the following command to configure network for the cloud container: + +```bash +./install-flannel-cloud.sh +``` + +#### Checking Deployment Status + +```bash +# Check whether the node status is normal (Ready) +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +cloud.kubeedge Ready control-plane,master 12m v1.20.2 + +# Check whether the Kubernetes components are normal (Running) +$ kubectl get pods -n kube-system +NAME READY STATUS RESTARTS AGE +coredns-74ff55c5b-4ptkh 1/1 Running 0 15m +coredns-74ff55c5b-zqx5n 1/1 Running 0 15m +etcd-cloud.kubeedge 1/1 Running 0 15m +kube-apiserver-cloud.kubeedge 1/1 Running 0 15m +kube-controller-manager-cloud.kubeedge 1/1 Running 0 15m +kube-flannel-cloud-ds-lvh4n 1/1 Running 0 13m +kube-proxy-2tcnn 1/1 Running 0 15m +kube-scheduler-cloud.kubeedge 1/1 Running 0 15m +``` + +## Deployment + +### CloudCore Deployment + +Perform the following operations on the cloud node only. + +#### Initializing the Cluster + +```bash +# Set --advertise-address to the IP address of the cloud node. +$ keadm init --advertise-address="cloud_node_IP_address" --kubeedge-version=1.8.0 +... +CloudCore started +``` + +#### Configuring CloudCore + +```bash +./patch-cloud.sh +``` + +#### Checking Deployment Status + +```bash +# active (running) indicates a normal status +$ systemctl status cloudcore | grep running + Active: active (running) since Fri 2022-03-04 10:54:30 CST; 5min ago +``` + +CloudCore has been deployed on the cloud node. Then, deploy EdgeCore on the edge node. + +### EdgeCore Deployment + +Perform the following operations only on the edge node unless otherwise specified. + +#### Initializing the Edge Environment + +```bash +./setup-edge.sh +``` + +#### Managing the Edge Node + +```bash +# Run the keadm gettoken command on the cloud node. +$ keadm gettoken +96058ab80ffbeb87fe58a79bfb19ea13f9a5a6c3076a17c00f80f01b406b4f7c.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY0NDg4NzF9.1mJegWB7SUVjgf-OvAqILgbZXeMHR9eOzMxpNFc42SI +# Save this token for subsequent steps. + + +# Run the keadm join command on the edge node. +# Set --cloudcore-ipport to the IP address and port number (10000) of the cloud node. Set --token to the token saved in the previous step. +$ keadm join --cloudcore-ipport=clou_node_IP_address:10000 --kubeedge-version=1.8.0 --token=96058ab80ffbeb87fe58a79bfb19ea13f9a5a6c3076a17c00f80f01b406b4f7c.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY0NDg4NzF9.1mJegWB7SUVjgf-OvAqILgbZXeMHR9eOzMxpNFc42SI +... +KubeEdge edgecore is running... +``` + +#### Configuring EdgeCore + +```bash +./patch-edge.sh +``` + +#### Configuring Network for the Edge Container + +If you have not decided which CNI software to use, run the following command to configure network for the edge container: + +```bash +# Run the command on the cloud node. +$ ./install-flannel-edge.sh +``` + +#### Checking Whether the Edge Node is Managed + +```bash +# Run the command on the cloud node. You can see that the edge node is added. +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +cloud.kubeedge Ready control-plane,master 1h v1.20.2 +edge.kubeedge Ready agent,edge 10m v1.19.3-kubeedge-v1.8.0 +``` + +The KubeEdge cluster has been deployed. Next, let's test the task delivery from the cloud to the edge. + +### Application Deployment + +Perform the following operations on the cloud node only. + +#### Deploying Nginx + +```bash +$ kubectl apply -f yamls/nginx-deployment.yaml +deployment.apps/nginx-deployment created + +# Check whether Nginx is deployed on the edge node and running. +$ kubectl get pod -owide | grep nginx +nginx-deployment-84b99f4bf-jb6sz 1/1 Running 0 30s 10.244.1.2 edge.kubeedge +``` + +#### Testing the Function + +```bash +# Access the IP address of Nginx on the edge node. +$ curl 10.244.1.2:80 + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + +``` + +The deployment of KubeEdge is complete. diff --git a/docs/en/edge_computing/kube_edge/kube_edge_user_document.md b/docs/en/edge_computing/kube_edge/kube_edge_user_document.md new file mode 100644 index 0000000000000000000000000000000000000000..1d32cab4d8aefd8699c001dd58a820e5ccde81d1 --- /dev/null +++ b/docs/en/edge_computing/kube_edge/kube_edge_user_document.md @@ -0,0 +1,221 @@ +# KubeEdge Usage Guide + +KubeEdge extends the capabilities of Kubernetes to edge scenarios and provides infrastructure support for the network, application deployment, and metadata synchronization between the cloud and the edge. The usage of KubeEdge is the same as that of Kubernetes. In addition, KubeEdge supports the management and control of edge devices. The following example describes how to use KubeEdge to implement edge-cloud synergy. + +## 1. Preparations + +Example: **KubeEdge Counter Demo** + +The counter is a pseudo device. You can run this demo without any additional physical devices. The counter runs on the edge side. You can use the web interface on the cloud side to control the counter and get the counter value. Click the link below to view the schematic diagram. + +For details, see . + +1. This demo requires the KubeEdge v1.2.1 or later. In this example, the latest KubeEdge v1.8.0 is used. + + ```shell + [root@ke-cloud ~]# kubectl get node + NAME STATUS ROLES AGE VERSION + ke-cloud Ready master 13h v1.20.2 + ke-edge1 Ready agent,edge 64s v1.19.3-kubeedge-v1.8.0 + + # Note: In this document, the edge node ke-edge1 is used for verification. If you perform verification by referring to this document, you need to change the edge node name based on your actual deployment. + ``` + +2. Ensure that the following configuration items are enabled for the Kubernetes API server: + + ```shell + --insecuret-port=8080 + --insecure-bind-address=0.0.0.0 + ``` + + You can modify the `/etc/kubernetes/manifests/kube-apiserver.yaml` file, and then restart the Pod of the Kubernetes API server component to make the modifications take effect. + +3. Download the sample code: + + ```shell + [root@ke-cloud ~]# git clone https://github.com/kubeedge/examples.git $GOPATH/src/github.com/kubeedge/examples + ``` + +## 2. Creating the Device Model and Device + +1. Create the device model. + + ```shell + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# kubectl create -f kubeedge-counter-model.yaml + ``` + +2. Create the device. + + Modify **matchExpressions** as required. + + ```shell + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# vim kubeedge-counter-instance.yaml + apiVersion: devices.kubeedge.io/v1alpha1 + kind: Device + metadata: + name: counter + labels: + description: 'counter' + manufacturer: 'test' + spec: + deviceModelRef: + name: counter-model + nodeSelector: + nodeSelectorTerms: + - matchExpressions: + - key: 'kubernetes.io/hostname' + operator: In + values: + - ke-edge1 + + status: + twins: + - propertyName: status + desired: + metadata: + type: string + value: 'OFF' + reported: + metadata: + type: string + value: '0' + + [root@ke-cloud crds~]# kubectl create -f kubeedge-counter-instance.yaml + ``` + +## 3. Deploying the Cloud Application + +1. Modify the code. + + The cloud application **web-controller-app** controls the edge application **pi-counter-app**. The default listening port of the cloud application is 80. Change the port number to 8089. + + ```shell + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/web-controller-app + [root@ke-cloud web-controller-app~]# vim main.go + package main + + import ( + "github.com/astaxie/beego" + "github.com/kubeedge/examples/kubeedge-counter-demo/web-controller-app/controller" + ) + + func main() { + beego.Router("/", new(controllers.TrackController), "get:Index") + beego.Router("/track/control/:trackId", new(controllers.TrackController), "get,post:ControlTrack") + + beego.Run(":8089") + } + ``` + +2. Build the image. + + Note: When building the image, copy the source code to the path specified by **GOPATH**. Disable Go modules if they are enabled. + + ```shell + [root@ke-cloud web-controller-app~]# make all + [root@ke-cloud web-controller-app~]# make docker + ``` + +3. Deploy web-controller-app. + + ```shell + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# kubectl apply -f kubeedge-web-controller-app.yaml + ``` + +## 4. Deploying the Edge Application + +The **pi-counter-app** application on the edge is controlled by the cloud application. The edge application communicates with the MQTT server to perform simple counting. + +1. Modify the code and build the image. + + Change the value of **GOARCH** to **amd64** in `Makefile` to run the container. + + ```shell + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/counter-mapper + [root@ke-cloud counter-mapper~]# vim Makefile + .PHONY: all pi-execute-app docker clean + all: pi-execute-app + + pi-execute-app: + GOARCH=amd64 go build -o pi-counter-app main.go + + docker: + docker build . -t kubeedge/kubeedge-pi-counter:v1.0.0 + + clean: + rm -f pi-counter-app + + [root@ke-cloud counter-mapper~]# make all + [root@ke-cloud counter-mapper~]# make docker + ``` + +2. Deploy pi-counter-app. + + ```shell + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# kubectl apply -f kubeedge-pi-counter-app.yaml + + Note: To prevent Pod deployment from being stuck at `ContainerCreating`, run the docker save, scp, and docker load commands to release the image to the edge. + + [root@ke-cloud ~]# docker save -o kubeedge-pi-counter.tar kubeedge/kubeedge-pi-counter:v1.0.0 + [root@ke-cloud ~]# scp kubeedge-pi-counter.tar root@192.168.1.56:/root + [root@ke-edge1 ~]# docker load -i kubeedge-pi-counter.tar + ``` + +## 5. Trying the Demo + +Now, the KubeEdge Demo is deployed on the cloud and edge as follows: + +```shell +[root@ke-cloud ~]# kubectl get pods -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +kubeedge-counter-app-758b9b4ffd-f8qjj 1/1 Running 0 26m 192.168.1.66 ke-cloud +kubeedge-pi-counter-c69698d6-rb4xz 1/1 Running 0 2m 192.168.1.56 ke-edge1 +``` + +Let's test the running effect of the Demo. + +1. Execute the ON command. + On the web page, select **ON** and click **Execute**. You can run the following command on the edge node to view the execution result: + + ```shell + [root@ke-edge1 ~]# docker logs -f counter-container-id + ``` + +2. Check the counter's STATUS. + On the web page, select **STATUS** and click **Execute**. The current counter status is displayed on the web page. + +3. Execute the OFF command. + On the web page, select **OFF** and click **Execute**. You can run the following command on the edge node to view the execution result: + + ```shell + [root@ke-edge1 ~]# docker logs -f counter-container-id + ``` + +## 6. Others + +1. For more official KubeEdge examples, visit . + + | Name | Description | + | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | + | [LED-RaspBerry-Pi](https://github.com/kubeedge/examples/blob/master/led-raspberrypi/README.md) | Controlling a LED light with Raspberry Pi using KubeEdge platform. | + | [Data Analysis @ Edge](https://github.com/kubeedge/examples/blob/master/apache-beam-analysis/README.md) | Analyzing data at edge by using Apache Beam and KubeEdge. | + | [Security@Edge](https://github.com/kubeedge/examples/blob/master/security-demo/README.md) | Security at edge using SPIRE for identity management. | + | [Bluetooth-CC2650-demo](https://github.com/kubeedge/examples/blob/master/bluetooth-CC2650-demo/README.md) | Controlling a CC2650 SensorTag bluetooth device using KubeEdge platform. | + | [Play Music @Edge through WeChat](https://github.com/kubeedge/examples/blob/master/wechat-demo/README.md) | Play music at edge based on WeChat and KubeEdge. | + | [Play Music @Edge through Web](https://github.com/kubeedge/examples/blob/master/web-demo/README.md) | Play music at edge based on Web and KubeEdge. | + | [Collecting temperature @Edge](https://github.com/kubeedge/examples/blob/master/temperature-demo/README.md) | Collecting temperature at edge based KubeEdge. | + | [Control pseudo device counter and collect data](https://github.com/kubeedge/examples/blob/master/kubeedge-counter-demo/README.md) | Control pseudo device counter and collect data based KubeEdge. | + | [Play Music @Edge through Twitter](https://github.com/kubeedge/examples/blob/master/ke-twitter-demo/README.md) | Play music at edge based on Twitter and KubeEdge. | + | [Control Zigbee @Edge through cloud](https://github.com/kubeedge/examples/blob/master/kubeedge-edge-ai-application/README.md) | Face detection at cloud using OpenCV and using it to control zigbee on edge using KubeEdge. | + +2. Use EdgeMesh to discover edge services. + + + +3. Customize the cloud-edge message route. + + diff --git a/docs/en/edge_computing/kube_edge/overview.md b/docs/en/edge_computing/kube_edge/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..5b0b219c468dfdb9ce346ba1c0b86f61a13ef152 --- /dev/null +++ b/docs/en/edge_computing/kube_edge/overview.md @@ -0,0 +1,3 @@ +# KubeEdge User Guide + +This document describes how to deploy and use the KubeEdge edge computing platform for users and administrators. diff --git a/docs/en/edge_computing/ros/_toc.yaml b/docs/en/edge_computing/ros/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ba231fd05be58dd83cc67bf5b899b557116e1586 --- /dev/null +++ b/docs/en/edge_computing/ros/_toc.yaml @@ -0,0 +1,16 @@ +label: ROS User Guide +isManual: true +description: Install, deploy, and use ROS on openEuler. +sections: + - label: ROS User Guide + href: ./ros_user_guide.md + - label: Getting to Know ROS + href: ./getting_to_know_ros.md + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage + href: ./usage_guide.md + - label: Common Issues and Solutions + href: ./faqs_and_solutions.md + - label: Appendix + href: ./appendix.md diff --git a/docs/en/edge_computing/ros/appendix.md b/docs/en/edge_computing/ros/appendix.md new file mode 100644 index 0000000000000000000000000000000000000000..07a1eb1ea8cbaa02e9eef550cd94a56dc0cf39f8 --- /dev/null +++ b/docs/en/edge_computing/ros/appendix.md @@ -0,0 +1,3 @@ +# Appendix + +For more about ROS, visit [ROS wiki](https://wiki.ros.org/) and [ROS docs](http://docs.ros.org/). diff --git a/docs/en/edge_computing/ros/faqs_and_solutions.md b/docs/en/edge_computing/ros/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..f5933a9ead3745a027a0d2e32590438e052dd47c --- /dev/null +++ b/docs/en/edge_computing/ros/faqs_and_solutions.md @@ -0,0 +1,3 @@ +# Common Issues and Solutions + +This document is currently not available in English. diff --git a/docs/en/edge_computing/ros/figures/ROS-ROS2.png b/docs/en/edge_computing/ros/figures/ROS-ROS2.png new file mode 100644 index 0000000000000000000000000000000000000000..649c0aa93b0a3710f027ecf9df2482920f16301e Binary files /dev/null and b/docs/en/edge_computing/ros/figures/ROS-ROS2.png differ diff --git a/docs/en/edge_computing/ros/figures/ROS-demo.png b/docs/en/edge_computing/ros/figures/ROS-demo.png new file mode 100644 index 0000000000000000000000000000000000000000..184ae905d022e52adbac7fcee59d956903e1ff5c Binary files /dev/null and b/docs/en/edge_computing/ros/figures/ROS-demo.png differ diff --git a/docs/en/edge_computing/ros/figures/ROS-release.png b/docs/en/edge_computing/ros/figures/ROS-release.png new file mode 100644 index 0000000000000000000000000000000000000000..bf7c1cb7b2b0b60ec375613d32e09ecd0a9174d0 Binary files /dev/null and b/docs/en/edge_computing/ros/figures/ROS-release.png differ diff --git a/docs/en/edge_computing/ros/figures/ROS2-release.png b/docs/en/edge_computing/ros/figures/ROS2-release.png new file mode 100644 index 0000000000000000000000000000000000000000..dc606412c467714af1d05c92b244ecfef63664f6 Binary files /dev/null and b/docs/en/edge_computing/ros/figures/ROS2-release.png differ diff --git a/docs/en/edge_computing/ros/figures/problem.png b/docs/en/edge_computing/ros/figures/problem.png new file mode 100644 index 0000000000000000000000000000000000000000..9f690fb99cac9b957a6601b6eca3a011bee12273 Binary files /dev/null and b/docs/en/edge_computing/ros/figures/problem.png differ diff --git a/docs/en/edge_computing/ros/figures/ros-humble.png b/docs/en/edge_computing/ros/figures/ros-humble.png new file mode 100644 index 0000000000000000000000000000000000000000..a6079358d9df9b983d82679af067a634fe5c05c3 Binary files /dev/null and b/docs/en/edge_computing/ros/figures/ros-humble.png differ diff --git a/docs/en/edge_computing/ros/figures/turtlesim.png b/docs/en/edge_computing/ros/figures/turtlesim.png new file mode 100644 index 0000000000000000000000000000000000000000..ebc8368f7e8e6a4b44075ad402b492638d636181 Binary files /dev/null and b/docs/en/edge_computing/ros/figures/turtlesim.png differ diff --git a/docs/en/edge_computing/ros/getting_to_know_ros.md b/docs/en/edge_computing/ros/getting_to_know_ros.md new file mode 100644 index 0000000000000000000000000000000000000000..989b9d313f90823b7a53b0f3a3b9237d77adbdb0 --- /dev/null +++ b/docs/en/edge_computing/ros/getting_to_know_ros.md @@ -0,0 +1,3 @@ +# Getting to Know ROS + +This document is currently not available in English. diff --git a/docs/en/edge_computing/ros/installation_and_deployment.md b/docs/en/edge_computing/ros/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..186f2509479870128db9eb87374b6131dfce770b --- /dev/null +++ b/docs/en/edge_computing/ros/installation_and_deployment.md @@ -0,0 +1,3 @@ +# Installation and Deployment + +This document is currently not available in English. diff --git a/docs/en/edge_computing/ros/ros_user_guide.md b/docs/en/edge_computing/ros/ros_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..c4f1798771e0dd8e583ad1c5bfb552aecadfbb7c --- /dev/null +++ b/docs/en/edge_computing/ros/ros_user_guide.md @@ -0,0 +1,5 @@ +# ROS User Guide + +This document describes the installation and usage of the Robot Operating System (ROS) on openEuler. + +This document is intended for developers, open source enthusiasts, and partners who use openEuler and want to know and use ROS. You need to have basic knowledge of the Linux OS. diff --git a/docs/en/edge_computing/ros/usage_guide.md b/docs/en/edge_computing/ros/usage_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..fdef6804f1b60f0e5ae25973ca4150ed6254ba08 --- /dev/null +++ b/docs/en/edge_computing/ros/usage_guide.md @@ -0,0 +1,3 @@ +# Usage + +This document is currently not available in English. diff --git a/docs/en/embedded/_toc.yaml b/docs/en/embedded/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b68d0b3b4c3f010d5d528cb0e7de5a3777e5cb4b --- /dev/null +++ b/docs/en/embedded/_toc.yaml @@ -0,0 +1,6 @@ +label: Embedded +sections: + - label: openEuler Embedded User Guide + href: https://pages.openeuler.openatom.cn/embedded/docs/build/html/master/index.html + description: openEuler Embedded is a lightweight, secure, real-time OS tailored for embedded environments, with support for various hardware architectures. + - href: ./uniproton/_toc.yaml \ No newline at end of file diff --git a/docs/en/embedded/uniproton/_toc.yaml b/docs/en/embedded/uniproton/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b254d4e44c26ccb24dd7ef35303c0c37fd0a5d05 --- /dev/null +++ b/docs/en/embedded/uniproton/_toc.yaml @@ -0,0 +1,10 @@ +label: UniProton User Guide +isManual: true +description: UniProton is an OS tailored for embedded environments. It offers task and memory management, interrupt handling, and advanced debugging features. +sections: + - label: Overview + href: ./overview.md + - label: UniProton Feature Design + href: ./uniproton_functions.md + - label: UniProton Interfaces + href: ./uniproton_apis.md diff --git a/docs/en/embedded/uniproton/figures/FCS.png b/docs/en/embedded/uniproton/figures/FCS.png new file mode 100644 index 0000000000000000000000000000000000000000..afb47c557755c10a3f0b196b7080b16a0f86ab6a Binary files /dev/null and b/docs/en/embedded/uniproton/figures/FCS.png differ diff --git a/docs/en/embedded/uniproton/figures/MemoryApplication.png b/docs/en/embedded/uniproton/figures/MemoryApplication.png new file mode 100644 index 0000000000000000000000000000000000000000..de46581c40122a82b92db8a67ae3fcd76a97041a Binary files /dev/null and b/docs/en/embedded/uniproton/figures/MemoryApplication.png differ diff --git a/docs/en/embedded/uniproton/figures/MemoryRelease.png b/docs/en/embedded/uniproton/figures/MemoryRelease.png new file mode 100644 index 0000000000000000000000000000000000000000..f91c89bb02311f104949e2af42cddc4a3faaaca3 Binary files /dev/null and b/docs/en/embedded/uniproton/figures/MemoryRelease.png differ diff --git a/docs/en/embedded/uniproton/figures/pend_semaphore.png b/docs/en/embedded/uniproton/figures/pend_semaphore.png new file mode 100644 index 0000000000000000000000000000000000000000..59d8159d1ff1cecb43f59cc5d7c5a9900db8e767 Binary files /dev/null and b/docs/en/embedded/uniproton/figures/pend_semaphore.png differ diff --git a/docs/en/embedded/uniproton/figures/post_semaphore.png b/docs/en/embedded/uniproton/figures/post_semaphore.png new file mode 100644 index 0000000000000000000000000000000000000000..fa08d76dafd335b60838dda08db61ccadd8c6b8d Binary files /dev/null and b/docs/en/embedded/uniproton/figures/post_semaphore.png differ diff --git a/docs/en/embedded/uniproton/overview.md b/docs/en/embedded/uniproton/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..91c1d4e802b8616c7ee99e983d6ecf45408b40d3 --- /dev/null +++ b/docs/en/embedded/uniproton/overview.md @@ -0,0 +1,11 @@ +# UniProton User Guide + +## Introduction + +UniProton is an operating system (OS) for embedded scenarios provided by the openEuler community. It aims to build a high-quality OS platform that shields underlying hardware differences for upper-layer service software and provides powerful debugging functions. UniProton allows service software to be quickly ported to different hardware platforms, facilitates chip selection, and reduces costs for hardware procurement and software maintenance. + +This document describes the basic functions and APIs of UniProton. + +## Compilation + +For details about compilation, see . diff --git a/docs/en/embedded/uniproton/uniproton_apis.md b/docs/en/embedded/uniproton/uniproton_apis.md new file mode 100644 index 0000000000000000000000000000000000000000..8e8ae10187b8253da0a4f25aa943ae46d8d6598e --- /dev/null +++ b/docs/en/embedded/uniproton/uniproton_apis.md @@ -0,0 +1,3 @@ +# UniProton APIs + +This document is currently not available in English. diff --git a/docs/en/embedded/uniproton/uniproton_functions.md b/docs/en/embedded/uniproton/uniproton_functions.md new file mode 100644 index 0000000000000000000000000000000000000000..33eb51fb7abdf83a0acba4538e5e01d614c23348 --- /dev/null +++ b/docs/en/embedded/uniproton/uniproton_functions.md @@ -0,0 +1,151 @@ +# UniProton Feature Design + +## Task Management + +UniProton is a single-process multi-thread operating system (OS). In UniProton, a task represents a thread. Tasks in UniProton are scheduled in preemption mode instead of time slice rotation scheduling. High-priority tasks can interrupt low-priority tasks. Low-priority tasks can be scheduled only after high-priority tasks are suspended or blocked. + +A total of 32 priorities are defined, with priority 0 being the highest and 31 being the lowest. Multiple tasks can be created in a priority. + +The task management module of UniProton provides the following functions: Creates, deletes, suspends, resumes, and delays tasks; Locks and unlocks task scheduling; Obtains the current task ID; Obtains and sets task private data; Query the pending semaphore ID of a specified task; Query the status, context, and general information of a specified task; Obtains and sets task priorities; Adjusts the task scheduling order of a specified priority; Register and unregister hooks for task creation, deletion, and switching. During initialization, UniProton creates an idle task with the lowest priority by default. When no task is in the running status, the idle task is executed. + +## Event Management + +The event mechanism enables communication between threads. Event communication can only be event notifications and no data is transmitted. + +As an extension of tasks, events allow tasks to communicate with each other. Each task supports 32 event types, each represented by a bit of a 32-bit value. + +UniProton can read current task events and write specified task events. Multiple event types can be read or written at one time. + +## Queue Management + +A queue, also called message queue, is a method commonly used for inter-thread communication to store and transfer data. Data can be written to the head or tail of a queue based on the priority, but can be read only from the head of a queue. + +When creating a queue, UniProton allocates memory space for the queue based on the queue length and message unit size input by the user. The queue control block contains **Head** and **Tail** pointers, which indicate the storage status of data in a queue. **Head** indicates the start position of occupied message nodes in the queue. **Tail** indicates the end position of the occupied message nodes in the queue. + +## Hard Interrupt Management + +A hardware interrupt is a level signal that is triggered by hardware and affects system running. A hardware interrupt is used to notify the CPU of a hardware event. Hardware interrupts include maskable interrupts and non-maskable interrupts (NMIs). + +Hardware interrupts have different internal priorities, but they all have a higher priority than other tasks. When multiple hardware interrupts are triggered at the same time, the hardware interrupt with the highest priority is always responded first. Whether a high-priority hardware interrupt can interrupt a low-priority hardware interrupt that is being executed (that is, nested interrupts) depends on the chip platform. + +The OS creates a tick hardware interrupt during initialization for task delay and software timer purposes. The tick is essentially a hardware timer. + +## Memory Management + +Memory management is to dynamically divide and manage large memory areas allocated by users. When a section of a program needs to use the memory, the program calls the memory application function of the OS to obtain the memory block of a specified size. After using the memory, the program calls the memory release function to release the occupied memory. + +UniProton provides the FSC memory algorithm. The following table lists the advantages, disadvantages, and application scenarios of FSC. + +| Algorithm | Advantages | Disadvantages | Application Scenarios | +| :----------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------ | ------------------------------------ | +| Private FSC algorithm| The memory control block information occupies a small amount of memory. The minimum 4-byte-aligned memory block size can be applied for. Adjacent memory blocks can be quickly split and merged without creating memory fragmentation.| The efficiency of memory application and release is low.| It can flexibly adapt to various product scenarios.| + +The FSC memory algorithm is described as follows: + +### FSC Memory Algorithm + +#### Core Idea + +The size of the requested memory is **uwSize**. If the size is in binary, it is expressed as **0b{0}1xxx**. **{0}** indicates that there may be one or more zeros before **1**. Regardless of the content of following **1** (**xxx**), if **1** is changed to **10** and **xxx** is changed to **0**, **10yyy** is always greater than **1xxx** (**yyy** indicates that the corresponding bits of **xxx** are changed to **0**). + +The subscript of the leftmost 1 can be directly obtained. The subscript values are 0 to 31 from the most significant bit to the least significant bit (BitMap), or 0 to 31 from the least significant bit to the most significant bit (uwSize). If the subscripts of the bits of the 32-bit register are 0 to 31 from the most significant bit to the least significant bit, the subscript of the leftmost 1 of 0x80004000 is 0. Therefore, we can maintain an idle linked list header array (the number of elements does not exceed 31). The subscript of the leftmost 1 of the memory block size is used as the index of the linked list header array. That is, all memory blocks with the same subscript of the leftmost 1 are mounted to the same idle linked list. + +For example, the sizes of idle blocks that can be mounted to the linked list whose index is 2 are 4, 5, 6, and 7, and the sizes of idle blocks that can be mounted to the linked list whose index is N are 2^N to 2^(N+1)-1. + +![](./figures/FCS.png) + +#### Memory Application + +When applying for the memory of uwSize, use assembly instructions to obtain the subscript of the leftmost 1 first. Assume that the subscript is **n**. To ensure that the first idle memory block in the idle linked list meets the uwSize requirement, the search starts from the index n+1. If the idle linked list of index n+1 is not empty, the first idle block in the linked list is used. If the linked list of n+1 is empty, the linked list of n+2 is checked, and so on, until a non-empty linked list is found or the index reaches 31. + +A 32-bit BitMap global variable is defined to prevent the for loop from checking whether the idle linked list is empty recursively. If the idle linked list of n is not empty, the value whose subscript is n of BitMap is set to 1. Otherwise, the value is set to 0. The bit whose subscript is 31 of the BitMap is directly set to 1 during initialization. Therefore, the first non-idle linked list is searched from linked list of n+1. Bits 0 to n of the BitMap copy can be cleared first, and then a subscript of the leftmost 1 of the copy is obtained. If the subscript is not equal to 31, the subscript is the array index of the first non-empty idle linked list. + +All idle blocks are connected in series in the form of a bidirectional idle linked list. If the first idle block obtained from the linked list is large, that is, after a usSize memory block is split, the remaining space can be allocated at least once, The remaining idle blocks are added to the corresponding idle linked list. + +![](./figures/MemoryApplication.png) + +The memory control header records the size of the idle memory block (including the control header itself). The memory control header contains a reused member at the beginning. When a memory block is idle, it is used as a pointer to the next idle memory block. When a memory block is occupied, it stores a magic number, indicating that the memory block is not idle. To prevent the magic number from conflicting with the pointer (same as the address value), the upper and lower four bits of the magic number are 0xf. The start addresses of the allocated memory blocks are 4-byte-aligned. Therefore, no conflict occurs. + +#### Memory Release + +When the memory is released, adjacent idle blocks are combined. First, the validity of the address parameter (**pAddr**) is determined by checking the magic number in the control header. The start address of the control header of the next memory block is obtained by adding the start address to the offset value. If the next memory block is idle, the next memory block is deleted from the idle linked list to which it belongs, and the size of the current memory block is adjusted. + +To quickly find the control header of the previous memory block and determine whether the previous memory block is idle during memory release, a member is added to the memory control header to mark whether the previous memory block is idle. When the memory is applied for, the flag of the next memory block can be set to the occupied state (if the idle memory block is divided into two, and the previous memory block is idle, the flag of the current memory block is set to the idle state). When the memory is released, the flag of the next memory block is set to the idle state. When the current memory is released, if the previous memory block is marked as occupied, the previous memory block does not need to be merged; if the previous memory block is marked as idle, the previous memory block needs to be merged. If a memory block is idle, the flag of the next control block is set to the distance to the current control block. + + ![](./figures/MemoryRelease.png) + +## Timer Management + +UniProton provides the software timer function to meet the requirements of timing services. + +Software timers are based on the tick interrupts. Therefore, the period of a timer must be an integral multiple of the tick. The timeout scanning of the software timer is performed in the tick handler function. + +Currently, the software timer interface can be used to create, start, stop, restart, and delete timers. + +## Semaphore Management + +A semaphore is typically used to coordinate a group of competing tasks to access to critical resources. When a mutex is required, the semaphore is used as a critical resource counter. Semaphores include intra-core semaphores and inter-core semaphores. + +The semaphore object has an internal counter that supports the following operations: + +- Pend: The Pend operation waits for the specified semaphore. If the counter value is greater than 0, it is decreased by 1 and a success message is returned. If the counter value of the semaphore is 0, the requesting task is blocked until another task releases the semaphore. The amount of time the task will wait for the semaphore is user configurable. + +- Post: The Post operation releases the specified semaphore. If no task is waiting for the semaphore, the counter is incremented by 1 and returned. Otherwise, the first task (the earliest blocked task) in the list of tasks pending for this semaphore is woken up. + +The counter value of a semaphore corresponds to the number of available resources. It means mutually exclusive resources remained that could be occupied. The counter value can be: + +- 0, indicating that there is no accumulated post operation, and there may be a task blocked on the semaphore. + +- A positive value, indicating that there are one or more post release operations. + +## Exception Management + +Exception takeover of UniProton is a maintenance and test feature that records as much information as possible when an exception occurs to facilitate subsequent fault locating. In addition, the exception hook function is provided so that users can perform special handling when an exception occurs. The exception takeover feature handles internal exceptions and external hardware exceptions. + +## CPU Usage Statistics + +The system CPU usage (CPU percentage, CPUP) in UniProton refers to the CPU usage of the system within a period of time. It reflects the CPU load and the system running status (idle or busy) in the given period of time. The valid range of the system CPUP is 0 to 10000, in basis points. 10000 indicates that the system is fully loaded. + +The thread CPUP refers to the CPU usage of a single thread. It reflects the thread status, busy or idle, in a period of time. The valid range of the thread CPUP is 0 to 10000, in basis points. 10000 indicates that the process is being executed for a period of time. The total CPUPs of all threads (including interrupts and idle tasks) in a single-core system is 10000. + +The system-level CPUP statistics of UniProton depends on the tick module, which is implemented by tick sampling idle tasks or idle software interrupt counter. + +## STM32F407ZGT6 Development Board Support + +The kernel peripheral startup process and board driver of UniProton supports the STM32F407ZGT6 development board. The directory structure is as follows: + +├─apps # Demo based on the real-time OS of UniProton +│ └─hello_world # hello_world example program +├─bsp # Board-level driver to interconnect with the OS +├─build # Build script to build the final image +├─config # Configuration items to adjust running parameters +├─include # APIs provided by the real-time OS of UniProton +└─libs # Static libraries of the real-time OS of UniProton. The makefile example in the build directory has prepared the reference of the header file and static libraries. + +## OpenAMP Hybrid Deployment + +OpenAMP is an open source software framework designed to standardize the interaction between environments in heterogeneous embedded systems through open source solutions based on asymmetric multi-processing. OpenAMP consists of the following components: + +1. Remoteproc manages the life cycle of the slave core, shared memory, and resources such as buffer and vring used for communication, and initializes RPMsg and virtio. +2. RPMsg enables multi-core communication based on virtio. +3. Virtio, which is a paravirtualization technology, uses a set of virtual I/Os to implement driver communication between the master and slave cores. +4. libmetal shields OS implementation details, provides common user APIs to access devices, and handles device interrupts and memory requests. + +## POSIX Standard APIs + +[UniProton supports POSIX standard APIs](./uniproton_apis.md). + +## Device Drivers + +UniProton's driver architecture follows a Linux-like approach, treating devices as files through its Virtual File System (VFS). Drivers register with the file system via registration interfaces, enabling applications to access hardware through standard system calls. Adapted from Nuttx's open-source RTOS driver module, the framework maintains Nuttx-compatible interfaces. The file_operations structure (defined in fs.h) stores device operation methods, while register_driver associates devices with their inode structures that describe node locations and data. System calls reference these inodes to locate corresponding driver functions. For interface specifications, see [UniProton APIs](./uniproton_apis.md). + +## Shell Commands + +UniProton features a shell interface for command-line interaction with OS services, parsing user input and processing system outputs. Adapted from LiteOS's shell module, it supports custom command creation (requiring recompilation). Current implementation includes only the help command, with more commands planned for future releases. + +| Interface | Description | +| :---: | :--: | +| SHELLCMD_ENTRY | Static command registration | +| osCmdReg | Dynamic command registration | + +Static registration (5 parameters) typically handles system commands, while dynamic registration (4 parameters) manages user commands. Both share four common parameters after the static method's unique first parameter. Details in [UniProton APIs](./uniproton_apis.md). diff --git a/docs/en/server/_toc.yaml b/docs/en/server/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9ecb6d553752433367f6e776c75d6c8644226d0c --- /dev/null +++ b/docs/en/server/_toc.yaml @@ -0,0 +1,76 @@ +label: Server +sections: + - label: Release Notes + sections: + - href: ./releasenotes/releasenotes/_toc.yaml + - href: ./quickstart/quickstart/_toc.yaml + - label: Installation and Upgrade + sections: + - href: ./installation_upgrade/installation/_toc.yaml + - href: ./installation_upgrade/upgrade/_toc.yaml + - label: OS Administration + sections: + - href: ./administration/administrator/_toc.yaml + - href: ./administration/sysmaster/_toc.yaml + - href: ./administration/compa_command/_toc.yaml + - label: O&M + sections: + - href: ./maintenance/aops/_toc.yaml + - href: ./maintenance/gala/_toc.yaml + - href: ./maintenance/sysmonitor/_toc.yaml + - href: ./maintenance/kernel_live_upgrade/_toc.yaml + - href: ./maintenance/syscare/_toc.yaml + - href: ./maintenance/common_skills/_toc.yaml + - href: ./maintenance/common_tools/_toc.yaml + - href: ./maintenance/troubleshooting/_toc.yaml + - label: Security + sections: + - href: ./security/secharden/_toc.yaml + - href: ./security/trusted_computing/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/secGear/blob/master/docs/en/2403_LTS_SP2/_toc.yaml + path: ./secgear + - href: ./security/cve_ease/_toc.yaml + - href: ./security/cert_signature/_toc.yaml + - href: ./security/shangmi/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/secDetector/blob/master/docs/en/2403_LTS_SP2/_toc.yaml + path: ./secdetector + - label: Memory and Storage + sections: + - href: ./memory_storage/lvm/_toc.yaml + - href: ./memory_storage/etmem/_toc.yaml + - href: ./memory_storage/gmem/_toc.yaml + - href: ./memory_storage/hsak/_toc.yaml + - label: Network + sections: + - href: ./network/network_config/_toc.yaml + - href: ./network/gazelle/_toc.yaml + - label: Performance Optimization + sections: + - label: Overview + sections: + - href: ./performance/overall/system_resource/_toc.yaml + - label: Tuning Framework + sections: + - href: + upstream: https://gitee.com/openeuler/oeAware-manager/blob/master/docs/en/2403_lts_sp2/_toc.yaml + - label: CPU Optimization + sections: + - href: ./performance/cpu_optimization/sysboost/_toc.yaml + - href: ./performance/cpu_optimization/kae/_toc.yaml + - label: System Optimization + sections: + - href: ./performance/system_optimzation/atune/_toc.yaml + - label: Application Development + sections: + - href: ./development/application_dev/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/compiler-docs/blob/openEuler-24.03-LTS-SP2/docs/en/gcc/_toc.yaml + - label: High Availability + sections: + - href: ./high_availability/ha/_toc.yaml + - label: Diversified Computing + sections: + - href: ./diversified_computing/dpu_offload/_toc.yaml + - href: ./diversified_computing/dpu_os/_toc.yaml diff --git a/docs/en/server/administration/administrator/_toc.yaml b/docs/en/server/administration/administrator/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e9cb61ab7053505c0300abfad8fbcb78a67c3a26 --- /dev/null +++ b/docs/en/server/administration/administrator/_toc.yaml @@ -0,0 +1,28 @@ +label: Administrator Guide +isManual: true +description: Common administration operations on openEuler +sections: + - label: Viewing System Information + href: ./viewing_system_information.md + - label: Basic Configuration + href: ./basic_configuration.md + - label: User and User Group Management + href: ./user_and_user_group_management.md + - label: Software Package Management with DNF + href: ./using_dnf_to_manage_software_packages.md + - label: Service Management + href: ./service_management.md + - label: Process Management + href: ./process_management.md + - label: Service Configuration + href: ./configuring_services.md + sections: + - label: Configuring the Repo Server + href: ./configuring_the_repo_server.md + - label: Configuring the FTP Server + href: ./configuring_the_ftp_server.md + - label: Configuring the Web Server + href: ./configuring_the_web_server.md + - label: Setting Up the Database Server + href: ./setting_up_the_database_server.md + diff --git a/docs/en/server/administration/administrator/basic_configuration.md b/docs/en/server/administration/administrator/basic_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..37ce10de6508363bf8a5506b9bbd306ce11d4d33 --- /dev/null +++ b/docs/en/server/administration/administrator/basic_configuration.md @@ -0,0 +1,422 @@ +# Basic Configuration + +## Setting the System Locale + +System locale settings are stored in the /etc/locale.conf file and can be modified by the localectl command. These settings are read at system boot by the systemd daemon. + +### Displaying the Current Locale Status + +To display the current locale status, run the following command: + +```shell +localectl status +``` + +Example command output: + +```shell +$ localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: cn +``` + +### Listing Available Locales + +To display available locales, run the following command: + +```shell +localectl list-locales +``` + +You can check that by listing all Chinese locales with the following command: + +```shell +$ localectl list-locales | grep zh +zh_CN.UTF-8 +``` + +### Setting the Locale + +To set the language environment, run the following command as the user **root**. In the command, _locale_ indicates the language type to be set. Run the **localectl list-locales** command to obtain the value range. Change the value as required. + +```shell +localectl set-locale LANG=locale +``` + +For example, if you want to use Simplified Chinese as the locale, run the following command as the user **root**: + +```shell +localectl set-locale LANG=zh_CN.UTF-8 +``` + +> [!NOTE]NOTE +> After the modification, log in again or run the command `source /etc/locale.conf` as the user **root** to update the configuration file for the modification to take effect: + +## Setting the Keyboard Layout + +Keyboard layout settings are stored in the /etc/locale.conf file and can be modified by the localectl command. These settings are read at early boot by the systemd daemon. + +### Displaying the Current Settings + +To display the current keyboard layout settings, run the following command: + +```shell +localectl status +``` + +Example command output: + +```shell +$ localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: cn +``` + +### Listing Available Keyboard Layouts + +To list all available keyboard layouts that can be configured on openEuler, run the following command: + +```shell +localectl list-keymaps +``` + +For example, the command output of the Chinese keyboard layout is as follows: + +```shell +$ localectl list-keymaps | grep cn +cn +``` + +### Setting the Keyboard Layout + +To set the keyboard layout, run the following command as the user **root**. In the command, _map_ indicates the keyboard layout to be set. Run the **localectl list-keymaps** command to obtain the value range. Change it as required. + +```shell +localectl set-keymap map +``` + +The keyboard layout will be equally applied to graphical user interfaces. + +Then you can verify if your setting was successful by checking the status: + +```shell +$ localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: us +``` + +## Setting the Date and Time + +This topic describes how to set the system date, time, and time zone by using timedatectl, date, and hwclock commands. + +### Using the timedatectl Command + +#### Displaying the Current Date and Time + +To display the current date and time, run the following command: + +```shell +timedatectl +``` + +Example command output: + +```shell +$ timedatectl + Local time: Mon 2019-09-30 04:05:00 EDT + Universal time: Mon 2019-09-30 08:05:00 UTC + RTC time: Mon 2019-09-30 08:05:00 + Time zone: China Standard Time (CST), UTC +8 +System clock synchronized: no + NTP service: inactive + RTC in local TZ: no +``` + +#### Synchronizing the System Clock with a Remote Server + +Your system clock can be automatically synchronized with a remote server using the Network Time Protocol (NTP). Run the following command as the user **root** to enable or disable NTP. The value of _boolean_ is **yes** or **no**, indicating that the NTP is enabled or disabled for automatic system clock synchronization. Change the value as required. + +> [!NOTE]NOTE +> If the remote NTP server is enabled to automatically synchronize the system clock, you cannot manually change the date and time. If you need to manually change the date or time, ensure that automatic NTP system clock synchronization is disabled. You can run the **timedatectl set-ntp no** command to disable the NTP service. + +```shell +timedatectl set-ntp boolean +``` + +For example, to enable automatic remote time synchronization, run the following command: + +```shell +timedatectl set-ntp yes +``` + +#### Changing the Current Date + +> [!NOTE]NOTE +> Before changing the date, ensure that automatic NTP system clock synchronization has been disabled. + +Run the following command as the user **root** to change the current date. In the command, _YYYY_ indicates the year, _MM_ indicates the month, and _DD_ indicates the day. Change them as required. + +```shell +timedatectl set-time YYYY-MM-DD +``` + +For example, to change the current date to August 14, 2019, run the following command as the user **root**: + +```shell +timedatectl set-time '2019-08-14' +``` + +#### Changing the Current Time + +> [!NOTE]NOTE +> Before changing the time, ensure that automatic NTP system clock synchronization has been disabled. + +To change the current time, run the following command as the user **root**. In the command, _HH_ indicates the hour, _MM_ indicates the minute, and _SS_ indicates the second. Change them as required. + +```shell +timedatectl set-time HH:MM:SS +``` + +For example, to change the current time to 15:57:24, run the following command: + +```shell +timedatectl set-time 15:57:24 +``` + +#### Changing the Time Zone + +To list all available time zones, run the following command: + +```shell +timedatectl list-timezones +``` + +To change the current time zone, run the following command as the user **root**. In the command, _time\_zone_ indicates the time zone to be set. Change it as required. + +```shell +timedatectl set-timezone time_zone +``` + +Imagine you want to identify which time zone is closest to your present location while you are in Asia. You can check that by listing all available time zones in Asia with the following command: + +```shell +$ timedatectl list-timezones | grep Asia +Asia/Aden +Asia/Almaty +Asia/Amman +Asia/Anadyr +Asia/Aqtau +Asia/Aqtobe +Asia/Ashgabat +Asia/Baghdad +Asia/Bahrain +...... + +Asia/Seoul +Asia/Shanghai +Asia/Singapore +Asia/Srednekolymsk +Asia/Taipei +Asia/Tashkent +Asia/Tbilisi +Asia/Tehran +Asia/Thimphu +Asia/Tokyo +``` + +To change the time zone to Asia/Shanghai, run the following command: + +```shell +timedatectl set-timezone Asia/Shanghai +``` + +### Using the date Command + +#### Displaying the Current Date and Time + +To display the current date and time, run the following command: + +```shell +date +``` + +By default, the **date** command displays the local time. To display the time in Coordinated Universal Time (UTC), run the command with the --utc or -u command line option: + +```shell +date --utc +``` + +You can also customize the format of the displayed information by providing the + "format" option on the command line: + +```shell +date +"format" +``` + +**Table 1** Formatting options + +| Format Option | Description | +| :---- | :---- | +| %H | The hour in the HH format (for example, 17) | +| %M | The minute in the MM format (for example, 37) | +| %S | The second in the SS format (for example, 25) | +| %d | The day of the month in the DD format (for example, 15) | +| %m | The month in the MM format (for example, 07) | +| %Y | The year in the YYYY format (for example, 2019) | +| %Z | The time zone abbreviation (for example, CEST) | +| %F | The full date in the YYYY-MM-DD format (for example, 2019-7-15). This option is equal to %Y-%m-%d | +| %T | The full time in the HH:MM:SS format (for example, 18:30:25). This option is equal to %H:%M:%S | + +Example commands and outputs: + +- To display the current date and time: + + ```shell + $ date + Sat Aug 17 17:26:34 CST 2019 + ``` + +- To display the current date and time in UTC: + + ```shell + $ date --utc + Sat Aug 17 09:26:18 UTC 2019 + ``` + +- To customize the output of the date command: + + ```shell + $ date +"%Y-%m-%d %H:%M" + 2019-08-17 17:24 + ``` + +#### Changing the Current Time + +To change the current time, run the date command with the --set or -s option as the root user: Run the following command as the user **root**. In the command, _HH_ indicates the hour, _MM_ indicates the minute, and _SS_ indicates the second. Change them as required. + +```shell +date --set HH:MM:SS +``` + +By default, the date command sets the local time. To set the system clock in UTC instead, run the command with the --utc or -u command line option: + +```shell +date --set HH:MM:SS --utc +``` + +For example, to change the current time to 23:26:00, run the following command as the user **root**: + +```shell +date --set 23:26:00 +``` + +#### Changing the Current Date + +To change the current date, run the command with the --set or -s command line option. Run the following command as the user **root**. In the command, _YYYY_ indicates the year, _MM_ indicates the month, and _DD_ indicates the day. Change them as required. + +```shell +date --set YYYY-MM-DD +``` + +For example, to change the current date to November 2, 2019, run the following command as the user **root**: + +```shell +date --set 2019-11-02 +``` + +### Using the hwclock Command + +You can run the hwclock command to set the real time clock (RTC). + +#### Real-Time Clock and System Clock + +Linux divides clocks into the following types: + +- System clock: clock of the current Linux kernel. +- Hardware clock RTC: hardware clock of the mainboard powered by the battery. This clock can be set in the **Standard BIOS Feature** option of the BIOS. + +When Linux starts, it reads the RTC and sets the system clock time based on the RTC time. + +#### Displaying the Current Date and Time + +To display the current RTC date and time, run the following command as the user **root**: + +```shell +hwclock +``` + +Example command output: + +```shell +$ hwclock +2019-08-26 10:18:42.528948+08:00 +``` + +#### Setting the Date and Time + +Run the following command as the user **root** to change the date and time of the current hardware. In the command, _dd_ indicates the day, _mm_ indicates the month, _yyyy_ indicates the year, _HH_ indicates the hour, and _MM_ indicates the minute. Change them as required. + +```shell +hwclock --set --date "dd mm yyyy HH:MM" +``` + +For example, to change the current time to 21:17 on October 21, 2019, run the following command: + +```shell +hwclock --set --date "21 Oct 2019 21:17" --utc +``` + +## Setting kdump + +This section describes how to set the memory reserved for kdump and modify parameters in the kdump configuration file. + +### Setting the Memory Reserved for kdump + +#### Parameter Formats of the Memory Reserved for kdump + +The memory reserved for kdump must be added to the bootargs in the **/boot/efi/EFI/openEuler/grub.cfg** configuration file. The memory reserved for kdump has been added to the released openEuler version by default and can be adjusted as required. After adding or modifying the bootargs, restart the system for the setting to take effect. The parameter formats of the memory reserved for kdump are as follows: + +| Bootarg| Description| Default Value| Remarks| +|----------|----------|----------|----------| +| crashkernel=x| If the physical memory size is less than 4 GB, x of the memory is reserved for kdump.| The default value is 512 MB for x86.| This configuration method is used only when the available memory size is less than 4 GB. In this case, ensure that the available contiguous memory is sufficient for reservation.| +| crashkernel=x@y| x of the memory is reserved at the start address of y for kdump.| Unused| Ensure that x of the memory at the start address of y is not reserved for other modules.| +| crashkernel=x,high| If the physical memory size is less than 4 GB, 256 MB memory is reserved. If the physical memory size is greater than 4 GB, x of the memory is reserved for kdump. | The default value is 1024M,high for ARM64.| Ensure that the available physical contiguous memory size is greater than or equal to 256 MB when the memory size is less than 4 GB, and is greater than or equal to x when the memory size is greater than 4 GB. The actual reserved memory size is 256 MB + x. | +| crashkernel=x,low crashkernel=y,high| x of the memory is reserved for kdump when the physical memory size is less than 4 GB, and y of the memory is reserved for kdump when the physical memory size is greater than 4 GB. | Unused| Ensure that the available physical contiguous memory size is greater than or equal to x when the physical memory size is less than 4 GB, and is greater than or equal to y when the physical memory size is greater than 4 GB.| + +### Recommended Reserved Memory + +| Recommended Solution| Reserved Parameter| Description| +|----------|----------|----------| +| General solution| crashkernel=2048M,high| If the memory size is less than 4 GB, 256 MB is reserved for kdump. If the memory size is greater than 4 GB, 2048 MB is reserved for kdump. 256 + 2048 MB in total.| +| Economical solution| crashkernel=1024M,high| If the memory size is less than 4 GB, 256 MB is reserved for kdump. If the memory size is greater than 4 GB, 1024 MB is reserved for kdump. 256 + 1024 MB in total. It is recommended that kdump files not be dumped using the network in scenarios where the system memory size is less than 512 GB. In VM scenarios, you can reduce the reserved memory. You are advised to set crashkernel to 512M or crashkernel to 256M,high.| + +> [!NOTE]NOTE +> If kdump files are not dumped using the network, you need to set the kdump file system not to pack network drivers. Loading the network driver requires a large amount of memory. As a result, the memory reserved for kdump may be insufficient and kdump may fail. Therefore, you are advised to disable network drivers. + +### Disabling Network Drivers + +In the kdump configuration file **/etc/kdump.conf**, the dracut parameters can be used to set the tailored driver module. You can configure the network driver to the tailored driver list to prevent the kdump file system from loading the driver. After the configuration file is modified, restart the kdump service for the modification to take effect. Set the dracut parameters as follows: + +`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` + +## Setting the Disk Scheduling Algorithm + +This section describes how to set the disk scheduling algorithm. + +### Temporarily Modifying the Scheduling Policy + +For example, if all I/O scheduling algorithms are changed to **mq-deadline**, the modification becomes invalid after the system is restarted. + +```shell +echo mq-deadline > /sys/block/sd*/queue/scheduler +``` + +### Permanently Setting the Scheduling Policy + +You can add **elevator=mq-deadline** to the kernel line in the kernel boot configuration file **grub.cfg**. The setting takes effect after the system is restarted. + +```shell +linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap quiet crashkernel=512M elevator=mq-deadline +``` diff --git a/docs/en/server/administration/administrator/configuring_services.md b/docs/en/server/administration/administrator/configuring_services.md new file mode 100644 index 0000000000000000000000000000000000000000..e33439eb2e5ad90f0eaa7013ed262100489e21fd --- /dev/null +++ b/docs/en/server/administration/administrator/configuring_services.md @@ -0,0 +1 @@ +# Configuring Services diff --git a/docs/en/server/administration/administrator/configuring_the_ftp_server.md b/docs/en/server/administration/administrator/configuring_the_ftp_server.md new file mode 100644 index 0000000000000000000000000000000000000000..157c48573c74e5ae919b968f79217f4d4a546cae --- /dev/null +++ b/docs/en/server/administration/administrator/configuring_the_ftp_server.md @@ -0,0 +1,503 @@ +# Configuring the FTP Server + +## General Introduction + +### FTP Overview + +File Transfer Protocol \(FTP\) is one of the earliest transmission protocols on the Internet. It is used to transfer files between the server and client. FTP allows users to access files on a remote system using a set of standard commands without logging in to the remote system. In addition, the FTP server provides the following functions: + +- Subscriber classification + + By default, the FTP server classifies users into real users, guest users, and anonymous users based on the login status. The three types of users have different access permissions. Real users have complete access permissions, while anonymous users have only the permission to downloading resources. + +- Command records and log file records + + FTP can use the syslogd to record data, including historical commands and user transmission data \(such as the transmission time and file size\). Users can obtain log information from the /var/log/ directory. + +- Restricting the access scope of users + + FTP can limit the work scope of a user to the home directory of the user. After a user logs in to the system through FTP, the root directory displayed by the system is the home directory of the user. This environment is called change root \(chroot for short\). In this way, users can access only the main directory, but not important directories such as /etc, /home, and /usr/local. This protects the system and keeps the system secure. + +### Port Used by the FTP Server + +The FTP service requires multiple network ports. The server uses the following ports: + +- Command channel. The default port number is 21. +- Data channel. The default port number is 20. + +Port 21 is used to receive connection requests from the FTP client, and port 20 is used by the FTP server to proactively connect to the FTP client. + +### Introduction to vsftpd + +FTP has a long history and uses the unencrypted transmission mode, and is therefore considered insecure. This section describes the Very Secure FTP Daemon \(vsftpd\), to use FTP in a more secure way. + +The vsftpd is introduced to build a security-centric FTP server. The vsftpd is designed with the following features: + +- The startup user of the vsftpd service is a common user who has low system permission. In addition, the vsftpd service uses chroot to change the root directory, preventing the risk of misusing system tools. +- Any vsftpd command that requires high execution permission is controlled by a special upper-layer program. The upper-layer program has low permission and does not affect the system. +- vsftpd integrates most of the extra commands \(such as dir, ls, and cd\) used by FTP. Generally, the system does not need to provide extra commands, which are secure for the system. + +## Using vsftpd + +### Installing vsftpd + +To use the vsftpd service, you need to install the vsftpd software. If the yum source has been configured, run the following command as the root user to install the vsftpd service: + +```shell +dnf install vsftpd +``` + +### Service Management + +To start, stop, or restart the vsftpd service, run the corresponding command as the root user. + +- Starting vsftpd services + + ```shell + systemctl start vsftpd + ``` + + You can run the netstat command to check whether communication port 21 is enabled. If the following information is displayed, the vsftpd service has been enabled. + + ```shell + $ netstat -tulnp | grep 21 + tcp6 0 0 :::21 :::* LISTEN 19716/vsftpd + ``` + + > [!NOTE]NOTE + > If the **netstat** command does not exist, run the **dnf install net-tools** command to install the **net-tools** software and then run the **netstat** command. + +- Stopping the vsftpd services + + ```shell + systemctl stop vsftpd + ``` + +- Restarting the vsftpd service + + ```shell + systemctl restart vsftpd + ``` + +## Configuring vsftpd + +### vsftpd Configuration Files + +You can modify the vsftpd configuration file to control user permissions. [Table 1](#table1541615718372) describes the vsftpd configuration files. You can modify the configuration files as required. You can run the man command to view more parameter meanings. + +**Table 1** vsftpd configuration files + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Configuration File

+

Description

+

/etc/vsftpd/vsftpd.conf

+

Main configuration file of the vsftpd process. The configuration format is Parameter=Parameter value. The parameter and parameter value cannot be empty.

+

You can run the following command to view details about the vsftpd.conf file:

+

man 5 vsftpd.conf

+

/etc/pam.d/vsftpd

+

Pluggable authentication modules (PAMs) are used for identity authentication and restrict some user operations.

+

/etc/vsftpd/ftpusers

+

List of users who are not allowed to use the vsftpd. By default, the system account is also in this file. Therefore, the system account cannot use vsftpd by default.

+

/etc/vsftpd/user_list

+

List of users who are allowed or not allowed to log in to the vsftpd server. Whether the file takes effect depends on the following parameters in the main configuration file vsftpd.conf:

+

userlist_enable: indicates whether to enable the userlist mechanism. The value YES indicates that the userlist mechanism is enabled. In this case, the userlist_deny configuration is valid. The value NO indicates that the userlist mechanism is disabled.

+

userlist_deny: indicates whether to forbid users in the user list to log in. YES indicates that users in the user list are forbidden to log in. NO indicates that users in the command are allowed to log in.

+

For example, if userlist_enable is set to YES and userlist_deny is set to YES, all users in the user list cannot log in.

+

/etc/vsftpd/chroot_list

+

Whether to restrict the user list in the home directory. By default, this file does not exist. You need to create it manually. It is the value of chroot_list_file in the vsftpd.conf file.

+

The function of this parameter is determined by the following parameters in the vsftpd.conf file:

+
  • chroot_local_user: indicates whether to restrict all users to the home directory. The value YES indicates that all users are restricted to the home directory, and the value NO indicates that all users are not restricted to the home directory.
  • chroot_list_enable: indicates whether to enable the list of restricted users. The value YES indicates that the list is enabled, and the value NO indicates that the list is disabled.
+

For example, if chroot_local_user is set to YES, chroot_list_enable is set to YES, and chroot_list_file is set to /etc/vsftpd/chroot_list, all users are restricted to their home directories, and users in chroot_list are not restricted.

+

/usr/sbin/vsftpd

+

Unique execution file of vsftpd.

+

/var/ftp/

+

Default root directory for anonymous users to log in. The root directory is related to the home directory of the ftp user.

+
+ +### Default Configuration Description + +> [!NOTE]NOTE +> The configuration content in this document is for reference only. You can modify the content based on the site requirements \(for example, security hardening requirements\). + +In the openEuler system, vsftpd does not open to anonymous users by default. Run the vim command to view the main configuration file. The content is as follows: + +```shell +$ vim /etc/vsftpd/vsftpd.conf +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +listen=NO +listen_ipv6=YES +pam_service_name=vsftpd +userlist_enable=YES +``` + +[Table 2](#table18185162512499) describes the parameters. + +**Table 2** Parameter description + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Parameter

+

Description

+

anonymous_enable

+

Indicates whether to allow anonymous users to log in. YES indicates that anonymous users are allowed to log in; NO indicates that anonymous users are not allowed to log in.

+

local_enable

+

Whether to allow local users to log in. YES indicates that local users are allowed to log in. NO indicates that local users are not allowed to log in.

+

write_enable

+

Whether to allow the login user to have the write permission. YES indicates that the upload and write function is enabled, and NO indicates that the function is disabled.

+

local_umask

+

Indicates the umask value when a local user adds a profile.

+

dirmessage_enable

+

Indicates whether to display the contents that users need to pay attention to when a user accesses a directory. The options are YES (yes) and NO (no).

+

xferlog_enable

+

Indicates whether to record file upload and download operations. The options are YES (record operations) and NO (not record operations).

+

connect_from_port_20

+

Indicates whether port 20 is used for data transmission in port mode. YES indicates that port 20 is used, and NO indicates that port 20 is not used.

+

xferlog_std_format

+

Indicates whether the transfer log file is written in the standard xferlog format. The options are YES (yes) and NO (no).

+

listen

+

Indicates whether the vsftpd service is started in standalone mode. The options are YES (yes) and NO (no).

+

pam_service_name

+

Support for PAM management. The value is a service name, for example, vsftpd.

+

userlist_enable

+

Indicates whether to support account login control in the /etc/vsftpd/user_list file. The options are YES (yes) and NO (no).

+

tcp_wrappers

+

Indicates whether to support the firewall mechanism of the TCP Wrappers. The options are YES (yes) and NO (no).

+

listen_ipv6

+

Indicates whether to listen to IPv6 FTP requests. The options are YES (yes) and NO (no). listen and listen_ipv6 cannot be enabled at the same time.

+
+ +### Setting the Local Time + +#### Overview + +In the openEuler system, vsftpd uses the Greenwich Mean Time \(GMT\) time by default, which may be different from the local time. For example, the GMT time is 8 hours later than the Beijing time. You need to change the GMT time to the local time. Otherwise, the server time and client time are inconsistent, which may cause errors during file upload and download. + +#### Setting Method + +To set the vsftpd time to the local time, perform the following steps as the **root** user: + +1. Open the vsftpd.conf file and change the value of use\_localtime to **YES**. Run the following command: + + ```shell + vim /etc/vsftpd/vsftpd.conf + ``` + + Modify the file contents as follows: + + ```shell + use_localtime=YES + ``` + +2. Restart the vsftpd service. + + ```shell + systemctl restart vsftpd + ``` + +3. Set the vsftpd service to start automatically upon power-on. + + ```shell + systemctl enable vsftpd + ``` + +### Configuring Welcome Information + +You are advised to configure a welcome information file for the vsftpd service. To configure the **welcome.txt** file of the vsftp service, perform the following steps as the **root** user: + +1. Open the vsftpd.conf configuration file, add the welcome information to the file, save the file, and exit. + + ```shell + vim /etc/vsftpd/vsftpd.conf + ``` + + The following configuration lines need to be added: + + ```text + banner_file=/etc/vsftpd/welcome.txt + ``` + +2. Create welcome information. Specifically, open the welcome.txt file, write the welcome information, save the file, and exit. + + ```shell + vim /etc/vsftpd/welcome.txt + ``` + + The following is an example: + + ```text + Welcome to this FTP server! + ``` + +### Configuring the Login Permission of a System Account + +Generally, users need to restrict the login permission of some accounts. You can set the restriction as required. + +By default, vsftpd manages and restricts user identities based on user lists stored in two files. FTP requests from a user in any of the files will be denied. + +- **/etc/vsftpd/user_list** can be used as an allowlist, blocklist, or invalid list, which is determined by the **userlist_enable** and **userlist_deny** parameters. +- **/etc/vsftpd/ftpusers** can be used as a blocklist only, regardless of the parameters. + +## Verifying Whether the FTP Service Is Successfully Set Up + +You can use the FTP client provided by openEuler for verification. The command and output are as follows. Enter the user name \(an existing user in the system\) and password as prompted. If the message "Login successful" is displayed, the FTP server is successfully set up. + +```shell +$ ftp localhost +Trying 127.0.0.1... +Connected to localhost (127.0.0.1). +220-Welcome to this FTP server! +220 +Name (localhost:root): USERNAME +331 Please specify the password. +Password: +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> bye +221 Goodbye. +``` + +> [!NOTE]NOTE +> If the **ftp** command does not exist, run the **dnf install ftp** command as the **root** user to install the **ftp** software and then run the **ftp** command. + +## Configuring a Firewall + +To open the FTP service to the Internet, you need to configure the firewall and SElinux as the **root** user. + +```shell +$ firewall-cmd --add-service=ftp --permanent +success +$ firewall-cmd --reload +success +$ setsebool -P ftpd_full_access on +``` + +## File Transmission + +### Overview + +This section describes how to transfer files after the vsftpd service is started. + +### Connecting to the Server + +#### Command Format + +**ftp** \[_hostname_ \| _ip-address_\] + +**hostname** indicates the name of the server, and **ip-address** indicates the IP address of the server. + +#### Requirements + +Run the following command on the command-line interface \(CLI\) of the openEuler OS: + +```shell +ftp ip-address +``` + +Enter the user name and password as prompted. If the following information is displayed after the authentication is successful, the FTP connection is successful. In this case, you have accessed the directory of the connected server. + +```shell +ftp> +``` + +At this prompt, you can enter different commands to perform related operations. + +- Display the current path of the server. + + ```shell + ftp>pwd + ``` + +- Display the local path. You can upload the files in this path to the corresponding location on the FTP server. + + ```shell + ftp>lcd + ``` + +- Exit the current window and return to the local Linux terminal. + + ```shell + ftp>! + ``` + +### Downloading a File + +Generally, the get or mget command is used to download files. + +#### How to Use get + +- Function description: Transfers files from a remote host to a local host. +- Command format: **get** \[_remote-file_\] \[_local-file_\] + + _remote-file_ indicates a remote file, and _local-file_ indicates a local file. + +- For example, run the following command to obtain the /home/openEuler/openEuler.htm file on the remote server to the local directory /home/myopenEuler/ and change the file name to myopenEuler.htm + + ```shell + ftp> get /home/openEuler/openEuler.htm /home/myopenEuler/myopenEuler.htm + ``` + +#### How to Use mget + +- Function description: Receives a batch of files from the remote host to the local host. +- Command format: **mget** \[_remote-file_\] + + _remote-file_ indicates a remote file. + +- For example, to obtain all files in the /home/openEuler/ directory on the server, run the following command: + + ```shell + ftp> cd /home/openEuler/ + ftp> mget *.* + ``` + + > [!NOTE]NOTE + > - In this case, a message is displayed each time a file is downloaded. To block the prompt information, run the **prompt off** command before running the **mget \*.\*** command. + > - The files are downloaded to the current directory on the Linux host. For example, if you run the ftp command in /home/myopenEuler/, all files are downloaded to /home/myopenEuler/. + +### Uploading a File + +Generally, the put or mput command is used to upload files. + +#### How to Use put + +- Function: Transfers a local file to a remote host. +- Command format: **put** \[_local-file_\] \[_remote-file_\] + + _remote-file_ indicates a remote file, and _local-file_ indicates a local file. + +- For example, run the following command to transfer the local myopenEuler.htm file to the remote host /home/openEuler/ and change the file name to openEuler.htm: + + ```shell + ftp> put myopenEuler.htm /home/openEuler/openEuler.htm + ``` + +#### How to Use mput + +- Function: Transfers a batch of files from the local host to a remote host. +- Command format: **mput** \[_local-file_\] + + _local-file_ indicates a local file. + +- For example, run the following command to upload all HTM files in the local directory to the /home/openEuler/ directory on the server: + + ```shell + ftp> cd /home/openEuler/ + ftp> mput *.htm + ``` + +### Deleting a File + +Generally, the **delete** or **mdelete** command is used to delete a file. + +#### How to Use delete + +- Function description: Deletes one or more files from the remote server. +- Command format: **delete** \[_remote-file_\] + + _remote-file_ indicates a remote file. + +- For example, to delete the /home/openEuler/openEuler.htm from the remote server, run the following command: + + ```shell + ftp> cd /home/openEuler/ + ftp> delete openEuler.htm + ``` + +#### How to Use mdelete + +- Function description: Deletes files from a remote server. This function is used to delete files in batches. +- Command format: **mdelete** \[_remote-file_\] + + _remote-file_ indicates a remote file. + +- For example, to delete all files whose names start with **a** from the /home/openEuler/ directory on the remote server, run the following command: + + ```shell + ftp> cd /home/openEuler/ + ftp> mdelete a* + ``` + +### Disconnecting from the Server + +Run the bye command to disconnect from the server. + +```shell +ftp> bye +``` diff --git a/docs/en/server/administration/administrator/configuring_the_repo_server.md b/docs/en/server/administration/administrator/configuring_the_repo_server.md new file mode 100644 index 0000000000000000000000000000000000000000..56a96ce932dae794fa236c0ebf6c3a333059c4fd --- /dev/null +++ b/docs/en/server/administration/administrator/configuring_the_repo_server.md @@ -0,0 +1,387 @@ +# Configuring the Repository Server + +> [!NOTE]NOTE +> openEuler provides multiple repositories for online usage. For details about the repositories, see [OS Installation](../../releasenotes/releasenotes/os_installation.md). If you cannot obtain the openEuler repository online, you can use the ISO release package provided by openEuler to create a local openEuler repository. This section uses the **openEuler-{version}-aarch64-dvd.iso** file as an example. Modify the ISO file as required. + +## Overview + +Create the **openEuler-{version}-aarch64-dvd.iso** file provided by openEuler as the repository. The following uses Nginx as an example to describe how to deploy the repository and provide the HTTP service. + +## Creating or Updating a Local Repository + +Mount the openEuler ISO file **openEuler-{version}-aarch64-dvd.iso** to create and update a repository. + +### Obtaining the ISO File + +Obtain the openEuler ISO file from the following website: + +[https://repo.openeuler.org/openEuler-{version}/ISO/](https://repo.openeuler.org/openEuler-{version}/ISO/) + +### Mounting an ISO File to Create a Repository + +Run the **mount** command as the **root** user to mount the ISO file. + +The following is an example: + +```shell +mount /home/openEuler/openEuler-{version}-aarch64-dvd.iso /mnt/ +``` + +The mounted mnt directory is as follows: + +```text +. +│── boot.catalog +│── docs +│── EFI +│── images +│── Packages +│── repodata +│── TRANS.TBL +└── RPM-GPG-KEY-openEuler +``` + +In the preceding directory, **Packages** indicates the directory where the RPM package is stored, **repodata** indicates the directory where the repository metadata is stored, and **RPM-GPG-KEY-openEuler** indicates the public key for signing openEuler. + +### Creating a Local Repository + +You can copy related files in the ISO file to a local directory to create a local repository. The following is an example: + +```shell +mount /home/openEuler/openEuler-{version}-aarch64-dvd.iso /mnt/ +mkdir -p /home/openEuler/srv/repo/ +cp -r /mnt/Packages /home/openEuler/srv/repo/ +cp -r /mnt/repodata /home/openEuler/srv/repo/ +cp -r /mnt/RPM-GPG-KEY-openEuler /home/openEuler/srv/repo/ +``` + +The local repository directory is as follows: + +```text +. +│── Packages +│── repodata +└── RPM-GPG-KEY-openEuler +``` + +**Packages** indicates the directory where the RPM package is stored, **repodata** indicates the directory where the repository metadata is stored, and **RPM-GPG-KEY-openEuler** indicates the public key for signing openEuler. + +### Updating the Repository + +You can update the repository in either of the following ways: + +- Use the latest ISO file to update the existing repository. The method is the same as that for creating a repository. That is, mount the ISO file or copy the ISO file to the local directory. + +- Add a RPM package to the **Packages** directory of the repository and run the **createrepo** command to update the repository. + + ```shell + createrepo --update --workers=10 ~/srv/repo + ``` + +In this command, **--update** indicates the update, and **--workers** indicates the number of threads, which can be customized. + +> [!NOTE]NOTE +> If the command output contains "createrepo: command not found", run the **dnf install createrepo** command as the **root** user to install the **createrepo** softeware. + +## Deploying the Remote Repository + +Install openEuler OS and deploy the repository using Nginx on openEuler OS. + +### Installing and Configuring Nginx + +1. Download the Nginx tool and install it as the **root** user. + +2. After Nginx is installed, configure /etc/nginx/nginx.conf as the **root** user. + + > [!NOTE]NOTE + > The configuration content in this document is for reference only. You can configure the content based on the site requirements (for example, security hardening requirements). + + ```text + user nginx; + worker_processes auto; # You are advised to set this parameter to core-1. + error_log /var/log/nginx/error.log warn; # Log storage location + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + sendfile on; + keepalive_timeout 65; + + server { + listen 80; + server_name localhost; # Server name (URL) + client_max_body_size 4G; + root /usr/share/nginx/repo; # Default service directory + + location / { + autoindex on; # Enable the access to lower-layer files in the directory. + autoindex_exact_size on; + autoindex_localtime on; + } + + } + + } + ``` + +### Starting Nginx + +1. Run the following `systemctl` commands as the **root** user to start the Nginx service. + + ```shell + systemctl enable nginx + systemctl start nginx + ``` + +2. You can run the following command to check whether Nginx is started successfully: + + ```shell + systemctl status nginx + ``` + + - [Figure 1](#en-us_topic_0151920971_fd25e3f1d664b4087ae26631719990a71) indicates that the Nginx service is started successfully. + + **Figure 1** The Nginx service is successfully started. + ![](./figures/nginx_start_success.png) + + - If the Nginx service fails to be started, view the error information. + + ```shell + systemctl status nginx.service --full + ``` + + **Figure 2** The Nginx service startup fails + ![](./figures/nginx_start_failed.png) + + As shown in [Figure 2](#en-us_topic_0151920971_f1f9f3d086e454b9cba29a7cae96a4c54), the Nginx service fails to be created because the /var/spool/nginx/tmp/client\_body directory fails to be created. You need to manually create the directory as the **root** user. Solve similar problems as follows: + + ```shell + mkdir -p /var/spool/nginx/tmp/client_body + mkdir -p /var/spool/nginx/tmp/proxy + mkdir -p /var/spool/nginx/tmp/fastcgi + mkdir -p /usr/share/nginx/uwsgi_temp + mkdir -p /usr/share/nginx/scgi_temp + ``` + +### Deploying the Repository + +1. Run the following command as the **root** user to create the **/usr/share/nginx/repo** directory specified in the Nginx configuration file /etc/nginx/nginx.conf: + + ```shell + mkdir -p /usr/share/nginx/repo + ``` + +2. Run the following command as the **root** user to modify the **/usr/share/nginx/repo** directory permission: + + ```shell + chmod -R 755 /usr/share/nginx/repo + ``` + +3. Configure firewall rules as the **root** user to enable the port (port 80) configured for Nginx. + + ```shell + firewall-cmd --add-port=80/tcp --permanent + firewall-cmd --reload + ``` + + Check whether port 80 is enabled as the **root** user. If the output is **yes**, port 80 is enabled. + + ```shell + firewall-cmd --query-port=80/tcp + ``` + + You can also enable port 80 using iptables as the **root** user. + + ```shell + iptables -I INPUT -p tcp --dport 80 -j ACCEPT + ``` + +4. After the Nginx service is configured, you can use the IP address to access the web page, as shown in [Figure 3](#en-us_topic_0151921017_fig1880404110396). + + **Figure 3** Nginx deployment succeeded + ![](./figures/nginx_deployed_success.png) + +5. Use either of the following methods to add the repository to the **/usr/share/nginx/repo** directory: + + - Copy related files in the image to the **/usr/share/nginx/repo** directory as the **root** user. + + ```shell + mount /home/openEuler/openEuler-{version}-aarch64-dvd.iso /mnt/ + cp -r /mnt/Packages /usr/share/nginx/repo/ + cp -r /mnt/repodata /usr/share/nginx/repo/ + cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo/ + chmod -R 755 /usr/share/nginx/repo + ``` + + The **openEuler-{version}-aarch64-dvd.iso** file is stored in the **/home/openEuler** directory. + + - Create a soft link for the repository in the **/usr/share/nginx/repo** directory as the **root** user. + + ```shell + ln -s /mnt /usr/share/nginx/repo/os + ``` + + **/mnt** is the created repository, and **/usr/share/nginx/repo/os** points to **/mnt** . + +## Using the Repository + +The repository can be configured as a Yum repository, which is a shell front-end software package manager. Based on the Redhat package manager (RPM), YUM can automatically download the RPM package from the specified server, install the package, and process dependent relationship. It supports one-off installation for all dependent software packages. + +### Configuring Repository as the Yum Repository + +You can configure the built repository as the Yum repository and create the \*\*\*.repo configuration file (the extension .repo is mandatory) in the /etc/yum.repos.d/ directory as the **root** user. You can configure the Yum repository on the local host or HTTP server. + +- Configuring the local Yum repository. + + Create the **openEuler.repo** file in the **/etc/yum.repos.d** directory and use the local repository as the Yum repository. The content of the **openEuler.repo** file is as follows: + + ```text + [base] + name=base + baseurl=file:///home/openEuler/srv/repo + enabled=1 + gpgcheck=1 + gpgkey=file:///home/openEuler/srv/repo/RPM-GPG-KEY-openEuler + ``` + + > [!NOTE]NOTE + > - **repoid** indicates the ID of the software repository. Repoids in all .repo configuration files must be unique. In the example, **repoid** is set to **base**. + > - **name** indicates the string that the software repository describes. + > - **baseurl** indicates the address of the software repository. + > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. + > - **gpgcheck** indicates whether to enable the GNU privacy guard (GPG) to check the validity and security of sources of RPM packages. **1** indicates GPG check is enabled. **0** indicates the GPG check is disabled. + > - **gpgkey** indicates the public key used to verify the signature. + +- Configuring the Yum repository for the HTTP server + + Create the **openEuler.repo** file in the **/etc/yum.repos.d** directory. + + - If the repository of the HTTP server deployed by the user is used as the Yum repository, the content of **openEuler.repo** is as follows: + + ```text + [base] + name=base + baseurl=http://192.168.139.209/ + enabled=1 + gpgcheck=1 + gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler + ``` + + > [!NOTE]NOTE + > 192.168.139.209 is an example. Replace it with the actual IP address. + + - If the openEuler repository provided by openEuler is used as the Yum repository, the content of **openEuler.repo** is as follows (the AArch64-based OS repository is used as an example): + + ```text + [base] + name=base + baseurl=http://repo.openeuler.org/openEuler-{version}/OS/aarch64/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/aarch64/RPM-GPG-KEY-openEuler + ``` + +### Repository Priority + +If there are multiple repositories, you can set the repository priority in the .repo file. If the priority is not set, the default priority is **99** . If the same RPM package exists in the sources with the same priority, the latest version is installed. **1** indicates the highest priority and **99** indicates the lowest priority. The following shows how to set the priority of **openEuler.repo** to **2**. + +```text +[base] +name=base +baseurl=http://192.168.139.209/ +enabled=1 +priority=2 +gpgcheck=1 +gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler +``` + +### Related Commands of dnf + +The **dnf** command can automatically parse the dependency between packages during installation and upgrade. The common usage method is as follows: + +```shell +dnf +``` + +Common commands are as follows: + +- Installation + + Run the following command as the **root** user. + + ```shell + dnf install + ``` + +- Upgrade + + Run the following command as the **root** user. + + ```shell + dnf update + ``` + +- Rollback + + Run the following command as the **root** user. + + ```shell + dnf downgrade + ``` + +- Update check + + ```shell + dnf check-update + ``` + +- Uninstallation + + Run the following command as the **root** user. + + ```shell + dnf remove + ``` + +- Query + + ```shell + dnf search + ``` + +- Local installation + + Run the following command as the **root** user. + + ```shell + dnf localinstall + ``` + +- Historical records check + + ```shell + dnf history + ``` + +- Cache records clearing + + ```shell + dnf clean all + ``` + +- Cache update + + ```shell + dnf makecache + ``` diff --git a/docs/en/server/administration/administrator/configuring_the_web_server.md b/docs/en/server/administration/administrator/configuring_the_web_server.md new file mode 100644 index 0000000000000000000000000000000000000000..e138e9f40821137fe1a24dbbd6ee187d55f06789 --- /dev/null +++ b/docs/en/server/administration/administrator/configuring_the_web_server.md @@ -0,0 +1,500 @@ +# Configuring the Web Server + +## Apache Server + +### Overview + +World Wide Web \(Web\) is one of the most commonly used Internet protocols. At present, the web server in the Unix-Like system is mainly implemented through the Apache server software. To operate dynamic websites, LAMP \(Linux + Apache + MySQL + PHP\) is developed. Web services can be combined with multimedia such as text, graphics, images, and audio, and support information transmission through hyperlinks. + +The web server version in the openEuler system is Apache HTTP server 2.4, that is, httpd, which is an open-source web server developed by the Apache Software Foundation. + +### Managing httpd + +#### Overview + +You can use the systemctl tool to manage the httpd service, including starting, stopping, and restarting the service, and viewing the service status. This section describes how to manage the Apache HTTP service. + +#### Prerequisites + +- To use the Apache HTTP service, ensure that the rpm package of the httpd service has been installed in your system. Run the following command as the **root** user to install the rpm package: + + ```shell + dnf install httpd + ``` + + For more information about service management, see [Service Management](./service_management.md). + +- To start, stop, and restart the httpd service, you must have the root permission. + +#### Starting a Service + +- Run the following command to start and run the httpd service: + + ```shell + systemctl start httpd + ``` + +- If you want the httpd service to automatically start when the system starts, the command and output are as follows: + + ```shell + $ systemctl enable httpd + Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. + ``` + +> [!NOTE]NOTE +> If the running Apache HTTP server functions as a secure server, a password is required after the system is started. The password is an encrypted private SSL key. + +#### Stopping the Service + +- Run the following command to stop the httpd service: + + ```shell + systemctl stop httpd + ``` + +- If you want to prevent the service from automatically starting during system startup, the command and output are as follows: + + ```shell + $ systemctl disable httpd + Removed /etc/systemd/system/multi-user.target.wants/httpd.service. + ``` + +#### Restarting a Service + +You can restart the service in any of the following ways: + +- Restart the service by running the restart command: + + ```shell + systemctl restart httpd + ``` + + This command stops the ongoing httpd service and restarts it immediately. This command is generally used after a service is installed or when a dynamically loaded module \(such as PHP\) is removed. + +- Reload the configuration. + + ```shell + systemctl reload httpd + ``` + + This command causes the running httpd service to reload its configuration file. Any requests that are currently being processed will be interrupted, causing the client browser to display an error message or re-render some pages. + +- Re-load the configuration without affecting the activation request. + + ```shell + apachectl graceful + ``` + + This command causes the running httpd service to reload its configuration file. Any requests that are currently being processed will continue to use the old configuration file. + +#### Verifying the Service Status + +Check whether the httpd service is running. + +```shell +systemctl is-active httpd +``` + +If active is displayed in the command output, the service is running. + +### Configuration File Description + +After the httpd service is started, it reads the configuration file shown in [Table 1](#table24341012096) by default. + +**Table 1** Configuration file description + + + + + + + + + + + + + +

File

+

Description

+

/etc/httpd/conf/httpd.conf

+

Main configuration files.

+

/etc/httpd/conf.d

+

Secondary directory of configuration files, which are also contained in the main configuration file.

+

The secondary directory of a configuration file is contained in the main configuration file.

+
+ +Although the default configuration can be used in most cases, you need to be familiar with some important configuration items. After the configuration file is modified, run the following command as the **root** user to check the syntax errors that may occur in the configuration file: + +```shell +apachectl configtest +``` + +If the following information is displayed, the syntax of the configuration file is correct: + +```text +Syntax OK +``` + +> [!NOTE]NOTE +> +> - Before modifying the configuration file, back up the original file so that the configuration file can be quickly restored if a fault occurs. +> - The modified configuration file takes effect only after the web service is restarted. + +### Management Module and SSL + +#### Overview + +The httpd service is a modular application that is distributed with many Dynamic Shared Objects \(DSOs\). DSOs can be dynamically loaded or unloaded when running if necessary. These modules are located in the /usr/lib64/httpd/modules/ directory of the server operating system. This section describes how to load and write a module. + +#### Loading a Module + +To load a special DSO module, you can use the load module indication in the configuration file. The modules provided by the independent software package have their own configuration files in the /etc/httpd/conf.modules.d directory. + +For example, to load the asis DSO module, perform the following steps: + +1. In the **/etc/httpd/conf.modules.d/00-optional.conf** file, uncomment the following configuration line as the **root** user: + + ```conf + LoadModule asis_module modules/mod_asis.so + ``` + +2. After the loading is complete, restart the httpd service as the **root** user to reload the configuration file. + + ```shell + systemctl restart httpd + ``` + +3. After the loading is complete, run the httpd -M command as the **root** user to check whether the asis DSO module is loaded. + + ```shell + httpd -M | grep asis + ``` + + If the following information is displayed, the asis DSO module is successfully loaded: + + ```text + asis_module (shared) + ``` + +> [!NOTE]NOTE +> **Common httpd commands** +> +> - httpd -v: views the httpd version number. +> - httpd -l: views the static modules compiled into the httpd program. +> - httpd -M: views the static modules and loaded dynamic modules that have been compiled into the httpd program. + +#### Introduction to SSL + +Secure Sockets Layer \(SSL\) is an encryption protocol that allows secure communication between the server and client. The Transport Layer Security \(TLS\) protocol ensures security and data integrity for network communication. openEuler supports Mozilla Network Security Services \(NSS\) as the security protocol TLS. To load the SSL, perform the following steps: + +1. Install the **mod\_ssl** RPM package as the **root** user. + + ```shell + dnf install mod_ssl + ``` + +2. After the loading is complete, restart the httpd service as the **root** user to reload the configuration file. + + ```shell + systemctl restart httpd + ``` + +3. After the loading is complete, run the **httpd -M** command as the **root** user to check whether the SSL is loaded. + + ```shell + httpd -M | grep ssl + ``` + + If the following information is displayed, the SSL has been loaded successfully. + + ```text + ssl_module (shared) + ``` + +### Verifying Whether the Web Service Is Successfully Set Up + +After the web server is set up, perform the following operations to check whether the web server is set up successfully: + +1. Run the following command as the **root** user to check the IP address of the server: + + ```shell + ip a + ``` + +2. Configure the firewall as the **root** user. + + ```shell + $ firewall-cmd --add-service=http --permanent + success + # firewall-cmd --reload + success + ``` + +3. Verify whether the web server is successfully set up. You can select the Linux or Windows operating system for verification. + - Using the Linux OS + + Run the following command to check whether the web page can be accessed. If the service is successfully set up, the web page can be accessed. + + ```shell + curl http://192.168.1.60 + ``` + + Run the following command to check whether the command output is 0. If the command output is 0, the httpd server is successfully set up. + + ```shell + echo $? + ``` + + - Using the Windows OS + + Open the browser and enter the following address in the address box. If the web page can be accessed, the httpd server is successfully set up. + + + + If the port number is changed, enter the address in the following format: + + + +## Nginx Server + +### Overview + +Nginx is a lightweight web server which also acts as a reverse proxy server and email \(IMAP/POP3\) proxy server. It features low memory usage and strong concurrency capability. Nginx supports FastCGI, SSL, virtual hosts, URL rewrite, Gzip, and extension of many third-party modules. + +### Installing Nginx + +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring_the_repo_server.md). +2. Clear the cache. + + ```shell + dnf clean all + ``` + +3. Create a cache. + + ```shell + dnf makecache + ``` + +4. Install the Nginx server as the **root** user. + + ```shell + dnf install nginx + ``` + +5. Check the installed RPM package. + + ```shell + dnf list all | grep nginx + ``` + +### Managing Nginx + +#### Overview + +You can use the systemctl tool to manage the Nginx service, including starting, stopping, and restarting the service, and viewing the service status. This section describes how to manage the Nginx service. + +#### Prerequisites + +- Ensure that the Nginx service has been installed. If not, install it by referring to [Installing Nginx](#installing-nginx). + + For more information about service management, see [Service Management](service_management.md). + +- To start, stop, and restart the Nginx service, you must have the **root** permission. + +#### Starting a Service + +- Run the following command to start and run the Nginx service: + + ```shell + systemctl start nginx + ``` + +- If you want the Nginx service to automatically start when the system starts, the command and output are as follows: + + ```shell + $ systemctl enable nginx + Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service. + ``` + +> [!NOTE]NOTE +> If the running Nginx server functions as a secure server, a password is required after the system is started. The password is an encrypted private SSL key. + +#### Stopping the Service + +- Run the following command to stop the Nginx service: + + ```shell + systemctl stop nginx + ``` + +- If you want to prevent the service from automatically starting during system startup, the command and output are as follows: + + ```shell + $ systemctl disable nginx + Removed /etc/systemd/system/multi-user.target.wants/nginx.service. + ``` + +#### Restarting a Service + +You can restart the service in any of the following ways: + +- Restart the service. + + ```shell + systemctl restart nginx + ``` + + This command stops the ongoing Nginx service and restarts it immediately. This command is generally used after a service is installed or when a dynamically loaded module \(such as PHP\) is removed. + +- Reload the configuration. + + ```shell + systemctl reload nginx + ``` + + This command causes the running Nginx service to reload its configuration file. Any requests that are currently being processed will be interrupted, causing the client browser to display an error message or re-render some pages. + +- Smoothly restart Nginx. + + ```shell + kill -HUP PID + ``` + + This command causes the running Nginx service to reload its configuration file. Any requests that are currently being processed will continue to use the old configuration file. + +#### Verifying the Service Status + +Check whether the Nginx service is running. + +```shell +systemctl is-active nginx +``` + +If **active** is displayed in the command output, the service is running. + +### Configuration File Description + +After the Nginx service is started, it reads the configuration file shown in [Table 2](#table24341012096) by default. + +**Table 2** Configuration file description + + + + + + + + + + + + + +

File

+

Description

+

/etc/nginx/nginx.conf

+

Main configuration files.

+

/etc/nginx/conf.d

+

Secondary directory of configuration files, which are also contained in the main configuration file.

+

The secondary directory of a configuration file is contained in the main configuration file.

+
+ +Although the default configuration can be used in most cases, you need to be familiar with some important configuration items. After the configuration file is modified, run the following command as the **root** user to check the syntax errors that may occur in the configuration file: + +```shell +nginx -t +``` + +If the command output contains **syntax is ok**, the syntax of the configuration file is correct. + +> [!NOTE]NOTE +> +> - Before modifying the configuration file, back up the original file so that the configuration file can be quickly restored if a fault occurs. +> - The modified configuration file takes effect only after the web service is restarted. + +### Management Modules + +#### Overview + +The Nginx service is a modular application that is distributed with many Dynamic Shared Objects \(DSOs\). DSOs can be dynamically loaded or unloaded when running if necessary. These modules are located in the **/usr/lib64/nginx/modules/** directory of the server operating system. This section describes how to load and write a module. + +#### Loading a Module + +To load a special DSO module, you can use the load module indication in the configuration file. Generally, the modules provided by independent software packages have their own configuration files in the **/usr/share/nginx/modules** directory. + +The DSO is automatically loaded when the **dnf install nginx** command is used to install the Nginx in the openEuler operating system. + +### Verifying Whether the Web Service Is Successfully Set Up + +After the web server is set up, perform the following operations to check whether the web server is set up successfully: + +1. Run the following command as the **root** user to check the IP address of the server: + + ```shell + ip a + ``` + + If the following information is displayed, the IP address of the server is **192.168.1.60**. + + ```text + enp3s0: flags=4163 mtu 1500 + inet 192.168.1.60 netmask 255.255.255.0 broadcast 192.168.1.255 + inet6 fe80::5054:ff:fe95:499f prefixlen 64 scopeid 0x20 + ether 52:54:00:95:49:9f txqueuelen 1000 (Ethernet) + RX packets 150713207 bytes 49333673733 (45.9 GiB) + RX errors 0 dropped 43 overruns 0 frame 0 + TX packets 2246438 bytes 203186675 (193.7 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + + enp4s0: flags=4163 mtu 1500 + ether 52:54:00:7d:80:9e txqueuelen 1000 (Ethernet) + RX packets 149937274 bytes 44652889185 (41.5 GiB) + RX errors 0 dropped 1102561 overruns 0 frame 0 + TX packets 0 bytes 0 (0.0 B) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + + lo: flags=73 mtu 65536 + inet 127.0.0.1 netmask 255.0.0.0 + inet6 ::1 prefixlen 128 scopeid 0x10 + loop txqueuelen 1000 (Local Loopback) + RX packets 37096 bytes 3447369 (3.2 MiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 37096 bytes 3447369 (3.2 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + ``` + +2. Configure the firewall as the **root** user. + + ```shell + $ firewall-cmd --add-service=http --permanent + success + # firewall-cmd --reload + success + ``` + +3. Verify whether the web server is successfully set up. You can select the Linux or Windows operating system for verification. + - Using the Linux OS + + Run the following command to check whether the web page can be accessed. If the service is successfully set up, the web page can be accessed. + + ```shell + curl http://192.168.1.60 + ``` + + Run the following command to check whether the command output is **0**. If the command output is **0**, the Nginx server is successfully set up. + + ```shell + echo $? + ``` + + - Using the Windows OS + + Open the browser and enter the following address in the address box. If the web page can be accessed, the Nginx server is successfully set up. + + + + If the port number is changed, enter the address in the following format: + + diff --git a/docs/en/server/administration/administrator/figures/1665628542704.png b/docs/en/server/administration/administrator/figures/1665628542704.png new file mode 100644 index 0000000000000000000000000000000000000000..58907e0ed31c79b260be80480d4fd4c27e4e2e24 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/1665628542704.png differ diff --git a/docs/en/server/administration/administrator/figures/AT_CHECK_Process.png b/docs/en/server/administration/administrator/figures/AT_CHECK_Process.png new file mode 100644 index 0000000000000000000000000000000000000000..f32d5af3a31c740febf1a4783a1dd0daafacb0df Binary files /dev/null and b/docs/en/server/administration/administrator/figures/AT_CHECK_Process.png differ diff --git a/docs/en/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/en/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/en/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png differ diff --git a/docs/en/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/en/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/en/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png differ diff --git a/docs/en/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/en/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png new file mode 100644 index 0000000000000000000000000000000000000000..c8f54fe96648f0c012462073a8cd118fd552483c Binary files /dev/null and b/docs/en/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png differ diff --git a/docs/en/server/administration/administrator/figures/RA-arch-1.png b/docs/en/server/administration/administrator/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..bc55e411637b825b0ce44a7efca08f7e52e0fa70 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/RA-arch-1.png differ diff --git a/docs/en/server/administration/administrator/figures/RA-arch-2.png b/docs/en/server/administration/administrator/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7effbaf881ffe42823142561b9135237989d7153 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/RA-arch-2.png differ diff --git a/docs/en/server/administration/administrator/figures/TPCM.png b/docs/en/server/administration/administrator/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..290bdb3471b46dca3e9f0c0907c3855367bd5b65 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/TPCM.png differ diff --git a/docs/en/server/administration/administrator/figures/creat_datadisk.png b/docs/en/server/administration/administrator/figures/creat_datadisk.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/creat_datadisk.png differ diff --git a/docs/en/server/administration/administrator/figures/creat_datadisk1.png b/docs/en/server/administration/administrator/figures/creat_datadisk1.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/creat_datadisk1.png differ diff --git a/docs/en/server/administration/administrator/figures/dim_architecture.jpg b/docs/en/server/administration/administrator/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a1e672d01dd7174c6f631bc0443cea5717a27bfb Binary files /dev/null and b/docs/en/server/administration/administrator/figures/dim_architecture.jpg differ diff --git a/docs/en/server/administration/administrator/figures/etmem-system-architecture.png b/docs/en/server/administration/administrator/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/etmem-system-architecture.png differ diff --git a/docs/en/server/administration/administrator/figures/ima_digest_list_update.png b/docs/en/server/administration/administrator/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/ima_digest_list_update.png differ diff --git a/docs/en/server/administration/administrator/figures/ima_performance.gif b/docs/en/server/administration/administrator/figures/ima_performance.gif new file mode 100644 index 0000000000000000000000000000000000000000..72fad8a8333f7357c64a160c1d1c174c31201eaa Binary files /dev/null and b/docs/en/server/administration/administrator/figures/ima_performance.gif differ diff --git a/docs/en/server/administration/administrator/figures/ima_verification.png b/docs/en/server/administration/administrator/figures/ima_verification.png new file mode 100644 index 0000000000000000000000000000000000000000..d022b9d4ea08d4af386c7b76ca28115ad90e5451 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/ima_verification.png differ diff --git a/docs/en/server/administration/administrator/figures/logical_architectureofMariaDB.png b/docs/en/server/administration/administrator/figures/logical_architectureofMariaDB.png new file mode 100644 index 0000000000000000000000000000000000000000..8caa189a6fbf37bf4e9fd863c2ebb24e25547789 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/logical_architectureofMariaDB.png differ diff --git a/docs/en/server/administration/administrator/figures/login.png b/docs/en/server/administration/administrator/figures/login.png new file mode 100644 index 0000000000000000000000000000000000000000..d15c2cad98fba16320d587f3c7b0c80f435c5d3a Binary files /dev/null and b/docs/en/server/administration/administrator/figures/login.png differ diff --git a/docs/en/server/administration/administrator/figures/nginx_deployed_success.png b/docs/en/server/administration/administrator/figures/nginx_deployed_success.png new file mode 100644 index 0000000000000000000000000000000000000000..9ffb2c142defbd690e5407659116bf8e5582ba73 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/nginx_deployed_success.png differ diff --git a/docs/en/server/administration/administrator/figures/nginx_start_failed.png b/docs/en/server/administration/administrator/figures/nginx_start_failed.png new file mode 100644 index 0000000000000000000000000000000000000000..c8b855453433796265de42d7ffd0189c7ff9be2b Binary files /dev/null and b/docs/en/server/administration/administrator/figures/nginx_start_failed.png differ diff --git a/docs/en/server/administration/administrator/figures/nginx_start_success.png b/docs/en/server/administration/administrator/figures/nginx_start_success.png new file mode 100644 index 0000000000000000000000000000000000000000..bc6929772fd98fac3494b4436f26910b09818cb7 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/nginx_start_success.png differ diff --git a/docs/en/server/administration/administrator/figures/postgres.png b/docs/en/server/administration/administrator/figures/postgres.png new file mode 100644 index 0000000000000000000000000000000000000000..e7fc36882718587ec949133fe9892185cb4c2158 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/postgres.png differ diff --git a/docs/en/server/administration/administrator/figures/postgresql-architecture.png b/docs/en/server/administration/administrator/figures/postgresql-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..f780ad9cb56378e7baa3497da68ca1610a6dfadb Binary files /dev/null and b/docs/en/server/administration/administrator/figures/postgresql-architecture.png differ diff --git a/docs/en/server/administration/administrator/figures/root_of_trust_framework.png b/docs/en/server/administration/administrator/figures/root_of_trust_framework.png new file mode 100644 index 0000000000000000000000000000000000000000..354b40fa4c4f0ed6f7312e0ce3848ed42155732e Binary files /dev/null and b/docs/en/server/administration/administrator/figures/root_of_trust_framework.png differ diff --git a/docs/en/server/administration/administrator/figures/top_display.png b/docs/en/server/administration/administrator/figures/top_display.png new file mode 100644 index 0000000000000000000000000000000000000000..2d77d3dc2934763b5da896a827b9805da34d1c09 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/top_display.png differ diff --git a/docs/en/server/administration/administrator/figures/trusted_chain.png b/docs/en/server/administration/administrator/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/en/server/administration/administrator/figures/trusted_chain.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0229622729.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0229622729.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0229622729.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0229622789.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0229622789.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0229622789.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0230050789.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0230050789.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143176.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143176.png new file mode 100644 index 0000000000000000000000000000000000000000..300165189e6d3e8fa356f3d463cfc627c2ece0e2 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143176.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143177.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143177.png new file mode 100644 index 0000000000000000000000000000000000000000..ccafce4b0c58a4da0a9f7aece335ede24e5030c0 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143177.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143178.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143178.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143178.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143180.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143180.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143180.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143181.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143181.png new file mode 100644 index 0000000000000000000000000000000000000000..d3698e6c0e021a56be46b9f4944c858a425eb66c Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143181.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143183.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143183.png new file mode 100644 index 0000000000000000000000000000000000000000..55ffdfa2616ee259543c1539e46c3e05f9335354 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143183.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143185.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143185.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143185.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143187.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143187.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143187.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143189.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143189.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143191.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143191.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143193.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143193.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143195.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143195.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143196.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143196.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143197.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143197.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231143198.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231143198.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231563132.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563132.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231563134.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563134.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231563135.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563135.png differ diff --git a/docs/en/server/administration/administrator/figures/zh-cn_image_0231563136.png b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/en/server/administration/administrator/figures/zh-cn_image_0231563136.png differ diff --git a/docs/en/server/administration/administrator/process_management.md b/docs/en/server/administration/administrator/process_management.md new file mode 100644 index 0000000000000000000000000000000000000000..f9015da0f6e8f8351ac81a3936e158762b043a69 --- /dev/null +++ b/docs/en/server/administration/administrator/process_management.md @@ -0,0 +1,335 @@ +# Process Management + +The operating system (OS) manages multiple user requests and tasks. In most cases, the OS comes with only one CPU and one main memory, but multiple tier-2 disks and input/output \(I/O\) devices. Therefore, users have to share resources, but it appears to users that they are exclusively occupying resources. The OS places user tasks, OS tasks, mailing, print tasks, and other pending tasks in a queue and schedules the tasks according to predefined rules. This topic describes how the OS manages processes. + +## Viewing Processes + +Linux is a multi-task system and needs to get process information during process management. To manage processes, you need to know the number of processes and their statuses. Multiple commands are available to view processes. + +### who Command + +The `who` command is used to display system user information. For example, before running the `talk` command to establish instant communication with another user, you need to run the `who` command to determine whether the target user is online. In another example, the system administrator can run the `who` command to learn what each login user is doing at the current time. The `who` command is widely seen in system administration since it is easy to use and can return a comprehensive set of accurate user information. + +The following is an example output of the `who` command, where system users and their status are displayed: The use of the `who` command is as follows: + +```shell +$ who +admin tty1 Jul 28 15:55 +admin pts/0 Aug 5 15:46 (192.168.0.110) +admin pts/2 Jul 29 19:52 (192.168.0.110) +root pts/3 Jul 30 12:07 (192.168.0.110) +root pts/4 Jul 31 10:29 (192.168.0.144) +root pts/5 Jul 31 14:52 (192.168.0.11) +root pts/6 Aug 6 10:12 (192.168.0.234) +root pts/8 Aug 6 11:34 (192.168.0.234) +``` + +### ps Command + +The **ps** command is the most basic and powerful command to view process information. The ps command is used to display process information, including which processes are running, terminated, resource-hungry, or stay as zombies. + +The `ps` command is the most basic and powerful command to view process information, including which processes are running, terminated, resource-hungry, or stay as zombies. + +A common scenario is to monitor background processes, which do not interact with your screen, keyboard, and other I/O devices. [Table 1](#en-us_topic_0151921029_t34619d964a3d41ad8694189ec383359c) lists the common `ps` command options. + +**Table 1** Common ps command options + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Option

+

Description

+

-e

+

Displays all processes.

+

-f

+

Full output format.

+

-h

+

Hides column headings in the process information.

+

-l

+

Long output format.

+

-w

+

Wide output format.

+

-a

+

Lists all processes on a terminal, including those of other users.

+

-r

+

Lists only running processes.

+

-x

+

Lists all processes without control terminals.

+
+ +For example, to list all processes on a terminal, run the following command: + +```shell +$ ps -a + PID TTY TIME CMD +12175 pts/6 00:00:00 bash +24526 pts/0 00:00:00 vsftpd +29478 pts/5 00:00:00 ps +32461 pts/0 1-01:58:33 sh +``` + +### top Command + +Both the `top` and `ps` commands can display a list of currently running processes, but the `top` command allows you to update the displayed list of processes by pressing a button repeatedly. If the `top` command is executed in foreground, it exclusively occupies foreground until it is terminated. The `top` command provides real-time visibility into system processor status. You can sort the list of CPU tasks by CPU usage, memory usage, or task execution time. Extensive display customization, such as choosing the columns or sorting method, can be achieved using interactive commands or the customization file. + +[Figure 1](#en-us_topic_0151921029_f289234fcdbac453796200d80e9889cd1) provides an example output of the `top` command. + +**Figure 1** Example command output +![](./figures/top_display.png) + +### kill Command + +The `kill` command is used to terminate a process regardless of whether the process is running in foreground or background. It differs from the combo key **Ctrl+C**, which can terminate only foreground processes. The reason for terminating a background process can be heavy use of CPU resources or deadlock. + +The `kill` command sends a signal to terminate running processes. By default, the `TERM` signal is used, terminating all processes incapable of capturing it. To terminate a process capable of capturing the `TERM` signal, use the `KILL` signal \(signal ID: 9\) instead. + +Two types of syntax of the `kill` command: + +```shell +kill [-s signal | -p] [-a] PID... +kill -l [signal] +``` + +The process ID can be retrieved by running the `ps` command. The `-s` option indicates the signal sent to the specified program. The signal details can be viewed by running the `kill -l` command. The `-p` option indicates the specified process ID. + +For example, to terminate the process whose ID is 1409, run the following command as the **root** user: + +```shell +kill -9 1409 +``` + +Example output of the `kill` command with the `-l` option + +```shell +$ kill -l + 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP + 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 +11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM +16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP +21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ +26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR +31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 +38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 +43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 +48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 +53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 +58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 +63) SIGRTMAX-1 64) SIGRTMAX +``` + +## Scheduling a Process + +The time-consuming and resource-demanding part of maintenance work is often performed at late night. You can schedule relevant processes to get started at the scheduled time instead of staying up all night. The following describes the process scheduling commands. + +### Using the at Command to Run Processes at the Scheduled Time + +#### Function + +The `at` command is used to run a batch of processes \(a series of commands\) at the scheduled time or time and date. + +Syntax of the `at` command: + +```shell +at [-V] [-q queue] [-f filename] [-mldbv] time +at -c job [job...] +``` + +#### Time Format + +The scheduled time can be in any of the following formats: + +- _hh:mm_ today: If _hh:mm_ is earlier than the current time, the selected commands will be run at _hh:mm_ the next day. +- midnight, noon, teatime \(typically at 16:00\), or the like +- 12-hour format followed by am or pm +- Time + date \(_month day_, _mm/dd/yy_, or _dd.mm.yy_\). The scheduled date must follow the scheduled time. + +The scheduled time can also be relative time, which is suitable for scheduling commands that are going to be executed soon. For example, now+_N_ minutes, hours, days, or weeks. _N_ indicates the specified time, which may be a few days or hours. Further, the scheduled time can be words like today, tomorrow, or the like. Here are some examples of the scheduled time. + +Assume that the current time is 12:30 June 7 2019 and you want to run a command at 4:30 pm. The time scheduled by the `at` command can be any of the following: + +```shell + at 4:30pm + at 16:30 + at 16:30 today + at now+4 hours + at now+ 240 minutes + at 16:30 7.6.19 + at 16:30 6/7/19 + at 16:30 Jun 7 +``` + +Although you can select any of the preceding examples according to your preference, absolute time in 24-hour format, such as `at 16:30 6/7/19`, is recommended. + +#### Privileges + +Only commands from standard input or from the file specified by the **-f** option can be scheduled by the `at` command. If the `su` command is executed to switch the OS from user A to user B and then the `at` command is executed at the shell prompt of user B, the `at` command execution result is sent to user B, whereas emails \(if any\) are sent to user A. + +For example, to run the `slocate -u` command at 10 am on June 8, 2019, run the following commands as the **root** user: + +```shell +$ at 10:00 6/8/19 +at> slocate -u +at> +[1]+ Stopped at 10:00 6/8/19 +``` + +When the **at\>** prompt appears, type `slocate -u` and press **Enter**. Repeat the step to add other commands that need to be run at 10 am on 8 June 2019. Then, press **Ctrl+D** to exit the `at` command. + +The administrator is authorized to run the `at` command unconditionally. For other users, their privileges to run the `at` command is defined in the **/etc/at.allow** and **/etc/at.deny** files. + +### Using the cron Service to Run Commands Periodically + +The `at` command can run commands at the scheduled time, but only once. It means that after the commands to be run is specified, the system completes the task at the specified time. If you need to run the commands repeatedly, the **cron** service is a good choice. + +#### Cron Service + +The **cron** service searches the **/var/spool/cron** directory for the **crontab** files named by the user name in the **/etc/passwd** file and loads the search results into memory to execute the commands in the **crontab** files. Each user has a **crontab** file with the same name as the user name. For example, the **crontab** file of the **userexample** user is **/var/spool/cron/userexample**. + +The **cron** service also reads the cron configuration file **/etc/crontab** every minute, which can be edited in various formats. If no **crontab** files are found, the **cron** service enters sleep mode and releases system resources. One minute later, the **cron** service is waken up to repeat the search work and command execution. Therefore, the background process occupies few resources and is wakened up every minute to check whether there are commands to be executed. + +Command execution results are then mailed to users specified by the environment variable `MAILTO` in the **/etc/crontab** file. The **cron** service, once started, does not require manual intervention except when you need to replace the scheduled commands with new ones. + +#### crontab Command + +The `crontab` command is used to install, edit, remove, list, and perform other operations on **crontab** files. Each user has its own **crontab** files and can add commands to be executed to the files. + +Here are common `crontab` command options: + +- crontab -u //Set the **cron** service of a user. This option is required only when the `crontab` command is run by the **root** user. +- crontab -l //List details about the **cron** service of a user. +- crontab -r //Remove the **cron** service of a user. +- crontab -e //Edit the **cron** service of a user. + +For example, to list the **cron** service settings of the **root** user, run the following command: + +```shell +crontab -u root -l +``` + +#### crontab Files + +Enter the commands to be executed and their scheduled time in **crontab** files. Each line in the files contains six fields. The first five fields are the time when the specified command is executed, and the last field is the command to be executed. Fields are separated by spaces or tabs. The format is as follows: + +```shell +minute hour day-of-month month-of-year day-of-week commands +``` + +[Table 2](#en-us_topic_0151921016_t7d97d1204fe249d7ae0a87b4cf9a9353) describes the fields in each line. + +**Table 2** Parameter description + + + + + + + + + + + + + + + + + + + + + + + + + +

Parameter

+

Description

+

minute

+

The minute of the hour at which commands will be executed. Value range: 0-59.

+

hour

+

The hour of the day at which scheduled commands will be executed. Value range: 0-23.

+

day-of-month

+

The day of the month on which scheduled commands will be executed. Value range: 1-31.

+

month-of-year

+

The month of the year in which scheduled commands will be executed. Value range: 1-12.

+

day-of-week

+

The day of the week on which scheduled commands will be executed. Value range: 0-6.

+

commands

+

Scheduled commands.

+
+ +The fields cannot be left unspecified. In addition to numerical values, the following special characters are allowed: asterisk \(\*\), indicating a wildcard value; forward slash \(/\), followed by a numeral value _N_ to indicate that commands will be executed at a regular interval of _N_; hyphen \(-\), used with a range; and comma \(,\), used to separate discrete values. A complete path to the commands must be provided. + +For example, to allow the OS to add **sleepy** to the **/tmp/test.txt** file every two hours from 18 pm to 22 pm, add the following line to a **crontab** file: + +```shell +* 18-22/2 * * * echo "sleepy" >> /tmp/test.txt +``` + +Each time the **cron** service settings of a user are edited, the **cron** service generates a **crontab** file with the same name as the user in the **/var/spool/cron directory**. The **crontab** file can be edited only using the `crontab -e` command. Alternatively, the user can create a file and run the `crontab _filename_` command to import its **cron** settings to the new file. + +For example, to create a **crontab** file for the **userexample** user, perform the following steps: + +1. Create a file using any text editor. Add the commands that need to be executed periodically and the command execution interval to the new file. In this example, the new file is **\~/userexample.cron**. +2. Run the following command as the **root** user to install the new file as the **crontab** file of the **userexample** user: + + ```shell + crontab -u userexample ~/userexample.cron + ``` + +After the new file is installed, you will find a file named **userexample** in the **/var/spool/cron** directory. This file is the required **crontab** file. + +> [!NOTE]NOTE +> Do not restart the **cron** service after a **crontab** file is modified, because the **cron** service, once started, reads the **crontab** file every minute to check whether there are commands that need to be executed periodically. + +#### /etc/crontab File + +The **cron** service reads all files in the **/var/spool/cron** directory and the **/etc/crontab** file every minute. Therefore, you can use the **cron** service by configuring the **/etc/crontab** file. A **crontab** file contains user-specific commands, whereas the **/etc/crontab** file contains system-wide commands. The following is an example of the **/etc/crontab** file. + +```text +SHELL=/bin/sh +PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin +MAILTO=root //If an error occurs or data is output, the data is sent to the account by email. +HOME=/ +# run-parts +01 * * * * root run-parts /etc/cron.hourly //Run scripts in the /etc/cron.hourly directory once an hour. +02 4 * * * root run-parts /etc/cron.daily //Run scripts in the /etc/cron.daily directory once a day. +22 4 * * 0 root run-parts /etc/cron.weekly //Run scripts in the /etc/cron.weekly directory once a week. +42 4 1 * * root run-parts /etc/cron.monthly //Run scripts in the /etc/cron.monthly directory once a month. +``` + +> [!NOTE]NOTE +> If the **run-parts** parameter is deleted, a script name instead of a directory name is used. + +## Suspending/Resuming a Process + +A process can be suspended or resumed by job control, and the process will continue to work from the suspended point after being resumed. To suspend a foreground process, press **Ctrl+Z**. After you press **Ctrl+Z**, the `cat` command is suspended together with the foreground process you want to suspend. You can use the `jobs` command instead to display a list of shell jobs, including their names, IDs, and status. + +To resume a process in foreground or background, run the `fg` or `bg` command, respectively. The process then starts from where it was suspended previously. diff --git a/docs/en/server/administration/administrator/public_sys-resources/icon-caution.gif b/docs/en/server/administration/administrator/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/administration/administrator/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/administration/administrator/public_sys-resources/icon-danger.gif b/docs/en/server/administration/administrator/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/administration/administrator/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/administration/administrator/public_sys-resources/icon-note.gif b/docs/en/server/administration/administrator/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/administration/administrator/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/administration/administrator/public_sys-resources/icon-notice.gif b/docs/en/server/administration/administrator/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/administration/administrator/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/administration/administrator/public_sys-resources/icon-tip.gif b/docs/en/server/administration/administrator/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/administration/administrator/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/administration/administrator/public_sys-resources/icon-warning.gif b/docs/en/server/administration/administrator/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/administration/administrator/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/administration/administrator/service_management.md b/docs/en/server/administration/administrator/service_management.md new file mode 100644 index 0000000000000000000000000000000000000000..9a1b352c53c1bcc6110ae7abd0ca7cddd2f4865d --- /dev/null +++ b/docs/en/server/administration/administrator/service_management.md @@ -0,0 +1,807 @@ +# Service Management + +This topic describes how to manage your operating system and services using the systemd. + +## Introduction to systemd + +The systemd is a system and service manager for Linux operating systems. It is designed to be backward compatible with SysV and LSB init scripts, and provides a number of features such as Socket & D-Bus based activation of services, on-demand activation of daemons, system state snapshots, and mount & automount point management. With systemd, the service control logic and parallelization are refined. + +### Systemd Units + +In systemd, the targets of most actions are units, which are resources systemd know how to manage. Units are categorized by the type of resources they represent and defined in unit configuration files. For example, the avahi.service unit represents the Avahi daemon and is defined in the **avahi.service** file. [Table 1](#en-us_topic_0151921012_t2dcb6d973cc249ed9ccd56729751ca6b) lists available types of systemd units. + +**Table 1** Available types of systemd units + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Unit Type

+

File Extension

+

Description

+

Service unit

+

.service

+

A system service.

+

Target unit

+

.target

+

A group of systemd units.

+

Automount unit

+

.automount

+

A file system automount point.

+

Device unit

+

.device

+

A device file recognized by the kernel.

+

Mount unit

+

.mount

+

A file system mount point.

+

Path unit

+

.path

+

A file or directory in a file system.

+

Scope unit

+

.scope

+

An externally created process.

+

Slice unit

+

.slice

+

A group of hierarchically organized units that manage system processes.

+

Socket unit

+

.socket

+

An inter-process communication socket.

+

Swap unit

+

.swap

+

A swap device or a swap file.

+

Timer unit

+

.timer

+

A systemd timer.

+
+ +All available types of systemd units are located in one of the following directories listed in [Table 2](#en-us_topic_0151921012_t2523a0a9a0c54f9b849e52d1efa0160c). + +**Table 2** Locations of available systemd units + + + + + + + + + + + + + + + + +

Directory

+

Description

+

/usr/lib/systemd/system/

+

Systemd units distributed with installed RPM packages.

+

/run/systemd/system/

+

Systemd units created at runtime.

+

/etc/systemd/system/

+

Systemd units created and managed by the system administrator.

+
+ +## Features + +### Fast Activation + +The systemd provides more aggressive parallelization than UpStart. The use of Socket- and D-Bus based activation reduces the time required to boot the operating system. + +To accelerate system boot, systemd seeks to: + +- Activate only the necessary processes +- Activate as many processes as possible in parallel + +### On-Demand Activation + +During SysVinit initialization, it activates all the possible background service processes that might be used. Users can log in only after all these service processes are activated. The drawbacks in SysVinit are obvious: slow system boot and a waste of system resources. + +Some services may rarely or even never be used during system runtime. For example, CUPS, printing services are rarely used on most servers. SSHD is rarely accessed on many servers. It is unnecessary to spend time on starting these services and system resources. + +systemd can only be activated when a service is requested. If the service request is over, systemd stops. + +### Service Lifecycle Management by Cgroups + +An important role of an init system is to track and manage the lifecycle of services. It can start and stop a service. However, it is more difficult than you could ever imagine to encode an init system into stopping services. + +Service processes often run in background as daemons and sometimes fork twice. In UpStart, the expect stanza in the configuration file must be correctly configured. Otherwise, UpStart is unable to learn a daemon's PID by counting the number of forks. + +Things are made simpler with Cgroups, which have long been used to manage system resource quotas. The ease of use comes largely from its file-system-like user interface. When a parent service creates a child service, the latter inherits all attributes of the Cgroup to which the parent service belongs. This means that all relevant services are put into the same Cgroup. The systemd can find the PIDs of all relevant services simply by traversing their control group and then stop them one by one. + +### Mount and Automount Point Management + +In traditional Linux systems, users can use the **/etc/fstab** file to maintain fixed file system mount points. These mount points are automatically mounted during system startup. Once the startup is complete, these mount points are available. These mount points are file systems critical to system running, such as the **HOME** directory. Like SysVinit, systemd manages these mount points so that they can be automatically mounted at system startup. systemd is also compatible with the **/etc/fstab** file. You can continue to use this file to manage mount points. + +There are times when you need to mount or unmount on demand. For example, a temporary mounting point is required for you to access the DVD content, and the mounting point is canceled \(using the **umount** command\) if you no longer need to access the content, thereby saving resources. This is traditionally achieved using the autofs service. + +The systemd allows automatic mount without a need to install autofs. + +### Transactional Dependency Management + +System boot involves a host of separate jobs, some of which may be dependent on each other. For example, a network file system \(NFS\) can be mounted only after network connectivity is activated. The systemd can run a large number of dependent jobs in parallel, but not all of them. Looking back to the NFS example, it is impossible to mount NFS and activate network at the same time. Before running a job, systemd calculates its dependencies, creates a temporary transaction, and verifies that this transaction is consistent \(all relevant services can be activated without any dependency on each other\). + +### Compatibility with SysVinit Scripts + +Like UpStart, systemd introduces new configuration methods and has new requirements for application development. If you want to replace the currently running initialization system with systemd, systemd must be compatible with the existing program. It is difficult to modify all the service code in any Linux distribution in a short time for the purpose of using systemd. + +The systemd provides features compatible with SysVinit and LSB initscripts. You do not need to modify the existing services and processes in the system. This reduces the cost of migrating the system to systemd, making it possible for users to replace the existing initialization system with systemd. + +### System State Snapshots and System Restoration + +The systemd can be started on demand. Therefore, the running status of the system changes dynamically, and you cannot know the specific services that are running in the system. systemd snapshots enable the current system running status to be saved and restored. + +For example, if services A and B are running in the system, you can run the **systemd** command to create a snapshot for the current system running status. Then stop process A or make any other change to the system, for example, starting process C. After these changes, run the snapshot restoration command of systemd to restore the system to the point at which the snapshot was taken. That is, only services A and B are running. A possible application scenario is debugging. For example, when an exception occurs on the server, a user saves the current status as a snapshot for debugging, and then perform any operation, for example, stopping the service. After the debugging is complete, restore the snapshot. + +## Managing System Services + +The systemd provides the systemctl command to start, stop, restart, view, enable, and disable system services. + +### Comparison Between SysVinit and systemd Commands + +The **systemctl** command from the **systemd** command has the functions similar to the **SysVinit** command. Note that the **service** and **chkconfig** commands are supported in this version. For details, see [Table 3](#en-us_topic_0151920917_ta7039963b0c74b909b72c22cbc9f2e28). You are advised to manage system services by running the **systemctl** command. + +**Table 3** Comparison between SysVinit and systemd commands + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

SysVinit Command

+

systemd Command

+

Description

+

service network start

+

systemctl start network.service

+

Starts a service.

+

service network stop

+

systemctl stop network.service

+

Stops a service.

+

service network restart

+

systemctl restart network.service

+

Restarts a service.

+

service network reload

+

systemctl reload network.service

+

Reloads a configuration file without interrupting an operation.

+

service network condrestart

+

systemctl condrestart network.service

+

Restarts a service only if it is running.

+

service network status

+

systemctl status network.service

+

Checks the service running status.

+

chkconfig network on

+

systemctl enable network.service

+

Enables a service when the service activation time arrives or a trigger condition for enabling the service is met.

+

chkconfig network off

+

systemctl disable network.service

+

Disables a service when the service activation time arrives or a trigger condition for disabling the service is met.

+

chkconfig network

+

systemctl is-enabled network.service

+

Checks whether a service is enabled.

+

chkconfig --list

+

systemctl list-unit-files --type=service

+

Lists all services in each runlevel and checks whether they are enabled.

+

chkconfig network --list

+

ls /etc/systemd/system/*.wants/network.service

+

Lists the runlevels in which a service is enabled and those in which the service is disabled.

+

chkconfig network --add

+

systemctl daemon-reload

+

Used when you need to create a service file or change settings.

+
+ +### Listing Services + +To list all currently loaded services, run the following command: + +```shell +systemctl list-units --type service +``` + +To list all services regardless of whether they are loaded, run the following command \(with the `--all` option\): + +```shell +systemctl list-units --type service --all +``` + +Example list of all currently loaded services: + +```shell +$ systemctl list-units --type service +UNIT LOAD ACTIVE SUB DESCRIPTION +atd.service loaded active running Deferred execution scheduler +auditd.service loaded active running Security Auditing Service +avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack +chronyd.service loaded active running NTP client/server +crond.service loaded active running Command Scheduler +dbus.service loaded active running D-Bus System Message Bus +dracut-shutdown.service loaded active exited Restore /run/initramfs on shutdown +firewalld.service loaded active running firewalld - dynamic firewall daemon +getty@tty1.service loaded active running Getty on tty1 +gssproxy.service loaded active running GSSAPI Proxy Daemon +...... +``` + +### Displaying Service Status + +To display the status of a service, run the following command: + +```shell +systemctl status name.service +``` + +[Table 4](#en-us_topic_0151920917_t36cd267d69244ed39ae06bb117ed8e62) describes the parameters in the command output. + +**Table 4** Output parameters + + + + + + + + + + + + + + + + + + + +

Parameter

+

Description

+

Loaded

+

Information on whether the service has been loaded, the absolute path to the service file, and a note of whether the service is enabled.

+

Active

+

Information on whether the service is running and a time stamp.

+

Main PID

+

PID of the service.

+

CGroup

+

Additional information about related control groups.

+
+ +To verify whether a particular service is running, run the following command: + +```shell +systemctl is-active name.service +``` + +The output of the **is-active** command is as follows: + +**Table 5** Output of the is-active command + + + + + + + + + + + + + + + + + + + +

Status

+

Description

+

active(running)

+

One or more services are running in the system.

+

active(exited)

+

A service that ends properly after being executed only once. Currently, no program is running in the system. For example, the quotaon function is performed only when the program is started or mounted.

+

active(waiting)

+

The program needs to wait for other events to continue running. For example, the print queue service is being started, but it needs to be queued (print jobs) so that it can continue to wake up the printer service to perform the next print function.

+

inactive

+

The service is not running.

+
+ +Similarly, to determine whether a particular service is enabled, run the following command: + +```shell +systemctl is-enabled name.service +``` + +The output of the **is-enabled** command is as follows: + +**Table 6** Output of the is-enabled command + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status

+

Description

+

enabled

+

Has been permanently enabled through Alias= Alias, .wants/, or .requires/ soft link in the /etc/systemd/system/ directory.

+

enabled-runtime

+

Has been temporarily enabled through Alias= Alias, .wants/, or .requires/ soft link in the /run/systemd/system/ directory.

+

linked

+

Although the unit file is not in the standard unit directory, one or more soft links pointing to the unit file exist in the /etc/systemd/system/ permanent directory.

+

linked-runtime

+

Although the unit file is not in the standard unit directory, one or more soft links pointing to the unit file exist in the /run/systemd/system/ temporary directory.

+

masked

+

Has been masked permanently by the /etc/systemd/system/ directory (soft link to /dev/null). Therefore, the start operation fails.

+

masked-runtime

+

Has been masked temporarily by the /run/systemd/systemd/ directory (soft link to /dev/null). Therefore, the start operation fails.

+

static

+

Not enabled. There is no option available for the enable command in the [Install] section of the unit file.

+

indirect

+

Not enabled. But the list of values for the Also= option in the [Install] section of the unit file is not empty (that is, some units in the list may have been enabled), or the unit file has an alias soft link which is not in the Also= list. For a template unit, it indicates that an instance different from DefaultInstance= is enabled.

+

disabled

+

Not enabled. But the [Install] section of the unit file contains options available for the enable command.

+

generated

+

The unit file is dynamically generated by the unit generator. The generated unit file may not be directly enabled, but is implicitly enabled by the unit generator.

+

transient

+

The unit file is dynamically and temporarily generated by the runtime API. The temporary unit may not be enabled.

+

bad

+

The unit file is incorrect or other errors occur. is-enabled does not return this status, but displays an error message. The list-unit-files command may display this unit.

+
+ +For example, to display the status of gdm.service, run the **systemctl status gdm.service** command. + +```shell +# systemctl status gdm.service +gdm.service - GNOME Display Manager + Loaded: loaded (/usr/lib/systemd/system/gdm.service; enabled) + Active: active (running) since Thu 2013-10-17 17:31:23 CEST; 5min ago + Main PID: 1029 (gdm) + CGroup: /system.slice/gdm.service + ├─1029 /usr/sbin/gdm + ├─1037 /usr/libexec/gdm-simple-slave --display-id /org/gno... + └─1047 /usr/bin/Xorg :0 -background none -verbose -auth /r...Oct 17 17:31:23 localhost systemd[1]: Started GNOME Display Manager. +``` + +### Starting a Service + +To start a service, run the following command as the user **root**: + +```shell +systemctl start name.service +``` + +For example, to start the httpd service, run the following command: + +```shell +# systemctl start httpd.service +``` + +### Stopping a Service + +To stop a service, run the following command as the user **root**: + +```shell +systemctl stop name.service +``` + +For example, to stop the Bluetooth service, run the following command: + +```shell +# systemctl stop bluetooth.service +``` + +### Restarting a Service + +To restart a service, run the following command as the user **root**: + +```shell +systemctl restart name.service +``` + +This command stops the selected service in the current session and immediately starts it again. If the selected service is not running, this command starts it too. + +For example, to restart the Bluetooth service, run the following command: + +```shell +# systemctl restart bluetooth.service +``` + +### Enabling a Service + +To configure a service to start automatically at system boot time, run the following command as the user **root**: + +```shell +systemctl enable name.service +``` + +For example, to configure the httpd service to start automatically at system boot time, run the following command: + +```shell +# systemctl enable httpd.service +ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' +``` + +### Disabling a Service + +To prevent a service from starting automatically at system boot time, run the following command as the user **root**: + +```shell +systemctl disable name.service +``` + +For example, to prevent the Bluetooth service from starting automatically at system boot time, run the following command: + +```shell +# systemctl disable bluetooth.service +Removed /etc/systemd/system/bluetooth.target.wants/bluetooth.service. +Removed /etc/systemd/system/dbus-org.bluez.service. +``` + +## Changing a Runlevel + +### Targets and Runlevels + +In systemd, the concept of runlevels has been replaced with systemd targets to improve flexibility. For example, you can inherit an existing target and turn it into your own target by adding other services. [Table 7](#en-us_topic_0151920939_t9af92c282ad240ea9a79fb08d26e8181) provides a complete list of runlevels and their corresponding systemd targets. + +**Table 7** Mapping between runlevels and targets + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Runlevel

+

systemd Target

+

Description

+

0

+

runlevel0.target, poweroff.target

+

The operating system is powered off.

+

1, s, single

+

runlevel1.target, rescue.target

+

The operating system is in single user mode.

+

2, 4

+

runlevel2.target, runlevel4.target, multi-user.target

+

The operating system is in user-defined or domain-specific runlevel (by default, it is equivalent to runlevel 3).

+

3

+

runlevel3.target, multi-user.target

+

The operating system is in non-graphical multi-user mode, and can be accessed from multiple consoles or networks.

+

5

+

runlevel5.target, graphical.target

+

The operating system is in graphical multi-user mode. All the services running at level 3 can be accessed through graphical login.

+

6

+

runlevel6.target, reboot.target

+

The operating system is rebooted.

+

emergency

+

emergency.target

+

Emergency shell.

+
+ +### Viewing the Default Startup Target + +Run the following command to view the default startup target of the system: + +```shell +systemctl get-default +``` + +### Viewing All Startup Targets + +Run the following command to view all startup targets of the system: + +```shell +systemctl list-units --type=target +``` + +### Changing the Default Target + +To change the default target, run the following command as the user **root**: + +```shell +systemctl set-default name.target +``` + +### Changing the Current Target + +To change the current target, run the following command as the user **root**: + +```shell +systemctl isolate name.target +``` + +### Changing to Rescue Mode + +To change the operating system to rescue mode, run the following command as the user **root**: + +```shell +systemctl rescue +``` + +This command is similar to the **systemctl isolate rescue.target** command. After the command is executed, the following information is displayed on the serial port: + +```console +You are in rescue mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. +Give root password for maintenance +(or press Control-D to continue): +``` + +> [!NOTE]NOTE +> You need to restart the system to enter the normal mode from the rescue mode. + +### Changing to Emergency Mode + +To change the operating system to emergency mode, run the following command as the user **root**: + +```shell +systemctl emergency +``` + +This command is similar to the **systemctl isolate emergency.target** command. After the command is executed, the following information is displayed on the serial port: + +```console +You are in emergency mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. +Give root password for maintenance +(or press Control-D to continue): +``` + +> [!NOTE]NOTE +> You need to restart the system to enter the normal mode from the emergency mode. + +## Shutting Down, Suspending, and Hibernating the Operating System + +### systemctl Command + +The systemd uses the systemctl command instead of old Linux system management commands to shut down, restart, suspend, and hibernate the operating system. Although previous Linux system management commands are still available in systemd for compatibility reasons, you are advised to use **systemctl** when possible. The mapping relationship is shown in [Table 8](#en-us_topic_0151920964_t3daaaba6a03b4c36be9668efcdb61f3b). + +**Table 8** Mapping between old Linux system management commands and systemctl + + + + + + + + + + + + + + + + + + + + +

Linux Management Command

+

systemctl Command

+

Description

+

halt

+

systemctl halt

+

Shuts down the operating system.

+

poweroff

+

systemctl poweroff

+

Powers off the operating system.

+

reboot

+

systemctl reboot

+

Reboots the operating system.

+
+ +### Shutting Down the Operating System + +To shut down the system and power off the operating system, run the following command as the user **root**: + +```shell +systemctl poweroff +``` + +To shut down the operating system without powering it off, run the following command as the user **root**: + +```shell +systemctl halt +``` + +By default, running either of these commands causes systemd to send an informative message to all login users. To prevent systemd from sending this message, run this command with the **--no\-wall** option. The command is as follows: + +```shell +systemctl --no-wall poweroff +``` + +### Restarting the Operating System + +To restart the operating system, run the following command as the user **root**: + +```shell +systemctl reboot +``` + +By default, running either of these commands causes systemd to send an informative message to all login users. To prevent systemd from sending this message, run this command with the **--no\-wall** option. The command is as follows: + +```shell +systemctl --no-wall reboot +``` + +### Suspending the Operating System + +To suspend the operating system, run the following command as the user **root**: + +```shell +systemctl suspend +``` + +### Hibernating the Operating System + +To hibernate the operating system, run the following command as the user **root**: + +```shell +systemctl hibernate +``` + +To suspend and hibernate the operating system, run the following command as the user **root**: + +```shell +systemctl hybrid-sleep +``` diff --git a/docs/en/server/administration/administrator/setting_up_the_database_server.md b/docs/en/server/administration/administrator/setting_up_the_database_server.md new file mode 100644 index 0000000000000000000000000000000000000000..85279ae2f979779f6117f1d477754625a5c5e730 --- /dev/null +++ b/docs/en/server/administration/administrator/setting_up_the_database_server.md @@ -0,0 +1,2145 @@ +# Setting Up the Database Server + +## PostgreSQL Server + +### Software Description + +[Figure 1](#fig26022387391) shows the PostgreSQL architecture and [Table 1](#table62020913417) describes the main processes. + +**Figure 1** PostgreSQL architecture +![](./figures/postgresql-architecture.png) + +**Table 1** Main processes in PostgreSQL + + + + + + + + + + + + + + + + + + + + + + + + + + + + +f + + + + + + + + + + + + + +

Process Type

+

Process Name

+

Description

+

Main process

+

Postmaster

+

Postmaster process controls all database instances in general and is responsible for starting and stopping database instances.

+

Resident process

+

Postgres (resident process)

+

This process manages backend resident processes and is also called postmaster. By default, this process listens Unix domain sockets and the 5432 port of TCP/IP and waits for the front end to process the connections. You can change the listening port number in the postgresql.conf file of PostgreSQL.

+

Subprocess

+

Postgres (subprocess)

+

The subprocess determines whether to allow the connection according to the security policy defined by the pg_hba.conf file. According to the security policy, the subprocess rejects certain IP addresses and networks, allows only certain users to connect to the databases, or allows only certain databases to be connected.

+

Postgres receives the query from the front end, searches the database, and returns the results. Sometimes, it also updates the database. The updated data is recorded in transaction logs (WAL logs for PostgreSQL). This method is used when the system is powered off, the server breaks down, or the server is restarted. In addition, the logs can also be used for data recovery in other scenarios. In PostgreSQL 9.0 or later, WAL logs can be transferred to other PostgreSQL systems to replicate database in real-time.

+

Auxiliary processes

+

SysLogger (system log)

+

The main process starts the Syslogger auxiliary process only when logging_collection in the Postgres.conf file is set to on.

+

BgWriter (background write)

+

This process writes dirty pages from the shared memory to the drive. The purpose is to improve the performance of inserting, updating, and deleting data.

+

WALWriter (write-ahead log)

+

This process writes modification operations into drives before data is modified so that the data does not need to be persisted into files in subsequent real-time data updates.

+

PgArch (archive)

+

write-ahead logs (WALs) are recycled. The PgArch process backs up WALs before archiving them. After the entire database is backed up, the Point in Time Recovery (PITR) technology can be used to archive WALs generated after the backup. The database can be restored to any point after the full backup by using the full backup data and the subsequently archived WALs.

+

AutoVacuum (automatic cleanup)

+

In the PostgreSQL database, after a DELETE operation is performed on a table, old data is not immediately deleted. When new data is added, the system creates a data row instead of overwriting the old data. The old data is only marked as deleted and will be cleared only when no other concurrent transactions are reading the data. In this case, the data is cleared by the AutoVacuum process.

+

PgStat (statistics collection)

+

This process collects data statistics. It is used to estimate the cost during query optimization, including the number of insertions update, and deletion operations performed on a table or index, the number of drive block read and write operations, and the number of row read operations. pg_statistic stores the information collected by the PgStat.

+

CheckPoint (checkpoint)

+

A checkpoint is a transaction sequence point set by the system. It is used to ensure that log information before a checkpoint written into the drives.

+
+ +### Configuring the Environment + +> [!NOTE]NOTE +> The following environment configuration is for reference only. Configure the environment based on the site requirements. + +#### Disabling the Firewall and Automatic Startup + +> [!NOTE]NOTE +> It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. + +1. Stop the firewall service as the **root** user. + + ```shell + systemctl stop firewalld + ``` + +2. Disable the firewall service as the **root** user. + + ```shell + systemctl disable firewalld + ``` + + > [!NOTE]NOTE + > The automatic startup is automatically disabled as the firewall is disabled. + +#### Disabling SELinux + +1. Modify the configuration file as the **root** user. + + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + ``` + +#### Creating a User Group and a User + +> [!NOTE]NOTE +> In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. + +1. Create a PostgreSQL user or user group as the **root** user. + + ```shell + groupadd postgres + ``` + + ```shell + useradd -g postgres postgres + ``` + +2. Set the postgres user password as the **root** user. \(Enter the password twice for confirmation.\) + + ```shell + passwd postgres + ``` + +#### Creating Data Drives + +> [!NOTE]NOTE +> +> - When testing the ultimate performance, you are advised to attach NVMe SSDs with better I/O performance to create PostgreSQL test instances to avoid the impact of disk I/O on the performance test result. This section uses NVMe SSDs as an example. For details, see Step 1 to Step 4. +> - In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. +> `mkdir /data` + +1. Create a file system \(xfs is used as an example as the **root** user. Create the file system based on the site requirements.\). If a file system has been created for a disk, an error will be reported when you run this command. You can use the **-f** parameter to forcibly create a file system. + + ```shell + mkfs.xfs /dev/nvme0n1 + ``` + +2. Create a data directory. + + ```shell + mkdir /data + ``` + +3. Mount disks. + + ```shell + mount -o noatime,nobarrier /dev/nvme0n1 /data + ``` + +#### Data Directory Authorization + +1. Modify the directory permission as the **root** user. + + ```shell + chown -R postgres:postgres /data/ + ``` + +### Installing, Running, and Uninstalling PostgreSQL + +#### Installing PostgreSQL + +1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring_the_repo_server.md). +2. Clear the cache. + + ```shell + dnf clean all + ``` + +3. Create a cache. + + ```shell + dnf makecache + ``` + +4. Install the PostgreSQL server as the **root** user. + + ```shell + dnf install postgresql-server + ``` + +5. Check the installed RPM package. + + ```shell + rpm -qa | grep postgresql + ``` + +#### Running PostgreSQL + +##### Initializing the Database + +> [!TIP]NOTICE +> Perform this step as the postgres user. + +1. Switch to the created PostgreSQL user. + + ```shell + su - postgres + ``` + +2. Initialize the database. In the command, **/usr/bin** is the directory where the **initdb** command is located. + + ```shell + /usr/bin/initdb -D /data/ + ``` + +##### Starting the Database + +1. Enable the PostgreSQL database. + + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile start + ``` + +2. Check whether the PostgreSQL database process is started properly. + + ```shell + ps -ef | grep postgres + ``` + + If the following information is displayed, the PostgreSQL processes have been started. + + ![](./figures/postgres.png) + +##### Logging In to the Database + +1. Log in to the database. + + ```shell + /usr/bin/psql -U postgres + ``` + + ![](./figures/login.png) + + > [!NOTE]NOTE + > You do not need to enter a password when logging in to the database for the first time. + +##### Configuring the Database Accounts and Passwords + +1. After login, set the postgres user password. + + ```shell + postgres=#alter user postgres with password '123456'; + ``` + + ![](./figures/zh-cn_image_0230050789.png) + +##### Exiting the Database + +1. Run **\\q** to exit from the database. + + ```shell + postgres=# \q + ``` + +##### Stopping the Database + +1. Stop the PostgreSQL database. + + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop + ``` + +#### Uninstalling PostgreSQL + +1. Stop the database as the postgres user. + + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop + ``` + +2. Run the **dnf remove postgresql-server** command as the user **root** to uninstall the PostgreSQL database. + + ```shell + dnf remove postgresql-server + ``` + +### Managing Database Roles + +#### Creating a Role + +You can use the **CREATE ROLE** statement or **createuser** command to create a role. The **createuser** command encapsulates the **CREATE ROLE** statement and needs to be executed on the shell GUI instead of the database GUI. + +```pgsql +CREATE ROLE rolename [ [ WITH ] option [ ... ] ]; +``` + +```shell +createuser rolename +``` + +In the preceding information: + +- **rolename**: indicates a role name. +- Parameters of the _option_ are as follows: + - **SUPERUSER \| NOSUPERUSER**: determines whether a new role is a superuser. If this parameter is not specified, the default value **NOSUPERUSER** is used, indicating that the role is not a superuser. + - **CREATEDB \| NOCREATEDB**: specifies whether a role can create a database. If this parameter is not specified, the default value **NOCREATEDB** is used, indicating that the role cannot create a database. + - **CREATEROLE \| NOCREATEROLE**: determines whether a role can create roles. If this parameter is not specified, the default value **NOCREATEROLE** is used, indicating that the role cannot create roles. + - **INHERIT \| NOINHERIT**: determines whether a role inherits the other roles' permissions in the group to which the role belongs. A role with the INHERIT attribute can automatically use any permissions that have been assigned to its direct or indirect group. If this parameter is not specified, the default value **INHERIT** is used. + - **LOGIN \| NOLOGIN**: determines whether a role can log in. A role with the LOGIN attribute can be considered as a user. A role without this attribute can be used to manage database permissions but is not a user. If this attribute is not specified, the default value **NOLOGIN** is used. However, if **CREATE USER** instead of **CREATE ROLE** is used to create a role, the LOGIN attribute is used by default. + - **\[ENCRYPTED \| UNENCRYPTED\] PASSWORD'password'**: password of a role. The password is valid only for roles with the LOGIN attribute. **ENCRYPTED \| UNENCRYPTED**: determines whether to encrypt the password. If this parameter is not specified, the value **ENCRYPTED** is used, that is, the password is encrypted. + - **VALID UNTIL'timestamp'**: specifies the timestamp when the password of a role expires. If this parameter is not specified, the password is permanently valid. + - **IN ROLE rolename1**: lists one or more existing roles. The new role _rolename_ will be added to and become a member of **rolename1**. + - **ROLE rolename2**: lists one or more existing roles. These roles will be automatically added as members of the new role _rolename_. That is, the new role is a user group. + +To run this command, you must have the CREATEROLE permission or is the database superuser. + +##### Example + + Create a role **roleexample1** who can log in. + +```shell +postgres=# CREATE ROLE roleexample1 LOGIN; +``` + + Create a role **roleexample2** with the password **123456**. + +```shell +postgres=# CREATE ROLE roleexample2 WITH LOGIN PASSWORD '123456'; +``` + + Create a role named **roleexample3**. + +```console +[postgres@localhost ~]$ createuser roleexample3 +``` + +#### Viewing Roles + +You can run the **SELECT** statement or the PostgreSQL meta-command **\\du** to view the role. + +```pgsql +SELECT rolename FROM pg_roles; +``` + +```pgsql +\du +``` + +In the preceding command, _rolename_ indicates the role name. + +##### Example + + View the **roleexample1** role. + +```shell +postgres=# SELECT roleexample1 from pg_roles; +``` + + View the existing roles. + +```shell +postgres=# \du +``` + +#### Modifying a Role + +##### Modifying a Username + +Use the **ALTER ROLE** statement to modify an existing role name. + +```pgsql +ALTER ROLE oldrolername RENAME TO newrolename; +``` + +In the preceding information: + +- _oldrolername_: original role name. +- _newrolename_: new role name. + +##### Example of Modifying a User + + Change the role name **roleexample1** to **roleexapme2**. + +```shell +postgres=# ALTER ROLE roleexample1 RENAME TO roleexample2; +``` + +##### Modifying a User Password + +Use the **ALTER ROLE** statement to modify the login password of a role. + +```pgsql +ALTER ROLE rolename PASSWORD 'password' +``` + +In the preceding information: + +- _rolename_: indicates a role name. +- _password_: password. + +##### Example of Modifying the Password of a Role + + Modify the password of **roleexample1** to **456789**. + +```shell +postgres=# ALTER ROLE roleexample1 WITH PASSWORD '456789'; +``` + +#### Deleting a Role + +You can use the **DROP ROLE** statement or **dropuser** command to delete a role. The **dropuser** command encapsulates the **DROP ROLE** statement and needs to be executed on the shell GUI instead of the database GUI. + +```pgsql +DROP ROLE rolename; +``` + +```shell +dropuser rolename +``` + +In the preceding command, _rolename_ indicates the role name. + +##### Example + + Delete the **userexample1** role. + +```shell +postgres=# DROP ROLE userexample1; +``` + + Delete the **userexample2** role. + +```console +[postgres@localhost ~]$ dropuser userexample2 +``` + +#### Role Permissions + +You can use the **GRANT** statement to grant permissions to a role. + +Grant the table operation permission to a role. + +```pgsql +GRANT { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +Grant the sequence operation permission to a role. + +```pgsql +GRANT { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +Grant the database operation permission to a role. + +```pgsql +GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +Grant the function operation permission to a role. + +```pgsql +GRANT { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +Grant the operation permission of the procedural language to a role. + +```pgsql +GRANT { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +Grant the schema operation permission to a role. + +```pgsql +GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +Grant the tablespace operation permission to a role. + +```pgsql +GRANT { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +Assign the member relationship of rolename1 to rolename2. + +```pgsql +GRANT rolename1 [, ...] TO rolename2 [, ...] [ WITH ADMIN OPTION ] +``` + +In the preceding information: + +- **SELECT**, **INSERT**, **UPDATE**, **DELETE**, **REFERENCES**, **TRIGGER**, **USAGE**, **CREATE**, **CONNECT**, **TEMPORARY**, **TEMP**, **EXECUTE**, and **ALL \[**_PRIVILEGES_**\]** indicate user operation permissions. **ALL \[**_PRIVILEGES_**\]** indicates all permissions, the _PRIVILEGES_ keyword is optional in PostgreSQL, but it is required in strict SQL statements. +- **ON** clause: specifies the object on which the permission is granted. +- **tablename**: table name. +- **TO** clause: specifies the role to which the permission is granted. +- **rolename**, **rolename1**, and **rolename2**: role names. +- **groupname**: name of a role group. +- **PUBLIC**: indicates that the permission is granted to all roles, including users who may be created later. +- **WITH GRANT OPTION**: indicates that the recipient of a permission can grant the permission to others. This option cannot be assigned to PUBLIC. +- **sequencename**: sequence name. +- **databasename**: database name. +- **funcname \(\[\[argmode\] \[argname\] argtype \[, ...\]\]\)**: function name and its parameters. +- **langname**: procedural language name. +- **schemaname**: schema name. +- **tablespacename**: tablespace name. +- **WITH ADMIN OPTION**: A member can assign the member relationship of a role to other roles and cancel the member relationship of other roles. + +##### Example + + Grant the CREATE permission on database1 to userexample. + +```shell +postgres=# GRANT CREATE ON DATABASE database1 TO userexample; +``` + + Grant all permissions on table1 to all users. + +```shell +postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; +``` + +#### Deleting User Permissions + +You can use the **REVOKE** statement to revoke the permissions previously granted to one or more roles. + +Revoke the table operation permission from a role. + +```pgsql +REVOKE [ GRANT OPTION FOR ] { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] +``` + +Revoke the sequence operation permission from a role. + +```pgsql +REVOKE [ GRANT OPTION FOR ] { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +Revoke the database operation permission from a role. + +```pgsql +REVOKE [ GRANT OPTION FOR ] { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +Revoke the function operation permission from a role. + +```pgsql +REVOKE [ GRANT OPTION FOR ] { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +Revoke the procedural language operation permission from a role. + +```pgsql +REVOKE [ GRANT OPTION FOR ] { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +Revoke the schema operation permission from a role. + +```pgsql +REVOKE [ GRANT OPTION FOR ] { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +Revoke the tablespace operation permission from a role. + +```pgsql +REVOKE [ GRANT OPTION FOR ] { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +Revoke the member relationship of rolename1 from rolename2. + +```pgsql +REVOKE [ ADMIN OPTION FOR ] rolename1 [, ...] FROM rolename2 [, ...] [ CASCADE | RESTRICT ] +``` + +In the preceding information: + +- **GRANT OPTION FOR**: The permission cannot be granted to others, but permission itself is not revoked. +- **SELECT**, **INSERT**, **UPDATE**, **DELETE**, **REFERENCES**, **TRIGGER**, **USAGE**, **CREATE**, **CONNECT**, **TEMPORARY**, **TEMP**, **EXECUTE**, and **ALL \[**_PRIVILEGES_**\]** indicate user operation permissions. **ALL \[**_PRIVILEGES_**\]** indicates all permissions, the _PRIVILEGES_ keyword is optional in PostgreSQL, but it is required in strict SQL statements. +- **ON** clause: specifies the object on which the permission is revoked. +- _tablename_: table name. +- **FROM** clause: specifies the role whose permission is revoked. +- _rolename_, _rolename1_, and _rolename2_: role names. +- _groupname_: name of a role group. +- **PUBLIC**: revokes the implicitly defined groups that have all roles. However, this does not mean that all roles lose the permissions. The permissions directly obtained and the permissions obtained through a group are still valid. +- _sequencename_: sequence name. +- **CASCADE**: revokes all dependent permissions. +- **RESTRICT**: does not revoke all dependent permissions. +- _databasename_: database name. +- **funcname \(**_\[\[argmode\] \[argname\] argtype \[, ...\]\]_**\)**: function name and its parameters. +- _langname_: procedural language name. +- _schemaname_: schema name. +- _tablespacename_: tablespace name. +- **ADMIN OPTION FOR**: The transferred authorization is not automatically revoked. + +##### Example + + Grant the CREATE permission on database1 to userexample. + +```shell +postgres=# GRANT CREATE ON DATABASE database1 TO userexample; +``` + + Grant all permissions on table1 to all users. + +```shell +postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; +``` + +### Managing Databases + +#### Creating a Database + +You can use the **CREATE DATABASE** statement or the **createdb** command to create a database. The **createdb** command encapsulates the **CREATE DATABASE** statement and needs to be executed on the shell GUI instead of the database GUI. + +```pgsql +CREATE DATABASE databasename; +``` + +```shell +createdb databasename +``` + +In the preceding command, **databasename** indicates the database name. + +To use this command, you must have the CREATEDB permission. + +##### Example + + Create a database named **database1**. + +```shell +postgres=# CREATE DATABASE database1; +``` + +#### Selecting a Database + +Use the **\\c** statement to select a database. + +```pgsql +\c databasename; +``` + +In the preceding command, **databasename** indicates the database name. + +##### Example + + Select the **databaseexample** database. + +```shell +postgres=# \c databaseexample; +``` + +#### Viewing a Database + +Use the **\\l** statement to view the database. + +```pgsql +\l; +``` + +##### Example + + View all databases. + +```shell +postgres=# \l; +``` + +#### Deleting a Database + +You can run the **DROP DATABASE** statement or **dropdb** command to delete a database. The **dropdb** command encapsulates the **DROP DATABASE** statement and needs to be executed on the shell GUI instead of the database GUI. + +> [!WARNING]CAUTION +> Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. + +```pgsql +DROP DATABASE databasename; +``` + +```shell +dropdb databasename +``` + +In the preceding command, **databasename** indicates the database name. + +The **DROP DATABASE** statement deletes the system directory items of the database and the file directories that contain data. + +**DROP DATABASE** can be executed only by the super administrator or database owner. + +##### Example + + Delete the **databaseexample** database. + +```shell +postgres=# DROP DATABASE databaseexample; +``` + +#### Backing Up a Database + +Run the **pg\_dump** command to back up the database and dump the database to a script file or another archive file. + +```shell +pg_dump [option]... [databasename] > outfile +``` + +In the preceding information: + +- _databasename_: database name. If this parameter is not specified, the environment variable **PGDATABASE** is used. If that environment variable is not specified, use the username that initiates the connection. +- _outfile_: database backup file. +- _option_: parameter option of the **pg\_dump** command. Multiple parameters can be separated by spaces. The common parameters of the **pg\_dump** command are as follows: + - **-f, \-\-file**= _filename_: specified output file. If this parameter is ignored, the standard output is used. + - **-d, \-\-dbname**= _databasename_: database to be dumped. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-p, \-\-port**= _portnumber_: port number. + - **-U, \-\-username**= _username_: username of the connection. + - **-W, \-\-password**: forces PostgreSQL to prompt for a password before connecting to a database. + +##### Example + + Back up the database1 database of user **postgres** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. + +```shell +[postgres@localhost ~]$ pg_dump -h 192.168.202.144 -p 3306 -U postgres -W database1 > db1.sql +``` + +#### Restoring a Database + +Run the **psql** command to restore the database. + +```shell +psql [option]... [databasename [username]] < infile +``` + +In the preceding information: + +- _databasename_: database name. If this parameter is not specified, the environment variable **PGDATABASE** is used. If that environment variable is not specified, use the username that initiates the connection. +- _username_: name of a user. +- _infile_: **outfile** parameter in the **pg\_dump** command. +- _option_: parameter option of the **psql** command. Multiple parameters can be separated by spaces. The common parameters of the **psql** command are as follows: + - **-f, \-\-file**= _filename_: specified output file. If this parameter is ignored, the standard output is used. + - **-d, \-\-dbname**= _databasename_: database to be dumped. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-p, \-\-port**= _portnumber_: port number. + - **-U, \-\-username**= _username_: username of the connection. + - **-W, \-\-password**: forces PostgreSQL to prompt for a password before connecting to a database. + +The **psql** command cannot be used to automatically create the **databasename** database. Therefore, you need to create the **databasename** database before running the **psql** command to restore the database. + +##### Example + + Import the **db1.sql** script file to the newdb database of the postgres user on the host **192.168.202.144** through port **3306**. + +```shell +[postgres@localhost ~]$ createdb newdb +[postgres@localhost ~]$ psql -h 192.168.202.144 -p 3306 -U postgres -W -d newdb < db1.sql +``` + +## MariaDB Server + +### Software Description + +The MariaDB database management system is a branch of MySQL and is maintained by the open-source community. The MariaDB database management system uses the General Public License \(GPL\). MariaDB is designed to be fully compatible with MySQL, including APIs and command lines, so that it can easily replace MySQL. MariaDB also provides many new features. + +[Figure 2](#fig13492418164520) shows the MariaDB architecture. + +**Figure 2** MariaDB logical architecture +![](./figures/logical_architectureofMariaDB.png) + +When MariaDB receives a SQL statement, the execution process is as follows: + +1. When a client connects to MariaDB, the hostname, username, and password of the client are authenticated. The authentication function can be implemented as a plug-in. +2. If the login is successful, the client sends SQL commands to the server. The parser parses the SQL statements. +3. The server checks whether the client has the permission to obtain the required resources. +4. If the query has been stored in the query cache, the result is returned immediately. +5. The optimizer will find the fastest execution policy or plan. That is, the optimizer can determine which tables will be read, which indexes will be accessed, and which temporary tables will be used. A good policy can reduce a large number of disk access and sorting operations. +6. Storage engines read and write data and index files. Caches are used to accelerate these operations. Other features such as transactions and foreign keys are processed at the storage engine layer. + +Storage engines manage and control data at the physical layer. They manage data files, data, indexes, and caches, making data management and reading more efficient. Each table has a .frm file that contains table definitions. + +Each storage engine manages and stores data in different ways, and supports different features and performance. For example: + +- MyISAM: suitable for environments with more reads and fewer writes. It does not support transactions and supports full-text indexes. +- noDB: supports transactions, row locks, and foreign keys. +- MEMORY: stores data in the memory. +- CSV: stores data in CSV format. + +### Configuring the Environment + +> [!NOTE]NOTE +> The following environment configuration is for reference only. Configure the environment based on the site requirements. + +#### Disabling the Firewall and Automatic Startup + +> [!NOTE]NOTE +> It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. + +1. Stop the firewall service as the **root** user. + + ```shell + systemctl stop firewalld + ``` + +2. Disable the firewall service as the **root** user. + + ```shell + systemctl disable firewalld + ``` + + > [!NOTE]NOTE + > The automatic startup is automatically disabled as the firewall is disabled. + +#### Disabling SELinux + +1. Modify the configuration file as the **root** user. + + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + ``` + +#### Creating a User Group and a User + +> [!NOTE]NOTE +> In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. + +1. Create a MySQL user or user group as the **root** user. + + ```shell + groupadd mysql + ``` + + ```shell + useradd -g mysql mysql + ``` + +2. Set the user password as the **root** user. + + ```shell + passwd mysql + ``` + + Enter the password twice for confirmation. + +#### Creating Data Drives + +> [!NOTE]NOTE +> +> - If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. +> - In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. +> `mkdir /data` + +##### Method 1: Using fdisk for Drive Management as the **root** user + +1. Create a partition, for example, **/dev/sdb**. + + ```shell + fdisk /dev/sdb + ``` + +2. Enter **n** and press **Enter**. +3. Enter **p** and press **Enter**. +4. Enter **1** and press **Enter**. +5. Retain the default settings and press **Enter**. +6. Retain the default settings and press **Enter**. +7. Enter **w** and press **Enter**. +8. Create a file system, for example, **xfs**. + + ```shell + mkfs.xfs /dev/sdb1 + ``` + +9. Mount the partition to **/data** for the OS. + + ```shell + mkdir /data + ``` + + ```shell + mount /dev/sdb1 /data + ``` + +10. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. + + In the last line, **/dev/nvme0n1p1** is only an example. + + ![](./figures/creat_datadisk1.png) + +##### Method 2: Using LVM for Drive Management as the **root** user + +> [!NOTE]NOTE +> Install the LVM2 package in the image as follows: +> Configure the local yum source. For details, see [Configuring the Repository Server](configuring_the_repo_server.md). If the repository has been configured, skip this step. Then, install LVM2 by running **yum install lvm2**. + +1. Create a physical volume, for example, **sdb**. + + ```shell + pvcreate /dev/sdb + ``` + +2. Create a physical volume group, for example, **datavg**. + + ```shell + vgcreate datavg /dev/sdb + ``` + +3. Create a logical volume, for example, **datalv** of 600 GB. + + ```shell + lvcreate -L 600G -n datalv datavg + ``` + +4. Create a file system. + + ```shell + mkfs.xfs /dev/datavg/datalv + ``` + +5. Create a data directory and mount it. + + ```shell + mkdir /data + ``` + + ```shell + mount /dev/datavg/datalv /data + ``` + +6. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. + + In the last line, **/dev/datavg/datalv** is only an example. + + ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png) + +#### Creating a Database Directory and Granting Permissions + +1. In the created data directory **/data**, create directories for processes and grant permissions to the MySQL group or user created as the **root** user. + + ```shell + mkdir -p /data/mariadb + cd /data/mariadb + mkdir data tmp run log + chown -R mysql:mysql /data + ``` + +### Installing, Running, and Uninstalling MariaDB Server + +#### Installing MariaDB + +1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring_the_repo_server.md). +2. Clear the cache. + + ```shell + dnf clean all + ``` + +3. Create a cache. + + ```shell + dnf makecache + ``` + +4. Install the MariaDB server. + + ```shell + dnf install mariadb-server + ``` + +5. Check the installed RPM package. + + ```shell + rpm -qa | grep mariadb + ``` + +#### Running MariaDB Server + +1. Start the MariaDB server as the **root** user. + + ```shell + systemctl start mariadb + ``` + +2. Initialize the database as the **root** user. + + ```shell + /usr/bin/mysql_secure_installation + ``` + + During the command execution, you need to enter the password of the database user **root**. If no password is set, press **Enter**. Then, set the password as prompted. + +3. Log in to the database. + + ```shell + mysql -u root -p + ``` + + After the command is executed, the system prompts you to enter the password. The password is the one set in [2](#li197143190587). + + > [!NOTE]NOTE + > Run the **\\q** or **exit** command to exit the database. + +#### Uninstalling MariaDB + +1. Stop the database process as the **root** user. + + ```shell + $ ps -ef | grep mysql + # kill -9 PID + ``` + +2. Run the **dnf remove mariadb-server** command as the **root** user to uninstall MariaDB. + + ```shell + dnf remove mariadb-server + ``` + +### Managing Database Users + +#### Creating Users + +Run the **CREATE USER** statement to create one or more users and set corresponding passwords. + +```pgsql +CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; +``` + +In the preceding information: + +- _username_: name of a user. +- _host_: hostname, that is, the name of the host where the user connects to the database. As a local user, you can set the parameter to **localhost**. If the host name is not specified during user creation, the host name is **%** by default, indicating a group of hosts. +- _password_: password for logging in to the server. The password can be null. If the password is null, the user can log in to the server without entering the password. This method, however, is not recommended because it provides low security. + +To use the **CREATE USER** statement, you must have the INSERT permission on the database or the global CREATE USER permission. + +After a user account is created using the **CREATE USER** statement, a record is added to the user table in the database. If the account to be created exists, an error will occur during statement execution. + +A new user has few permissions and can perform only operations that do not require permissions. For example, a user can run the **SHOW** statement to query the list of all storage engines and character sets. + +##### Example + + Create a local user whose password is 123456 and username is userexample1. + +```pgsql +> CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; +``` + + Create a user whose password is 123456, username is userexample2, and hostname is 192.168.1.100. + +```pgsql +> CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; +``` + +#### Viewing Users + +Run the **SHOW GRANTS** or **SELECT** statement to view one or more users. + +View a specific user: + +```pgsql +SHOW GRANTS [FOR 'username'@'hostname']; +``` + +```pgsql +SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; +``` + +View all users: + +```pgsql +SELECT USER,HOST,PASSWORD FROM mysql.user; +``` + +In the preceding information: + +- _username_: name of a user. +- _hostname_: host name. + +##### Example + + View the user userexample1. + +```pgsql +> SHOW GRANTS FOR 'userexample1'@'localhost'; +``` + + View all users in the MySQL database. + +```pgsql +> SELECT USER,HOST,PASSWORD FROM mysql.user; +``` + +#### Modifying Users + +##### Modifying a Username + +Run the **RENAME USER** statement to change one or more existing usernames. + +```pgsql +RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; +``` + +In the preceding information: + +- _oldusername_: original username. +- _newusername_: new username. +- _hostname_: host name. + +The **RENAME USER** statement is used to rename an existing account. If the original account does not exist in the system or the new account exists, an error will occur when the statement is executed. + +To use the **RENAME USER** statement, you must have the UPDATE permission on the database or the global CREATE USER permission. + +##### Example of Modifying a User + + Change the username **userexample1** to **userexample2** and change the hostname to **localhost**. + +```pgsql +> RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; +``` + +##### Modifying a User Password + +Use the **SET PASSWORD** statement to modify the login password of a user. + +```pgsql +SET PASSWORD FOR 'username'@'hostname' = PASSWORD('newpassword'); +``` + +In the preceding information: + +- **FOR 'username'@'hostname'**: specifies the username and hostname whose password is to be changed. This parameter is optional. +- **PASSWORD\('newpassword'\)**: indicates that the **PASSWORD\(\)** function is used to set a new password. That is, the new password must be transferred to the **PASSWORD\(\)** function for encryption. + +> [!WARNING]CAUTION +> The **PASSWORD\(\)** function is a unidirectional encryption function. Once encrypted, the original plaintext cannot be decrypted. + +If the **FOR** clause is not added to the **SET PASSWORD** statement, the password of the current user is changed. + +The **FOR** clause must be given in the format of **'**_username_**'@'**_hostname_**'**, where _username_ indicates the username of the account and _hostname_ indicates the hostname of the account. + +The account whose password is to be changed must exist in the system. Otherwise, an error occurs when the statement is executed. + +##### Example of Changing a User Password + + Change the password of user **userexample** whose hostname is **localhost** to **0123456**. + +```pgsql +> SET PASSWORD FOR 'userexample'@'localhost' = PASSWORD('0123456') ; +``` + +#### Deleting Users + +Use the **DROP USER** statement to delete one or more user accounts and related permissions. + +```pgsql +DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']...; +``` + +> [!WARNING]CAUTION +> The deletion of users does not affect the tables, indexes, or other database objects that they have created, because the database does not record the accounts that have created these objects. + +The **DROP USER** statement can be used to delete one or more database accounts and their original permissions. + +To use the **DROP USER** statement, you must have the DELETE permission on the database or the global CREATE USER permission. + +In the **DROP USER** statement, if the hostname of an account is not specified, the hostname is **%** by default. + +##### Example + + Delete the local user **userexample**. + +```pgsql +> DROP USER 'userexample'@'localhost'; +``` + +#### Granting Permissions to a User + +Run the **GRANT** statement to grant permissions to a new user. + +```pgsql +GRANT privileges ON databasename.tablename TO 'username'@'hostname'; +``` + +In the preceding information: + +- **ON** clause: specifies the object and its level on which the permission is granted. +- **privileges**: indicates the operation permissions of a user, such as **SELECT**, INSERT, and **UPDATE**. To grant all permissions to a user, use **ALL**. +- _databasename_: database name. +- _tablename_: table name. +- **TO** clause: sets the user password and specifies the user to whom the permission is granted. +- _username_: name of a user. +- _hostname_: host name. + +To grant the user the permission to operate all databases and tables, use asterisks \(\*\), for example, **\*.\***. + +If you specify a password for an existing user in the **TO** clause, the new password will overwrite the original password. + +If the permission is granted to a non-existent user, a **CREATE USER** statement is automatically executed to create the user, but the password must be specified for the user. + +##### Example + + Grant the SELECT and INSERT permissions to local user userexample. + +```pgsql +> GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; +``` + +#### Deleting User Permissions + +Run the **REVOKE** statement to delete the permissions of a user, but the user will not be deleted. + +```pgsql +REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; +``` + +The parameters in the **REVOKE** statement are the same as those in the **GRANT** statement. + +To use the **REVOKE** statement, you must have the global CREATE USER or UPDATE permission for the database. + +##### Example + + Delete the INSERT permission of local user userexample. + +```pgsql +> REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; +``` + +### Managing Databases + +#### Creating a Database + +Run the **CREATE DATABASE** statement to create a database. + +```pgsql +CREATE DATABASE databasename; +``` + +In the preceding command, _databasename_ can be replaced with the database name, which is case insensitive. + +##### Example + + Create a database named **databaseexample**. + +```pgsql +> CREATE DATABASE databaseexample; +``` + +#### Viewing a Database + +Run the **SHOW DATABASES** statement to view a database. + +```pgsql +SHOW DATABASES; +``` + +##### Example + + View all databases. + +```pgsql +> SHOW DATABASES; +``` + +#### Selecting a Database + +Generally, you need to select a target database before creating or querying a table. Use the **USE** statement to select a database. + +```pgsql +USE databasename; +``` + +In the preceding command, **databasename** indicates the database name. + +##### Example + + Select the **databaseexample** database. + +```pgsql +> USE databaseexample; +``` + +#### Deleting a Database + +You can run the **DROP DATABASE** statement to delete a database. + +> [!WARNING]CAUTION +> Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. + +```pgsql +DROP DATABASE databasename; +``` + +In the preceding command, **databasename** indicates the database name. + +The **DROP DATABASE** command is used to delete an existing database. After this command is executed, all tables in the database are deleted, but the user permissions of the database are not automatically deleted. + +To use **DROP DATABASE**, you need the **DROP** permission on the database. + +**DROP SCHEMA** is a synonym of **DROP DATABASE**. + +##### Example + + Delete the **databaseexample** database. + +```pgsql +> DROP DATABASE databaseexample; +``` + +#### Backing Up a Database + +Run the **mysqldump** command as the **root** user to back up the database. + +Back up one or more tables. + +```shell +mysqldump [options] databasename [tablename ...] > outfile +``` + +Back up one or more databases: + +```shell +mysqldump [options] -databases databasename ... > outfile +``` + +Back up all databases: + +```shell +mysqldump [options] -all-databases > outputfile +``` + +In the preceding information: + +- _databasename_: database name. +- _tablename_: name of a data table. +- _outfile_: database backup file. +- _options_: parameter option of the **mysqldump** command. Multiple parameters can be separated by spaces. The common parameters of the **mysqldump** command are as follows: + - **-u, \-\-user**= _username_: specifies the username. + - **-p, \-\-password**\[= _password_\]: specifies the password. + - **-P, \-\-port**= _portnumber_: specifies the port number. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-r, \-\-result-file**= _filename_: saves the export result to a specified file, which is equivalent to **\>**. + - **-t**: backs up data only. + - **-d**: backs up the table structure only. + +##### Example + + Back up all the databases of the user **root** on the host **192.168.202.144** through port **3306** to the **alldb.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql +``` + + Back up the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql +``` + + Back up the tb1 table of the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1tb1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql +``` + + Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql +``` + + Back up only the data of the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql +``` + +#### Restoring a Database + +Run the **mysql** command as the **root** user to restore the database. + +Restore one or more tables: + +```shell +mysql -h hostname -P portnumber -u username -ppassword databasename < infile +``` + +In the preceding information: + +- _hostname_: host name. +- _portnumber_: port number. +- _username_: name of a user. +- _password_: password. +- _databasename_: database name. +- _infile_: **outfile** parameter in the **mysqldump** command. + +##### Example + + Restore a database. + +```shell +mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql +``` + +## MySQL Server + +### Software Description + +MySQL is a relational database management system \(RDBMS\) developed by the Swedish company MySQL AB, which was bought by Sun Microsystems \(now Oracle\). It is one of the most popular Relational Database Management Systems \(RDBMSs\) in the industry, especially for web applications. + +A relational database stores data in different tables instead of in a large data warehouse to improve efficiency and flexibility. + +The Structured Query Language \(SQL\) used by MySQL is the most common standard language for accessing databases. MySQL uses dual-licensing distribution and is available in two editions: Community Edition and Commercial Edition. MySQL is optimal for small or medium-sized websites because of its small size, fast speed, low cost, and especially the open source code. + +### Configuring the Environment + +> [!NOTE]NOTE +> The following environment configuration is for reference only. Configure the environment based on the site requirements. + +#### Disabling the Firewall and Automatic Startup + +> [!NOTE]NOTE +> It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. + +1. Stop the firewall service as the **root** user. + + ```shell + systemctl stop firewalld + ``` + +2. Disable the firewall service as the **root** user. + + ```shell + systemctl disable firewalld + ``` + + > [!NOTE]NOTE + > The automatic startup is automatically disabled as the firewall is disabled. + +#### Disabling SELinux + +1. Modify the configuration file as the **root** user. + + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + ``` + +#### Creating a User Group and a User + +> [!NOTE]NOTE +> In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. + +1. Create a MySQL user or user group as the **root** user. + + ```shell + groupadd mysql + ``` + + ```shell + useradd -g mysql mysql + ``` + +2. Set the user password as the **root** user. + + ```shell + passwd mysql + ``` + + Enter the password twice for confirmation. + +#### Creating Data Drives + +> [!NOTE]NOTE +> +> - If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. +> - In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. +> `mkdir /data` + +##### Method 1: Using fdisk for Drive Management as the **root** user + +1. Create a partition, for example, **/dev/sdb**. + + ```shell + fdisk /dev/sdb + ``` + +2. Enter **n** and press **Enter**. +3. Enter **p** and press **Enter**. +4. Enter **1** and press **Enter**. +5. Retain the default settings and press **Enter**. +6. Retain the default settings and press **Enter**. +7. Enter **w** and press **Enter**. +8. Create a file system, for example, **xfs**. + + ```shell + mkfs.xfs /dev/sdb1 + ``` + +9. Mount the partition to **/data** for the OS. + + ```shell + mkdir /data + ``` + + ```shell + mount /dev/sdb1 /data + ``` + +10. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. + + In the last line, **/dev/nvme0n1p1** is only an example. + + ![](./figures/creat_datadisk.png) + +##### Method 2: Using LVM for Drive Management as the **root** user + +> [!NOTE]NOTE +> Install the LVM2 package in the image as follows: +> Configure the local yum source. For details, see [Configuring the Repository Server](configuring_the_repo_server.md). If the repository has been configured, skip this step. Then, install LVM2 by running **yum install lvm2**. + +1. Create a PV, for example, **sdb**. + + ```shell + pvcreate /dev/sdb + ``` + +2. Create a physical VG, for example, **datavg**. + + ```shell + vgcreate datavg /dev/sdb + ``` + +3. Create an LV, for example, **datalv** of 600 GB. + + ```shell + lvcreate -L 600G -n datalv datavg + ``` + +4. Create a file system. + + ```shell + mkfs.xfs /dev/datavg/datalv + ``` + +5. Create a data directory and mount it. + + ```shell + mkdir /data + ``` + + ```shell + mount /dev/datavg/datalv /data + ``` + +6. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. + + In the last line, **/dev/datavg/datalv** is only an example. + + ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png) + +#### Creating a Database Directory and Granting Permissions + +1. In the created data directory **/data**, create directories for processes and grant permissions to the MySQL group or user created as the **root** user. + + ```shell + mkdir -p /data/mysql + cd /data/mysql + mkdir data tmp run log + chown -R mysql:mysql /data + ``` + +### Installing, Running, and Uninstalling MySQL + +#### Installing MySQL + +1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring_the_repo_server.md). +2. Clear the cache. + + ```shell + dnf clean all + ``` + +3. Create a cache. + + ```shell + dnf makecache + ``` + +4. Install the MySQL server as the **root** user. + + ```shell + dnf install mysql-server + ``` + +5. Check the installed RPM package. + + ```shell + rpm -qa | grep mysql-server + ``` + +#### Running MySQL + +1. Modify the configuration file. + 1. Create the **my.cnf** file as the **root** user and change the file paths \(including the software installation path **basedir** and data path **datadir**\) based on the actual situation. + + ```shell + vi /etc/my.cnf + ``` + + Edit the **my.cnf** file as follows: + + ```shell + [mysqld_safe] + log-error=/data/mysql/log/mysql.log + pid-file=/data/mysql/run/mysqld.pid + [mysqldump] + quick + [mysql] + no-auto-rehash + [client] + default-character-set=utf8 + [mysqld] + basedir=/usr/local/mysql + socket=/data/mysql/run/mysql.sock + tmpdir=/data/mysql/tmp + datadir=/data/mysql/data + default_authentication_plugin=mysql_native_password + port=3306 + user=mysql + ``` + + 2. Ensure that the **my.cnf** file is correctly modified. + + ```shell + cat /etc/my.cnf + ``` + + ![](./figures/zh-cn_image_0231563132.png) + + > [!WARNING]CAUTION + > In the configuration file, **basedir** specifies the software installation path. Change it based on actual situation. + + 3. Change the group and user of the **/etc/my.cnf** file to **mysql:mysql** as the **root** user. + + ```shell + chown mysql:mysql /etc/my.cnf + ``` + +2. Configure environment variables. + 1. Add the path of the MySQL binary files to the **PATH** parameter as the **root** user. + + ```shell + echo export PATH=$PATH:/usr/local/mysql/bin >> /etc/profile + ``` + + > [!WARNING]CAUTION + > In the command, **/usr/local/mysql/bin** is the absolute path of the **bin** files in the MySQL software installation directory. Change it based on actual situation. + + 2. Run the following command as the **root** user to make the environment variables take effect: + + ```shell + source /etc/profile + ``` + +3. Initialize the database as the **root** user. + + > [!NOTE]NOTE + > The second line from the bottom contains the initial password, which will be used when you log in to the database. + + ```shell + $ mysqld --defaults-file=/etc/my.cnf --initialize + 2020-03-18T03:27:13.702385Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.17) initializing of server in progress as process 34014 + 2020-03-18T03:27:24.112453Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: iNat=)#V2tZu + 2020-03-18T03:27:28.576003Z 0 [System] [MY-013170] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.17) initializing of server has completed + ``` + + If the command output contains "initializing of server has completed", the database has been initialized. In the command output, "iNat=\)\# V2tZu" in "A temporary password is generated for root@localhost: iNat=\)\# V2tZu" is the initial password. + +4. Start the database. + + > [!WARNING]CAUTION + > Start MySQL as user **mysql** if it is the first time to start the database service. If you start MySQL as user **root**, a message will be displayed indicating that the **mysql.log** file is missing. If you start MySQL as user **mysql**, the **mysql.log** file will be generated in the **/data/mysql/log** directory. No error will be displayed if you start the database as user **root** again. + + 1. Modify the file permission as the **root** user. + + ```shell + chmod 777 /usr/local/mysql/support-files/mysql.server + chown mysql:mysql /var/log/mysql/* + ``` + + 2. Start MySQL as the **root** user. + + ```shell + cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql + chkconfig mysql on + ``` + + Start MySQL as user **mysql**. + + ```shell + su - mysql + service mysql start + ``` + +5. Log in to the database. + + > [!NOTE]NOTE + > + > - Enter the initial password generated during database initialization \([3](#li15634560582)\). + > - If MySQL is installed by using an RPM package obtained from the official website, the **mysqld** file is located in the **/usr/sbin** directory. Ensure that the directory specified in the command is correct. + + ```shell + /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock + ``` + + ![](./figures/zh-cn_image_0231563134.png) + +6. Configure the database accounts and passwords. + 1. After logging in to the database, change the password of user **root** for logging in to the database. + + ```shell + mysql>alter user 'root'@'localhost' identified by "123456"; + ``` + + 2. Create a user **root** for all the other hosts in the domain. + + ```shell + mysql>create user 'root'@'%' identified by '123456'; + ``` + + 3. Grant permissions to the user **root**. + + ```shell + mysql>grant all privileges on *.* to 'root'@'%'; + mysql>flush privileges; + ``` + + ![](./figures/zh-cn_image_0231563135.png) + +7. Exit the database. + + Run the **\\q** or **exit** command to exit the database. + + ```shell + mysql>exit + ``` + + ![](./figures/zh-cn_image_0231563136.png) + +#### Uninstalling MySQL + +1. Stop the database process as the **root** user. + + ```shell + $ ps -ef | grep mysql + # kill -9 PID + ``` + +2. Run the **dnf remove mysql** command as the **root** user to uninstall MySQL. + + ```shell + dnf remove mysql + ``` + +### Managing Database Users + +#### Creating Users + +Run the **CREATE USER** statement to create one or more users and set corresponding passwords. + +```pgsql +CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; +``` + +In the preceding information: + +- _username_: name of a user. +- _host_: hostname, that is, the name of the host where the user connects to the database. As a local user, you can set the parameter to **localhost**. If the host name is not specified during user creation, the host name is **%** by default, indicating a group of hosts. +- _password_: password for logging in to the server. The password can be null. If the password is null, the user can log in to the server without entering the password. This method, however, is not recommended because it provides low security. + +To use the **CREATE USER** statement, you must have the **INSERT** permission on the database or the global **CREATE USER** permission. + +After a user account is created using the **CREATE USER** statement, a record is added to the user table in the database. If the account to be created exists, an error will occur during statement execution. + +A new user has few permissions and can perform only operations that do not require permissions. For example, a user can run the **SHOW** statement to query the list of all storage engines and character sets. + +##### Example + + Create a local user whose password is **123456** and username is **userexample1**. + +```pgsql +> CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; +``` + + Create a user whose password is **123456**, username is **userexample2**, and hostname is **192.168.1.100**. + +```pgsql +> CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; +``` + +#### Viewing Users + +Run the **SHOW GRANTS** or **SELECT** statement to view one or more users. + +View a specific user: + +```pgsql +SHOW GRANTS [FOR 'username'@'hostname']; +``` + +```pgsql +SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; +``` + +View all users: + +```pgsql +SELECT USER,HOST FROM mysql.user; +``` + +In the preceding information: + +- _username_: name of a user. +- _hostname_: host name. + +##### Example + + View the user **userexample1**. + +```pgsql +> SHOW GRANTS FOR 'userexample1'@'localhost'; +``` + + View all users in the MySQL database. + +```pgsql +> SELECT USER,HOST FROM mysql.user; +``` + +#### Modifying Users + +##### Modifying a Username + +Run the **RENAME USER** statement to change one or more existing usernames. + +```pgsql +RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; +``` + +In the preceding information: + +- _oldusername_: original username. +- _newusername_: new username. +- _hostname_: host name. + +The **RENAME USER** statement is used to rename an existing account. If the original account does not exist in the system or the new account exists, an error will occur when the statement is executed. + +To use the **RENAME USER** statement, you must have the **UPDATE** permission on the database or the global **CREATE USER** permission. + +##### Example of Modifying a User + + Change the username **userexample1** to **userexample2** and change the hostname to **localhost**. + +```pgsql +> RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; +``` + +##### Modifying a User Password + +Use the **SET PASSWORD** statement to modify the login password of a user. + +```pgsql +SET PASSWORD FOR 'username'@'hostname' = 'newpassword'; +``` + +In the preceding information: + +- **FOR'**_username_**'@'**_hostname_**'**: specifies the username and hostname whose password is to be changed. This parameter is optional. +- _newpassword_: new password. + +If the **FOR** clause is not added to the **SET PASSWORD** statement, the password of the current user is changed. + +The **FOR** clause must be given in the format of **'**_username_**'@'**_hostname_**'**, where _username_ indicates the username of the account and _hostname_ indicates the hostname of the account. + +The account whose password is to be changed must exist in the system. Otherwise, an error occurs when the statement is executed. + +##### Example of Changing a User Password + + Change the password of user **userexample** whose hostname is **localhost** to **0123456**. + +```pgsql +> SET PASSWORD FOR 'userexample'@'localhost' = '0123456'; +``` + +#### Deleting Users + +Use the **DROP USER** statement to delete one or more user accounts and related permissions. + +```pgsql +DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']...; +``` + +> [!WARNING]CAUTION +> The deletion of users does not affect the tables, indexes, or other database objects that they have created, because the database does not record the accounts that have created these objects. + +The **DROP USER** statement can be used to delete one or more database accounts and their original permissions. + +To use the **DROP USER** statement, you must have the **DELETE** permission on the database or the global **CREATE USER** permission. + +In the **DROP USER** statement, if the hostname of an account is not specified, the hostname is **%** by default. + +##### Example + + Delete the local user **userexample**. + +```pgsql +> DROP USER 'userexample'@'localhost'; +``` + +#### Granting Permissions to a User + +Run the **GRANT** statement to grant permissions to a new user. + +```pgsql +GRANT privileges ON databasename.tablename TO 'username'@'hostname'; +``` + +In the preceding information: + +- **ON** clause: specifies the object and level on which the permission is granted. +- _privileges_: indicates the operation permissions of a user, such as **SELECT**, INSERT, and **UPDATE**. To grant all permissions to a user, use **ALL**. +- _databasename_: database name. +- _tablename_: table name. +- **TO** clause: sets the user password and specifies the user to whom the permission is granted. +- _username_: name of a user. +- _hostname_: host name. + +To grant the user the permission to operate all databases and tables, use asterisks \(\*\), for example, **\*.\***. + +If you specify a password for an existing user in the **TO** clause, the new password will overwrite the original password. + +If the permission is granted to a non-existent user, a **CREATE USER** statement is automatically executed to create the user, but the password must be specified for the user. + +##### Example + + Grant the **SELECT** and **INSERT** permissions to local user **userexample**. + +```pgsql +> GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; +``` + +#### Deleting User Permissions + +Run the **REVOKE** statement to delete the permissions of a user, but the user will not be deleted. + +```pgsql +REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; +``` + +The parameters in the **REVOKE** statement are the same as those in the **GRANT** statement. + +To use the **REVOKE** statement, you must have the global **CREATE USER** or **UPDATE** permission for the database. + +##### Example + + Delete the **INSERT** permission of local user **userexample**. + +```pgsql +> REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; +``` + +### Managing Databases + +#### Creating a Database + +Run the **CREATE DATABASE** statement to create a database. + +```pgsql +CREATE DATABASE databasename; +``` + +In the preceding command, _databasename_ can be replaced with the database name, which is case insensitive. + +##### Example + + Create a database named **databaseexample**. + +```pgsql +> CREATE DATABASE databaseexample; +``` + +#### Viewing a Database + +Run the **SHOW DATABASES** statement to view a database. + +```pgsql +SHOW DATABASES; +``` + +##### Example + + View all databases. + +```pgsql +> SHOW DATABASES; +``` + +#### Selecting a Database + +Generally, you need to select a target database before creating or querying a table. Use the **USE** statement to select a database. + +```pgsql +USE databasename; +``` + +In the preceding command, _databasename_ indicates the database name. + +##### Example + + Select the **databaseexample** database. + +```pgsql +> USE databaseexample; +``` + +#### Deleting a Database + +Run the **DROP DATABASE** statement to delete a database. + +> [!WARNING]CAUTION +> Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. + +```pgsql +DROP DATABASE databasename; +``` + +In the preceding command, _databasename_ indicates the database name. + +The **DROP DATABASE** command is used to delete an existing database. After this command is executed, all tables in the database are deleted, but the user permissions of the database are not automatically deleted. + +To use **DROP DATABASE**, you need the **DROP** permission on the database. + +**DROP SCHEMA** is a synonym of **DROP DATABASE**. + +##### Example + + Delete the **databaseexample** database. + +```pgsql +> DROP DATABASE databaseexample; +``` + +#### Backing Up a Database + +Run the **mysqldump** command as the **root** user to back up the database. + +Back up one or more tables: + +```shell +mysqldump [options] databasename [tablename ...] > outfile +``` + +Back up one or more databases: + +```shell +mysqldump [options] -databases databasename ... > outfile +``` + +Back up all databases: + +```shell +mysqldump [options] -all-databases > outputfile +``` + +In the preceding information: + +- _databasename_: database name. +- _tablename_: name of a data table. +- _outfile_: database backup file. +- _options_: parameter option of the **mysqldump** command. Multiple parameters can be separated by spaces. The common parameters of the **mysqldump** command are as follows: + - **-u, \-\-user**= _username_: specifies the username. + - **-p, \-\-password**\[= _password_\]: specifies the password. + - **-P, \-\-port**= _portnumber_: specifies the port number. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-r, \-\-result-file**= _filename_: saves the export result to a specified file, which is equivalent to **\>**. + - **-t**: backs up data only. + - **-d**: backs up the table structure only. + +##### Example + + Back up all the databases of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **alldb.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql +``` + + Back up the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql +``` + + Back up the tb1 table of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1tb1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql +``` + + Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql +``` + + Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql +``` + +#### Restoring a Database + +Run the **mysql** command as the **root** user to restore the database. + +Restore one or more tables: + +```shell +mysql -h hostname -P portnumber -u username -ppassword databasename < infile +``` + +In the preceding information: + +- _hostname_: host name. +- _portnumber_: port number. +- _username_: name of a user. +- _password_: password. +- _databasename_: database name. +- _infile_: **outfile** parameter in the **mysqldump** command. + +##### Example + + Restore a database. + +```shell +mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql +``` diff --git a/docs/en/server/administration/administrator/user_and_user_group_management.md b/docs/en/server/administration/administrator/user_and_user_group_management.md new file mode 100644 index 0000000000000000000000000000000000000000..43bdaaf683253b9929c1b58fee221c14785ba83b --- /dev/null +++ b/docs/en/server/administration/administrator/user_and_user_group_management.md @@ -0,0 +1,324 @@ +# User and User Group Management + +In Linux, each common user has an account, including the user name, password, and home directory. There are also special users created for specific purposes, and the most important special user is the admin account whose default user name is root. In addition, Linux provides user groups so that each user belongs to at least one group, facilitating permission management. + +The control of users and user groups is a core element of openEuler security management. This topic introduces the user and group management commands and explains how to assign privileges to common users in graphical user interface and on command lines. + +## Managing Users + +### Adding a User + +#### useradd Command + +Run the **useradd** command as the user **root** to add user information to the system. In the command, _options_ indicates related parameters and _username_ indicates the user name. + +```shell +useradd [options] username +``` + +#### User Information Files + +The following files contain user account information: + +- /etc/passwd: user account information +- /etc/shadow file: user account encryption information +- /etc/group file: group information +- /etc/default/useradd: default configurations +- /etc/login.defs: system wide settings +- /etc/skel: default directory that holds initial configuration files + +#### Example + +For example, to create a user named userexample, run the following command as the user **root**: + +```shell +useradd userexample +``` + +> [!NOTE]NOTE +> If no prompt is displayed, the user is successfully created. After the user is created, run the **passwd** command to assign a password to the user. A new account without a password will be banned. + +To view information about the new user, run the **id** command: + +```shell +$ id userexample +uid=502(userexample) gid=502(userexample) groups=502(userexample) +``` + +To change the password of the userexample, run the following command: + +```shell +passwd userexample +``` + +It is recommended that the new user password meet the complexity requirements. The password complexity requirements are as follows: + +1. A password must contain at least eight characters. +2. A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters. +3. A password must be different from the account name. +4. A password cannot contain words in the dictionary. + - Querying a dictionary + In the installed openEuler environment, you can run the following command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. + + ```shell + cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt + ``` + + - Modifying a dictionary + 1. Modify the exported dictionary library file, and then run the following command to update the dictionary library: + + ```shell + create-cracklib-dict dictionary.txt + ``` + + 2. Run the following command to add another dictionary file **custom.txt** to the original dictionary library. + + ```shell + create-cracklib-dict dictionary.txt custom.txt + ``` + +Then, enter the password and confirm it as prompted: + +```shell +$ passwd userexample +Changing password for user userexample. +New password: +Retype new password: +passwd: all authentication tokens updated successfully. +``` + +> [!NOTE]NOTE +> If the command output contains **BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic**, the password is too simple and needs to be reset. + +### Modifying a User Account + +#### Changing a Password + +Common users can change their passwords using the **passwd** command. Only the admin is allowed to use the **passwd username** command to change passwords for other users. + +#### Changing User's Login Shell + +Common users can use the **chsh** command to change their login shell. Only the admin is allowed to run the **chsh username** command to change login shell for other users. + +Users can also run the **usermod** command as the user **root** to modify the shell information. In the command, _new_shell_path_ indicates the target shell path, and _username_ indicates the user name to be modified. Change them based on the site requirements. + +```shell +usermod -s new_shell_path username +``` + +For example, to change the shell of userexample to csh, run the following command: + +```shell +usermod -s /bin/csh userexample +``` + +#### Changing the Home Directory + +- To change the home directory, run the following command as the user **root**. In the command, _new\_home\_directory_ indicates the created target home directory, and _username_ indicates the user name to be changed. Change them based on the site requirements. + + ```shell + usermod -d new_home_directory username + ``` + +- To move the content in the current home directory to a new one, run the usermod command with the -m option: + + ```shell + usermod -d new_home_directory -m username + ``` + +#### Changing a UID + +To change the user ID, run the following command as the user **root**. In the command, _UID_ indicates the target user ID and _username_ indicates the user name. Change them based on the site requirements. + +```shell +usermod -u UID username +``` + +The **usermod** command automatically changes the UID of the owner of files and directories under the user's home directory. However, for files outside the user's home directory, their owners can only be changed using the **chown** command. + +#### Changing Account Expiry Date + +If the shadow password is used, run the following command as the user **root** to change the validity period of an account. In the command, _MM_, _DD_, and _YY_ indicate the month, day, and year, respectively, and _username_ indicates the user name. Change them based on the site requirements. + +```shell +usermod -e MM/DD/YY username +``` + +### Deleting a User + +Run the **userdel** command as the user **root** to delete an existing user. + +For example, run the following command to delete user Test: + +```shell +userdel Test +``` + +If you also need to delete the user's home directory and all contents in the directory, run the **userdel** command with the -r option to delete them recursively. + +> [!NOTE]NOTE +> You are not advised to directly delete a user who has logged in to the system. To forcibly delete a user, run the **userdel -f** _Test_ command. + +### Granting Rights to a Common User + +The **sudo** command allows common users to execute commands that can be executed only by administrator accounts. + +The **sudo** command allows the user specified in the **/etc/sudoers** file to execute the administrator account commands. For example, an authorized common user can run: + +```shell +sudo /usr/sbin/useradd newuserl +``` + +The **sudo** command can specify a common user that has been added to the **/etc/sudoers** file to process tasks as required. + +The information configured in the **/etc/sudoers** file is as follows: + +- Blank lines or comment lines starting with **\#**: Have no specific functions. +- Optional host alias lines: Create the name of a host list. The lines must start with **Host\_Alias**. The host names in the list must be separated by commas \(,\). For example: + + ```shell + Host_Alias linux=ted1,ted2 + ``` + + **ted1** and **ted2** are two host names, which can be called **linux**. + +- Optional user alias lines: Create the name of a user list. The lines must start with **User\_Alias**. The user names in the list must be separated by commas \(,\). The user alias lines have the same format as the host alias lines. +- Optional command alias lines: Create the name of a command list. The lines must start with **Cmnd\_Alias**. The commands in the list must be separated by commas \(,\). +- Optional running mode alias lines: Create the name of a user list. The difference is that such alias can enable a user in the list to run the **sudo** command. +- Necessary declaration lines for user access: + + The declaration syntax for user access is as follows: + + ```shell + user host = [ run as user ] command list + ``` + + Set the user to a real user name or a defined user alias, and set the host to a real host name or a defined host alias. By default, all the commands executed by sudo are executed as user **root**. If you want to use another account, you can specify it. **command list** is either a command list separated by commas \(,\) or a defined command alias. For example: + + ```shell + ted1 ted2=/sbin/shutdown + ``` + + In this example, ted1 can run the shutdown command on ted2. + + ```shell + newuser1 ted1=(root) /usr/sbin/useradd,/usr/sbin/userdel + ``` + + This indicates that newuser1 on the ted1 host can run the **useradd** and **userdel** commands as the user **root**. + + > [!NOTE]NOTE + > - You can define multiple aliases in a line and separate them with colons \(:\). + > - You can add an exclamation mark \(!\) before a command or a command alias to make the command or the command alias invalid. + > - There are two keywords: ALL and NOPASSWD. ALL indicates all files, hosts, or commands, and NOPASSWD indicates that no password is required. + > - By modifying user access, you can change the access permission of a common user to be the same as that of the user **root**. Then, you can grant rights to the common user. + +The following is an example of the **sudoers** file: + +```text +#sudoers files +#User alias specification +User_Alias ADMIN=ted1:POWERUSER=globus,ted2 +#user privilege specification +ADMIN ALL=ALL +POWERUSER ALL=ALL,!/bin/su +``` + +In the preceding information: + +- User\_Alias ADMIN=ted1:POWERUSER=globus,ted2 + + Two aliases ADMIN and POWERUSER are defined. + +- ADMIN ALL=ALL + + ADMIN can run all commands as the user **root** on all hosts. + +- POWERUSER ALL=ALL,!/bin/su + + POWERUSER can run all commands except the **su** command as the user **root** on all hosts. + +## Managing User Groups + +### Adding a User Group + +#### groupadd Command + +Run the **groupadd** command as the **root** user to add user group information to the system. In the command, _options_ indicates related parameters and _groupname_ indicates the group name. + +```shell +groupadd [options] groupname +``` + +#### User Group Information Files + +The following files contain user group information: + +- /etc/gshadow file: user group encryption information +- /etc/group file: group information +- /etc/login.defs: system wide settings + +#### Example + +For example, to create a user group named groupexample, run the following command as the **root** user: + +```shell +groupadd groupexample +``` + +### Modifying a User Group + +#### Changing a GID + +To change the user group ID, run the following command as the **root** user. In the command, _GID_ indicates the target user group ID and _groupname_ indicates the user group name. Change them based on the site requirements. + +```shell +groupmod -g GID groupname +``` + +#### Changing a User Group Name + +To change the user group name, run the following command as the **root** user. In the command, _newgroupname_ indicates the user group new name and _oldgroupname_ indicates the user group name. Change them based on the site requirements. + +```shell +groupmod -n newgroupname oldgroupname +``` + +### Deleting a User Group + +Run the **groupdel** command as the **root** user to delete an existing user group. + +For example, run the following command to delete user group Test: + +```shell +groupdel Test +``` + +> [!NOTE]NOTE +> The user's primary group cannot be directly deleted. To forcibly delete a user's primary group, run the **groupdel -f** _Test_ command. + +### Adding a User to a Group or Removing a User from a Group + +Run the **gpasswd** command as the **root** user to add a user to a group or remove a user from a group. + +For example, run the following command to add the user userexample to the user group Test: + +```shell +gpasswd -a userexample Test +``` + +For example, run the following command to remove the user userexample from the user group Test: + +```shell +gpasswd -d userexample Test +``` + +### Changing the Current Group of a User to a Specified Group + +If a user belongs to multiple user groups, run the **newgrp** command to switch the user to another user group after logging in to the system. Then, the user has the permission of other user groups. + +For example, run the following command to change the current group of the user userexample to the user group Test: + +```shell +newgrp Test +``` diff --git a/docs/en/server/administration/administrator/using_dnf_to_manage_software_packages.md b/docs/en/server/administration/administrator/using_dnf_to_manage_software_packages.md new file mode 100644 index 0000000000000000000000000000000000000000..9790c9d0633b8b9ccfd5d8662ab404e9b1c1c769 --- /dev/null +++ b/docs/en/server/administration/administrator/using_dnf_to_manage_software_packages.md @@ -0,0 +1,474 @@ +# Using DNF to Manage Software Packages + +DNF is a Linux software package management tool used to manage RPM software packages. The DNF can query software package information, obtain software packages from a specified software library, automatically process dependencies to install or uninstall software packages, and update the system to the latest available version. + +> [!NOTE]NOTE +> +> - DNF is fully compatible with YUM and provides YUM-compatible command lines and APIs for extensions and plug-ins. +> - You must have the administrator rights to use the DNF. All commands in this chapter must be executed by the administrator. + +## Configuring the DNF + +### The DNF Configuration File + +The main configuration file of the DNF is **/etc/dnf/dnf.conf** which consists of two parts: + +- The **main** part in the file stores the global settings of the DNF. + +- The **repository** part in the file stores the settings of the software source. You can add zero or more **repository** sections to the file. + +In addition, the **/etc/yum.repos.d** directory stores zero or more repo source files, which define different repositories. + +You can configure a software source by either directly configuring the **/etc/dnf/dnf.conf** file or configuring the .repo file in the **/etc/yum.repos.d** directory. + +#### Configuring the main Part + +The **/etc/dnf/dnf.conf** file contains the **main** part. The following is an example of the configuration file: + +```text +[main] +gpgcheck=1 +installonly_limit=3 +clean_requirements_on_remove=True +best=True +``` + +Common options are as follows: + +**Table 1** main parameter description + + + +| Parameter | Description | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| cachedir | Cache directory for storing RPM packages and database files. | +| keepcache | The options are 1 and 0, indicating whether to cache the RPM packages and header files that have been successfully installed. The default value is 0, indicating that the RPM packages and header files are not cached. | +| debuglevel | Sets debugging information generated by the DNF. The value ranges from 0 to 10. A larger value indicates more detailed debugging information. The default value is 2. The value 0 indicates that the debug information is not displayed. | +| clean\_requirements\_on\_remove | Deletes the dependency items that are no longer used during DNF removal. If the software package is installed through the DNF instead of the explicit user request, the software package can be deleted only through clean\_requirements\_on\_remove, that is, the software package is introduced as a dependency item. The default value is **True**. | +| best | The system always attempts to install the latest version of the upgrade package. If the latest version cannot be installed, the system displays the cause and stops the installation. The default value is **True**. | +| obsoletes | The options are **1** and **0**, indicating whether to allow the update of outdated RPM packages. The default value is 1, indicating that the update is allowed. | +| gpgcheck | The options are **1** and **0**, indicating whether to perform GPG verification. The default value is **1**, indicating that verification is required. | +| plugins | The options are **1** and **0**, indicating that the DNF plug-in is enabled or disabled. The default value is **1**, indicating that the DNF plug-in is enabled. | +| installonly\_limit | Sets the number of packages that can be installed at the same time by running the **installonlypkgs** command. The default value is 3. You are advised not to decrease the value. | + +#### Configuring the repository Part + +The repository part allows you to customize openEuler software source repositories. The name of each repository must be unique. Otherwise, conflicts may occur. You can configure a software source by either directly configuring the **/etc/dnf/dnf.conf** file or configuring the .repo file in the **/etc/yum.repos.d** directory. + +- Configuring the **/etc/dnf/dnf.conf** file + + The following is a minimum configuration example of the \[repository\] section: + + ```text + [repository] + name=repository_name + baseurl=repository_url + ``` + + > [!NOTE]NOTE + > openEuler provides an online image source at [https://repo.openeuler.org/](https://repo.openeuler.org/). For example, if the openEuler 23.09 version is aarch64, the **baseurl** can be set to . + + Common options are as follows: + + **Table 2** repository parameter description + + +| Parameter | Description | +|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| name=repository_name | Name string of a software repository. | +| baseurl=repository_url | Address of the software repository.
- Network location using the HTTP protocol, for example, `http://path/to/repo`
- Network location using the FTP protocol, for example, `ftp://path/to/repo`
- Local path: for example, `file:///path/to/local/repo` | + +- Configuring the .repo file in the **/etc/yum.repos.d** directory + openEuler provides multiple repo sources for users online. For details about the repo sources, see [OS Installation](../../releasenotes/releasenotes/os_installation.md). + + For example, run the following command as the **root** user to add the openeuler repo source to the openEuler.repo file. + + ```shell + vi /etc/yum.repos.d/openEuler.repo + ``` + + ```text + [OS] + name=openEuler-$releasever-OS + baseurl=https://repo.openeuler.org/openEuler-{version}/OS/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=https://repo.openeuler.org/openEuler-23.09/OS/$basearch/RPM-GPG-KEY-openEuler + ``` + + > [!NOTE]NOTE + > + > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. + > - **gpgkey** is the public key used to verify the signature. + +#### Displays the Current Configuration + +- To display the current configuration information, run the following command: + + ```shell + dnf config-manager --dump + ``` + +- To display the configuration of a software source, query the repo id: + + ```shell + dnf repolist + ``` + + Run the following command to display the software source configuration of the corresponding ID. In the command, _repository_ indicates the repository ID. + + ```shell + dnf config-manager --dump repository + ``` + +- You can also use a global regular expression to display all matching configurations. + + ```shell + dnf config-manager --dump glob_expression + ``` + +### Creating a Local Software Repository + +To create a local repository of software sources, perform the following steps. + +1. Install the createrepo software package. Run the following command as the root user: + + ```shell + dnf install createrepo + ``` + +2. Copy the required software packages to a directory, for example, **/mnt/local\_repo/**. +3. Run the following command to create a software source: + + ```shell + createrepo /mnt/local_repo + ``` + +### Adding, Enabling, and Disabling Software Sources + +This section describes how to add, enable, and disable the software source repository by running the **dnf config-manager** command. + +#### Adding Software Source + +To define a new software repository, you can add the repository part to the **/etc/dnf/dnf.conf** file or add the .repo file to the **/etc/yum.repos.d/** directory. You are advised to add the .repo file. Each software source has its own .repo file. The following describes how to add the .repo file. + +To add such a source to your system, run the following command as the user **root**. After the command is executed, the corresponding .repo file is generated in the **/etc/yum.repos.d/** directory. In the command, _repository\_url_ indicates the repo source address. For details, see [Table 2](#en-us_topic_0151921080_t7c83ace02ab94e9986c0684f417e3436). + +```shell +dnf config-manager --add-repo repository_url +``` + +#### Enabling a Software Repository + +To enable the software source, run the following command as the user **root**. In the command, _repository_ indicates the repository ID in the new .repo file. You can run the **dnf repolist** command to query the repository ID. + +```shell +dnf config-manager --set-enable repository +``` + +You can also use a global regular expression to enable all matching software sources. In the command, _glob\_expression_ indicates the regular expression used to match multiple repository IDs. + +```shell +dnf config-manager --set-enable glob_expression +``` + +#### Disabling a Software Repository + +To disable a software source, run the following command as the user **root**: + +```shell +dnf config-manager --set-disable repository +``` + +You can also use a global regular expression to disable all matching software sources. + +```shell +dnf config-manager --set-disable glob_expression +``` + +## Managing Software Package + +The DNF enables you to query, install, and delete software packages. + +### Searching for Software Packages + +You can search for the required RPM package by its name, abbreviation, or description. The command is as follows: + +```shell +dnf search httpd # httpd is used as an example. +``` + +### Listing Software Packages + +To list all installed and available RPM packages in the system, run the following command: + +```shell +dnf list all +``` + +To list a specific RPM package in the system, run the following command: + +```shell +dnf list httpd # httpd is used as an example. +``` + +### Displaying RPM Package Information + +To view information about one or more RPM packages, separate package names using spaces: + +```shell +dnf info httpd zip # httpd and zip are used as an example. +``` + +### Installing an RPM Package + +To install a software package and all its dependencies that have not been installed, run the following command as the user **root**: + +```shell +dnf install package_name +``` + +You can also add software package names to install multiple software packages at the same time. Add the **strict=False** parameter to the **/etc/dnf/dnf.conf** configuration file and run the **dnf** command with `--setopt=strict=0`. Run the following command as the user **root**: + +```shell +dnf install package_name package_name... --setopt=strict=0 +``` + +The following is an example: + +```shell +dnf install httpd +``` + +> [!NOTE]NOTE +> If the RPM package fails to be installed, see [Installation Failure Caused by Software Package Conflict, File Conflict, or Missing Software Package](./faqs_and_solutions.md#issue-5-installation-failure-caused-by-software-package-conflict-file-conflict-or-missing-software-package). + +### Downloading Software Packages + +To download the software package using the DNF, run the following command as the user **root**: + +```shell +dnf download package_name +``` + +If you need to download the dependency packages that are not installed, add **\-\-resolve**. The command is as follows: + +```shell +dnf download --resolve package_name +``` + +The following is an example: + +```shell +dnf download --resolve httpd +``` + +### Deleting a Software Package + +To uninstall the software package and related dependent software packages, run the following command as the user **root**: + +```shell +dnf remove package_name... +``` + +The following is an example: + +```shell +dnf remove totem +``` + +## Managing Software Package Groups + +A software package set is a group of software packages that serve a common purpose, for example, a system tool set. You can use the DNF to install or delete software package groups, improving operation efficiency. + +### Listing Software Package Groups + +The summary parameter can be used to list the number of all installed software package groups, available groups, and available environment groups in the system. The command is as follows: + +```shell +dnf groups summary +``` + +The following is an example: + +```shell +$ dnf groups summary +Last metadata expiration check: 0:11:56 ago on Sat 17 Aug 2019 07:45:14 PM CST. +Available Groups: 8 +``` + +To list all software package groups and their group IDs, run the following command: + +```shell +dnf group list +``` + +The following is an example: + +```shell +$ dnf group list +Last metadata expiration check: 0:10:32 ago on Sat 17 Aug 2019 07:45:14 PM CST. +Available Environment Groups: + Minimal Install + Custom Operating System + Server +Available Groups: + Development Tools + Graphical Administration Tools + Headless Management + Legacy UNIX Compatibility + Network Servers + Scientific Support + Security Tools + System Tools +``` + +### Displaying the Software Package Group Information + +To list the mandatory and optional packages contained in a software package group, run the following command: + +```shell +dnf group info glob_expression... +``` + +The following is an example of displaying the Development Tools information: + +```shell +$ dnf group info "Development Tools" +Last metadata expiration check: 0:14:54 ago on Wed 05 Jun 2019 08:38:02 PM CST. + +Group: Development Tools + Description: A basic development environment. + Mandatory Packages: + binutils + glibc-devel + make + pkgconf + pkgconf-m4 + pkgconf-pkg-config + rpm-sign + Optional Packages: + expect +``` + +### Installation Software Package Group + +Each software package group has its own name and corresponding group ID. You can use the software package group name or its ID to install the software package. + +To install a software package group, run the following command as the user **root**: + +```shell +dnf group install group_name +``` + +```shell +dnf group install groupid +``` + +For example, to install the software package group of Development Tools, run the following command: + +```shell +dnf group install "Development Tools" +``` + +```shell +dnf group install development +``` + +### Deleting a Software Package Group + +To uninstall a software package group, you can use the group name or ID to run the following command as the user **root**: + +```shell +dnf group remove group_name +``` + +```shell +dnf group remove groupid +``` + +For example, to delete the software package group of Development Tools, run the following command: + +```shell +dnf group remove "Development Tools" +``` + +```shell +dnf group remove development +``` + +## Check and Update + +You can use the DNF to check whether any software package in your system needs to be updated. You can use the DNF to list the software packages to be updated. You can choose to update all packages at a time or update only specified packages. + +### Checking for Update + +To list all currently available updates, run the following command: + +```shell +dnf check-update +``` + +The following is an example: + +```shell +$ dnf check-update +Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:28:07 PM CST. + +anaconda-core.aarch64 19.31.123-1.14 updates +anaconda-gui.aarch64 19.31.123-1.14 updates +anaconda-tui.aarch64 19.31.123-1.14 updates +anaconda-user-help.aarch64 19.31.123-1.14 updates +anaconda-widgets.aarch64 19.31.123-1.14 updates +bind-libs.aarch64 32:9.9.4-29.3 updates +bind-libs-lite.aarch64 32:9.9.4-29.3 updates +bind-license.noarch 32:9.9.4-29.3 updates +bind-utils.aarch64 32:9.9.4-29.3 updates +... +``` + +### Upgrade + +To upgrade a single software package, run the following command as the user **root**: + +```shell +dnf update package_name +``` + +For example, to upgrade the RPM package, run the following command: + +```shell +$ dnf update anaconda-gui.aarch64 +Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:30:27 PM CST. +Dependencies Resolved +================================================================================ + Package Arch Version Repository Size +================================================================================ +Updating: + anaconda-gui aarch64 19.31.123-1.14 updates 461 k + anaconda-core aarch64 19.31.123-1.14 updates 1.4 M + anaconda-tui aarch64 19.31.123-1.14 updates 274 k + anaconda-user-help aarch64 19.31.123-1.14 updates 315 k + anaconda-widgets aarch64 19.31.123-1.14 updates 748 k + +Transaction Summary +================================================================================ +Upgrade 5 Package + +Total download size: 3.1 M +Is this ok [y/N]: +``` + +Similarly, to upgrade a software package group, run the following command as the user **root**: + +```shell +dnf group update group_name +``` + +### Updating All Packages and Their Dependencies + +To update all packages and their dependencies, run the following command as the user **root**: + +```shell +dnf update +``` diff --git a/docs/en/server/administration/administrator/viewing_system_information.md b/docs/en/server/administration/administrator/viewing_system_information.md new file mode 100644 index 0000000000000000000000000000000000000000..350816bcc2b399cf37456a0aa39e0de81c558b20 --- /dev/null +++ b/docs/en/server/administration/administrator/viewing_system_information.md @@ -0,0 +1,45 @@ +# Viewing System Information + +- View the system information. + + ```shell + cat /etc/os-release + ``` + + For example, the command and output are as follows: + + ```shell + $ cat /etc/os-release + NAME="openEuler" + VERSION="21.09" + ID="openEuler" + VERSION_ID="21.09" + PRETTY_NAME="openEuler 21.09" + ANSI_COLOR="0;31" + ``` + +- View system resource information. + + Run the following command to view the CPU information: + + ```shell + # lscpu + ``` + + Run the following command to view the memory information: + + ```shell + free + ``` + + Run the following command to view the disk information: + + ```shell + fdisk -l + ``` + +- View the real-time system resource information. + + ```shell + top + ``` diff --git a/docs/en/server/administration/compa_command/_toc.yaml b/docs/en/server/administration/compa_command/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..672975b096bbd39dde9631dbf52842528ff7f597 --- /dev/null +++ b/docs/en/server/administration/compa_command/_toc.yaml @@ -0,0 +1,11 @@ +label: Compatibility Commands +isManual: true +description: The shell and Linux commands, rebuilt using Rust, maintain compatibility with native Linux commands. +sections: + - label: Compatibility Commands + href: ./overview.md + sections: + - label: utshell User Guide + href: ./utshell_guide.md + - label: utsudo User Guide + href: ./utsudo_user_guide.md diff --git a/docs/en/server/administration/compa_command/figures/-e.png b/docs/en/server/administration/compa_command/figures/-e.png new file mode 100644 index 0000000000000000000000000000000000000000..593e3e0b8a25e35a0fd7586627ab0a7b21769096 Binary files /dev/null and b/docs/en/server/administration/compa_command/figures/-e.png differ diff --git a/docs/en/server/administration/compa_command/figures/-k.png b/docs/en/server/administration/compa_command/figures/-k.png new file mode 100644 index 0000000000000000000000000000000000000000..0ab440bf2d475b3648947c8e874b442a2775c764 Binary files /dev/null and b/docs/en/server/administration/compa_command/figures/-k.png differ diff --git a/docs/en/server/administration/compa_command/figures/-l.png b/docs/en/server/administration/compa_command/figures/-l.png new file mode 100644 index 0000000000000000000000000000000000000000..66c9d4920f4ac9f8755a4720a5984df454897ed6 Binary files /dev/null and b/docs/en/server/administration/compa_command/figures/-l.png differ diff --git a/docs/en/server/administration/compa_command/figures/grep.png b/docs/en/server/administration/compa_command/figures/grep.png new file mode 100644 index 0000000000000000000000000000000000000000..bda07ec516b51bb34553a3686a7b231451f9493f Binary files /dev/null and b/docs/en/server/administration/compa_command/figures/grep.png differ diff --git a/docs/en/server/administration/compa_command/figures/install.png b/docs/en/server/administration/compa_command/figures/install.png new file mode 100644 index 0000000000000000000000000000000000000000..f5f5af55c17d00ff4dc314f9f365d74e7b0b27f0 Binary files /dev/null and b/docs/en/server/administration/compa_command/figures/install.png differ diff --git a/docs/en/server/administration/compa_command/media/media/image1.png b/docs/en/server/administration/compa_command/media/media/image1.png new file mode 100644 index 0000000000000000000000000000000000000000..feff5b7bae51f432b5a8a05828295ace5b2f616d Binary files /dev/null and b/docs/en/server/administration/compa_command/media/media/image1.png differ diff --git a/docs/en/server/administration/compa_command/media/media/image2.png b/docs/en/server/administration/compa_command/media/media/image2.png new file mode 100644 index 0000000000000000000000000000000000000000..c241e9356595daf58732a25a2bb31cd0a75bd027 Binary files /dev/null and b/docs/en/server/administration/compa_command/media/media/image2.png differ diff --git a/docs/en/server/administration/compa_command/media/media/image3.png b/docs/en/server/administration/compa_command/media/media/image3.png new file mode 100644 index 0000000000000000000000000000000000000000..f00123d7b8553d8b7c374c7a0becd4269a663084 Binary files /dev/null and b/docs/en/server/administration/compa_command/media/media/image3.png differ diff --git a/docs/en/server/administration/compa_command/media/media/image4-1.png b/docs/en/server/administration/compa_command/media/media/image4-1.png new file mode 100644 index 0000000000000000000000000000000000000000..4e857746422ed7d794e0e06ee379be30e1222443 Binary files /dev/null and b/docs/en/server/administration/compa_command/media/media/image4-1.png differ diff --git a/docs/en/server/administration/compa_command/media/media/image4-2.png b/docs/en/server/administration/compa_command/media/media/image4-2.png new file mode 100644 index 0000000000000000000000000000000000000000..c840b1752fbe485854d0ef8bc22eb896055538f7 Binary files /dev/null and b/docs/en/server/administration/compa_command/media/media/image4-2.png differ diff --git a/docs/en/server/administration/compa_command/overview.md b/docs/en/server/administration/compa_command/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..28f0e23eb6713c9bb5077e567119eb0ee6fca531 --- /dev/null +++ b/docs/en/server/administration/compa_command/overview.md @@ -0,0 +1,3 @@ +# Compatibility Commands + +This document describes the shell and Linux commands re-written in the Rust language. These commands can be used on openEuler and is compatible with native Linux commands. diff --git a/docs/en/server/administration/compa_command/utshell_guide.md b/docs/en/server/administration/compa_command/utshell_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..79e81347c8a461ff08f4c95f7c91ff055c029e6c --- /dev/null +++ b/docs/en/server/administration/compa_command/utshell_guide.md @@ -0,0 +1,200 @@ +# utshell User Guide + +## Introduction + +utshell is a shell compatible with Bash, capable of executing basic built-in commands and starting external commands. It also implements functions such as task, pipe, and signal processing. + +## Installation and Uninstallation + +### Installing utshell + +Run the `rpm` command to install utshell. Assume that openEuler 23.09 is used. + +![](./media/media/image1.png) + +Enter **y** as prompted to install. + +![](./media/media/image2.png) + +### Uninstalling utshell + +Run `rpm -e utshell` to uninstall utshell. + +```shell +rpm -e utshell +``` + +![](./media/media/image3.png) + +## Usage + +### Using Common Commands + +In the utshell environment, enter a command to execute. + +utshell has the following built-in commands: + +![](./media/media/image4-1.png) +![](./media/media/image4-2.png) + +### Defining and Using Variables + +#### Defining a Variable + +Use **=** to define a variable. No space is allowed in the expression. + +```shell +var=4 +``` + +#### Using a Variable + +```shell +echo ${var} +``` + +### Defining and Using Arrays + +#### Defining an Array + +```shell +distros=(ubuntu fedora suse "arch linux") +``` + +#### Using an Array + +```shell +echo ${distros[2]} +``` + +### Defining and Using Functions + +#### Defining a Function + +```shell +func() { echo $1; } +``` + +#### Using a Function + +```shell +func 1 +``` + +#### Passing Parameters to a Function + +When calling a function, use a space to separate the function and the parameters. + +```shell +func firstParam secondParam +``` + +In the function body, use **${number}** to represent the parameters, for example, $1 for the first parameter and $2 for the second parameter. For the tenth and subsequent parameters, the number must be enclosed in braces. + +```shell +func() { +echo $1 ${10} # Ten parameters are required. +} +# Call the function. +func 1 2 3 4 5 6 7 8 9 0 +``` + +### Using Logical Conditions + +#### if + +The syntax is as follows: + +```shell +if condition; then +do-if-true; +elif second-condition; then +do-else-if-true +elif third-condition; then +do-else-if-third-true +else +do-else-false +fi +``` + +**condition** can be a command, for example: + +```shell +if [ "$s" = "string" ]; then +echo "string is equivalent to $s" +else +echo "string is not equivalent to $s" +fi +``` + +**condition** can also be a conditional operator. + +Some conditional operators are as follows. + +```shell +-f: Checks whether a file exists and is a regular file. +-d: Checks whether the provided argument is a directory. +-h: Checks whether the provided argument is a symbolic link. +-s: Checks whether a file exists and is not empty. +-r: Checks whether a file is readable. +-w: Checks whether a file is writable. +-x: Checks whether a file is executable. +``` + +The following conditional operators can be used for comparing numbers. + +```shell +-lt: less than +-gt: greater than +-ge: greater than or equal to +-le: less than or equal to +-ne: not equal to +``` + +The following conditional operators can be used for comparing strings. + +```shell +==: Whether two strings are identical. +=: Whether two strings are identical (same as ==). +!=: Whether two strings are different. +-z: Returns true if the string is empty. +-n: Returns true if the string length is not 0. +``` + +### Using Loops + +#### for + +```shell +for number in 1 2 3 4 5 +do +echo $number +done +# When used with a list: +for number in {1..500..2} +do +echo $number +done +``` + +**{1..500..2}** indicates that the start number is 1, the end number is 500 (included), and the step is 2. + +#### until + +```shell +until [condition]; do +commands +done +``` + +When the condition is true, the loop is executed. + +#### while + +```shell +while [ condition ]; do +commands +done +``` + +When the condition is true, the loop is executed. diff --git a/docs/en/server/administration/compa_command/utsudo_user_guide.md b/docs/en/server/administration/compa_command/utsudo_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..1f7f06a10728cab21657f2675f6dd790d0857f43 --- /dev/null +++ b/docs/en/server/administration/compa_command/utsudo_user_guide.md @@ -0,0 +1,79 @@ +# utsudo User Guide + +This document describes how to install and use utsudo. utsudo is fully compatible with sudo in terms of parameter functions and plug-in usage, greatly reducing users' learning costs. + +This document is intended for utsudo developers, testers, and common users. + +## utsudo Introduction + +The utsudo project was initiated in June 2022. It aims to reconstruct sudo using the Rust language. utsudo is an efficient, secure, and flexible privilege escalation tool. The modules of utsudo include the common tool library, overall framework, and plug-in functions. + +## utsudo Installation + +In version 0.0.4, some files of utsudo conflict with those of sudo. Therefore, you need to use `yumdownloader` to download the binary RPM package of utsudo, and then run `rpm` to install the package with conflicts allowed. + +Run `yumdownloader utsudo` to download the utsudo binary RPM package. + +Then, run `sudo rpm -ivh utsudo-0.0.1-0.04.x86_64.rpm --replacefiles` to install utsudo. The execution process is as follows. + +![](./figures/install.png) + +After the installation is complete, run `rpm -qa | grep utsudo` to check whether utsudo is properly installed, as shown in the following figure. + +![](./figures/grep.png) + +As shown in the preceding figure, utsudo has been installed and the version is **0.0.1-0.04**. + +utsudo will be continuously updated in the future. + +## utsudo Usage + +`utsudo` has various options. Some options are as follows. You can run `utsudo -h` for details. + +```shell +-e, --edit Edit a file instead of running a command. +-k, --reset-timestamp Invalidate the timestamp file. +-l, --list List user privileges or check a specific command. Use the option twice for the longer format. +``` + +### `-e` + +The `-e` option is used to edit files. + +`utsudo -e` is equivalent to `sudoedit`. When the command is executed, a common user is used to edit a file. A file in the writable directory of the calling user cannot be edited unless the user is **root**. + +In a directory on which the current user does not have write permission, a file **test.txt** exists on which the current user does not have write permission. When you edit the **test.txt** file as a common user, a message is displayed indicating that you do not have the permission. You can run `utsudo -e` to edit the file. The following figure shows the execution process. + +![](./figures/-e.png) + +As shown in the figure, the content of the **test.txt** file is successfully modified. (**utsudo -e is okay!!** was added in the editor.) + +### `-k` + +The `-k` option invalidates the timestamp. + +By default, you need to enter the password when you run the `utsudo` command for the first time and every five minutes. The `-k` parameter forces the user to enter the password the next time the `utsudo` command is executed. + +![](./figures/-k.png) + +By default, you do not need to enter the password for five minutes after running `utsudo` for the first time. + +However, as shown in the figure, the `utsudo -k` command invalidates the timestamp of the `utsudo` command. + +### `-l` + +The `-l` option displays the commands that the current user can execute by using `utsudo`. + +The execution process is as follows: + +![](./figures/-l.png) + +As shown in the figure, the **test** user can run the following commands: + +```shell +(ALL) ALL +``` + +That is, all commands can be executed by user **test**, indicating that the **/etc/sudoers** file does not restrict the user. + +This section briefly describes how to use `utsudo`. Other functions and options of utsudo are not listed. diff --git a/docs/en/server/administration/sysmaster/_toc.yaml b/docs/en/server/administration/sysmaster/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..96491f65a86350363ed8718f0543c7fe2d6f4872 --- /dev/null +++ b/docs/en/server/administration/sysmaster/_toc.yaml @@ -0,0 +1,20 @@ +label: sysMaster User Guide +isManual: true +description: Server and device management using sysMaster +sections: + - label: Overview + href: ./overview.md + - label: Service Management + href: ./service_management.md + sections: + - label: Installation and Deployment + href: ./sysmaster_install_deploy.md + - label: Usage Instructions + href: ./sysmaster_usage.md + - label: Device Management + href: ./device_management.md + sections: + - label: Installation and Deployment + href: ./devmaster_install_deploy.md + - label: Usage Instructions + href: ./devmaster_usage.md diff --git a/docs/en/server/administration/sysmaster/device_management.md b/docs/en/server/administration/sysmaster/device_management.md new file mode 100644 index 0000000000000000000000000000000000000000..0000f4c4ff28be245e065065cc5cb34ced0127d3 --- /dev/null +++ b/docs/en/server/administration/sysmaster/device_management.md @@ -0,0 +1,14 @@ +# Device Management + +The device manager is a bridge between user-mode software and underlying physical devices, supporting the operation of key base software such as lvm2 and NetworkManager. As the device management component of sysMaster, devmaster supports quick startup of sysMaster and ecosystem compatibility of user-mode software. In addition, devmaster provides layered, decoupled, and scalable device management capabilities for common OSs based on the summary and contemplation of mainstream Linux device management solutions. + +devmaster consists of a daemon, a client tool, and a dynamic library. The devmaster daemon utilizes kernel mechanisms such as netlink, inotify, and sysfs to monitor device events and trigger rule processing tasks. The `devctl` client tool and **libs** dynamic library provide a set of CLI commands and public interfaces for debugging rules, controlling daemons, and querying device status. The following figure shows the overall architecture of devmaster. + +**Figure 1 devmaster overall architecture** +![devmaster_architecture](./figures/devmaster_architecture.png) + +devmaster is written in the Rust language to ensure memory safety. The core functions of devmaster are as follows: + +1. Event-driven operations: The queue cache and worker pool mechanisms are used to meet the requirements of highly concurrent device events. In addition, user-mode processes can be dynamically notified of the readiness of devices. +2. Separation of mechanisms and policies: Device processing logic is defined as rules rather than hard-coded in service code, allowing for on-demand customization and flexible combination. +3. Ecosystem compatibility: devmaster is compatible with the udev syntax and udev user-mode broadcast protocol. Existing services can be migrated to the devmaster environment with low costs. diff --git a/docs/en/server/administration/sysmaster/devmaster_install_deploy.md b/docs/en/server/administration/sysmaster/devmaster_install_deploy.md new file mode 100644 index 0000000000000000000000000000000000000000..e12ac33f71bd262de3d8df12c51fbeebecc9b682 --- /dev/null +++ b/docs/en/server/administration/sysmaster/devmaster_install_deploy.md @@ -0,0 +1,68 @@ +# Installation and Deployment + +Currently, devmaster can be used in the VM environment. This section describes the requirements and procedure of devmaster installation and deployment. + +## Software + +* OS: openEuler 23.09 + +## Hardware + +* x86_64 or AArch64 architecture + +## Installation and Deployment + +1. Run the following `yum` command to install the sysmaster-devmaster package: + + ```shell + # yum install sysmaster-devmaster + ``` + +2. Run the following commands to create the default rule file **/etc/devmaster/rules.d/99-default.rules** and the daemon configuration file **/etc/devmaster/config.toml**: + + ```shell + # mkdir -p /etc/devmaster/rules.d + # mkdir -p /etc/devmaster/network.d + # echo "TAG+=\"devmaster\"" > /etc/devmaster/rules.d/99-default.rules + # cat << EOF > /etc/devmaster/config.toml + log_level = "info" + rules_d = ["/etc/devmaster/rules.d"] + network_d = ["/etc/devmaster/network.d"] + max_workers = 1 + log_targets = ["console"] + EOF + ``` + +3. Run the following commands to start the devmaster daemon and export logs to the **/tmp/devmaster.log** file: + + ```shell + # /lib/devmaster/devmaster &>> /tmp/devmaster.log & + ``` + + > ![Note](./public_sys-resources/icon-note.gif)**Note:** + > + > devmaster must be started with the root privilege and cannot be running with udev at the same time. Before starting devmaster, stop the udev service. + > + > If udev is started by sysMaster, run the following command: + + ```shell + # sctl stop udevd.service udevd-control.socket udevd-kernel.socket + ``` + + > If udev is started by systemd, run the following command: + + ```shell + # systemctl stop systemd-udevd.service systemd-udevd systemd-udevd-kernel.socket systemd-udevd-control.socket + ``` + +4. Run the following command to use the `devctl` tool to trigger a device event: + + ```shell + # devctl trigger + ``` + +5. Check the **/run/devmaster/data/** directory. If the device database is generated, the deployment is successful. + + ```shell + # ll /run/devmaster/data/ + ``` diff --git a/docs/en/server/administration/sysmaster/devmaster_usage.md b/docs/en/server/administration/sysmaster/devmaster_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..ac3fc1cf5be0cd8a5a267010a56edb651ffb3ecd --- /dev/null +++ b/docs/en/server/administration/sysmaster/devmaster_usage.md @@ -0,0 +1,254 @@ +# Usage Instructions + +This section describes how to use devmaster, covering daemon configuration, client tool, rule usage, and NIC configuration. + +## Daemon Configuration + +After being started, the devmaster daemon reads the configuration file, adjusts the log level, and sets the rule path based on the configuration file. devmaster has a unique configuration file **/etc/devmaster/config.toml**, which is in TOML format. + +### Configuration Items + +The devmaster configuration file supports the following configuration items: + +- **rules_d**: Rule path. The default value is **\["/etc/devmaster/rules.d"]**. If this item is not specified, there is no default path. Currently, devmaster does not support rule loading priorities. Rule files with the same name in different rule paths will not conflict with each other. Rule files are loaded in the sequence specified by **rules_d**. Rule files in the same directory are loaded in the lexicographical sequence. +- **max_workers**: Maximum number of concurrent worker threads. If this item is not specified, the default value **3** is used. +- **log_level**: Log level. The value can be **debug** or **info**. If this parameter is not specified, the default value **info** is used. +- **network_d**: NIC configuration path. The default value is **\["/etc/devmaster/network.d"]**. If this parameter is not specified, there is no default path. NIC configurations control the behavior of the `net_setup_link` command of devmaster. For details, see [NIC Configuration](#nic-configuration). + +## Client Tool + +`devctl` is the client tool of the devmaster daemon. It is used to control devmaster behaviors, simulate device events, and debug rules. + + ```shell + # devctl --help + devmaster 0.5.0 + parse program arguments + + USAGE: + devctl + + OPTIONS: + -h, --help Print help information + -V, --version Print version information + + SUBCOMMANDS: + monitor Monitor device events from kernel and userspace + kill Kill all devmaster workers + test Send a fake device to devmaster + trigger Trigger a fake device action, then the kernel will report an uevent + test-builtin Test builtin command on a device + help Print this message or the help of the given subcommand(s) + ``` + +Command options: + + `-h, --help`: Displays help information. + + `-V, --version`: Displays version information. + + ``: Subcommand to be executed, including `monitor`, `trigger`, and `test-builtin`. + +The following sections describe the three frequently used subcommands, which are used to monitor device events, trigger device events, and test built-in commands. + +### Monitoring Device Events + +Monitor uevent events reported by the kernel and events sent after devmaster processes devices, which are prefixed with **KERNEL** and **USERSPACE**, respectively. The command is as follows: + + ```shell + # devctl monitor [OPTIONS] + ``` + +Command options: + + `-h, --help`: Displays help information. + +### Triggering Device Events + +Simulate a device action to trigger a kernel uevent event. This operation is used to replay coldplug device events during kernel initialization. The command is as follows: + + ```shell + # devctl trigger [OPTIONS] [DEVICES...] + ``` + +Command options: + + `-h, --help`: Displays help information. + + `-a, --action `: Action type of a device event. + + `-t, --type `: Type of the device to be searched for. The value can be **devices** or **subsystems**. + + `-v, --verbose`: Prints the found devices. + + `-n, --dry-run`: Does not trigger device events. This option can be used together with `--verbose` to view the list of devices in the system. + + `[DEVICES...]`: Devices for which events are triggered. If this item is left blank, events of all devices in the system are triggered. + +### Testing Built-in Commands + +Test the effect of a built-in command on a device. The command is as follows: + + ```shell + # devctl test-builtin [OPTIONS] + ``` + +Command options: + + `-a, --action `: Action type of a device event. The value can be **add**, **change**, **remove**, **move**, **online**, **offline**, **bind**, or **unbind**. + + `-h, --help`: Displays help information. + + ``: Built-in command to be executed. The value can be **blkid**, **input_id**, **kmod**, **net_id**, **net_setup_link**, **path_id**, or **usb_id**. + + ``: Sysfs path of the device. + +## Rule Usage + +devmaster rules consist of a group of rule files. After the devmaster daemon is started, it loads the rule files in lexicographic order based on the rule path specified in the configuration file. + +> ![Note](./public_sys-resources/icon-note.gif)**Note:** +> +> After adding, deleting, or modifying a rule, you need to restart devmaster for the rule to take effect. + +### Rule Examples + +The following describes several common rule examples. For details about the rule syntax, see the [devmaster manual](http://sysmaster.online/man/exts/devmaster/devmaster/). + +#### Example 1: Creating a Soft Link for a Block Device + +Use the `blkid` built-in command to read the UUID of a block device and create a soft link for the block device based on the UUID. + +After an event of a device that has a file system is triggered, a soft link corresponding to the device is generated in the **/dev/test** directory. + +The following uses the block device of the **sda1** partition as an example. + +1. Create the rule file **/etc/devmaster/rules.d/00-persist-storage.rules**. The file content is as follows: + + ```shell + SUBSYSTEM!="block", GOTO="end" + + IMPORT{builtin}=="blkid" + + ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="test/$env{ID_FS_UUID_ENC}" + + LABEL="end" + ``` + +2. Trigger the **sda1** device event: + + ```shell + # devctl trigger /dev/sda1 + ``` + +3. Check if a soft link pointing to **sda1** exists in the **/dev/test/** directory. If yes, the rule takes effect. + + ```shell + # ll /dev/test/ + total 0 + lrwxrwxrwx 1 root root 7 Sep 6 15:35 06771fe1-39da-42d7-ad3c-236a10d08a7d -> ../sda1 + ``` + +#### Example 2: Renaming a NIC + +Use the `net_id` built-in command to obtain the hardware attributes of the NIC, then run the `net_setup_link` built-in command to select a hardware attribute based on the NIC configuration as the NIC name, and rename the NIC through the **NAME** rule. + +The following uses the **ens33** NIC as an example to test the effect of the NIC renaming rule: + +1. Create the rule file **/etc/devmaster/rules.d/01-netif-rename.rules**. The file content is as follows: + + ```shell + SUBSYSTEM!="net", GOTO="end" + + IMPORT{builtin}=="net_id" + + IMPORT{builtin}=="net_setup_link" + + ENV{ID_NET_NAME}=="?*", NAME="$env{ID_NET_NAME}" + + LABEL="end" + ``` + +2. Create the NIC configuration file **/etc/devmaster/network.d/99-default.link**. The content is as follows: + + ```shell + [Match] + OriginalName = "*" + + [Link] + NamePolicy = ["database", "onboard", "slot", "path"] + ``` + +3. Bring the NIC offline. + + ```shell + # ip link set ens33 down + ``` + +4. Temporarily name the NIC **tmp**: + + ```shell + # ip link set ens33 name tmp + ``` + +5. Trigger the **add** event of the NIC. + + ```shell + # devctl trigger /sys/class/net/tmp --action add + ``` + +6. Check the NIC name. If the NIC name is changed to **ens33**, the rule takes effect. + + ```shell + # ll /sys/class/net/| grep ens33 + lrwxrwxrwx 1 root root 0 Sep 6 11:57 ens33 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:01.0/net/ens33 + ``` + +7. Restore the network connection after activating the NIC. + + ```shell + # ip link set ens33 up + ``` + +> ![Note](./public_sys-resources/icon-note.gif)**Note:** +> +> An activated NIC cannot be renamed. You need to bring it offline first. In addition, the renaming rule of devmaster takes effect only in the **add** event of the NIC. +> + +#### Example 3: Modifying the User Permissions on a Device Node + +The **OPTIONS+="static_node=\** rule enables devmaster to immediately apply the user permissions in this rule to **/dev/\** after devmaster is started. The configuration takes effect immediately after devmaster is restarted. No device event is required. + +1. Create the rule file **/etc/devmaster/rules.d/02-devnode-privilege.rules**. The file content is as follows: + + ```shell + OWNER="root", GROUP="root", MODE="777", OPTIONS+="static_node=tty5" + ``` + +2. After devmaster is restarted, check the user, user group, and permissions of **/dev/tty5**. If the user, user group, and permissions are changed to **root**, **root**, and **rwxrwxrwx**, the rule takes effect. + + ```shell + # ll /dev/tty5 + crwxrwxrwx 1 root root 4, 5 Feb 3 2978748 /dev/tty5 + ``` + +## NIC Configuration + +The NIC renaming function of devmaster is implemented by the built-in commands `net_id` and `net_setup_link` and the NIC configuration file. In the rule file, use `net_id` to obtain the hardware attributes of a NIC, and then use `net_setup_link` to select a NIC attribute as the new NIC name. The `net_setup_link` command controls the NIC naming style for a specific NIC based on the NIC configuration file. This section describes how to use the NIC configuration file. For details about how to rename a NIC, see [Renaming a NIC](#example-2-renaming-a-nic). + +### Default NIC Configurations + +devmaster provides the following default NIC configurations: + + ```toml + [Match] + OriginalName = "*" + + [Link] + NamePolicy = ["onboard", "slot", "path"] + ``` + +The NIC configuration file contains the **\[Match]** matching section and **\[Link]** control section. Each section contains several configuration items. The configuration items in the **\[Match]** section are used to match NICs. When a NIC meets all matching conditions, all configuration items in the **\[Link]** section are applied to the NIC, for example, setting the NIC naming style and adjusting NIC parameters. + +The preceding default NIC configuration indicates that the configuration takes effect on all NICs and checks the NIC naming styles of the **onboard**, **slot**, and **path** styles in sequence. If an available style is found, the NIC is named in this style. + +For details about the NIC configuration, see the [devmaster manual](http://sysmaster.online/man/exts/devmaster/netif_config/#1). diff --git a/docs/en/server/administration/sysmaster/figures/devmaster_architecture.png b/docs/en/server/administration/sysmaster/figures/devmaster_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..c3f0e4570d84f5ed513e0a02e0759cc3e4fb3db0 Binary files /dev/null and b/docs/en/server/administration/sysmaster/figures/devmaster_architecture.png differ diff --git a/docs/en/server/administration/sysmaster/figures/sysMaster.png b/docs/en/server/administration/sysmaster/figures/sysMaster.png new file mode 100644 index 0000000000000000000000000000000000000000..85f901da2ddc33059c29df1c86b9023516921dbd Binary files /dev/null and b/docs/en/server/administration/sysmaster/figures/sysMaster.png differ diff --git a/docs/en/server/administration/sysmaster/overview.md b/docs/en/server/administration/sysmaster/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..5fe40cb647b35329a96d0777cd8f53323b2548dd --- /dev/null +++ b/docs/en/server/administration/sysmaster/overview.md @@ -0,0 +1,28 @@ +# sysMaster User Guide + +## Overview + +sysMaster is a collection of ultra-lightweight and highly reliable service management programs. It provides an innovative implementation of PID 1 to replace the conventional init process. Written in Rust, sysMaster is equipped with fault monitoring, second-level self-recovery, and quick startup capabilities, which help improve OS reliability and service availability. + +sysMaster supports unified management of processes, containers, and VMs and applies to multiple scenarios such as servers, cloud computing, and embedded systems. + +sysMaster divides the functions of traditional PID 1 into a 1+1+N architecture based on application scenarios. + +As shown in the figure, sysMaster consists of three components: + +- sysmaster-init, which is a new implementation of PID 1, features simplified functions, a thousand lines of code (KLOC), and ultimate reliability. It is applicable to embedded systems with functions such as system initialization, zombie process recycling, and keep-alive monitoring. +- sysmaster-core undertakes the core service management functions and incorporates the reliability framework to enable live updates and quick self-recovery in the event of crashes, ensuring 24/7 service availability. +- sysmaster-exts offers a set of components (such as devMaster for device management and busMaster for bus communication) that deliver key system functions, which are coupled in traditional PID 1. Users can choose the components to use as required. + +**Figure 1** sysMaster architecture + +![sysMaster](./figures/sysMaster.png) + +**sysmaster** and **devmaster** are the two main packages of sysMaster, which are responsible for service management and device management, respectively. + +## Intended Audience + +This document is intended for openEuler users who need to manage services and devices. The users are expected to: + +- Know basic Linux operations. +- Know service configuration and devices. diff --git a/docs/en/server/administration/sysmaster/public_sys-resources/icon-caution.gif b/docs/en/server/administration/sysmaster/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/administration/sysmaster/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/administration/sysmaster/public_sys-resources/icon-danger.gif b/docs/en/server/administration/sysmaster/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/administration/sysmaster/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/administration/sysmaster/public_sys-resources/icon-note.gif b/docs/en/server/administration/sysmaster/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/administration/sysmaster/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/administration/sysmaster/public_sys-resources/icon-notice.gif b/docs/en/server/administration/sysmaster/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/administration/sysmaster/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/administration/sysmaster/public_sys-resources/icon-tip.gif b/docs/en/server/administration/sysmaster/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/administration/sysmaster/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/administration/sysmaster/public_sys-resources/icon-warning.gif b/docs/en/server/administration/sysmaster/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/administration/sysmaster/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/administration/sysmaster/service_management.md b/docs/en/server/administration/sysmaster/service_management.md new file mode 100644 index 0000000000000000000000000000000000000000..617ec7d9562ad9ad154009671c245ef242a85aaa --- /dev/null +++ b/docs/en/server/administration/sysmaster/service_management.md @@ -0,0 +1,5 @@ +# Service Management + +Many background programs and processes in Linux, such as web servers, database servers, and mail servers, are started and stopped during system startup and running. sysmaster provides efficient service management commands and configurations to ensure the normal running of the system. + +This document describes the installation and deployment of sysmaster, as well as its features and usage. diff --git a/docs/en/server/administration/sysmaster/sysmaster_install_deploy.md b/docs/en/server/administration/sysmaster/sysmaster_install_deploy.md new file mode 100644 index 0000000000000000000000000000000000000000..91a82913e8715b0188791abefe261d30dee1bc98 --- /dev/null +++ b/docs/en/server/administration/sysmaster/sysmaster_install_deploy.md @@ -0,0 +1,98 @@ +# Installation and Deployment + +sysmaster can be used in containers and VMs. This document uses the AArch64 architecture as an example to describe how to install and deploy sysmaster in both scenarios. + +## Software + +* OS: openEuler 23.09 + +## Hardware + +* x86_64 or AArch64 architecture + +## Installation and Deployment in Containers + +1. Install Docker. + + ```bash + yum install -y docker + systemctl restart docker + ``` + +2. Load the base container image. + + Download the container image. + + ```bash + wget https://repo.openeuler.org/openEuler-23.09/docker_img/aarch64/openEuler-docker.aarch64.tar.xz + xz -d openEuler-docker.aarch64.tar.xz + ``` + + Load the container image. + + ```bash + docker load --input openEuler-docker.aarch64.tar + ``` + +3. Build the container. + + Create a Dockerfile. + + ```bash + cat << EOF > Dockerfile + FROM openeuler-23.09 + RUN yum install -y sysmaster + CMD ["/usr/lib/sysmaster/init"] + EOF + ``` + + Build the container. + + ```bash + docker build -t openeuler-23.09:latest . + ``` + +4. Start and enter the container. + + Start the container. + + ```bash + docker run -itd --privileged openeuler-23.09:latest + ``` + + Obtain the container ID. + + ```bash + docker ps + ``` + + Use the container ID to enter the container. + + ```bash + docker exec -it /bin/bash + ``` + +## Installation and Deployment in VMs + +1. Create an initramfs image. + To avoid the impact of systemd in the initrd phase, you need to create an initramfs image with systemd removed and use this image to enter the initrd procedure. Run the following command: + + ```bash + dracut -f --omit "systemd systemd-initrd systemd-networkd dracut-systemd" /boot/initrd_withoutsd.img + ``` + +2. Add a boot item. + Add a boot item to **grub.cfg**, whose path is **/boot/efi/EFI/openEuler/grub.cfg** in the AArch64 architecture and **/boot/grub2/grub.cfg** in the x86_64 architecture. Back up the original configurations and modify the configurations as follows: + + * **menuentry**: Change **openEuler (6.4.0-5.0.0.13.oe23.09.aarch64) 23.09** to **openEuler 23.09 withoutsd**. + * **linux**: Change **root=/dev/mapper/openeuler-root ro** to **root=/dev/mapper/openeuler-root rw**. + * **linux**: If Plymouth is installed, add **plymouth.enable=0** to disable it. + * **linux**: Add **init=/usr/lib/sysmaster/init**. + * **initrd**: Set to **/initrd_withoutsd.img**. +3. Install sysmaster. + + ```bash + yum install sysmaster + ``` + +4. If the **openEuler 23.09 withoutsd** boot item is displayed after the restart, the configuration is successful. Select **openEuler 23.09 withoutsd** to log in to the VM. diff --git a/docs/en/server/administration/sysmaster/sysmaster_usage.md b/docs/en/server/administration/sysmaster/sysmaster_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..6b5651e01ee991527593576eb2ddc9c0e2a48ba9 --- /dev/null +++ b/docs/en/server/administration/sysmaster/sysmaster_usage.md @@ -0,0 +1,102 @@ +# sysmaster Usage Instructions + +This section provides examples on how to use sysmaster, including: + +* service unit configuration file creation +* unit service management operations, such as starting, stopping, and viewing services + +## Unit Configuration File Creation + +You can create unit configuration files in the **/usr/lib/sysmaster/system/** directory. + +### Types of Unit Configuration Files + +Currently, sysmaster supports unit configuration files of the **target**, **socket**, and **service** types. + +* **target**: Encapsulated startup target managed by sysmaster, which is used for grouping units as a synchronization point. sysmaster provides targets for different states. For example, **multi-user.target** indicates that the system has been started. You can use this target to configure services to run in this state. +* **socket**: Encapsulated socket for inter-process communication to support socket-based startup. For example, you can configure a service unit to depend on a socket. When data is written to the socket, sysmaster starts the corresponding service unit. +* **service**: Encapsulated process monitored and controlled by sysmaster. + +### Composition of Unit Configuration Files + +A unit configuration file consists of three sections: + +* **Unit**: common configuration description of the unit, such as the service name, description, and dependencies +* **Install**: description of how the service is installed and started +* **Service** and **Socket**: configurations of different unit types + +### Creating a service Unit + +The **sshd** service is used to remotely log in to the server and run commands and perform operations on the remote terminal. +The following configuration items are used to create an **sshd.service** service unit: + +```bash +[Unit] +Description="OpenSSH server daemon" +Documentation="man:sshd(8) man:sshd_config(5)" +After="sshd-keygen.target" +Wants="sshd-keygen.target" + +[Service] +Type="notify" +EnvironmentFile="-/etc/sysconfig/sshd" +ExecStart="/usr/sbin/sshd -D $OPTIONS" +ExecReload="/bin/kill -HUP $MAINPID" +KillMode="process" +Restart="on-failure" +RestartSec=42 + +[Install] +WantedBy="multi-user.target" +``` + +The configuration items in the example are described as follows: + +* **Description**: Main functions of the unit. +* **Documentation**: Document link of the unit. +* **After**: Unit startup sequence. In the example, **sshd.service** is started after **sshd-keygen.target**. +* **Wants**: Dependency on another unit. In the example, **sshd-keygen.target** is automatically started with **sshd.service**. +* **Type**: How sysmaster starts the service. **notify** indicates that a notification will be sent after the main process is started. +* **EnvironmentFile**: Path of file that stores environment variables to be loaded. +* **ExecStart**: Command executed when the service is started. In the example, `sshd` is executed when **sshd.service** is started. +* **ExecReload**: Command executed to reload the **sshd.service** configurations. +* **KillMode**: How the process is killed when the service process needs to be stopped. **process** indicates that only the main process is killed. +* **Restart**: Whether to restart the service when the service exits or stops in different situations. **on-failure** indicates that the service is restarted when the service exits abnormally. +* **RestartSec**: Amount of time to wait before the service is restarted after the service exits. +* **WantedBy**: Units that depend on **sshd.service**. + +## Unit Service Management + +`sctl` is a CLI tool of sysmaster. It is used to check and control the behavior of the sysmaster server and the status of each service. It can start, stop, restart, and check system services. + +### Starting a Service + +Run the following command to start the **sshd** service and run the commands specified by **ExecStart**: + +```bash +# sctl start sshd.service +``` + +### Stopping a Service + +Run the following command to stop the **sshd** service and kill the process started by **ExecStart**: + +```bash +# sctl stop sshd.service +``` + +### Restarting a Service + +Run the following command to restart the **sshd** service. After the command is executed, the **sshd** service is stopped and then started. + +```bash +# sctl restart sshd.service +``` + +### Checking Service Status + +Run the following command to check the status of the **sshd** service. You can check whether the service is running properly by viewing the service status. + +```bash +# sctl status sshd.service +``` diff --git a/docs/en/server/development/ai4c/_toc.yaml b/docs/en/server/development/ai4c/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3f39738b00a60d5e88bea22d093af2477574d94f --- /dev/null +++ b/docs/en/server/development/ai4c/_toc.yaml @@ -0,0 +1,6 @@ +label: AI4C User Guide +isManual: true +description: The AI4C suite is a framework that enables compilers to integrate machine learning-driven compilation optimizations. +sections: + - label: AI4C User Guide + href: ./ai4c_user_manual.md diff --git a/docs/en/server/development/ai4c/ai4c_user_manual.md b/docs/en/server/development/ai4c/ai4c_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..044015179d5bc9452fd84b1dce2167dfd79eea91 --- /dev/null +++ b/docs/en/server/development/ai4c/ai4c_user_manual.md @@ -0,0 +1,3 @@ +# AI4C User Guide + +This document is currently not available in English. diff --git a/docs/en/server/development/application_dev/_toc.yaml b/docs/en/server/development/application_dev/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6a00c41db46a6363684d96d892501d9bcb37492e --- /dev/null +++ b/docs/en/server/development/application_dev/_toc.yaml @@ -0,0 +1,20 @@ +label: Application Development Guide +isManual: true +description: Application development on openEuler +sections: + - label: Overview + href: ./application_development.md + - label: Preparing the Development Environment + href: ./preparations_for_development_environment.md + - label: Using GCC for Compilation + href: ./using_gcc_for_compilation.md + - label: Using LLVM/Clang for Compilation + href: ./using_clang_for_compilation.md + - label: Using Make for Compilation + href: ./using_make_for_compilation.md + - label: Using JDK for Compilation + href: ./using_jdk_for_compilation.md + - label: Building an RPM Package + href: ./building_an_rpm_package.md + - label: Common Issues and Solutions + href: ./faqs_and_solutions.md diff --git a/docs/en/server/development/application_dev/application_development.md b/docs/en/server/development/application_dev/application_development.md new file mode 100644 index 0000000000000000000000000000000000000000..4d5ab4f2f83253fa23f2d44dd492939d1e839153 --- /dev/null +++ b/docs/en/server/development/application_dev/application_development.md @@ -0,0 +1,79 @@ +# Application Development Guide + +This document describes the common tools used for application development and guides users to develop applications based on openEuler. + +## Overview + +This document describes the following four parts to guide users to use openEuler and develop code based on openEuler. + +- Install and use the GCC compiler in the openEuler operating system \(OS\), and complete the development, compilation, and execution of simple code. +- In the openEuler OS, use the JDK built-in tool to compile and execute code. +- Install IntelliJ IDEA in the openEuler OS for Java development. +- Create an RPM package locally or using the Open Build Service \(OBS\). + +## Intended Audience + +This document is intended for all users who use the openEuler OS for code development. You are expected to have the following experience or capabilities: + +- Have basic knowledge of the Linux OS. +- Know how to use Linux command lines. + +## Symbol Conventions + +The symbols that may be found in this document are defined as follows. + + + +| Symbol | Description | +| :---------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ![](./figures/zh-cn_image_0229243712.png) | Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results. | +| ![](./figures/zh-cn_image_0229243671.png) | Supplements the important information in the main text.
NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration. | + +## Command Conventions + +**Table 1** Command conventions + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Format

+

Description

+

Boldface

+

Command keywords, which remain unchanged in the commands, are in boldface.

+

Italic

+

Command parameters, which are replaced with actual values in the commands, are in italic.

+

[ ]

+

Items in square brackets are optional.

+

{ x | y | ... }

+

Optional items are grouped in braces and separated by vertical bars. One item is selected.

+

[ x | y | ... ]

+

Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected.

+

{ x | y | ... }\*

+

Optional items are grouped in brackets and separated by vertical bars. A minimum of one or a maximum of all can be selected.

+

[ x | y | ... ]\*

+

Optional items are grouped in brackets and separated by vertical bars. One or more items are selected or no item is selected.

+
diff --git a/docs/en/server/development/application_dev/building_an_rpm_package.md b/docs/en/server/development/application_dev/building_an_rpm_package.md new file mode 100644 index 0000000000000000000000000000000000000000..52f4a0af4b6a5c9690df5ded3763a8f0e0058d05 --- /dev/null +++ b/docs/en/server/development/application_dev/building_an_rpm_package.md @@ -0,0 +1,538 @@ +# Building an RPM Package + +This section describes how to build an RPM software package on a local PC or using OBS. For details, see the openEuler Packaging Guide. + +## Packaging Description + +### Principles + +During RPM packaging, the source code needs to be compiled. The compiled configuration files and binary command files need to be placed in proper positions. The RPM packages need to be tested as required. A workspace is required for these operations. The **rpmbuild** command uses a set of standard workspaces. + +```shell +rpmdev-setuptree +``` + +The **rpmdev-setuptree** command is used to install rpmdevtools. After the command is executed, the **rpmbuild** folder is generated in the **/root** directory \(or the **/home/**_username_ directory for non-root users\). The directory structure is as follows: + +```shell +$ tree rpmbuild +rpmbuild +├── BUILD +├── RPMS +├── SOURCES +├── SPECS +└── SRPMS +``` + +The content is described as follows: + +| Directory | Macro | Name | Function | +|--------------------|--------------|-----------------|-------------------------------------------| +|~/rpmbuild/BUILD |%_builddir |Build directory |The source code package is decompressed and compiled in a subdirectory of this directory. | +|~/rpmbuild/RPMS |%_rpmdir |Standard RPM package directory |The binary RPM package is generated and stored in this directory. | +|~/rpmbuild/SOURCES |%_sourcedir |Source code directory |The source code package (for example, .tar package) and all patches are stored in this directory. | +|~/rpmbuild/SPECS |%_specdir |Spec file directory |The RPM package configuration file (.spec) is stored in this directory. | +|~/rpmbuild/SPECS |%_srcrpmdir |Source RPM package directory |The source RPM (SRPM) package is stored in this directory. | +|~/rpmbuild/BUILDROOT|%_buildrootdir|Installation directory |Files installed during the %install phase is stored in this directory. | + +The **\~/rpmbuild/SPECS** directory contains the configuration file of the RPM package, which is the drawing of the RPM package. This file tells the **rpmbuild** command how to build the RPM package. The **Macro Code** column contains the corresponding directories in the .spec file, which is similar to the macro or global variable in the programming language. + +### Packaging Process + +The packaging process is as follows: + +1. Place the source code in **%\_sourcedir**. +2. Compile the source code in **%\_builddir**. Generally, the source code is compressed and needs to be decompressed first. +3. Install the RPM package. The installation is similar to pre-assembling the software package. Copy the contents \(such as binary files, configuration files, and man files\) that should be contained in the software package to **%\_buildrootdir** and assemble the contents based on the actual directory structure after installation. For example, if binary commands are stored in **/usr/bin**, copy the directory structure to **%\_buildrootdir**. +4. Perform necessary configurations, such as preparations before installation and cleanup after installation. These are configured in the SPEC file to tell the **rpmbuild** command how to build. +5. Check whether the software is running properly. +6. The generated RPM package is stored in **%\_rpmdir**, and the source code package is stored in **%\_srcrpmdir**. + +In the SPEC file, each phase is described as follows: + +| Phase | Directory to Be Read | Directory to Which Data Is Written | Action | +|-------------------|--------------|-----------------|-------------------------------------------| +| %prep | %_sourcedir | %_builddir | Read the source code and patch in the **%_sourcedir** directory. Then, decompress the source code to the **%_builddir** subdirectory and apply all patches. | +| %build | %_builddir | %_builddir |Compile files in the **%_builddir** build directory. Run a command similar to `./configure && make`.| +| %install | %_builddir | %_buildrootdir |Read files in the **%_builddir** build directory and install them to the **%_buildrootdir** directory. These files are generated after the RPM is installed.| +| %check | %_builddir | %_builddir | Check whether the software is running properly. Run a command similar to `make test`.| +| bin | %_buildrootdir | %_rpmdir| Read files in the **%_buildrootdir** final installation directory to create RPM packages in the **%_rpmdir** directory. In this directory, RPM packages of different architectures are stored in different subdirectories. The **noarch** directory stores RPM packages applicable to all architectures. These RPM files are the RPM packages that are finally installed by users. | +| src | %_sourcedir | %_srcrpmdir | Create the source code RPM package (SRPM for short, with the file name extension .src.rpm) and save it to the **%_srcrpmdir** directory. The SRPM package is usually used to review and upgrade software packages. | + +### Packaging Options + +Run the **rpmbuild** command to build the software package. The **rpmbuild** command can be used to build software packages by building .spec, .tar, and source files. + +The format of the **rpmbuild** command is rpmbuild \[_option_...\] + +[Table 1](#table1342946175212) describes the common rpmbuild packaging options. + +**Table 1** rpmbuild Packaging Options + +| Option | Description | +|----------|--------------| +|-bp _specfile_ |Starts build from the **%prep** phase of the _specfile_ (decompress the source code package and install the patch). | +|-bc _specfile_ |Starts build from the **%build** phase of the _specfile_. | +|-bi _specfile_ |Starts build from the **%install** phase of the _specfile_. | +|-bl _specfile_ |Starts check from the **%files** phase of the _specfile_. | +|-ba _specfile_ |Uses the _specfile_ to build the source code package and binary package. | +|-bb _specfile_ |Uses the _specfile_ to build the binary package. | +|-bs _specfile_ |Uses the _specfile_ to build the source code package. | +|-rp _sourcefile_ |Starts build from the **%prep** phase of the _sourcefile_ (decompress the source code package and install the patch). | +|-rc _sourcefile_ |Starts build from the **%build** phase of the _sourcefile_. | +|-ri _sourcefile_ |Starts build from the **%install** phase of the _sourcefile_. | +|-rl _sourcefile_ |Starts build from the **%files** phase of the _sourcefile_. | +|-ra _sourcefile_ |Uses the _sourcefile_ to build the source code package and binary package. | +|-rb _sourcefile_ |Uses the _sourcefile_ to build the binary package. | +|-rs _sourcefile_ |Uses the _sourcefile_ to build the source code package. | +|-tp _tarfile_ |Starts build from the **%prep** phase of the _tarfile_ (decompress the source code package and install the patch). | +|-tc _tarfile_ |Starts build from the **%build** phase of the _tarfile_. | +|-ti _tarfile_ |Starts build from the **%install** phase of the _tarfile_. | +|-ta _tarfile_ |Uses the _tarfile_ to build the source code package and binary package. | +|-tb _tarfile_ |Uses the _tarfile_ to build the binary package. | +|-ts _tarfile_ |Uses the _tarfile_ to build the source code package. | +|--buildroot=_DIRECTORY_ |During the build, uses _DIRECTORY_ to overwrite the default **/root** directory. | +|--clean |Deletes the files in the **BUILD** directory. | +|--nobuild |No actual build steps are performed. It can be used to test the .spec file. | +|--noclean |Skips the %clean phase of the .spec file (even if it does exist). | +|--nocheck |Skips the %check phase of the .spec file (even if it does exist). | +|--dbpath _DIRECTORY_ |Uses the database in _DIRECTORY_ instead of the default directory **/var/lib/rpm**. | +|--root _DIRECTORY_ |Sets _DIRECTORY_ to the highest level. The default value is **/**, indicating the highest level. | +|--recompile _sourcefile_ |Installs the specified source code package _sourcefile_, that is, start preparation, compilation, and installation of the source code package. | +|--rebuild _sourcefile_ |Builds a new binary package based on `--recompile`. When the build is complete, the build directory, source code, and .spec file are deleted. The deletion effect is the same as that of --clean. | +|-?, --help |Displays detailed help information. | +|--version |Displays detailed version information. | + +## Building an RPM Package Locally + +This section uses an example to describe how to build an RPM software package locally. + +### Setting Up the Development Environment + +#### Prerequisites + +You have obtained the **root** permission, and have configured a repo source for openEuler. + +#### Procedure + +You can use the DNF tool to install rpmdevtools, including the **rpmbuild** command and related dependencies \(such as make and gdb\). Run the following command: + +```shell +dnf install rpmdevtools* +``` + +### Creating a Hello World RPM Package + +The following uses the packaging process of the GNU Hello World project as an example. The package contains the most common peripheral components related to the typical Free and Open Source Software \(FOSS\) project, including the configuration, compilation, and installation environments, documents, and internationalization \(i18n\) information. + +#### Obtaining the Source Code + +Run the following command to download the source code of the official example: + +```shell +rpmdev-setuptree +cd ~/rpmbuild/SOURCES +wget http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz +``` + +#### Editing the SPEC File + +Run the following command to create the .spec file in the **~/rpmbuild/SPECS** directory: + +```shell +cd ~/rpmbuild/SPECS +vi hello.spec +``` + +Write the corresponding content to the file and save the file. The following is an example of the file content. Modify the corresponding fields based on the actual requirements. + +```text +Name: hello +Version: 2.10 +Release: 1 +Summary: The "Hello World" program from GNU +License: GPL-3.0-or-later +URL: https://ftp.gnu.org/gnu/hello +Source0: https://ftp.gnu.org/gnu/hello/%{name}-%{version}.tar.gz + +BuildRequires: gettext + +%description +The "Hello World" program, done with all bells and whistles of a proper FOSS +project, including configuration, build, internationalization, help files, etc. + +%prep +%autosetup -p1 -n %{name}-%{version} + +%build +%configure +%make_build + +%install +%make_install +%find_lang %{name} + +%check +%make_build check + +%files -f %{name}.lang +%doc AUTHORS ChangeLog NEWS README THANKS TODO +%license COPYING +%{_bindir}/hello +%{_mandir}/man1/hello.1* +%{_infodir}/hello.info* + +%changelog +* Thu Dec 26 2019 Your Name - 2.10-1 +- Update to 2.10 + +* Sat Dec 3 2016 Your Name - 2.9-1 +- Update to 2.9 +``` + +- The **Name** tag indicates the software name, the **Version** tag indicates the version number, and the **Release** tag indicates the release number. +- The **Summary** tag is a brief description. The first letter of the tag must be capitalized to prevent the rpmlint tool \(packaging check tool\) from generating alarms. +- The **License** tag describes the protocol version of the software package. The packager is responsible for checking the license status of the software, which can be implemented by checking the source code or license file or communicating with the author. +- The **Group** tag is used to classify software packages by **/usr/share/doc/rpm/GROUPS**. Currently, this tag has been discarded. However, the VIM template still has this tag. You can delete it. However, adding this tag does not affect the system. The **%changelog** tag should contain the log of changes made for each release, especially the description of the upstream security/vulnerability patches. The **%changelog** tag should contain the version string to avoid the rpmlint tool from generating alarms. +- If multiple lines are involved, such as %changelog or %description, start from the next line of the instruction and end with a blank line. +- Some unnecessary lines \(such as BuildRequires and Requires\) can be commented out with a number sign \(\#\) at the beginning of the lines. +- The default values of **%prep**, **%build**, **%install**, and **%files** are retained. + +#### Building an RPM Package + +Run the following command in the directory where the .spec file is located to build the source code, binary files, and software packages that contain debugging information: + +```shell +rpmbuild -ba hello.spec +``` + +Run the following command to view the execution result: + +```shell +$ tree ~/rpmbuild/*RPMS + +/home/testUser/rpmbuild/RPMS +└── aarch64 + ├── hello-2.10-1.aarch64.rpm + ├── hello-debuginfo-2.10-1.aarch64.rpm + └── hello-debugsource-2.10-1.aarch64.rpm +/home/testUser/rpmbuild/SRPMS +└── hello-2.10-1.src.rpm +``` + +## Building an RPM Package Using the OBS + +This section describes how to build RPM software packages using the OBS on the web page or with OSC. There are two methods: + +- Modifying an existing software package: Modify the source code of an existing software package and build the modified source code into an RPM software package. +- Adding a software package: A new software source file is developed from scratch, and the newly developed source file is used to build an RPM software package. + +### OBS Overview + +OBS is a general compilation framework based on the openSUSE distribution. It is used to build source code packages into RPM software packages or Linux images. OBS uses the automatic distributed compilation mode and supports the compilation of images and installation packages of multiple Linux OS distributions \(such as openEuler, SUSE, and Debian\) on multiple architecture platforms \(such as x86 and ARM64\). + +OBS consists of the backend and frontend. The backend implements all core functions. The frontend provides web applications and APIs for interaction with the backend. In addition, OBS provides an API command line client OSC, which is developed in an independent repository. + +OBS uses the project organization software package. Basic permission control, related repository, and build targets \(OS and architecture\) can be defined in the project. A project can contain multiple subprojects. Each subproject can be configured independently to complete a task. + +### Building an RPM Software Package Online + +This section describes how to build an RPM software package online on OBS. + +#### Building an Existing Software Package + +> [!NOTE]NOTE + +- If you use OBS for the first time, register an individual account on the OBS web page. +- With this method, you must copy the modified code and commit it to the code directory before performing the following operations. The code directory is specified in the **\_service** file. + +To modify the source code of the existing software and build the modified source file into an RPM software package on the OBS web client, perform the following steps: + +1. Log in to OBS at [https://build.openeuler.openatom.cn/](https://build.openeuler.openatom.cn/). +2. Click **All Projects**. The **All Projects** page is displayed. +3. Click the project to be modified. The project details page is displayed. For example, click **openEuler:Mainline**. +4. On the project details page, search for the software package to be modified and click the software package name. The software package details page is displayed. +5. Click **Branch package**. In the displayed dialog box, click **Accept**, as shown in [Figure 1](#fig77646143214). + + **Figure 1** **Branch Confirmation** page + ![](./figures/branch-confirmation-page.png) + +6. Click the **\_service** file to go to the editing page, modify the file content, and click **Save**. An example of the **\_service** file content is as follows. _userCodeURL_ and _userCommitID_ indicate the user code path and commission version number or branch, respectively. + + ```xml + + + git + userCodeURL + userCommitID + + + bz2 + *.tar + + + ``` + + > [!NOTE]NOTE + > Click **Save** to save the **\_service** file. OBS downloads the source code from the specified URL to the software directory of the corresponding OBS project based on the **\_service** file description and replaces the original file. For example, the **kernel** directory of the **openEuler:Mainline** project in the preceding example. + +7. After the files are copied and replaced, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. + - **succeeded**: The build is successful. You can click **succeeded** to view the build logs, as shown in [Figure 2](#fig10319114217337). + + **Figure 2** **Succeeded** page + ![](./figures/succeeded-page.png) + + - **failed**: The build failed. Click **failed** to view error logs, locate the fault, and rebuild again. + - **unresolvable**: The build is not performed. The possible cause is that the dependency is missing. + - **disabled**: The build is manually closed or is queuing for build. + - **excluded**: The build is prohibited. The possible cause is that the .spec file is missing or the compilation of the target architecture is prohibited in the .spec file. + +#### Adding a Software Package + +To add a new software package on the OBS web page, perform the following steps: + +1. Log in to the OBS console. +2. Select a project based on the dependency of the new software package. That is, click **All Projects** and select the corresponding project, for example, **openEuler:Mainline**. +3. Click a software package in the project. The software package details page is displayed. +4. Click **Branch package**. On the confirmation page that is displayed, click **Accept**. +5. Click **Delete package** to delete the software package in the new subproject, as shown in [Figure 3](#fig18306181103615). + + **Figure 3** Deleting a software package from a subproject + ![](./figures/deleting-a-software-package-from-a-subproject.png) + + > [!NOTE]NOTE + > The purpose of creating a project by using existing software is to inherit the dependency such as the environment. Therefore, you need to delete these files. + +6. Click **Create Package**. On the page that is displayed, enter the software package name, title, and description, and click **Create** to create a software package, as shown in [Figure 4](#fig6762111693811) and [Figure 5](#fig18351153518389). + + **Figure 4** **Create Package** page + ![](./figures/create-package-page.png) + + **Figure 5** Creating a software package + ![](./figures/creating-a-software-package.png) + +7. Click **Add file** to upload the .spec file and the file to be compiled \(specified in the .spec file\), as shown in [Figure 6](#fig1475845284011). + + **Figure 6** **Add file** page + ![](./figures/add-file-page.png) + +8. After the file is uploaded, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. + - **succeeded**: The build is successful. You can click **succeeded** to view the build logs. + - **failed**: The build failed. Click **failed** to view error logs, locate the fault, and rebuild again. + - **unresolvable**: The build is not performed. The possible cause is that the dependency is missing. + - **disabled**: The build is manually closed or is queuing for build. + - **excluded**: The build is prohibited. The possible cause is that the .spec file is missing or the compilation of the target architecture is prohibited in the .spec file. + +#### Obtaining the Software Package + +After the RPM software package is built, perform the following operations to obtain the RPM software package on the web page: + +1. Log in to the OBS console. +2. Click **All Projects** and find the project corresponding to the required software package, for example, **openEuler:Mainline**. +3. Click the name of the required software package in the project. The software package details page is displayed, for example, the **kernel** page in the preceding example. + +4. Click the **Repositories** tab. On the software repository management page that is displayed, click **Enable** in **Publish Flag** to enable the RPM software package download function \(the status changes from ![](./figures/en-us_image_0229243704.png) to ![](./figures/en-us_image_0229243702.png)\), as shown in [Figure 7](#fig17480830144217). + + **Figure 7** **Repositories** page + ![](./figures/repositories-page.png) + +5. Click the project name in the **Repository** column. On the RPM software package download page that is displayed, click **Download** on the right of the RPM software package to download the RPM software package, as shown in [Figure 8](#fig12152145615438). + + **Figure 8** RPM software package download page + ![](./figures/rpm-software-package-download-page.png) + +### Building a Software Package Using OSC + +This section describes how to use the OBS command line tool OSC to create a project and build an RPM software package. + +#### Installing and Configuring the OSC + +##### Prerequisites + +You have obtained the **root** permission, and have configured a repo source for openEuler. + +##### Procedure + +1. Install the OSC command line tool and its dependency as the **root** user. + + ```shell + dnf install osc build + ``` + + > [!NOTE]NOTE + > The compilation of RPM software packages depends on build. + +2. Configure the OSC. + 1. Run the following command to open the **\~/.oscrc** file: + + ```shell + vi ~/.oscrc + ``` + + 2. Add the **user** and **pass** fields to **\~/.oscrc**. The values of _userName_ and _passWord_ are the account and password registered on the OBS website \([https://build.openeuler.openatom.cn/](https://build.openeuler.openatom.cn/)\). + + ```text + [general] + apiurl = https://build.openeuler.openatom.cn/ + [https://build.openeuler.openatom.cn/] + user=userName + pass=passWord + ``` + +#### Building an Existing Software Package + +**Creating a Project** + +1. You can copy an existing project to create a subproject of your own. For example, to copy the **zlib** software package in the **openEuler:Mainline** project to the new branch, run the following command: + + ```shell + osc branch openEuler:Mainline zlib + ``` + + If the following information is displayed, a new branch project **home:testUser:branches:openEuler:Mainline** is created for user **testUser**. + + ```console + A working copy of the branched package can be checked out with: + osc co home:testUser:branches:openEuler:Mainline/zlib + ``` + +2. Download the configuration file \(for example, **\_service**\) of the software package to be modified to the local directory. In the preceding command, _testUser_ indicates the account name configured in the **\~/.oscrc** configuration file. Change it based on the actual requirements. + + ```shell + osc co home:testUser:branches:openEuler:Mainline/zlib + ``` + + Information similar to the following is displayed: + + ```console + A home:testUser:branches:openEuler:Mainline + A home:testUser:branches:openEuler:Mainline/zlib + A home:testUser:branches:openEuler:Mainline/zlib/_service + ``` + +3. Go to the local subproject directory and synchronize the remote code of the software package to the local host. + + ```shell + cd home:testUser:branches:openEuler:Mainline/zlib + osc up -S + ``` + + Information similar to the following is displayed: + + ```console + A _service:tar_scm_kernel_repo:0001-Neon-Optimized-hash-chain-rebase.patch + A _service:tar_scm_kernel_repo:0002-Porting-optimized-longest_match.patch + A _service:tar_scm_kernel_repo:0003-arm64-specific-build-patch.patch + A _service:tar_scm_kernel_repo:zlib-1.2.11-optimized-s390.patch + A _service:tar_scm_kernel_repo:zlib-1.2.11.tar.xz + A _service:tar_scm_kernel_repo:zlib-1.2.5-minizip-fixuncrypt.patch + A _service:tar_scm_kernel_repo:zlib.spec + ``` + +**Building an RPM Package** + +1. Rename the source file and add the renamed source file to the temporary storage of OBS. + + ```shell + rm -f _service;for file in `ls | grep -v .osc`;do new_file=${file##*:};mv $file $new_file;done + osc addremove * + ``` + +2. Modify the source code and .spec file, and run the following command to update the file. + + ```shell + osc up + ``` + +3. Synchronize all modifications of the corresponding software package to the OBS server. The following is an example of command. The information after the **-m** parameter indicates the submmission record. + + ```shell + osc ci -m "commit log" + ``` + +4. Run the following command to obtain the repository name and architecture of the current project: + + ```shell + osc repos home:testUser:branches:openEuler:Mainline + ``` + +5. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, _standard\_aarch64_ and _aarch64_ indicate the repository name and architecture obtained in the command output. + + ```shell + osc buildlog standard_aarch64 aarch64 + ``` + + > [!NOTE]NOTE + > You can also open the created project on the web client to view the build logs. + +#### Adding a Software Package + +To use the OSC tool of OBS to add a new software package, perform the following steps: + +**Creating a Project** + +1. Create a project based on the dependency of the new software package and a proper project. For example, to create a project based on **zlib** of the **openEuler:Mainline** project, run the following command \(**zlib** is any software package in the project\): + + ```shell + osc branch openEuler:Mainline zlib + ``` + +2. Delete unnecessary software packages added during project creation. For example, to delete the **zlib** software package, run the following command: + + ```shell + cd home:testUser:branches:openEuler:Mainline + osc rm zlib + osc commit -m "commit log" + ``` + +3. Create a software package in your own project. For example, to add the **my-first-obs-package** software package, run the following command: + + ```shell + mkdir my-first-obs-package + cd my-first-obs-package + ``` + +**Building an RPM Package** + +1. Add the prepared source file and .spec file to the software package directory. +2. Modify the source code and .spec file, and upload all files of the corresponding software package to the OBS server. The following is a command example. The information after the **-m** parameter is the commission record. + + ```shell + cd home:testUser:branches:openEuler:Mainline + osc add my-first-obs-package + osc ci -m "commit log" + ``` + +3. Run the following command to obtain the repository name and architecture of the current project: + + ```shell + osc repos home:testUser:branches:openEuler:Mainline + ``` + +4. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, _standard\_aarch64_ and _aarch64_ indicate the repository name and architecture obtained in the command output. + + ```shell + cd home:testUser:branches:openEuler:Mainline/my-first-obs-package + osc buildlog standard_aarch64 aarch64 + ``` + + > [!NOTE]NOTE + > You can also open the created project on the web client to view the build logs. + +#### Obtaining the Software Package + +After the RPM software package is built, run the following command to obtain the RPM software package using the OSC: + +```shell +osc getbinaries home:testUser:branches:openEuler:Mainline my-first-obs-package standard_aarch64 aarch64 +``` + +The parameters in the command are described as follows. You can modify the parameters according to the actual situation. + +- _home:testUser:branches:openEuler:Mainline_: name of the project to which the software package belongs. +- _my-first-obs-package_: name of the software package. +- _standard\_aarch64_: repository name. +- _aarch64_: repository architecture name. + +> [!NOTE]NOTE +> You can also obtain the software package built using OSC from the web page. For details, see [Obtaining the Software Package](#obtaining-the-software-package). diff --git a/docs/en/server/development/application_dev/faqs_and_solutions.md b/docs/en/server/development/application_dev/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..9a409dd841557496c2e9132954a2414af79b02c8 --- /dev/null +++ b/docs/en/server/development/application_dev/faqs_and_solutions.md @@ -0,0 +1,19 @@ +# Common Issues and Solutions + +## Issue 1: Self-compilation of Some Applications Depending on the java-devel Package Fails + +### Symptom + +The self-compilation of some applications that depend on java-devel fails when the rpmbuild command is executed. + +### Cause Analysis + +To provide OpenJDK features that are updated and compatible with Java applications, the openEuler provides OpenJDK of multiple versions, such as OpenJDK 1.8.0 and OpenJDK 11. The compilation of some applications depends on the java-devel package. When the java-devel package is installed, the system installs java-11-openjdk of a later version by default. As a result, the compilation of these applications fails. + +### Solution + +You need to run the following command to install java-1.8.0-openjdk and then run the `rpmbuild` command to perform self-compilation: + +```shell +# yum install java-1.8.0-openjdk +``` diff --git a/docs/en/server/development/application_dev/figures/RA-arch-1.png b/docs/en/server/development/application_dev/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..bc55e411637b825b0ce44a7efca08f7e52e0fa70 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/RA-arch-1.png differ diff --git a/docs/en/server/development/application_dev/figures/RA-arch-2.png b/docs/en/server/development/application_dev/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7effbaf881ffe42823142561b9135237989d7153 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/RA-arch-2.png differ diff --git a/docs/en/server/development/application_dev/figures/RPM_package_download.png b/docs/en/server/development/application_dev/figures/RPM_package_download.png new file mode 100644 index 0000000000000000000000000000000000000000..9f32d6c16d344df6951fc4e6aa027d02dfb9ccb5 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/RPM_package_download.png differ diff --git a/docs/en/server/development/application_dev/figures/Repositoriespage.png b/docs/en/server/development/application_dev/figures/Repositoriespage.png new file mode 100644 index 0000000000000000000000000000000000000000..b7c04eedf9dd32cf4a9d024a05f5c8b294c76934 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/Repositoriespage.png differ diff --git a/docs/en/server/development/application_dev/figures/TPCM.png b/docs/en/server/development/application_dev/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..290bdb3471b46dca3e9f0c0907c3855367bd5b65 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/TPCM.png differ diff --git a/docs/en/server/development/application_dev/figures/add-file-page.png b/docs/en/server/development/application_dev/figures/add-file-page.png new file mode 100644 index 0000000000000000000000000000000000000000..83f0bfaeeb9227bcbb863a93ab8d3535e2b2bc1d Binary files /dev/null and b/docs/en/server/development/application_dev/figures/add-file-page.png differ diff --git a/docs/en/server/development/application_dev/figures/branch-confirmation-page.png b/docs/en/server/development/application_dev/figures/branch-confirmation-page.png new file mode 100644 index 0000000000000000000000000000000000000000..e66cbcd22217b74785381b85128ea61895194882 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/branch-confirmation-page.png differ diff --git a/docs/en/server/development/application_dev/figures/create-package-page.png b/docs/en/server/development/application_dev/figures/create-package-page.png new file mode 100644 index 0000000000000000000000000000000000000000..36ea525856d428b6f88a338202e7cb59b2204fc0 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/create-package-page.png differ diff --git a/docs/en/server/development/application_dev/figures/creating-a-software-package.png b/docs/en/server/development/application_dev/figures/creating-a-software-package.png new file mode 100644 index 0000000000000000000000000000000000000000..f983809e8288f3c2ba7e951b60a3ca3a0f18775a Binary files /dev/null and b/docs/en/server/development/application_dev/figures/creating-a-software-package.png differ diff --git a/docs/en/server/development/application_dev/figures/deleting-a-software-package-from-a-subproject.png b/docs/en/server/development/application_dev/figures/deleting-a-software-package-from-a-subproject.png new file mode 100644 index 0000000000000000000000000000000000000000..a365cd1f46bfb8bec094b79477c0168861a5193b Binary files /dev/null and b/docs/en/server/development/application_dev/figures/deleting-a-software-package-from-a-subproject.png differ diff --git a/docs/en/server/development/application_dev/figures/dim_architecture.jpg b/docs/en/server/development/application_dev/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a1e672d01dd7174c6f631bc0443cea5717a27bfb Binary files /dev/null and b/docs/en/server/development/application_dev/figures/dim_architecture.jpg differ diff --git a/docs/en/server/development/application_dev/figures/en-us_image_0229243671.png b/docs/en/server/development/application_dev/figures/en-us_image_0229243671.png new file mode 100644 index 0000000000000000000000000000000000000000..ad5ed3f7beeb01e6a48707c4806606b41d687e22 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/en-us_image_0229243671.png differ diff --git a/docs/en/server/development/application_dev/figures/en-us_image_0229243702.png b/docs/en/server/development/application_dev/figures/en-us_image_0229243702.png new file mode 100644 index 0000000000000000000000000000000000000000..96096879d161f04750a332e5c749a834c49d3173 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/en-us_image_0229243702.png differ diff --git a/docs/en/server/development/application_dev/figures/en-us_image_0229243704.png b/docs/en/server/development/application_dev/figures/en-us_image_0229243704.png new file mode 100644 index 0000000000000000000000000000000000000000..267bc9508f3a065b5b40c367e745f0d8c3ddb5fa Binary files /dev/null and b/docs/en/server/development/application_dev/figures/en-us_image_0229243704.png differ diff --git a/docs/en/server/development/application_dev/figures/en-us_image_0229243712.png b/docs/en/server/development/application_dev/figures/en-us_image_0229243712.png new file mode 100644 index 0000000000000000000000000000000000000000..62ef0decdf6f1e591059904001d712a54f727e68 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/en-us_image_0229243712.png differ diff --git a/docs/en/server/development/application_dev/figures/filepage.png b/docs/en/server/development/application_dev/figures/filepage.png new file mode 100644 index 0000000000000000000000000000000000000000..83f0bfaeeb9227bcbb863a93ab8d3535e2b2bc1d Binary files /dev/null and b/docs/en/server/development/application_dev/figures/filepage.png differ diff --git a/docs/en/server/development/application_dev/figures/ima-modsig.png b/docs/en/server/development/application_dev/figures/ima-modsig.png new file mode 100644 index 0000000000000000000000000000000000000000..c3e54e27b6ce30bd21e97908b6168a73f318c117 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima-modsig.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_digest_list_flow.png b/docs/en/server/development/application_dev/figures/ima_digest_list_flow.png new file mode 100644 index 0000000000000000000000000000000000000000..2f5c18f97c644069d5d3e6cad82d01ca519418a4 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_digest_list_flow.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_digest_list_pkg.png b/docs/en/server/development/application_dev/figures/ima_digest_list_pkg.png new file mode 100644 index 0000000000000000000000000000000000000000..a93ff611da5cbeec856b5971126e710d91e63567 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_digest_list_pkg.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_digest_list_update.png b/docs/en/server/development/application_dev/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_digest_list_update.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_priv_key.png b/docs/en/server/development/application_dev/figures/ima_priv_key.png new file mode 100644 index 0000000000000000000000000000000000000000..1fe6ac6bb01b224e0248603df39aa743ae62966d Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_priv_key.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_rpm.png b/docs/en/server/development/application_dev/figures/ima_rpm.png new file mode 100644 index 0000000000000000000000000000000000000000..484e59535b8b0957dfa0618b83764c13d59e3612 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_rpm.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_secure_boot.png b/docs/en/server/development/application_dev/figures/ima_secure_boot.png new file mode 100644 index 0000000000000000000000000000000000000000..656e4cadb8798be2fe634a074e64f15b0f6a6004 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_secure_boot.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_sig_verify.png b/docs/en/server/development/application_dev/figures/ima_sig_verify.png new file mode 100644 index 0000000000000000000000000000000000000000..c2b43abf07ae9bf59f0e913585cf89b1f079ed00 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_sig_verify.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_tpm.png b/docs/en/server/development/application_dev/figures/ima_tpm.png new file mode 100644 index 0000000000000000000000000000000000000000..56fc12820d4dd98c4d6a4db01419d1a72382b0af Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_tpm.png differ diff --git a/docs/en/server/development/application_dev/figures/ima_trusted_measurement.png b/docs/en/server/development/application_dev/figures/ima_trusted_measurement.png new file mode 100644 index 0000000000000000000000000000000000000000..79ebc8f8952bc766741482ea023c507b3a2e15a3 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/ima_trusted_measurement.png differ diff --git a/docs/en/server/development/application_dev/figures/repositories-page.png b/docs/en/server/development/application_dev/figures/repositories-page.png new file mode 100644 index 0000000000000000000000000000000000000000..b7c04eedf9dd32cf4a9d024a05f5c8b294c76934 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/repositories-page.png differ diff --git a/docs/en/server/development/application_dev/figures/rpm-software-package-download-page.png b/docs/en/server/development/application_dev/figures/rpm-software-package-download-page.png new file mode 100644 index 0000000000000000000000000000000000000000..9f32d6c16d344df6951fc4e6aa027d02dfb9ccb5 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/rpm-software-package-download-page.png differ diff --git a/docs/en/server/development/application_dev/figures/setting_software_info.png b/docs/en/server/development/application_dev/figures/setting_software_info.png new file mode 100644 index 0000000000000000000000000000000000000000..0144be1f86e2a1d977881355022f7b5a5940cacb Binary files /dev/null and b/docs/en/server/development/application_dev/figures/setting_software_info.png differ diff --git a/docs/en/server/development/application_dev/figures/succeeded-page.png b/docs/en/server/development/application_dev/figures/succeeded-page.png new file mode 100644 index 0000000000000000000000000000000000000000..3f10cd1db8bdc9be1ab8b660ef93e8a481c2d6b8 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/succeeded-page.png differ diff --git a/docs/en/server/development/application_dev/figures/trusted_chain.png b/docs/en/server/development/application_dev/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/en/server/development/application_dev/figures/trusted_chain.png differ diff --git a/docs/en/server/development/application_dev/figures/zh-cn_image_0229243671.png b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243671.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243671.png differ diff --git a/docs/en/server/development/application_dev/figures/zh-cn_image_0229243702.png b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243702.png new file mode 100644 index 0000000000000000000000000000000000000000..96096879d161f04750a332e5c749a834c49d3173 Binary files /dev/null and b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243702.png differ diff --git a/docs/en/server/development/application_dev/figures/zh-cn_image_0229243704.png b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243704.png new file mode 100644 index 0000000000000000000000000000000000000000..267bc9508f3a065b5b40c367e745f0d8c3ddb5fa Binary files /dev/null and b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243704.png differ diff --git a/docs/en/server/development/application_dev/figures/zh-cn_image_0229243712.png b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243712.png new file mode 100644 index 0000000000000000000000000000000000000000..8d5a343524e14d11a3e2a94be4066fbb2d20599e Binary files /dev/null and b/docs/en/server/development/application_dev/figures/zh-cn_image_0229243712.png differ diff --git a/docs/en/server/development/application_dev/preparations_for_development_environment.md b/docs/en/server/development/application_dev/preparations_for_development_environment.md new file mode 100644 index 0000000000000000000000000000000000000000..552430ea7ed7b3acf0e85ec2e139152a00020ea6 --- /dev/null +++ b/docs/en/server/development/application_dev/preparations_for_development_environment.md @@ -0,0 +1,328 @@ +# Preparations for Development Environment + +## Environment Requirements + +- If physical machines (PMs) are used, the minimum hardware requirements of the development environment are described in Table 1. + + **Table 1** Minimum hardware specifications + + | Component | Minimum Hardware Specification | Description | + | ------------ | -------------------------------------------------------------- | ------------------------------------------------------------- | + | Architecture | - AArch64
- x86_64 | - 64-bit Arm architecture
- 64-bit Intel x86 architecture | + | CPU | - Huawei Kunpeng 920 series
- Intel Xeon processor | - | + | Memory | ≥ 4 GB (8 GB or higher recommended for better user experience) | - | + | Hard disk | ≥ 120 GB (for better user experience) | IDE, SATA, SAS interfaces are supported. | + +- If virtual machines (VMs) are used, the minimum virtualization space required for the development environment is described in Table 2. + + **Table 2** Minimum virtualization space + + | Component | Minimum Virtualization Space | Description | + | ------------ | ----------------------------------------------------------------- | ----------- | + | Architecture | - AArch64
- x86_64 | - | + | CPU | Two CPUs | - | + | Memory | ≥ 4 GB (8 GB or higher recommended for better user experience) | - | + | Hard disk | ≥ 32 GB (120 GB or higher recommended for better user experience) | - | + +### OS Requirements + +The openEuler OS is required. + +For details about how to install the openEuler OS, see the _Installation Guide_. On the **SOFTWARE SELECTION** page, select **Development Tools** in the **Add-Ons for Selected Environment** area. + +## Configuring the openEuler Yum Source + +Configure an online Yum source using the online openEuler repo source. Alternatively, configure a local Yum source by mounting an ISO file and creating a local openEuler repo source. + +### Configuring an Online Yum Source by Obtaining the Online openEuler Repo Source + +> [!NOTE]NOTE +> openEuler provides multiple repo sources for users online. For details about the repo sources, see [OS Installation](../../releasenotes/releasenotes/os_installation.md). This section uses the OS repo source file of the AArch64 architecture as an example. + +1. Go to the yum source directory and check the .repo configuration file. + + ```shell + $ cd /etc/yum.repos.d + $ ls + openEuler-xxx.repo + ``` + +2. Edit the **openEuler-xxx.repo** file as the **root** user. Configure the online openEuler repo source as the yum source. + + ```shell + vi openEuler-xxx.repo + ``` + + Edit the **openEuler-xxx.repo** file as follows: + + ```text + [osrepo] + name=osrepo + baseurl=http://repo.openeuler.org/openEuler-{version}/OS/{arch}/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/{arch}/RPM-GPG-KEY-openEuler + ``` + + > [!NOTE]NOTE + + - **repoid** indicates the ID of the software repository. Repoids in all .repo configuration files must be unique. In the example, **repoid** is set to **base**. + - **name** indicates the string that the software repository describes. + - **baseurl** indicates the address of the software repository. + - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. + - **gpgcheck** indicates whether to enable the GNU privacy guard (GPG) to check the validity and security of sources of RPM packages. **1** indicates GPG check is enabled. **0** indicates the GPG check is disabled. If this option is not specified, the GPG check is enabled by default. + - **gpgkey** indicates the public key used to verify the signature. + +### Configuring a Local Yum Source by Mounting an ISO File + +> [!NOTE]NOTE +> openEuler provides multiple ISO release packages. For details about each ISO release package, see [OS Installation](../../releasenotes/releasenotes/os_installation.md). This section does not specify the version and architecture of related files. Choose them based on the actual requirements. + +1. Download the ISO release package. + + Download an ISO image using a cross-platform file transfer tool. + + 1. Visit the [openEuler community](https://www.openeuler.org/en/). + 2. Choose **Downloads** > **Community Editions**. + 3. Locate the target version. Then, click **Download**. The download list is displayed. + 4. The download list includes the following architectures: + + - **x86\_64**: ISO of the x86\_64 architecture. + - **AArch64**: ISO of the AArch64 architecture. + - **ARM32**: ISO for embedded devices. + + 5. Click **AArch64** and **Server**. + 6. Choose the required ISO type and click **Download** to download the openEuler release package to the local host. + 7. Click **SHA256** to copy the checksum. Save the checksum as a local verification file. + 8. Log in to the openEuler OS and create a directory for storing the release package and verification file, for example, **~/iso**. + + ```shell + mkdir ~/iso + ``` + + 9. Use a cross-platform file transfer tool (such as WinSCP) to upload the local openEuler release package and verification file to the openEuler OS. + + Run the **wget** command to download the ISO image. + + 1. Visit the [openEuler community](https://www.openeuler.org/en/). + 2. Choose **Downloads** > **Community Editions**. + 3. Locate the target version. Then, click **Download**. The download list is displayed. + 4. The download list includes the following architectures: + + - **x86\_64**: ISO of the x86\_64 architecture. + - **AArch64**: ISO of the AArch64 architecture. + - **ARM32**: ISO for embedded devices. + + 5. Click **AArch64**. + 6. Click **Server**. + 7. Choose the required ISO type, right-click **Download**, and copy the link address. + 8. Right-click **SHA256** and copy the link address. + 9. Log in to the openEuler OS, create a directory for storing the release package and verification file, for example, **~/iso**. Then switch to the directory. + + ```shell + mkdir ~/iso + cd ~/iso + ``` + + 10. Run the **wget** command to remotely download the release package and verification file. In the command, replace **ipaddriso** with the address copied in steps 7. + + ```shell + wget ipaddriso + ``` + +2. Release Package Integrity Check + + 1. Calculate the SHA256 verification value of the openEuler release package. + + ```shell + sha256sum openEuler-xxx-dvd.iso + ``` + + After the command is run, the verification value is displayed. + + 2. Check whether the calculated value is the same as that of the saved SHA256 value. + + If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, the file is damaged and you need to obtain the file again. + +3. Mount the ISO file and configure it as a repo source. + + ```shell + mount /home/iso/openEuler-xxx-dvd.iso /mnt/ + ``` + + ```text + . + │── boot.catalog + │── docs + │── EFI + │── images + │── Packages + │── repodata + │── TRANS.TBL + └── RPM-GPG-KEY-openEuler + ``` + + In the preceding directory, **Packages** indicates the directory where the RPM package is stored, **repodata** indicates the directory where the repo source metadata is stored, and **RPM-GPG-KEY-openEuler** indicates the public key for signing openEuler. + +4. Go to the yum source directory and check the .repo configuration file in the directory. + + ```shell + $ cd /etc/yum.repos.d + $ ls + openEuler-xxx.repo + ``` + +5. Edit the **openEuler-xxx.repo** file as the **root** user. Configure the local openEuler repo source created in step [3](#li6236932222) as the yum source. + + ```shell + vi openEuler-xxx.repo + ``` + + Edit the **openEuler-xxx.repo** file as follows: + + ```text + [localosrepo] + name=localosrepo + baseurl=file:///mnt + enabled=1 + gpgcheck=1 + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + ``` + +## Installing the Software Packages + +The software required varies in different development environments. However, the installation methods are the same. This section describes how to install common software packages (such as JDK and rpm-build). Some development software, such as GCC and GNU make, is provided by the openEuler OS by default. + +### Installing the JDK Software Package + +1. Run the `dnf list installed | grep jdk` command to check whether the JDK software is installed. + + Check the command output. If the command output contains "jdk", the JDK has been installed. If no such information is displayed, the software is not installed. + +2. Run `dnf clean all` to clear the cache. + +3. Run `dnf makecache` to create the cache. + +4. Run `dnf search jdk | grep jdk` to query the JDK software package that can be installed. + + View the command output and install the **java-{version}-openjdk-devel.aarch64** software package. + +5. Install the JDK software package as the **root** user. Run `dnf install java-{version}-openjdk-devel.aarch64`. + +6. Query information about the JDK software by running `java -version`. + + Check the command output. If the command output contains "openjdk version", the JDK has been correctly installed. + +### Installing the rpm-build Software Package + +1. Run the `dnf list installed | grep rpm-build` command to check whether the rpm-build software is installed. + + Check the command output. If the command output contains "rpm-build", the software has been installed. If no such information is displayed, the software is not installed. + +2. Run `dnf clean all` to clear the cache. + +3. Run `dnf makecache` to create the cache. + +4. Install the rpm-build package as the **root** user. Run `dnf install rpm-build`. + +5. Query the rpm-build software version. Run `rpmbuild --version`. + +## Using the IDE for Java Development + +For small-sized Java applications, you can directly use JDK to compile them to run Java applications. However, for medium- and large-sized Java applications, this method does not meet the development requirements. You can perform the following steps to install and use the IDE to facilitate Java development on the openEuler OS. + +### Overview + +IntelliJ IDEA is a popular Java IDE. You can download the community edition of IntelliJ IDEA for free. Currently, openEuler supports Java development using IntelliJ IDEA, improving the work efficiency of developers. + +### Logging In to the Server Using MobaXterm + +MobaXterm is an excellent SSH client. It has an X Server and can easily solve remote GUI display problems. + +You need to download, install, and start MobaXterm in advance, and then log in to your server in SSH mode to perform the following operations. + +### Setting the JDK Environment + +Before setting JAVA\_HOME, you need to find the installation path of the JDK. You are supported to have installed the JDK. If you have not installed the JDK, install it by referring to the preceding section "Installing the JDK Software Package". + +Run the following commands to view the Java path: + +```shell +$ which java +/usr/bin/java +``` + +Run the following commands to check the directory to which the soft link points: + +```shell +$ ls -la /usr/bin/java +lrwxrwxrwx. 1 root root 22 Mar 6 20:28 /usr/bin/java -> /etc/alternatives/java +$ ls -la /etc/alternatives/java +lrwxrwxrwx. 1 root root 83 Mar 6 20:28 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64/jre/bin/java +``` + +**/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64** indicates the actual JDK path. Run the following commands to set **JAVA\_HOME** and **PATH**: + +```shell +export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64 +export PATH=$JAVA_HOME/bin:$PATH +``` + +### Downloading and Installing the GTK Library + +Run the following command: + +```shell +dnf list installed | grep gtk +``` + +If **gtk2** or **gtk3** is displayed, the GTK library has been installed. In this case, skip this step. Otherwise, run the following command as the **root** user to automatically download and install the GTK library: + +```shell +dnf -y install gtk2 libXtst libXrender xauth +``` + +### Setting X11 Forwarding + +Switch to the SSHD configuration directory. + +```shell +cd ~/.ssh +``` + +If the directory does not exist, run the following command to create it and then switch to it: + +```shell +mkdir ~/.ssh +``` + +Edit the configuration file in the **.ssh** directory and save the file. + +1. Run the **vim** command to open the configuration file. + + ```shell + vim config + ``` + +2. Add the following content to the end of the file and save the file: + + ```text + Host * + ForwardAgent yes + ForwardX11 yes + ``` + +### Downloading and Running IntelliJ IDEA + +After the preceding environment configuration is complete, you can download and run IntelliJ IDEA. The latest version of IntelliJ IDEA is incompatible with openEuler in some functions. You are advised to click [here](https://www.jetbrains.com/idea/download/other.html) to download the Linux package of the 2018 version. Move the downloaded package to the directory where you want to install the software and decompress the package. + +```shell +tar xf ideaIC-2018.3.tar.gz +``` + +After the decompression is complete, switch to the IntelliJ IDEA directory and run IntelliJ IDEA. + +```shell +cd ./idea-IC-183.4284.148 +bin/idea.sh & +``` diff --git a/docs/en/server/development/application_dev/public_sys-resources/icon-caution.gif b/docs/en/server/development/application_dev/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/development/application_dev/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/development/application_dev/public_sys-resources/icon-danger.gif b/docs/en/server/development/application_dev/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/development/application_dev/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/development/application_dev/public_sys-resources/icon-note.gif b/docs/en/server/development/application_dev/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/development/application_dev/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/development/application_dev/public_sys-resources/icon-notice.gif b/docs/en/server/development/application_dev/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/development/application_dev/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/development/application_dev/public_sys-resources/icon-tip.gif b/docs/en/server/development/application_dev/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/development/application_dev/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/development/application_dev/public_sys-resources/icon-warning.gif b/docs/en/server/development/application_dev/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/development/application_dev/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/development/application_dev/using_clang_for_compilation.md b/docs/en/server/development/application_dev/using_clang_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..2311a5401a4886ef592445991219c57ef9790824 --- /dev/null +++ b/docs/en/server/development/application_dev/using_clang_for_compilation.md @@ -0,0 +1,82 @@ +# Using LLVM/Clang for Compilation + +This chapter describes the basic knowledge of LLVM/Clang compilation and provides examples for demonstration. For more information about how to use Clang, run the **clang --help** command. + +## Overview + +LLVM is a compiler that covers multiple programming languages and target processors. It uses Clang as the compiler and driver of C and C++. Clang can not only compile C and C++ programs into the LLVM intermediate representations (IRs), but also invoke all LLVM optimization passes for code generation until the final binary file is generated. + +## Multi-Version LLVM/Clang Installation + +The openEuler OS provides standardized installation of the Clang/LLVM toolchain through its official Yum repository. To address diverse version requirements, the system implements a dual-version mechanism: installing a stable primary version by default while supporting additional secondary versions. + +| openEuler Version | Primary LLVM Version | Installation Command | Secondary Versions | Installation Commands | +| ----------------- | -------------------- | -------------------- | ------------------ | ----------------------------------------------------------------- | +| 22.03 LTS SP3 | LLVM12 | yum install -y clang | LLVM17, LLVM18 | yum install -y llvm-toolset-17
yum install -y llvm-toolset-18 | +| 22.03 LTS SP4 | LLVM12 | yum install -y clang | LLVM17, LLVM18 | yum install -y llvm-toolset-17
yum install -y llvm-toolset-18 | +| 24.03 LTS | LLVM17 | yum install -y clang | N/A | N/A | +| 24.03 LTS SP1 | LLVM17 | yum install -y clang | LLVM18 | yum install -y llvm-toolset-18 | + +To verify primary version installation on openEuler 22.03 LTS SP4: + +```shell +clang -v + +clang version 12.0.1 (openEuler 12.0.1-6.oe2203sp4 f4a7df2c51fa9eb3679555ef2de92c638ba9f880) +Target: aarch64-unknown-linux-gnu +Thread model: posix +InstalledDir: /usr/bin +Found candidate GCC installation: /usr/bin/../lib/gcc/aarch64-linux-gnu/10.3.1 +Found candidate GCC installation: /usr/lib/gcc/aarch64-linux-gnu/10.3.1 +Selected GCC installation: /usr/bin/../lib/gcc/aarch64-linux-gnu/10.3.1 +Candidate multilib: .;@m64 +Selected multilib: .;@m64 +``` + +To verify secondary version installation: + +```shell +source /opt/openEuler/llvm-toolset-17/enable +clang -v + +clang version 17.0.6 ( 17.0.6-4.oe2203sp4) +Target: aarch64-openEuler-linux-gnu +Thread model: posix +InstalledDir: /opt/openEuler/llvm-toolset-17/root/usr/bin +System configuration file directory: /etc/llvm-toolset-17-clang/ +Found candidate GCC installation: /usr/lib/gcc/aarch64-linux-gnu/10.3.1 +Selected GCC installation: /usr/lib/gcc/aarch64-linux-gnu/10.3.1 +Candidate multilib: .;@m64 +Selected multilib: .;@m64 +``` + +Successful installation is confirmed when the output displays the clang version information. + +## Practical Examples + +Compile and execute C programs: + +```shell +clang [compiler-flags] hello.c -o hello.o +./hello.o +``` + +Compile and execute C++ programs: + +```shell +clang++ [compiler-flags] hello.cpp -o hello.o +./hello.o +``` + +To use LLVM's lld linker instead of the default gcc ld: + +```shell +clang [compiler-flags] -fuse-ld=lld hello.c -o hello.o +./hello.o +``` + +## Building from Source + +Refer to openEuler's [llvm-project repository](https://gitee.com/openeuler/llvm-project) for manual build instructions. + +Additional resources are available in [LLVM User Guides](https://llvm.org/docs/UserGuides.html). diff --git a/docs/en/server/development/application_dev/using_gcc_for_compilation.md b/docs/en/server/development/application_dev/using_gcc_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..592b10a156cc86a381be6fa06bea0c85ea385bd9 --- /dev/null +++ b/docs/en/server/development/application_dev/using_gcc_for_compilation.md @@ -0,0 +1,454 @@ +# Using GCC for Compilation + +This chapter describes the basic knowledge of GCC compilation and provides examples for demonstration. For more information about GCC, run the **man gcc** command. + +## Overview + +The GNU Compiler Collection \(GCC\) is a powerful and high-performance multi-platform compiler developed by GNU. The GCC compiler can compile and link source programs, assemblers, and target programs of C and C++ into executable files. By default, the GCC software package is installed in the openEuler OS. + +## Basics + +### File Type + +For any given input file, the file type determines which compilation to perform. Table 1 describes the common GCC file types. + +**Table 1** Common GCC file types + +| Extension (Suffix) | Description | +| --- | --- | +| .c | C source code file. | +| .C, .cc, or .cxx | C++ source code file. | +| .m | Objective-C source code file. | +| .s | Assembly language source code file. | +| .i | Preprocessed C source code file. | +| .ii | Preprocessed C++ source code file. | +| .S | Pre-processed assembly language source code file. | +| .h | Header file contained in the program. | +| .o | Target file after compilation. | +| .so | Dynamic link library, which is a special target file. | +| .a | Static link library. | +| .out | Executable files, which do not have a fixed suffix. The system distinguishes executable files from inexecutable files based on file attributes. If the name of an executable file is not given, GCC generates a file named **a.out**. | + +### Compilation Process + +Using GCC to generate executable files from source code files requires preprocessing, compilation, assembly, and linking. + +1. Preprocessing: Preprocess the source program \(such as a **.c** file\) to generate an **.i** file. +2. Compilation: Compile the preprocessed **.i** file into an assembly language to generate an **.s** file. +3. Assemble: Assemble the assembly language file to generate the target file **.o**. +4. Linking: Link the **.o** files of each module to generate an executable program file. + +The **.i**, **.s**, and **.o** files are intermediate or temporary files. If the GCC is used to compile programs in C language at a time, these files will be deleted. + +### Compilation Options + +GCC compilation command format: **gcc** \[_options_\] \[_filenames_\] + +In the preceding information: + +_options_ : compilation options. + +_filenames_ : file name. + +GCC is a powerful compiler. It has many _options_, but most of them are not commonly used. Table 2 describes the common _options_. + +**Table 2** Common GCC compilation options + +| *options* Value | Description | Example | +| --- | --- | --- | +| -c | Compiles and assembles specified source files to generate target files without linking them. It is usually used to compile subprogram files. | # Use the **-c** option to compile the source files **test1.c** and **test2.c**.

gcc -c test1.c test2.c | +| -S | Compiles the specified source file to generate an assembly language file with the .s suffix but without assembling it. | # Use the compiler to preprocess **circle.c**, translate it into assembly language, and store the result in circle.s.

gcc -S circle.c | +| -E | Preprocesses specified source files without compiling them.

By default, the output of the preprocessor is imported to a standard output stream, such as a display. You can use the **-o** option to import it to an output file. | # Export the preprocessing result to the **circle.i** file.

gcc -E circle.c -o circle.i | +| -o *file* | Generates a specified output *file* when an executable file is generated. The name must be different from that of the source file. If this option is not given, GCC generates the preset executable file **a.out**. | # Use the source file as the input file and the executable file as the output file. That is, compile the entire program.

gcc main.c func.c -o app.out | +| -g | Contains standard debugging information in executable programs. | - | +| -L *library\_path* | Adds the *library\_path* to the library file search path list. | - | +| -I *library* | Searches for the specified function *library* during linking.

When GCC is used to compile and link programs, GCC links **libc.a** or **libc.so** by default. However, other libraries (such as non-standard libraries and third-party libraries) need to be manually added. | # Use the **-l** option to link the math library.

gcc main.c -o main.out -lm

NOTE:
The file name of the math library is **libm.a**. The prefix lib and suffix .a are standard, and **m** is the basic name. GCC automatically adds these prefixes and suffixes to the basic name following the **-l** option. In this example, the basic name is **m**. | +| -I *head\_path* | Adds the *head\_path* to the search path list of the header file. | - | +| -static | Performs static compilation and links static libraries. Do not link dynamic libraries. | - | +| -shared | Default option, which can be omitted.
  • A dynamic library file can be generated.
  • During dynamic compilation, the dynamic library is preferentially linked. The static library with the same name is linked only when there is no dynamic library.
| - | +| -fPIC (or -fpic) | Generates location-independent target code that uses a relative address. Generally, the **-static** option is used to generate a dynamic library file from the PIC target file. | - | + +### Multi-file Compilation + +There are two methods provided for compiling multiple source files. + +- Multiple source files are compiled at the same time. All files need to be recompiled during compilation. + + Example: Compile **test1.c** and **test2.c** and link them to the executable file **test**. + + ```shell + gcc test1.c test2.c -o test + ``` + +- Compile each source file, and then link the target files generated after compilation. During compilation, only modified files need to be recompiled. + + For example, compile **test1.c** and **test2.c**, and link the target files **test1.o** and **test2.o** to the executable file **test**. + + ```shell + gcc -c test1.c + gcc -c test2.c + gcc test1.o test2.o -o test + ``` + +## Libraries + +A library is mature and reusable code that has been written for use. Each program depends on many basic underlying libraries. + +The library file name is prefixed with lib and suffixed with .so \(dynamic library\) or .a \(static library\). The middle part is the user-defined library file name, for example, libfoo.so or libfoo.a. Because all library files comply with the same specifications, the **lib** prefix can be omitted when the **-l** option specifies the name of the linked library file. That is, when GCC processes **-lfoo**, the library file **libfoo.so** or **libfoo.a** is automatically linked. When creating a library, you must specify the full file name **libfoo.so** or **libfoo.a**. + +Libraries are classified into static libraries and dynamic libraries based on the linking time. The static library links and packs the target file .o generated by assembly and the referenced library into an executable file in the linking phase. The dynamic library is not linked to the target code when the program is compiled, but is loaded when the program is run. The differences are as follows: + +- The resource usage is different. + + The static library is a part of the generated executable file, while the dynamic library is a separate file. Therefore, the sizes and occupied disk space of the executable files of the static library and dynamic library are different, which leads to different resource usage. + +- The scalability and compatibility are different. + + If the implementation of a function in the static library changes, the executable file must be recompiled. For the executable file generated by dynamic linking, only the dynamic library needs to be updated, and the executable file does not need to be recompiled. + +- The dependency is different. + + The executable file of the static library can run without depending on any other contents, while the executable file of the dynamic library must depend on the dynamic library. Therefore, the static library is convenient to migrate. + +- The loading speeds are different. + + Static libraries are linked together with executable files, while dynamic libraries are linked only when they are loaded or run. Therefore, for the same program, static linking is faster than dynamic linking. + +### Dynamic Link Library + +You can use the **-shared** and **-fPIC** options to create a dynamic link library \(DLL\) with the source file, assembly file, or target file. The **-fPIC** option is used in the compilation phase. This option is used when the target file is generated, so as to generate location-independent code. + +Example 1: Generate a DLL from the source file. + +```shell +gcc -fPIC -shared test.c -o libtest.so +``` + +Example 2: Generate a DLL from the target file. + +```shell +gcc -fPIC -c test.c -o test.o +gcc -shared test.o -o libtest.so +``` + +To link a DLL to an executable file, you need to list the name of the DLL in the command line. + +Example: Compile **main.c** and **libtest.so** into **app.out**. When **app.out** is running, the link library **libtest.so** is dynamically loaded. + +```shell +gcc main.c libtest.so -o app.out +``` + +In this mode, the **libtest.so** file in the current directory is used. + +If you choose to search for a DLL, to ensure that the DLL can be linked when the program is running, you must implement by using one of the following methods: + +- Save the DLL to a standard directory, for example, **/usr/lib**. +- Add the DLL path **libraryDIR** to the environment variable **LD\_LIBRARY\_PATH**. + + ```shell + export LD_LIBRARY_PATH=libraryDIR:$LD_LIBRARY_PATH + ``` + + > [!NOTE]NOTE + > **LD\_LIBRARY\_PATH** is an environment variable of the DLL. If the DLL is not in the default directories \(**/lib** and **/usr/lib**\), you need to specify the environment variable **LD\_LIBRARY\_PATH**. + +- Add the DLL path **libraryDIR** to **/etc/ld.so.conf** and run **ldconfig**, or use the DLL path **libraryDIR** as a parameter to run **ldconfig**. + +```shell +gcc main.c -L libraryDIR -ltest -o app.out +export LD_LIBRARY_PATH=libraryDIR:$LD_LIBRARY_PATH +``` + +### Static Link Library + +To create a static link library \(SLL\), you need to compile the source file to the target file, and then run the **ar** command to compress the target file into an SLL. + +Example: Compile and compress source files **test1.c**, **test2.c**, and **test3.c** into an SLL. + +```shell +gcc -c test1.c test2.c test3.c +ar rcs libtest.a test1.o test2.o test3.o +``` + +The **ar** command is a backup compression command. You can compress multiple files into a backup file \(also called an archive file\) or extract member files from the backup file. The most common use of **ar** is to compress the target files into an SLL. + +The format of the **ar** command to compress the target files into an SLL is as follows: + +ar rcs _Sllfilename_ _Targetfilelist_ + +- _Sllfilename_ : Name of the static library file. +- _Targetfilelist_ : Target file list. +- **r**: replaces the existing target file in the library or adds a new target file. +- **c**: creates a library regardless of whether the library exists. +- **s**: creates the index of the target file. The speed can be improved when a large library is created. + +Example: Create a main.c file to use the SLL. + +```shell +gcc main.c -L libraryDIR -ltest -o test.out +``` + +In the preceding command, **libraryDIR** indicates the path of the libtest.a library. + +## Examples + +### Example for Using GCC to Compile C Programs + +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. The command is as follows: + + ```shell + cd ~/code + ``` + +2. Compile the Hello World program and save it as **helloworld.c**. The following uses the Hello World program as an example. The command is as follows: + + ```shell + vi helloworld.c + ``` + + Code example: + + ```c + #include + int main() + { + printf("Hello World!\n"); + return 0; + } + ``` + +3. Run the following command to compile the code in the code directory: + + ```shell + gcc helloworld.c -o helloworld + ``` + + If no error is reported, the execution is successful. + +4. After the compilation is complete, the helloworld file is generated. Check the compilation result. The following is an example: + + ```shell + $ ./helloworld + Hello World! + ``` + +### Example for Creating and Using a DLL Using GCC + +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **src**, **lib**, and **include** subdirectories in the directory to store the source file, DLL file, and header file, respectively. + + ```shell + cd ~/code + mkdir src lib include + ``` + +2. Run the **cd** command to go to the **~/code/src** directory and create two functions **add.c** and **sub.c** to implement addition and subtraction, respectively. + + ```shell + cd ~/code/src + vi add.c + vi sub.c + ``` + + The following is an example of the **add.c** code: + + ```c + #include "math.h" + int add(int a, int b) + { + return a+b; + } + ``` + + The following is an example of the **sub.c** code: + + ```c + #include "math.h" + int sub(int a, int b) + { + return a-b; + } + ``` + +3. Compile the source files add.c and sub.c into the DLL libmath.so, and store the DLL in the **~/code/lib** directory. + + ```shell + gcc -fPIC -shared add.c sub.c -o ~/code/lib/libmath.so + ``` + +4. Go to the **~/code/include** directory, create a header file **math.h**, and declare the header file of the function. + + ```shell + cd ~/code/include + vi math.h + ``` + + The following is an example of the **math.h** code: + + ```c + #ifndef __MATH_H_ + #define __MATH_H_ + int add(int a, int b); + int sub(int a, int b); + #endif + ``` + +5. Run the **cd** command to go to the **~/code/src** directory and create a **main.c** function that invokes add\(\) and sub\(\). + + ```shell + cd ~/code/src + vi main.c + ``` + + The following is an example of the **math.c** code: + + ```c + #include + #include "math.h" + int main() + { + int a, b; + printf("Please input a and b:\n"); + scanf("%d %d", &a, &b); + printf("The add: %d\n", add(a,b)); + printf("The sub: %d\n", sub(a,b)); + return 0; + } + ``` + +6. Compile **main.c** and **libmath.so** into **math.out**. + + ```shell + gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out + ``` + +7. Add the path of the DLL to the environment variable. + + ```shell + export LD_LIBRARY_PATH=~/code/lib:$LD_LIBRARY_PATH + ``` + +8. Run the following command to execute **math.out**: + + ```shell + ./math.out + ``` + + The command output is as follows: + + ```console + Please input a and b: + 9 2 + The add: 11 + The sub: 7 + ``` + +### Example for Creating and Using an SLL Using GCC + +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **src**, **lib**, and **include** subdirectories in the directory to store the source file, SLL file, and header file respectively. + + ```shell + cd ~/code + mkdir src lib include + ``` + +2. Run the **cd** command to go to the **~/code/src** directory and create two functions **add.c** and **sub.c** to implement addition and subtraction, respectively. + + ```shell + cd ~/code/src + vi add.c + vi sub.c + ``` + + The following is an example of the **add.c** code: + + ```c + #include "math.h" + int add(int a, int b) + { + return a+b; + } + ``` + + The following is an example of the **sub.c** code: + + ```c + #include "math.h" + int sub(int a, int b) + { + return a-b; + } + ``` + +3. Compile the source files **add.c** and **sub.c** into the target files **add.o** and **sub.o**. + + ```shell + gcc -c add.c sub.c + ``` + +4. Run the **ar** command to compress the **add.o** and **sub.o** target files into the SLL **libmath.a** and save the SLL to the **~/code/lib** directory. + + ```shell + ar rcs ~/code/lib/libmath.a add.o sub.o + ``` + +5. Go to the **~/code/include** directory, create a header file **math.h**, and declare the header file of the function. + + ```shell + cd ~/code/include + vi math.h + ``` + + The following is an example of the **math.h** code: + + ```c + #ifndef __MATH_H_ + #define __MATH_H_ + int add(int a, int b); + int sub(int a, int b); + #endif + ``` + +6. Run the **cd** command to go to the **~/code/src** directory and create a **main.c** function that invokes add\(\) and sub\(\). + + ```shell + cd ~/code/src + vi main.c + ``` + + The following is an example of the **math.c** code: + + ```c + #include + #include "math.h" + int main() + { + int a, b; + printf("Please input a and b:\n"); + scanf("%d %d", &a, &b); + printf("The add: %d\n", add(a,b)); + printf("The sub: %d\n", sub(a,b)); + return 0; + } + ``` + +7. Compile **main.c** and **libmath.a** into **math.out**. + + ```shell + gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out + ``` + +8. Run the following command to execute **math.out**: + + ```shell + ./math.out + ``` + + The command output is as follows: + + ```console + Please input a and b: + 9 2 + The add: 11 + The sub: 7 + ``` diff --git a/docs/en/server/development/application_dev/using_jdk_for_compilation.md b/docs/en/server/development/application_dev/using_jdk_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..f78b4883aa72ab8978893445cef1bf5572b86971 --- /dev/null +++ b/docs/en/server/development/application_dev/using_jdk_for_compilation.md @@ -0,0 +1,509 @@ +# Using JDK for Compilation + +## Overview + +A Java Development Kit \(JDK\) is a software package required for Java development. It contains the Java Runtime Environment \(JRE\) and compilation and commissioning tools. On the basis of OpenJDK, openEuler optimizes GC, enhances concurrency stability, and enhances security, improving the performance and stability of Java applications on ARM. + +## Basics + +### File Type and Tool + +For any given input file, the file type determines which tool to use for processing. The common file types and tools are described in [Table 1](#table634145764320) and [Table 2](#table103504146433). + +**Table 1** Common JDK file types + + + + + + + + + + + + + + + + +

Extension (Suffix)

+

Description

+

.java

+

Java source code file.

+

.class

+

Java bytecode file, which is intermediate code irrelevant to any specific machine or OS environment. It is a binary file, which is the target code file generated after the Java source file is compiled by the Java compiler.

+

.jar

+

JAR package of Java files.

+
+ +**Table 2** Common JDK tools + + + + + + + + + + + + + + + + +

Name

+

Description

+

java

+

Java running tool, which is used to run .class bytecode files or .jar files.

+

javac

+

Compiles Java source code files into .class bytecode files.

+

jar

+

Creates and manages JAR files.

+
+ +### Java Program Generation Process + +To generate a program from Java source code files and run the program using Java, compilation and run are required. + +1. Compilation: Use the Java compiler \(javac\) to compile Java source code files \(.java files\) into .class bytecode files. +2. Run: Execute the bytecode files on the Java virtual machine \(JVM\). + +### Common JDK Options + +#### Javac Compilation Options + +The command format for javac compilation is as follows: **javac** \[_options_\] \[_sourcefiles_\] \[_classes_\] \[@_argfiles_\] + +In the preceding information: + +_options_: command options. + +_sourcefiles_: one or more source files to be compiled. + +_classes_: one or more classes to be processed as comments. + +@_argfiles_: one or more files that list options and source files. The **-J** option is not allowed in these files. + +Javac is a Java compiler. It has many _options_, but most of them are not commonly used. [Table 3](#table1342946175212) describes the common options values. + +**Table 3** Common javac options + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

options Value

+

Description

+

Example

+

-d path

+

Path for storing the generated class files.

+

By default, the class files generated after compilation are in the same path as the source file. You can use the -d option to export the class files to the specified path.

+

# Use the -d option to export all class files to the bin directory.

+

javac /src/*.java -d /bin

+

-s path

+

Path for storing the generated source files.

+

-

+

-cp path or -classpath path

+

Searches for the class files required for compilation and specifies the location of the class files.

+

# In the Demo, the getLine() method in the GetStringDemo class needs to be invoked. The .class file compiled by the GetStringDemo class is stored in the bin directory.

+

javac -cp bin Demo.java -d bin

+

-verbose

+

Outputs information about the operations being performed by the compiler, such as loaded class information and compiled source file information.

+

# Display information about the operations that are being performed by the compiler.

+

javac -verbose -cp bin Demo.java

+

-source sourceversion

+

Specifies the location of the input source files to be searched for.

+

-

+

-sourcepath path

+

Searches for source files (Java files) required for compilation and specifies the location of the source files to be searched for, for example, JAR, ZIP, or other directories that contain Java files.

+

-

+

-target targetversion

+

Generates class files of a specific JVM version. The value can be 1.1, 1.2, 1.3, 1.4, 1.5 (or 5), 1.6 (or 6), 1.7 (or 7), or 1.8 (or 8). The default value of targetversion is related to sourceversion of the -source option. The options of sourceversion are as follows:

+
  • 1.2, corresponding to target version 1.4
  • 1.3, corresponding to target version 1.4
  • 1.5, 1.6, 1.7, and unspecified, corresponding to target version 1.8
  • For other values, the values of targetversion and sourceversion are the same.
+

-

+
+ +#### Java Running Options + +The Java running format is as follows: + +Running class file: **java** \[_options_\] _classesname_ \[args\] + +Running Java file: **java** \[_options_\] -jar _filename_ \[args\] + +In the preceding information: + +_options_: command options, which are separated by spaces. + +_classname_: name of the running .class file. + +_filename_: name of the running .jar file. + +args: parameters transferred to the main\(\) function. The parameters are separated by spaces. + +Java is a tool for running Java applications. It has many _options_, but most of them are not commonly used. [Table 4](#table371918587238) describes the common options. + +**Table 4** Common Java running options + + + + + + + + + + + + + + + + +

options Value

+

Description

+

Example

+

-cp path or -classpath path

+

Specifies the location of the file to be run and the class path to be used, including the .jar, .zip, and class file directories.

+

If there are multiple paths, separate them with colons (:).

+

-

+

-verbose

+

Outputs information about the operations being performed by the compiler, such as loaded class information and compiled source file information.

+

# Display information about the operations that are being performed by the compiler.

+

java -verbose -cp bin Demo.java

+
+ +#### JAR Options + +The JAR command format is as follows: **jar** \{c | t | x | u\}\[vfm0M\] \[_jarfile_\] \[_manifest_\] \[-C _dir_\] _file_... + +[Table 5](#table3691718114817) describes the parameters in the **jar** command. + +**Table 5** JAR parameter description + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Parameter

+

Description

+

Example

+

c

+

Creates a JAR package.

+

# Compress the hello.class files in the current directory into Hello.jar. The compression process is not displayed. If the Hello.jar files do not exist, create them. Otherwise, clear the directory.

+

jar cf Hello.jar hello.class

+

t

+

Lists the contents of a JAR package.

+

# List the files contained in Hello.jar.

+

jar tf Hello.jar

+

x

+

Decompresses a JAR package.

+

# Decompress Hello.jar to the current directory. No information is displayed.

+

jar xf Hello.jar

+

u

+

Updates the existing JAR package, for example, add files to the JAR package.

+

-

+

v

+

Generates a detailed report and prints it to the standard output.

+

# Compress the hello.class files in the current directory into Hello.jar and display the compression process. If the Hello.jar files do not exist, create them. Otherwise, clear the directory.

+

jar cvf Hello.jar hello.class

+

f

+

Specifies the name of a JAR package. This parameter is mandatory.

+

-

+

m

+

Specifies the manifest file to be contained.

+

-

+

0

+

If this parameter is not set, the generated JAR package is larger but faster than that generated when this parameter is not set.

+

-

+

M

+

If the manifest file of all items is not generated, this parameter will be ignored.

+

# Compress the hello.class files in the current directory into Hello.jar and display the compression process. If the Hello.jar files do not exist, create them. Otherwise, clear the directory. However, the manifest file is not generated when Hello.jar is created.

+

jar cvfM Hello.jar hello.class

+

jarfile

+

JAR package, which is an auxiliary parameter of the f parameter.

+

-

+

manifest

+

Manifest file in .mf format, which is an auxiliary parameter of the m parameter.

+

-

+

-C dir

+

Runs the jar command in the specified dir. This command can be used only with parameters c and t.

+

-

+

file

+

Specifies the file or path list. All files in the file or path (including those in the recursive path) are compressed into the JAR package or the JAR package is decompressed to the path.

+

# Compress all class files in the current directory into Hello.jar and display the compression process. If the Hello.jar files do not exist, create them. Otherwise, clear the directory.

+

jar cvf Hello.jar *.class

+
+ +## Class Library + +The Java class library is implemented as a package, which is a collection of classes and interfaces. The Java compiler generates a bytecode file for each class, and the file name is the same as the class name. Therefore, conflicts may occur between classes with the same name. In the Java language, a group of classes and interfaces are encapsulated in a package. Class namespaces can be effectively managed by package. Classes in different packages do not conflict even if they have the same name. This solves the problem of conflicts between classes with the same name and facilitates the management of a large number of classes and interfaces. It also ensures the security of classes and interfaces. + +In addition to many packages provided by Java, developers can customize packages by collecting compiled classes and interfaces into a package for future use. + +Before using a custom package, you need to declare the package. + +### Package Declaration + +The declaration format of a package is package pkg1\[.pkg2\[.pkg3...\]\]. + +To declare a package, you must create a directory. The subdirectory name must be the same as the package name. Then declare the package at the beginning of the class file that needs to be placed in the package, indicating that all classes of the file belong to the package. The dot \(.\) in the package declaration indicates the directory hierarchy. If the source program file does not contain the package statement, the package is specified as an anonymous package. An anonymous package does not have a path. Generally, Java still stores the classes in the source file in the current working directory \(that is, the directory where the Java source files are stored\). + +The package declaration statement must be added to the beginning of the source program file and cannot be preceded by comments or spaces. If you use the same package declaration statement in different source program files, you can include the classes in different source program files in the same package. + +### Package Reference + +In Java, there are two methods to use the common classes in the package provided by Java or the classes in the custom package. + +- Add the package name before the name of the class to be referenced. + + For example, name.A obj=new name.A \(\) + + **name** indicates the package name, **A** indicates the class name, and **obj** indicates the object. This string indicates that class **A** in the **name** package is used to define an object **obj** in the program. + + Example: Create a test object of the Test class in the example package. + + ```java + example.Test test = new example.Test(); + ``` + +- Use **import** at the beginning of the file to import the classes in the package. + + The format of the **import** statement is import pkg1\[.pkg2\[.pkg3...\]\].\(classname | \*\). + + **pkg1\[.pkg2\[.pkg3...\]\]** indicates the package level, and **classname** indicates the class to be imported. If you want to import multiple classes from a package, you can use the wildcard \(\*\) instead. + + Example: Import the **Test** class in the **example** package. + + ```java + import example.Test; + ``` + + Example: Import the entire **example** package. + + ```java + import example.*; + ``` + +## Examples + +### Compiling a Java Program Without a Package + +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. The command is as follows: + + ```shell + cd ~/code + ``` + +2. Compile the Hello World program and save it as **HelloWorld.java**. The following uses the Hello World program as an example. The command is as follows: + + ```shell + vi HelloWorld.java + ``` + + Code example: + + ```java + public class HelloWorld { + public static void main(String[] args) { + System.out.println("Hello World"); + } + } + ``` + +3. Run the following command to compile the code in the code directory: + + ```shell + javac HelloWorld.java + ``` + + If no error is reported, the execution is successful. + +4. After the compilation is complete, the HelloWorld.class file is generated. You can run the **java** command to view the result. The following is an example: + + ```shell + $ java HelloWorld + Hello World + ``` + +### Compiling a Java Program with a Package + +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **~/code/Test/my/example**, **~/code/Hello/world/developers**, and **~/code/Hi/openos/openeuler** subdirectories in the directory to store source files. + + ```shell + cd ~/code + mkdir -p Test/my/example + mkdir -p Hello/world/developers + mkdir -p Hi/openos/openeuler + ``` + +2. Run the **cd** command to go to the **~/code/Test/my/example** directory and create **Test.java**. + + ```shell + cd ~/code/Test/my/example + vi Test.java + ``` + + The following is an example of the Test.java code: + + ```java + package my.example; + import world.developers.Hello; + import openos.openeuler.Hi; + public class Test { + public static void main(String[] args) { + Hello me = new Hello(); + me.hello(); + Hi you = new Hi(); + you.hi(); + } + } + ``` + +3. Run the **cd** command to go to the **~/code/Hello/world/developers** directory and create **Hello.java**. + + ```shell + cd ~/code/Hello/world/developers + vi Hello.java + ``` + + The following is an example of the Hello.java code: + + ```java + package world.developers; + public class Hello { + public void hello(){ + System.out.println("Hello, openEuler."); + } + } + ``` + +4. Run the **cd** command to go to the **~/code/Hi/openos/openeuler** directory and create **Hi.java**. + + ```shell + cd ~/code/Hi/openos/openeuler + vi Hi.java + ``` + + The following is an example of the Hi.java code: + + ```java + package openos.openeuler; + public class Hi { + public void hi(){ + System.out.println("Hi, the global developers."); + } + } + ``` + +5. Run the **cd** command to go to the **~/code** directory and use javac to compile the source file. + + ```shell + cd ~/code + javac -classpath Hello:Hi Test/my/example/Test.java + ``` + + After the command is executed, the **Test.class**, **Hello.class**, and **Hi.class** files are generated in the **~/code/Test/my/example**, **~/code/Hello/world/developers**, and **~/code/Hi/openos/openeuler** directories. + +6. Run the **cd** command to go to the **~/code** directory and run the **Test** program using Java. + + ```shell + cd ~/code + java -classpath Test:Hello:Hi my/example/Test + ``` + + The command output is as follows: + + ```text + Hello, openEuler. + Hi, the global developers. + ``` diff --git a/docs/en/server/development/application_dev/using_make_for_compilation.md b/docs/en/server/development/application_dev/using_make_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..2c77c59c7d63824e84207a04a14ed0fb2dcdba36 --- /dev/null +++ b/docs/en/server/development/application_dev/using_make_for_compilation.md @@ -0,0 +1,357 @@ +# Using Make for Compilation + +This chapter describes the basic knowledge of make compilation and provides examples for demonstration. For more information about Make, run the **man make** command. + +## Overview + +The GNU make utility \(usually abbreviated as make\) is a tool for controlling the generation of executable files from source files. make automatically identifies which parts of the complex program have changed and need to be recompiled. Make uses configuration files called makefiles to control how programs are built. + +## Basics + +### File Type + +[Table 1](#table634145764320) describes the file types that may be used in the makefiles file. + +**Table 1** File types + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Extension (Suffix)

+

Description

+

.c

+

C source code file.

+

.C, .cc, or .cxx

+

C++ source code file.

+

.m

+

Objective-C source code file.

+

.s

+

Assembly language source code file.

+

.i

+

Preprocessed C source code file.

+

.ii

+

Preprocessed C++ source code file.

+

.S

+

Pre-processed assembly language source code file.

+

.h

+

Header file contained in the program.

+

.o

+

Target file after compilation.

+

.so

+

Dynamic link library, which is a special target file.

+

.a

+

Static link library.

+

.out

+

Executable files, which do not have a fixed suffix. The system distinguishes executable files from inexecutable files based on file attributes. If the name of an executable file is not given, GCC generates a file named a.out.

+
+ +### make Work Process + +The process of deploying make to generate an executable file from the source code file is described as follows: + +1. The make command reads the Makefiles, including the files named GNUmakefile, makefile, and Makefile in the current directory, the included makefile, and the rule files specified by the **-f**, **--file**, and **--makefile** options. +2. Initialize variables. +3. Derive implicit rules, analyze dependencies, and create a dependency chain. +4. Determine which targets need to be regenerated based on the dependency chain. +5. Run a command to generate the final file. + +### make Options + +make command format: **make** \[_option_\]... \[_target_\]... + +In the preceding command: + +_option_ : parameter option. + +_target_ : target specified in Makefile. + +[Table 2](#table261872312343) describes the common make options. + +**Table 2** Common make options + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

options Value

+

Description

+

-C dir, --directory=dir

+

Specifies dir as the working directory after the make command starts to run.

+

When there are multiple -C options, the final working directory of make is the relative path of the first directory.

+

-d

+

Displays all debugging information during execution of the make command. You can use the -d option to display all the information during the construction of the dependency chain and the reconstruction of the target.

+

-e, --environment-overrides

+

Overwrites the variable definition with the same name in Makefile with the environment variable definition.

+

-f file, --file=file,

+

--makefile=file

+

Specifies the file as the Makefile for the make command.

+

-h, --help

+

Displays help information.

+

-i, --ignore-errors

+

Ignores the errors occurred during the execution.

+

-k, --keep-going

+

When an error occurs during command execution, the make command is not terminated. The make command executes all commands as many as possible until a critical error occurs.

+

-n, --just-print, --dry-run

+

Simulates the execution of commands (including the commands starting with @) in the actual execution sequence. This command is used only to display the execution process and has no actual execution effect.

+

-o file, --old-file=file, --assume-old=file

+

The specified file does not need to be rebuilt even if its dependency has expired, and no target of this dependency file is rebuilt.

+

-p, --print-data-base

+

Before the command is executed, all data of Makefile read by make and the version information of make are printed. If you only need to print the data, run the make -qp command to view the preset rules and variables before the make command is executed. You can run the make -p -f /dev/null command.

+

-r, --no-builtin-rules

+

Ignores the use of embedded implicit rules and the implicit suffix list of all suffix rules.

+

-R, --no-builtin-variables

+

Ignores embedded hidden variables.

+

-s, --silent, --quiet

+

Cancels the printing during the command execution.

+

-S, --no-keep-going, --stop

+

Cancels the -k option. In the recursive make process, the sub-make inherits the upper-layer command line option through the MAKEFLAGS variable. You can use the -S option in the sub-make to cancel the -k option transferred by the upper-layer command, or cancel the -k option in the system environment variable MAKEFLAGS.

+

-t, --touch

+

Updates the timestamp of all target files to the current system time. Prevents make from rebuilding all outdated target files.

+

-v,--version

+

Displays the make version.

+
+ +## Makefiles + +Make is a tool that uses makefiles for compilation, linking, installation, and cleanup, so as to generate executable files and other related files from source code files. Therefore, makefiles describe the compilation and linking rules of the entire project, including which files need to be compiled, which files do not need to be compiled, which files need to be compiled first, which files need to be compiled later, and which files need to be rebuilt. The makefiles automate project compilation. You do not need to manually enter a large number of source files and parameters each time. + +This chapter describes the structure and main contents of makefiles. For more information about makefiles, run the **info make** command. + +### Makefile Structure + +The makefile file structure is as follows: + +_targets_:_prerequisites_ + +_command_ + +or + +_targets_:_prerequisites_;_command_ + +_command_ + +In the preceding information: + +- _targets_ : targets, which can be target files, executable files, or tags. +- _prerequisites_ : dependency files, which are the files or targets required for generating the _targets_. There can be multiple or none of them. +- _command_ : command \(any shell command\) to be executed by make. Multiple commands are allowed, and each command occupies a line. +- Use colons \(:\) to separate the target files from the dependency files. Press **Tab** at the beginning of each command line. + +The makefile file structure indicates the output target, the object on which the output target depends, and the command to be executed for generating the target. + +### Makefile Contents + +A makefile file consists of the following contents: + +- Explicit rule + + Specify the dependency, such as the file to be generated, dependency file, and generated command. + +- Implicit rule + + Specify the rule that is automatically derived by make. The make command supports the automatic derivation function. + +- Variable definition +- File indicator + + The file indicator consists of three parts: + + - Inclusion of other makefiles, for example, include xx.md + - Selective execution, for example, \#ifdef + - Definition of multiple command lines, for example, define...endef. \(define ... endef\) + +- Comment + + The comment starts with a number sign \(\#\). + +## Examples + +### Example of Using Makefile to Implement Compilation + +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. + + ```shell + cd ~/code + ``` + +2. Create a header file **hello.h** and two functions **hello.c** and **main.c**. + + ```shell + vi hello.h + vi hello.c + vi main.c + ``` + + The following is an example of the **hello.h** code: + + ```c + #pragma once + #include + void hello(); + ``` + + The following is an example of the **hello.c** code: + + ```c + #include "hello.h" + void hello() + { + int i=1; + while(i<5) + { + printf("The %dth say hello.\n", i); + i++; + } + } + ``` + + The following is an example of the **main.c** code: + + ```c + #include "hello.h" + #include + int main() + { + hello(); + return 0; + } + ``` + +3. Create the makefile. + + ```shell + vi Makefile + ``` + + The following provides an example of the makefile content: + + ```text + main:main.o hello.o + gcc -o main main.o hello.o + main.o:main.c + gcc -c main.c + hello.o:hello.c + gcc -c hello.c + clean: + rm -f hello.o main.o main + ``` + +4. Run the **make** command. + + ```shell + make + ``` + + After the command is executed, the commands executed in makefile are printed. If you do not need to print the information, add the **-s** option to the **make** command. + + ```shell + gcc -c main.c + gcc -c hello.c + gcc -o main main.o hello.o + ``` + +5. Execute the ./main target. + + ```shell + ./main + ``` + + After the command is executed, the following information is displayed: + + The 1th say hello. + + The 2th say hello. + + The 3th say hello. + + The 4th say hello. diff --git a/docs/en/server/development/fangtian/_toc.yaml b/docs/en/server/development/fangtian/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c9a98a7be2f655f89c736ba9d62717a3e73a9051 --- /dev/null +++ b/docs/en/server/development/fangtian/_toc.yaml @@ -0,0 +1,10 @@ +label: FangTian Window Engine +isManual: true +description: Installation and development guide for the FangTian Window Engine +sections: + - label: FangTian Window Engine User Guide + href: ./overview.md + - label: FangTian Environment Configuration + href: ./fangtian_environment_configuration.md + - label: FangTian for Wayland and OpenHarmony Applications + href: ./fangtian_for_linux_waylan_and_openharmony_applications.md \ No newline at end of file diff --git a/docs/en/server/development/fangtian/fangtian_environment_configuration.md b/docs/en/server/development/fangtian/fangtian_environment_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..07a2b51140a31789bb889b2e232838d55c11ff42 --- /dev/null +++ b/docs/en/server/development/fangtian/fangtian_environment_configuration.md @@ -0,0 +1,81 @@ +# FangTian Installation and Deployment + +This chapter describes how to install FangTian in openEuler. + +## Software and Hardware Requirements + +### Hardware Requirements + +Currently, only the x86 and AArch64 architectures are supported. + +### Environment Setup + +Install the openEuler OS. For details, see the *[openEuler Installation Guide](../../../server/installation_upgrade/installation/installation_on_servers.md)*. + +### Installing the FangTian Software Package + + On the x86 platform: + + ```shell + sudo dnf install ft_multimedia ft_mmi ft_flutter ft_engine arkui-linux ft_utils + sudo dnf install ft_multimedia-devel ft_mmi-devel ft_flutter-devel ft_engine-devel + ``` + + On the AArch64 platform: + + ```shell + sudo dnf install ft_multimedia ft_mmi ft_flutter ft_engine ft_utils + sudo dnf install ft_multimedia-devel ft_mmi-devel ft_flutter-devel ft_engine-devel + ``` + +## Starting FangTian + +- Start the SAMGR system service. + + Assume that binder and ashmem have been installed. + + ```shell + sudo /usr/share/sa/pre_oneshot_samgr + ``` + + Directly start SAMGR. + + ```shell + mkdir -p ~/tmp + sudo samgr > ~/tmp/samgr.log 2>&1 & + ``` + + Alternatively, set SAMGR as a service and start the service. + + ```shell + sudo systemctl restart samgr + ``` + +- Start the SA engine. + + ```shell + sa_main /system/profile/ft/ft.xml > ~/tmp/ftsa.log 2>&1 & + ``` + + > Description + > + > - SA stands for system ability. A process can have multiple SAs. The **ft.xml** file specifies multiple SAs for the ft process. For details about SAMGR and SAs, see the OpenHarmony documentation. + > - The SA configuration XML file, **sa_main**, and SAMGR are automatically deployed during software package installation. + +## Developing and Running a Simple GUI Application Using FangTian + +[Example](https://gitee.com/openeuler/ft_engine/blob/master/samples/) of a simple C++ GUI application. + +Run the application: + +```shell +desktop & +``` + +The following window is displayed: + +![](./figures/desktop_simple_apps.png) + +> **Description** + > + > For details about FangTian application development, see [FT interfaces](https://gitee.com/openeuler/ft_engine/wikis/1.0-alpha%E6%8E%A5%E5%8F%A3/1.0-alpha%20Interface%20Overview). diff --git a/docs/en/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md b/docs/en/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md new file mode 100644 index 0000000000000000000000000000000000000000..482e76671aae979cc6362f01dc484668d00015af --- /dev/null +++ b/docs/en/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md @@ -0,0 +1,75 @@ +# FangTian for Wayland and OpenHarmony Applications + +The FangTian window engine integrates multiple application ecosystems, allowing Linux and OpenHarmony applications to run on openEuler simultaneously. + +## Wayland Application Support + +### Wayland Protocols + +To support native Linux applications, FangTian is compatible with Wayland applications. Due to the complexity of Wayland protocols, currently, FangTian supports core, stable, and unstable protocols. + +### Application Running + +1. After [starting the FangTian engine](./fangtian_environment_configuration.md#starting-fangtian), start the SA of the Wayland adapter. + + ```shell + mkdir -p ~/tmp + sa_main /system/profile/ft/ft_wl.xml > ~/tmp/ftwlsa.log 2>&1 & + ``` + +2. Configure the Wayland environment. + + ```shell + export XDG_SESSION_TYPE=wayland + export WAYLAND_DISPLAY="wayland-0" + export QT_QPA_PLATFORMTHEME=ukui + ``` + +3. Download and install Linux Wayland applications. + + ```shell + sudo dnf install kylin-calculator deepin-terminal + ``` + +4. The following applications are installed: + +![](./figures/wayland_apps.png) + +## OpenHarmony Application Support + +### ArkUI Framework + +Currently, FangTian supports some ArkUI controls, such as texts, buttons, and images. Developers can develop Harmony applications using [DevEco Studio](https://developer.harmonyos.com/en/develop/deveco-studio/). + +### Application Source Code + +- [Electronic Album](https://gitee.com/openharmony/codelabs/tree/master/ETSUI/ElectronicAlbum) +- [Simple Calculator](https://gitee.com/openharmony/codelabs/tree/master/ETSUI/SimpleCalculator) + +### Installation and Running + +1. Copy the **.hap** file of the application from DevEco Studio to an openEuler directory, for example, **~/apps/tmp**. + +2. Decompress the **.hap** file, for example, **eletronicAlbum.hap**. + + ```shell + unzip eletronicAlbum.hap + ``` + + After the decompression, the application is in **~/apps/tmp/eletronicAlbum**. + +3. After [starting the FangTian engine](./fangtian_environment_configuration.md#starting-fangtian), run the application. + + ```shell + hap_executor ~/apps/tmp/eletronicAlbum + ``` + +4. The following window is displayed: + +![](./figures/arkui_ele.png) + +### Constraints + +- Currently, ArkUI controls are not fully supported. Web and video controls are unavailable. You need to develop and port the NAPI interfaces. + +- ArkUI supports only the x86 architecture in this version. diff --git a/docs/en/server/development/fangtian/figures/arkui_ele.png b/docs/en/server/development/fangtian/figures/arkui_ele.png new file mode 100644 index 0000000000000000000000000000000000000000..d2c8010cddaa99a852c072f7852f51e48c9b9675 Binary files /dev/null and b/docs/en/server/development/fangtian/figures/arkui_ele.png differ diff --git a/docs/en/server/development/fangtian/figures/desktop_simple_apps.png b/docs/en/server/development/fangtian/figures/desktop_simple_apps.png new file mode 100644 index 0000000000000000000000000000000000000000..cf625a544183dafb9747ececc544722dd1e42f87 Binary files /dev/null and b/docs/en/server/development/fangtian/figures/desktop_simple_apps.png differ diff --git a/docs/en/server/development/fangtian/figures/wayland_apps.png b/docs/en/server/development/fangtian/figures/wayland_apps.png new file mode 100644 index 0000000000000000000000000000000000000000..bb62dd4f352625b273b22b8681a9de34123eb0ca Binary files /dev/null and b/docs/en/server/development/fangtian/figures/wayland_apps.png differ diff --git a/docs/en/server/development/fangtian/overview.md b/docs/en/server/development/fangtian/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..f99b1d38b01242f596e574ca65e558de0125e10d --- /dev/null +++ b/docs/en/server/development/fangtian/overview.md @@ -0,0 +1,8 @@ +# FangTian Window Engine User Guide + +This document describes how to install and develop the FangTian window engine in openEuler. + +This article is intended for community developers, open source enthusiasts, and partners who use the openEuler OS and want to learn and use FangTian. Users must: + +* Know basic Linux operations. +* Understand Linux GUI development and ArkUI development. diff --git a/docs/en/server/diversified_computing/dpu_offload/_toc.yaml b/docs/en/server/diversified_computing/dpu_offload/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..24bd02c887b59370183e366c763e383ef0611621 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/_toc.yaml @@ -0,0 +1,15 @@ +label: Direct Connection Aggregation User Guide +isManual: true +description: DPU offloading feature for container management and its installation and deployment method on openEuler +sections: + - label: libvirt Direct Connection Aggregation Environment Establishment + href: ./libvirt_direct_connection_aggregation_environment_establishment.md + - label: qtfs Shared File System + href: ./qtfs_architecture_and_usage.md + - label: Imperceptible DPU Offload User Guide + href: ./overview.md + sections: + - label: Imperceptible Container Management Plane Offload + href: ./imperceptible_container_management_plane_offload.md + - label: Imperceptible Container Management Plane Offload Deployment Guide + href: ./offload_deployment_guide.md diff --git a/docs/en/server/diversified_computing/dpu_offload/config/client.json b/docs/en/server/diversified_computing/dpu_offload/config/client.json new file mode 100644 index 0000000000000000000000000000000000000000..4aedf4c846914a6bc34dff1988c7794ddb1fa521 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/config/client.json @@ -0,0 +1,5 @@ +{ + "Protocol": "tcp", + "Ipaddr" : "192.168.10.11", + "Port" : "7777" +} diff --git a/docs/en/server/diversified_computing/dpu_offload/config/prepare.sh b/docs/en/server/diversified_computing/dpu_offload/config/prepare.sh new file mode 100644 index 0000000000000000000000000000000000000000..ccfe9402051a02451644345b39ef6aa2657bfe89 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/config/prepare.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +mkdir -p /another_rootfs/var/run/docker/containerd +iptables -t nat -N DOCKER + +echo "---------insmod qtfs ko----------" +# TEST_MODE: IP +insmod ${YOUR_PATH}/qtfs.ko qtfs_server_ip=${YOUR_SERVER_IP} qtfs_log_level=INFO # Enter the .ko file path and IP address. +nohup ${YOUR_PATH}/udsproxyd 1 ${YOUR_CLIENT_IP} 12121 ${YOUR_SERVER_IP} 12121 2>&1 & + +# TEST_MODE: vsock +# insmod ${YOUR_PATH}/qtfs.ko qtfs_server_vsock_cid=${YOUR_SERVER_VSOCK_CID} qtfs_log_level=INFO # Enter the .ko file path and IP address. +# nohup ${YOUR_PATH}/udsproxyd 1 ${YOUR_CLIENT_VSOCK_CID} 12121 ${YOUR_SERVER_VSOCK_CID} 12121 2>&1 & + +qtcfg -w udsconnect -x /var/run/rexec +qtcfg -w udsconnect -x /run/rexec + +mkdir /another_rootfs/local_proc/ +mount -t proc proc /another_rootfs/local_proc/ +mount --bind /var/run/ /another_rootfs/var/run/ +mount --bind /var/lib/ /another_rootfs/var/lib/ +mount --bind /etc /another_rootfs/etc +mount -t devtmpfs devtmpfs /another_rootfs/dev/ +mount -t sysfs sysfs /another_rootfs/sys +mkdir -p /another_rootfs/sys/fs/cgroup +mount -t tmpfs tmpfs /another_rootfs/sys/fs/cgroup +list="perf_event freezer files net_cls,net_prio hugetlb pids rdma cpu,cpuacct memory devices blkio cpuset" +for i in $list +do + echo $i + mkdir -p /another_rootfs/sys/fs/cgroup/$i + mount -t cgroup cgroup -o rw,nosuid,nodev,noexec,relatime,$i /another_rootfs/sys/fs/cgroup/$i +done + +mount -t qtfs -o proc /proc /another_rootfs/proc +echo "proc" +mount -t qtfs /sys /another_rootfs/sys +echo "cgroup" + +mkdir -p /another_rootfs/var/lib/docker/containers +mkdir -p /another_rootfs/var/lib/docker/containerd +mkdir -p /another_rootfs/var/lib/docker/overlay2 +mkdir -p /another_rootfs/var/lib/docker/image +mkdir -p /another_rootfs/var/lib/docker/tmp +mount -t qtfs /var/lib/docker/containers /another_rootfs/var/lib/docker/containers +mount -t qtfs /var/lib/docker/containerd /another_rootfs/var/lib/docker/containerd +mount -t qtfs /var/lib/docker/overlay2 /another_rootfs/var/lib/docker/overlay2 +mount -t qtfs /var/lib/docker/image /another_rootfs/var/lib/docker/image +mount -t qtfs /var/lib/docker/tmp /another_rootfs/var/lib/docker/tmp +mkdir -p /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mount -t qtfs /run/containerd/io.containerd.runtime.v1.linux/ /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /another_rootfs/var/run/docker/containerd +mount -t qtfs /run/docker/containerd /another_rootfs/run/docker/containerd +mkdir -p /another_rootfs/var/lib/containerd/io.containerd.runtime.v1.linux +mount -t qtfs /var/lib/containerd/io.containerd.runtime.v1.linux /another_rootfs/var/lib/containerd/io.containerd.runtime.v1.linux + +qtcfg -w udsconnect -x /another_rootfs/var/run/rexec +qtcfg -w udsconnect -x /another_rootfs/run/rexec diff --git a/docs/en/server/diversified_computing/dpu_offload/config/rexec.service b/docs/en/server/diversified_computing/dpu_offload/config/rexec.service new file mode 100644 index 0000000000000000000000000000000000000000..ee9e5e4895adb5c010e3f8d4db6652cfaed3d355 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/config/rexec.service @@ -0,0 +1,13 @@ +[Unit] +Description=Rexec_server Service +After=network.target + +[Service] +Type=simple +Environment=CMD_NET_ADDR=tcp://0.0.0.0:7777 +ExecStart=/usr/bin/rexec_server +ExecReload=/bin/kill -s HUP $MAINPID +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/docs/en/server/diversified_computing/dpu_offload/config/server.json b/docs/en/server/diversified_computing/dpu_offload/config/server.json new file mode 100644 index 0000000000000000000000000000000000000000..1d4a7bbbc1cbf086e18b147f3f27e6a15c2e322e --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/config/server.json @@ -0,0 +1,5 @@ +{ + "Protocol": "tcp", + "Ipaddr" : "0.0.0.0", + "Port" : "7777" +} diff --git a/docs/en/server/diversified_computing/dpu_offload/config/server_start.sh b/docs/en/server/diversified_computing/dpu_offload/config/server_start.sh new file mode 100644 index 0000000000000000000000000000000000000000..fd3655159ddb0fc6069dfa3ab802f4c9f8520c13 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/config/server_start.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +modprobe overlay +mkdir /var/lib/docker/containers +mkdir -p /var/lib/docker/containers +mkdir -p /var/lib/docker/containerd +mkdir -p /var/lib/docker/overlay2 +mkdir -p /var/lib/docker/tmp +mkdir -p /var/lib/docker/image +mkdir -p /var/run/docker/containerd +mkdir -p /run/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /var/run/docker/netns +mkdir -p /var/lib/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /run/user/0 +touch /var/run/docker/netns/default +# this should be done once +mount --bind /proc/1/ns/net /var/run/docker/netns/default + +function TaskClean() +{ + echo "Now do task clean..." + pkill engine + rmmod qtfs_server + echo "TaskClean done" +} + +trap "TaskClean exit" SIGINT + +mkdir -p /var/run/docker/containerd +mkdir -p /run/containerd/io.containerd.runtime.v1.linux/ + +# TEST_MODE: IP +insmod ${YOUR_PATH}/qtfs_server.ko qtfs_server_ip=${YOUR_SERVER_IP} qtfs_log_level=ERROR +nohup ${YOUR_PATH}/engine 16 1 ${YOUR_SERVER_IP} 12121 ${YOUR_CLIENT_IP} 12121 2>&1 & + +# TEST_MODE: vsock +# insmod ${YOUR_PATH}/qtfs_server.ko qtfs_server_vsock_cid=${YOUR_SERVER_VSOCK_CID} qtfs_log_level=ERROR +# nohup ${YOUR_PATH}/engine 16 1 ${YOUR_SERVER_VSOCK_CID} 12121 ${YOUR_CLIENT_VSOCK_CID} 12121 2>&1 & + +sleep 2 + +qtcfg -w udsconnect -x /var/run/rexec +qtcfg -w udsconnect -x /run/rexec +qtcfg -w udsconnect -x /var/run/containerd diff --git a/docs/en/server/diversified_computing/dpu_offload/config/whitelist b/docs/en/server/diversified_computing/dpu_offload/config/whitelist new file mode 100644 index 0000000000000000000000000000000000000000..b0be45f86276e89fa9fd0827ba06bbb27d158f62 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/config/whitelist @@ -0,0 +1,8 @@ +kill +taskset +qemu-kvm +rexec_shim +/usr/bin/taskset +/usr/bin/kill +/usr/bin/qemu-kvm +/usr/bin/rexec_shim diff --git a/docs/en/server/diversified_computing/dpu_offload/figures/arch.png b/docs/en/server/diversified_computing/dpu_offload/figures/arch.png new file mode 100644 index 0000000000000000000000000000000000000000..b6a7836fd6fab75009e781ac1ed96c73c352f75b Binary files /dev/null and b/docs/en/server/diversified_computing/dpu_offload/figures/arch.png differ diff --git a/docs/en/server/diversified_computing/dpu_offload/figures/offload-arch.png b/docs/en/server/diversified_computing/dpu_offload/figures/offload-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..b0f7b8587c47838880bcca5d6694f66a16ec0aaf Binary files /dev/null and b/docs/en/server/diversified_computing/dpu_offload/figures/offload-arch.png differ diff --git a/docs/en/server/diversified_computing/dpu_offload/figures/qtfs-arch.png b/docs/en/server/diversified_computing/dpu_offload/figures/qtfs-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..749b007287d8503badcea52036b7a71b06092bc2 Binary files /dev/null and b/docs/en/server/diversified_computing/dpu_offload/figures/qtfs-arch.png differ diff --git a/docs/en/server/diversified_computing/dpu_offload/imperceptible_container_management_plane_offload.md b/docs/en/server/diversified_computing/dpu_offload/imperceptible_container_management_plane_offload.md new file mode 100644 index 0000000000000000000000000000000000000000..18631c7c89be21c41040251eec63ba93812a4948 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/imperceptible_container_management_plane_offload.md @@ -0,0 +1,35 @@ +# Imperceptible Container Management Plane Offload + +## Overview + +Moore's law ceases to apply in data center and cloud scenarios. The CPU computing power growth rate of general processing units is slowing down, while the network I/O speed and performance keep increasing. As a result, the processing capability of current general-purpose processors cannot meet the I/O processing requirements of the network and drives. In traditional data centers, more and more general-purpose CPU computing power is occupied by I/O and management planes. This part of resource loss is called data center tax. According to AWS statistics, the data center tax may account for more than 30% of the computing power of the data center. + +The data processing unit (DPU) is developed to release the computing resources from the host CPU. The management plane, network, storage, and security capabilities are offloaded to DPUs for acceleration, reducing costs and improving efficiency. Mainstream cloud vendors, such as AWS, Alibaba Cloud, and Huawei Cloud, use self-developed processors to offload the management plane and related data plane, achieving 100% utilization of data center computing resources. + +The management plane processes can be offloaded to the DPU by splitting the component source code. The source code is split into two parts that run independently on the host and DPU based on the function logic. In this way, the component is offloaded. However, this method has the following problems: + +1. The software compatibility of the component is affected. You need to maintain the component and related patches in subsequent version upgrades, which increases the maintenance workload. +2. The offload cannot be inherited by other components. You need to split each component based on code logic analysis. + +To solve these problems, openEuler introduces imperceptible DPU offload. The abstraction layer provided by the OS shields the cross-host access differences between the host and DPU, and enables service processes to be offloaded to the DPU with virtually zero modification. This part of work at the common layer of the OS and is irrelevant to upper-layer services. Other services can also inherit the offload to DPU. + +## Architecture + +### Imperceptible Container Management Plane DPU Offload Architecture + +**Figure 1** Imperceptible Container Management Plane DPU Offload Architecture + +![offload-arch](./figures/offload-arch.png) + +As shown in Figure 1, after the container management plane is offloaded, management processes such as dockerd and kubelet run on the DPU side, and container processes run on the host. The interaction between processes is ensured by the system layer. + +* Communication layer: DPUs and hosts can communicate with each other through PCIe interfaces or networks. A communication interface layer is provided based on underlying physical connections to provide communication interfaces for upper-layer services. + +* qtfs kernel shared file system: The container management plane components kubelet and dockerd interact with container processes through file systems. Management plane tools need to prepare data plane paths to rootfs and volume for container processes. In addition, the proc and cgroup file systems need to be used to control and monitor the resources and status of container processes. For details about qtfs, see [qtfs Shared File System Introduction and Usage](qtfs_architecture_and_usage.md). + +* User-mode offload environment: You need to use qtfs to prepare the runtime environment for the offloaded management plane, and remotely mount the container management and runtime directories of the host to the DPU. System management file systems such as proc, sys, and cgroup need to be mounted. To prevent damage to the native system functions of the DPU, the preceding mounting operations are performed in the chroot environment. In addition, the management plane (running on the DPU) and container processes (running on the host) have invoking relationships. The rexec remote binary execution tool needs to be used to provide corresponding functions. + +For details about how to offload container management plane, see the [Deployment Guide](offload_deployment_guide.md). + +> ![](public_sys-resources/icon-note.gif) **NOTE**: +> In this user guide, modifications are performed to the container management plane components and the rexec tool of a specific version. You can modify other versions based on the actual execution environment. The patch provided in this document is for verification only and is not for commercial use. diff --git a/docs/en/server/diversified_computing/dpu_offload/libvirt_direct_connection_aggregation_environment_establishment.md b/docs/en/server/diversified_computing/dpu_offload/libvirt_direct_connection_aggregation_environment_establishment.md new file mode 100644 index 0000000000000000000000000000000000000000..42e5933ad03ca73ab6770efafb8fcd4153026fdf --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/libvirt_direct_connection_aggregation_environment_establishment.md @@ -0,0 +1,358 @@ +# 1 Hardware Preparation + +## Test Mode + +Prepare two physical machines (VMs have not been tested) that can communicate with each other. + +One physical machine functions as the DPU, and the other functions as the host. In this document, DPU and HOST refer to the two physical machines. + +> [!NOTE]NOTE +> In the test mode, network ports are exposed without connection authentication, which is risky and should be used only for internal tests and verification. Do not use this mode in the production environment. + +## vsock mode + +The DPU and HOST are required. The DPU must be able to provide vsock communication through virtio. + +This document describes only the test mode usage. + +# 2 libvirt offload architecture + +![arch](./figures/arch.png) + +# 3 Environment Setup + +## 3.1 qtfs File System Deployment + +For details, visit . + +To establish a qtfs connection, you need to disable the firewall. + +## 3.2 Deploying the udsproxyd Service + +### 3.2.1 Introduction + +udsproxyd is a cross-host Unix domain socket (UDS) proxy service, which needs to be deployed on both the host and DPU. The udsproxyd components on the host and dpu are peers. They implement seamless UDS communication between the host and DPU, which means that if two processes can communicate with each other through UDSs on the same host, they can do the same between the host and DPU. The code of the processes does not need to be modified, only that the client process needs to run with the **LD_PRELOAD=libudsproxy.so** environment variable. As a cross-host Unix socket service, udsproxyd can be used by running with `LD_PRELOAD=libudsproxy.so`. With the support of qtfs, udsproxyd can also be used transparently. You need to configure the allowlist in advance. The specific operations are described later. + +### 3.2.2 Deploying udsproxyd + +Build udsproxyd in the dpu-utilities project: + +```bash +cd qtfs/ipc +make -j UDS_TEST_MODE=1 && make install +``` + +The engine service on the qtfs server has incorporated the udsproxyd feature. You do not need to manually start udsproxyd if the qtfs server is deployed. However, you need to start udsproxyd on the client by running the following command: + +```bash +nohup /usr/bin/udsproxyd 2>&1 & +``` + +Parameters: + +```bash +thread num: number of threads. Currently, only one thread is supported. +addr: IP address of the host. +port: Port used on the host. +peer addr: IP address of the udsproxyd peer. +peer port: port used on the udsproxyd peer. +``` + +Example: + +```bash +nohup /usr/bin/udsproxyd 1 192.168.10.10 12121 192.168.10.11 12121 2>&1 & +``` + +If the qtfs engine service is not started, you can start udsproxyd on the server to test udsproxyd separately. Run the following command: + +```bash +nohup /usr/bin/udsproxyd 1 192.168.10.11 12121 192.168.10.10 12121 2>&1 & +``` + +### 3.2.3 Using udsproxyd + +#### 3.2.3.1 Using udsproxyd Independently + +When starting the client process of the Unix socket application that uses the UDS service, add the **LD_PRELOAD=libudsproxy.so** environment variable to intercept the **connect** API of glibc for UDS interconnection. In the libvirt offload scenario, you can copy **libudsproxy.so**, which will be used by the libvirtd service, to the **/usr/lib64** directory in the chroot directory of libvirt. + +#### 3.2.3.2 Using the udsproxyd Service Transparently + +Configure the UDS service allowlist for qtfs. The allowlist is the sock file address bound to the Unix socket server. For example, the files of the Unix socket server created by the libvirt VM are in the **/var/lib/libvirt** directory. In this case, add the directory path to the allowlist in either of the following ways: + +* Load the allowlist by using the `qtcfg` utility. First compile the utility in **qtfs/qtinfo**. + +Run the following command on the qtfs client: + +```bash +make role=client +make install +``` + +Run the following command on the qtfs server: + +```bash +make role=server +make install +``` + +After `qtcfg` is installed automatically, run `qtcfg` to configure the allowlist. Assume that **/var/lib/libvirt** needs to be added to the allowlist: + +```bash +qtcfg -x /var/lib/libvirt/ +``` + +Query the allowlist: + +```bash +qtcfg -z +``` + +Delete an allowlist entry: + +```bash +qtcfg -y 0 +``` + +The parameter is the index number listed when you query the allowlist. + +* Add an allowlist entry through the configuration file. The configuration file needs to be set before the qtfs or qtfs_server kernel module is loaded. The allowlist is loaded when the kernel modules are initialized. + +> [!NOTE]NOTE +> The allowlist prevents irrelevant Unix sockets from establishing remote connections, causing errors or wasting resources. You are advised to set the allowlist as precisely as possible. For example, in this document, **/var/lib/libvirt** is set in the libvirt scenario. It would be risky to directly add **/var/lib**, **/var**, or the root directory. + +## 3.3 rexec Service Deployment + +### 3.3.1 Introduction + +rexec is a remote execution component developed using the C language. It consists of the rexec client and rexec server. The server is a daemon process, and the client is a binary file. After being started, the client establishes a UDS connection with the server using the udsproxyd service, and the server daemon process starts a specified program on the server machine. During libvirt virtualization offload, libvirtd is offloaded to the DPU. When libvirtd needs to start the QEMU process on the HOST, the rexec client is invoked to remotely start the process. + +### 3.3.2 Deploying rexec + +#### 3.3.2.1 Configuring the Environment Variables and Allowlist + +Configure the rexec server allowlist on the host. Put the **whitelist** file in the **/etc/rexec** directory, and change the file permission to read-only. + +```bash +chmod 400 /etc/rexec/whitelist +``` + +In the test environment, the allowlist is not mandatory. You can disable the allowlist by deleting the **whitelist** file and restarting the rexec_server process. + +After downloading the dpu-utilities code, go to the **qtfs/rexec** directory and run `make && make install` to install all binary files required by rexec (**rexec** and **rexec_server**) to the **/usr/bin** directory. + +Before starting the rexec_server service on the server, check whether the **/var/run/rexec** directory exists. If not, create it. + +```bash +mkdir /var/run/rexec +``` + +#### 3.3.2.2 Starting the Service + +You can start the rexec_server service on the server in either of the following ways. + +* Method 1: + + Configure rexec as a systemd service. + + Add the **[rexec.service](./config/rexec.service)** file to **/usr/lib/systemd/system**. + + Then, use `systemctl` to manage the rexec service. + + Start the service for the first time: + + ```bash + systemctl daemon-reload + + systemctl enable --now rexec + ``` + + Restart the service: + + ```bash + systemctl stop rexec + + systemctl start rexec + ``` + +* Method 2: + + Manually start the service in the background. + + ```bash + nohup /usr/bin/rexec_server 2>&1 & + ``` + +## 3.4 libvirt Service Deployment + +### 3.4.1 Deploying on the HOST + +Install the VM runtime and libvirt. (libvirt is installed to create related directories.) + +```bash +yum install -y qemu libvirt edk2-aarch64 # (required for starting VMs in the Arm environment) +``` + +Put the VM image on the HOST. The VM image will be mounted to the client through qtfs and shared with libvirt. + +### 3.4.2 Deploying on the DPU + +#### 3.4.2.1 Creating the Chroot Environment + +(a) Download the QCOW image from the openEuler official website, for example, openEuler 23.09: . + +(b) Mount the QCOW2 image. + +```bash +cd /root/ + +mkdir p2 new_root_origin new_root + +modprobe nbd maxport=8 + +qemu-nbd -c /dev/nbd0 xxx.qcow2 + +mount /dev/nbd0p2 /root/p2 + +cp -rf /root/p2/* /root/new_root_origin/ + +umount /root/p2 + +qemu-nbd -d /dev/nbd0 +``` + +(c) Now, the root directory of the image is decompressed in **new_root_origin**. Bind mount **new_root** to **new_root_origin** as the mount point for chroot. + +```bash +mount --bind /root/new_root_origin /root/new_root +``` + +#### 3.4.2.2 Installing libvirt + +Compile the source code with a patch. + +(a) Go to the chroot environment and install the compilation environment and common tools. + +```bash +yum groupinstall "Development tools" -y +yum install -y vim meson qemu qemu-img strace edk2-aarch64 tar +``` + +**edk2-aarch64** is required for starting VMs in the Arm environment. + +(b) Install the dependency packages required for libvirt compilation. + +```bash + yum install -y rpcgen python3-docutils glib2-devel gnutls-devel libxml2-devel libpciaccess-devel libtirpc-devel yajl-devel systemd-devel dmidecode glusterfs-api numactl +``` + +(c) Download the libvirt-x.x.x source code package . + +(d) Obtain the libvirt patch: + +. + +(e) Decompress the source code package to a directory in the chroot environment, for example, **/home**, and apply the patch. + +(f) Go to the **libvirt-x.x.x** directory and run the following command: + +```bash +meson build --prefix=/usr -Ddriver_remote=enabled -Ddriver_network=enabled -Ddriver_qemu=enabled -Dtests=disabled -Ddocs=enabled -Ddriver_libxl=disabled -Ddriver_esx=disabled -Dsecdriver_selinux=disabled -Dselinux=disabled +``` + +(g) Complete the installation. + +```bash +ninja -C build install +``` + +#### 3.4.2.3 Starting the libvirtd Service + +To use libvirt direct connection aggregation, you need to start the libvirtd service in the chroot environment, which requires the libvirtd service outside the chroot environment to be stopped. + +(a) Put the [VM jumper script](./scripts/qemu-kvm) in **/usr/bin** and **/usr/libexec** in the chroot environment to replace the **qemu-kvm** binary file. The jumper script will call rexec to start a remote VM. +> [!NOTE]NOTE +> In the XML file of virsh, set **\** under **\** to **qemu-kvm**. If you set **\** to another value, change it to **qemu-kvm** or replace the binary file specified by **\** with the jumper script. The content of the jumper script also needs to be modified accordingly. + +(b) Copy the **libudsproxy.so** file generated during udsproxyd compilation to the **/usr/lib64** directory in the chroot directory. If the udsproxyd service is used by configuring the UDS allowlist of qtfs, you do not need to copy the **libudsproxy.so** file. + +(c) Save the **rexec** binary file generated during rexec compilation to the **/usr/bin** directory of the chroot environment. + +(d) To configure the chroot mounting environment, you need to mount some directories. Use the following scripts: + +* [virt_start.sh](./scripts/virt_start.sh) is the configuration script. In the script, you need to manually change the **qtfs.ko** path to the path of the compiled **.ko** file and set the correct HOST IP address. +* [virt_umount.sh](./scripts/virt_umount.sh) is the configuration revert script. + +(e) The mount directories in the script are based on the examples in this document. You can modify the paths in the script as required. + +(f) After the chroot environment is configured, enter the chroot environment and manually start libvirtd. + +If qtfs is not configured to use the udsproxyd allowlist, run the following commands: + +```bash +LD_PRELOAD=/usr/lib64/libudsproxy.so virtlogd -d +LD_PRELOAD=/usr/lib64/libudsproxy.so libvirtd -d +``` + +If qtfs is configured to use the udsproxyd allowlist, the LD_PRELOAD prefix is not required: + +```bash +virtlogd -d +libvirtd -d +``` + +To check whether the allowlist is configured, run the following command in another terminal that is not in the chroot environment: + +```bash +qtcfg -z +``` + +Check whether the allowlist contains **/var/lib/libvirt**. + +## 3.5 VM Startup + +After the service is deployed, you can manage the VM life cycle from the DPU. + +### 3.5.1 Defining the VM + +(a) Place the VM boot image in a directory on the HOST, for example: + +```bash +/home/VMs/Domain_name +``` + +(b) Use qtfs to mount the directory to the DPU. + +```bash +mount -t qtfs /home/VMs /home/VMs +``` + +(c) In the XML file, **/home/VMs/Domain_name** is used as the boot image. In this way, the same image file is presented to the DPU and HOST (**Domain_name** is the VM **domain**). + +(d) Check whether **\** in the XML file points to the jumper script. + +(e) Define the VM. + +```bash +virsh define xxx.xml +``` + +### 3.5.2 Starting the VM + +```bash +virsh start domain +``` + +# 4 Environment Reset + +Some libvirt directories are shared between the DPU and the HOST. Therefore, you need to unmount these directories before uninstalling the environment. Generally, stop the libvirtd and virtlogd processes and run the **virt_umount.sh** script. If a VM is running on the HOST, stop the VM before unmounting the directories. + +# 5 Common Errors + +1. libvirt compilation failure: Check whether the dependency packages are installed. If an external directory or HOST directory is mounted to the chroot environment, the compilation may fail. In this case, unmount the directory first. + +2. qtfs mounting failure: The engine process on the server is not started or the firewall is not disabled. As a result, the qtfs connection fails. + +3. VM definition failure: Check whether the emulator in the XML file points to the jumper script, whether the VM image has been mounted to the DPU through qtfs, and whether the path is the same as that on the HOST. + +4. VM startup failure: Check whether the libvirtd and virtlogd services are started, whether the rexec service is started, whether the jumper process is started, and whether an error is reported when qemu-kvm is started. diff --git a/docs/en/server/diversified_computing/dpu_offload/offload_deployment_guide.md b/docs/en/server/diversified_computing/dpu_offload/offload_deployment_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..5bc0c03ab107dc7d145e99803602be2a054d0d34 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/offload_deployment_guide.md @@ -0,0 +1,167 @@ +# Imperceptible Container Management Plane Offload Deployment Guide + +> ![](./public_sys-resources/icon-note.gif)**NOTE**: +> +> In this user guide, modifications are performed to the container management plane components and the rexec tool of a specific version. You can modify other versions based on the actual execution environment. The patch provided in this document is for verification only and is not for commercial use. +> ![](./public_sys-resources/icon-note.gif)**NOTE**: +> +> The communication between shared file systems is implemented through the network. You can perform a simulated offload using two physical machines or VMs connected through the network. +> +> Before the verification, you are advised to set up a Kubernetes cluster and container running environment that can be used properly and offload the management plane process of a single node. You can use a physical machine or VM that is connected to the network as an emulated DPU. + +## Introduction + +Container management plane, that is, management tools of containers such as Kubernetes, dockerd, containerd, and isulad. Container management plane offload is to offload the container management plane from the host where the container is located to another host, that is, the DPU, a set of hardware that has an independent running environment. + +By mounting directories related to container running on the host to the DPU through qtfs, the container management plane tool running on the DPU can access these directories and prepare the running environment for the containers running on the host. To remotely mount the special file systems such as proc and sys, a dedicated rootfs is created as the running environment of Kubernetes and dockerd (referred to as **/another_rootfs**). + +In addition, rexec is used to start and delete containers so that the container management plane and containers can run on two different hosts for remote container management. + +## Related Component Patches + +### rexec + +rexec is a remote execution tool written in the Go language based on the [rexec](https://github.com/docker/libchan/tree/master/examples/rexec) example tool of Docker/libchan. rexec is used to remotely invoke binary files. For ease of use, capabilities such as transferring environment variables and monitoring the exit of original processes are added to rexec. + +To use the rexec tool, run the `CMD_NET_ADDR=tcp://0.0.0.0: rexec_server` command on the server to start the rexec service process, and then run the `CMD_NET_ADDR=tcp://: rexec [command]` on the client`. This instructs rexec_server to execute the command. + +### dockerd + +The changes to dockerd are based on version 18.09. + +In containerd, the part that invokes libnetwork-setkey through hook is commented out. This does not affect container startup. In addition, to ensure the normal use of `docker load`, an error in the `mount` function in **mounter_linux.go** is commented out. + +In the running environment of the container management plane, **/proc** is mounted to the proc file system on the server, and the local proc file system is mounted to **/local_proc**. In dockerd and containerd, **/proc** is changed to **/local_proc** for accessing **/proc/self/xxx**, **/proc/getpid()/xxx**, or related file systems. + +### containerd + +The changes to containerd are based on containerd-1.2-rc.1. + +When obtaining mounting information, **/proc/self/mountinfo** can obtain only the local mounting information of dockerd but cannot obtain that on the server. Therefore, **/proc/self/mountinfo** is changed to **/proc/1/mountinfo** to obtain the mounting information on the server by obtaining the mounting information of process 1 on the server. + +In containerd-shim, the Unix socket that communicates with containerd is changed to TCP. containerd obtains the IP address of the running environment of containerd-shim through the **SHIM_HOST** environment variable, that is, the IP address of the server. The has value of shim is used to generate a port number, which is used as the communication port to start containerd-shim. + +In addition, the original method of sending signals to containerd-shim is changed to the method of remotely invoking the `kill` command to send signals to shim, ensuring that Docker can correctly kill containers. + +### Kubernetes + +kubelet is not modified. The container QoS manager may fail to be configured for the first time. This error does not affect the subsequent pod startup process. + +## Container Management Plane Offload Operation Guide + +Start rexec_server on both the server and client. rexec_server on the server is used to invoke rexec to stat containerd-shim. rexec_server on the client is used to execute invoking of dockerd and containerd by containerd-shim. + +### Server + +Create a folder required by the container management plane, insert **qtfs_server.ko**, and start the engine process. + +In addition, you need to create the rexec script **/usr/bin/dockerd** on the server. + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://: rexec /usr/bin/dockerd $* +``` + +### Client + +Prepare a rootfs as the running environment of dockerd and containerd. Use the following script to mount the server directories required by dockerd and containerd to the client. Ensure that the remote directories mounted in the script exist on both the server and client. + +``` shell +#!/bin/bash +mkdir -p /another_rootfs/var/run/docker/containerd +iptables -t nat -N DOCKER +echo "---------insmod qtfs ko----------" +insmod /YOUR/QTFS/PATH/qtfs.ko qtfs_server_ip= qtfs_log_level=INFO + +# The proc file system in the chroot environment is replaced by the proc shared file system of the DPU. The actual proc file system of the local host needs to be mounted to **/local_proc**. +mount -t proc proc /another_rootfs/local_proc/ + +# Bind the chroot internal environment to the external environment to facilitate configuration and running. +mount --bind /var/run/ /another_rootfs/var/run/ +mount --bind /var/lib/ /another_rootfs/var/lib/ +mount --bind /etc /another_rootfs/etc + +mkdir -p /another_rootfs/var/lib/isulad + +# Create and mount the dev, sys, and cgroup file systems in the chroot environment. +mount -t devtmpfs devtmpfs /another_rootfs/dev/ +mount -t sysfs sysfs /another_rootfs/sys +mkdir -p /another_rootfs/sys/fs/cgroup +mount -t tmpfs tmpfs /another_rootfs/sys/fs/cgroup +list="perf_event freezer files net_cls,net_prio hugetlb pids rdma cpu,cpuacct memory devices blkio cpuset" +for i in $list +do + echo $i + mkdir -p /another_rootfs/sys/fs/cgroup/$i + mount -t cgroup cgroup -o rw,nosuid,nodev,noexec,relatime,$i /another_rootfs/sys/fs/cgroup/$i +done + +## common system dir +mount -t qtfs -o proc /proc /another_rootfs/proc +echo "proc" +mount -t qtfs /sys /another_rootfs/sys +echo "cgroup" + +# Mount the shared directory required by the container management plane. +mount -t qtfs /var/lib/docker/containers /another_rootfs/var/lib/docker/containers +mount -t qtfs /var/lib/docker/containerd /another_rootfs/var/lib/docker/containerd +mount -t qtfs /var/lib/docker/overlay2 /another_rootfs/var/lib/docker/overlay2 +mount -t qtfs /var/lib/docker/image /another_rootfs/var/lib/docker/image +mount -t qtfs /var/lib/docker/tmp /another_rootfs/var/lib/docker/tmp +mkdir -p /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mount -t qtfs /run/containerd/io.containerd.runtime.v1.linux/ /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /another_rootfs/var/run/docker/containerd +mount -t qtfs /var/run/docker/containerd /another_rootfs/var/run/docker/containerd +mount -t qtfs /var/lib/kubelet/pods /another_rootfs/var/lib/kubelet/pods +``` + +In**/another_rootfs**, create the following script to support cross-host operations: + +* /another_rootfs/usr/local/bin/containerd-shim + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://: /usr/bin/rexec /usr/bin/containerd-shim $* +``` + +* /another_rootfs/usr/local/bin/remote_kill + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://: /usr/bin/rexec /usr/bin/kill $* +``` + +* /another_rootfs/usr/sbin/modprobe + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://: /usr/bin/rexec /usr/sbin/modprobe $* +``` + +After changing the root directories of dockerd and containerd to the required rootfs, run the following command to start dockerd and containerd: + +* containerd + +``` shell +#!/bin/bash +SHIM_HOST= containerd --config /var/run/docker/containerd/containerd.toml --address /var/run/containerd/containerd.sock +``` + +* dockerd + +``` shell +#!/bin/bash +SHIM_HOST=CMD_NET_ADDR=tcp://: /usr/bin/dockerd --containerd /var/run/containerd/containerd.sock +``` + +* kubelet + +Use the original parameters to start kubelet in the chroot environment. + +Because **/var/run/** is bound to **/another_rootfs/var/run/**, you can use Docker to access the **docker.sock** interface for container management in the regular rootfs. + +The container management plane is offloaded to the DPU. You can run `docker` commands to create and delete containers, or use `kubectl` on the current node to schedule and destroy pods. The actual container service process runs on the host. + +> ![](./public_sys-resources/icon-note.gif)**NOTE**: +> +> This guide describes only the container management plane offload. The offload of container network and data volumes requires additional offload capabilities, which are not included. You can perform cross-node startup of containers that are not configured with network and storage by referring to this guide. diff --git a/docs/en/server/diversified_computing/dpu_offload/overview.md b/docs/en/server/diversified_computing/dpu_offload/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..53ef828f387423867ffc8194bf5cf879c768276c --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/overview.md @@ -0,0 +1,11 @@ +# Imperceptible DPU Offload User Guide + +This document describes the container management plane DPU offload function of openEuler, as well as how to install and deploy it. Through the unified abstraction layer provided by the OS, this function masks the differences in how the container management plane accesses resources across hosts. This makes it possible to offload services from the container management plane to the DPU. + +This document is intended for community developers, open source enthusiasts, and partners who use the openEuler OS and want to learn and use the OS kernel and containers. Users must: + +- Know basic Linux operations. + +- Be familiar with the fundamental mechanisms of the Linux kernel file system. + +- Understand Kubernetes and Docker, as well as how to deploy and use them. diff --git a/docs/en/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif b/docs/en/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/diversified_computing/dpu_offload/qtfs_architecture_and_usage.md b/docs/en/server/diversified_computing/dpu_offload/qtfs_architecture_and_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..5be019884d96d900e4ec72a68bfc125a74c4d934 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/qtfs_architecture_and_usage.md @@ -0,0 +1,77 @@ +# qtfs Shared File System Architecture and Usage + +## Introduction + +qtfs is a shared file system project. It can be deployed on either a host-DPU hardware architecture or on two hosts. qtfs works in client-server mode, allowing the client to access specified file systems on the server in the same way that local files are accessed. + +qtfs provides the following features: + ++ Mount point propagation + ++ Sharing of special file systems such as proc, sys, and cgroup + ++ Shared read and write of remote files + ++ Remote mounting of server file systems on the client + ++ Customized processing of special files + ++ Remote FIFO, Unix sockets, and epoll that allow the client and server to access the files as if they were like local + ++ Bottom-layer host-DPU communication over the PCIe protocol, outperforming the network + ++ Kernel module development, preventing intrusive modification to the kernel + +## Software Architecture + +![qtfs-arch](./figures/qtfs-arch.png) + +## Installation + +Perform operations in the following qtfs-related directories: + ++ **qtfs**: code of the client kernel module. Compile the client **.ko** file in this directory. + ++ **qtfs_server**: code of the server kernel module. Compile the server **.ko** files and related programs in this directory. + ++ **qtinfo**: diagnosis tool that is used to check the status of file systems and change the log level. + ++ **demo**, **test**, and **doc**: demo programs, test programs, and project documents. + ++ Root directory: code of common modules used by the client and server. + +Configure the kernel compilation environment on two servers (or VMs). + +1. The kernel version must be 5.10 or later. +2. Install the kernel development package by running `yum install kernel-devel`. +3. Assume that the host IP address is 192.168.10.10 and the DPU IP address is 192.168.10.11. + +Install the qtfs server. + +```bash +1. cd qtfs_server +2. make clean && make +3. insmod qtfs_server.ko qtfs_server_ip=192.168.10.10 qtfs_server_port=12345 qtfs_log_level=WARN +4. nohup ./engine 16 1 192.168.10.10 12121 192.168.10.11 12121 2>&1 & +``` + +Install the qtfs client. + +```bash +1. cd qtfs +2. make clean && make +3. insmod qtfs.ko qtfs_server_ip=192.168.10.10 qtfs_server_port=12345 qtfs_log_level=WARN +4. cd ../ipc/ +5. make clean && make && make install +6. nohup udsproxyd 1 192.168.10.11 12121 192.168.10.10 12121 2>&1 & +``` + +## Usage + +After the installation is complete, mount the server file system to the client. For example: + +```bash +mount -t qtfs / /root/mnt/ +``` + +The file system is visible to the client. Access **/root/mnt** on the client to view and operate files on the server. diff --git a/docs/en/server/diversified_computing/dpu_offload/scripts/qemu-kvm b/docs/en/server/diversified_computing/dpu_offload/scripts/qemu-kvm new file mode 100644 index 0000000000000000000000000000000000000000..e869371be109b57f59709fc23bc5b1cb2002cfbf --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/scripts/qemu-kvm @@ -0,0 +1,3 @@ +#!/bin/bash + +exec /usr/bin/rexec /usr/bin/qemu-kvm $* diff --git a/docs/en/server/diversified_computing/dpu_offload/scripts/virt_start.sh b/docs/en/server/diversified_computing/dpu_offload/scripts/virt_start.sh new file mode 100644 index 0000000000000000000000000000000000000000..06ca194b7a639a947b6e395f116beeba7c897459 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/scripts/virt_start.sh @@ -0,0 +1,48 @@ +#!/bin/bash +insmod ./qtfs.ko qtfs_server_ip=192.168.10.11 qtfs_log_level=NONE + +systemctl stop libvirtd + +if [ ! -d "/root/new_root/local_proc" ]; then + mkdir -p /root/new_root/local_proc +fi +if [ ! -d "/root/new_root/local" ]; then + mkdir -p /root/new_root/local +fi +mount -t proc proc /root/new_root/local_proc/ +mount -t proc proc /root/new_root/local/proc +mount -t sysfs sysfs /root/new_root/local/sys +mount --bind /var/run/ /root/new_root/var/run/ +mount --bind /var/lib/ /root/new_root/var/lib/ +mount --bind /var/cache/ /root/new_root/var/cache +mount --bind /etc /root/new_root/etc + +mkdir -p /root/new_root/home/VMs/ +mount -t qtfs /home/VMs/ /root/new_root/home/VMs/ + +mount -t qtfs /var/lib/libvirt /root/new_root/var/lib/libvirt + +mount -t devtmpfs devtmpfs /root/new_root/dev/ +mount -t hugetlbfs hugetlbfs /root/new_root/dev/hugepages/ +mount -t mqueue mqueue /root/new_root/dev/mqueue/ +mount -t tmpfs tmpfs /root/new_root/dev/shm + +mount -t sysfs sysfs /root/new_root/sys +mkdir -p /root/new_root/sys/fs/cgroup +mount -t tmpfs tmpfs /root/new_root/sys/fs/cgroup +list="perf_event freezer files net_cls,net_prio hugetlb pids rdma cpu,cpuacct memory devices blkio cpuset" +for i in $list +do + echo $i + mkdir -p /root/new_root/sys/fs/cgroup/$i + mount -t cgroup cgroup -o rw,nosuid,nodev,noexec,relatime,$i /root/new_root/sys/fs/cgroup/$i +done + +## common system dir +mount -t qtfs -o proc /proc /root/new_root/proc +echo "proc" + +mount -t qtfs /sys /root/new_root/sys +echo "cgroup" +mount -t qtfs /dev/pts /root/new_root/dev/pts +mount -t qtfs /dev/vfio /root/new_root/dev/vfio diff --git a/docs/en/server/diversified_computing/dpu_offload/scripts/virt_umount.sh b/docs/en/server/diversified_computing/dpu_offload/scripts/virt_umount.sh new file mode 100644 index 0000000000000000000000000000000000000000..4adddec913c23069c6bffddec0bf1770f8c5ce71 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_offload/scripts/virt_umount.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +umount /root/new_root/dev/hugepages +umount /root/new_root/etc +umount /root/new_root/home/VMs +umount /root/new_root/local_proc +umount /root/new_root/local/proc +umount /root/new_root/var/lib/libvirt +umount /root/new_root/var/lib +umount /root/new_root/* +umount /root/new_root/dev/pts +umount /root/new_root/dev/mqueue +umount /root/new_root/dev/shm +umount /root/new_root/dev/vfio +umount /root/new_root/dev +rmmod qtfs + +umount /root/new_root/sys/fs/cgroup/* +umount /root/new_root/sys/fs/cgroup +umount /root/new_root/sys diff --git a/docs/en/server/diversified_computing/dpu_os/_toc.yaml b/docs/en/server/diversified_computing/dpu_os/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3c790101bf5bfa5181d02e76fa922fe71ed33372 --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_os/_toc.yaml @@ -0,0 +1,10 @@ +label: DPU-OS +isManual: true +description: This guide outlines the process of creating a DPU-OS image through openEuler OS customization, including deployment and validation procedures. +sections: + - label: DPU-OS Background and Requirements + href: ./dpu_os_background_and_requirements.md + - label: DPU-OS Tailoring Guide + href: ./dpu_os_tailoring_guide.md + - label: Verification and Deployment + href: ./verification_and_deployment.md diff --git a/docs/en/server/diversified_computing/dpu_os/dpu_os_background_and_requirements.md b/docs/en/server/diversified_computing/dpu_os/dpu_os_background_and_requirements.md new file mode 100644 index 0000000000000000000000000000000000000000..51ad7299c95363b254d2fdc5f2207e2b1448692d --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_os/dpu_os_background_and_requirements.md @@ -0,0 +1,67 @@ +# DPU-OS Background and Requirements + +## Overview + +In data center and cloud environments, Moore's Law has reached its limits, leading to a slowdown in the growth of general-purpose CPU computing power. At the same time, network I/O speeds and performance continue to rise, creating a growing disparity between the two. This gap highlights the inability of current general-purpose processors to meet the demands of network, disk, and other I/O processing. In traditional data centers, a significant portion of general-purpose CPU resources is consumed by I/O and management tasks, a phenomenon known as the "Datacenter Tax." AWS estimates that this tax can consume over 30% of a data center's computing power, and in some cases, even more. + +The DPU was introduced to address this issue by offloading management, network, storage, and security tasks from the host CPU to dedicated processor chips. This offloading accelerates processing, reduces costs, and improves efficiency. Leading cloud providers like AWS, Alibaba Cloud, and Huawei Cloud have developed custom chips to handle these offloaded tasks, ensuring that 100% of data center computing resources are available for customer use. + +The DPU market is experiencing rapid growth, driven by strong demand from cloud providers and big data applications. Numerous Chinese DPU startups have also entered the market with innovative products. This growth presents challenges for cloud and big data providers, who must integrate diverse DPU products, and for DPU manufacturers, who must adapt device drivers to customer-specified operating systems. openEuler, a leading open-source operating system in China, addresses these challenges by offering DPU-OS, a solution built on openEuler that bridges the gap between DPU manufacturers and customers. Furthermore, since DPUs rely on their OS to support service acceleration, DPU-OS requires performance optimization. By leveraging openEuler, DPU-related acceleration capabilities can be embedded into DPU-OS, fostering a robust DPU software ecosystem. + +## DPU-OS Requirements Analysis and Design + +### Current State of DPUs and OS Requirements + +DPUs exhibit several key characteristics and challenges: + +- Limited general-purpose processing resources + + DPUs are in the early stages of development, with hardware continuously evolving. Power constraints result in modest hardware specifications. Mainstream DPUs typically feature 8 to 24 CPU cores with limited single-core performance. Memory capacity ranges from 16 to 32GB, and local storage varies from tens to hundreds of gigabytes. The operating system running on DPUs must accommodate these constraints. + +- Varied DPU-OS installation methods + + The diversity of DPU manufacturers and products has led to multiple installation and deployment methods. These include PXE network installation, USB installation, and custom methods such as host-delivered installation images. + +- High performance requirements + + DPU application scenarios demand high performance. Compared to general-purpose server operating systems, DPU-OS may require specific kernel features or functional components. Examples include vDPA for device passthrough and live migration, vendor-specific driver support, seamless DPU process offloading, customized user-space data plane acceleration tools like DPDK/SPDK/OVS, and DPU management and monitoring tools. + +Based on these characteristics, the following requirements for DPU-OS are proposed: + +- Ultra-lightweight DPU-OS installation package + + Trim the openEuler system image to eliminate unnecessary packages and optimize system services to reduce resource overhead. + +- Customization support and tools + + Provide customization configurations and tools to enable customers or DPU manufacturers to tailor the system. openEuler offers an ISO reference implementation. + +- Customized kernel and system for peak performance + + Customize the kernel and drivers to deliver competitive features for DPUs. Enable hardware acceleration through tailored components and optimize system configurations for superior performance. Include DPU-related management and control tools for unified administration. + +### DPU-OS Design + +**Figure 1** Overall Design of DPU-OS + +![dpuos-arch](./figures/dpuos-arch.png) + +As illustrated in Figure 1, DPU-OS is structured into five layers: + +- **Kernel layer**: Customize the kernel configuration to remove non-essential features and modules, creating a lightweight kernel. Enable specific kernel features to deliver high-performance DPU capabilities. + +- **Driver layer**: Trim and customize openEuler native drivers, selecting the minimal required set. Integrate DPU vendor-specific drivers to natively support certain DPU hardware products. + +- **System configuration layer**: Optimize system settings through sysctl and proc configurations to ensure peak performance for DPU-related services. + +- **Peripheral package layer**: Customize and trim openEuler peripheral packages, selecting the minimal set. Provide a suite of DPU-related custom tools. + +- **System service layer**: Streamline native system service startup items to eliminate unnecessary services, minimizing runtime overhead. + +This five-layer design achieves the goal of a lightweight, high-performance DPU-OS. While this is a long-term design heavily reliant on the DPU software and hardware ecosystem, the current phase focuses on trimming using openEuler's imageTailor tool. + +For detailed steps on DPU-OS trimming, refer to the [DPU-OS Tailoring Guide](dpu_os_tailoring_guide.md). For verification and deployment, consult the [DPU-OS Deployment and Verification Guide](verification_and_deployment.md). + +> ![](./public_sys-resources/icon-note.gif)**Note**: +> +> Currently, DPU-OS leverages openEuler's existing kernel and peripheral packages, trimmed using the imageTailor tool to produce a lightweight OS installation image. Future development will integrate additional kernel and peripheral package features based on specific needs. diff --git a/docs/en/server/diversified_computing/dpu_os/dpu_os_tailoring_guide.md b/docs/en/server/diversified_computing/dpu_os/dpu_os_tailoring_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..a4f17b7504410bc17563dca04f952fedc642168d --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_os/dpu_os_tailoring_guide.md @@ -0,0 +1,65 @@ +# DPU-OS Tailoring Guide + +This document explains how to use imageTailor to trim the DPU-OS installation image using configuration files from the [dpu-utilities repository](https://gitee.com/openeuler/dpu-utilities/tree/master/dpuos). Follow these steps: + +## Prepare imageTailor and Required RPM Packages + +Install the imageTailor tool by referring to the [imageTailor User Guide](../../../tools/community_tools/image_tailor/imagetailor_userguide.md) and prepare the necessary RPM packages for tailoring. + +You can use the openEuler installation image as the RPM source. While **openEuler-{version}-everything-debug-aarch64-dvd.iso** contains a complete set of RPMs, it is large. Alternatively, use the RPMs from **openEuler-{version}-aarch64-dvd.iso** along with the install-scripts.noarch package. + +Obtain the `install-scripts.noarch` package from the everything repository or download it using yum: + +```bash +yum install -y --downloadonly --downloaddir=./ install-scripts +``` + +## Copy DPUOS Configuration Files + +The imageTailor tool is installed in **/opt/imageTailor** by default. Copy the DPU-OS configuration files to the appropriate paths, selecting the correct architecture directory. The DPU-OS tailoring configuration repository supports x86_64 and aarch64 architectures. + +```bash +cp -rf custom/cfg_dpuos /opt/imageTailor/custom +cp -rf kiwi/minios/cfg_dpuos /opt/imageTailor/kiwi/minios/cfg_dpuos +``` + +## Modify Other Configuration Files + +- Add a line for `dpuos` configuration in **kiwi/eulerkiwi/product.conf**: + +```bash +dpuos PANGEA EMBEDDED DISK GRUB2 install_mode=install install_media=CD install_repo=CD selinux=0 +``` + +- Add a line for `dpuos` configuration in **kiwi/eulerkiwi/minios.conf**: + +```bash +dpuos kiwi/minios/cfg_dpuos yes +``` + +- Add a line for `dpuos` configuration in **repos/RepositoryRule.conf**: + +```bash +dpuos 1 rpm-dir euler_base +``` + +## Set Passwords + +Navigate to **/opt/imageTailor** and update the passwords in the following files: + +- **custom/cfg_dpuos/usr_file/etc/default/grub** + +- **custom/cfg_dpuos/rpm.conf** + +- **kiwi/minios/cfg_dpuos/rpm.conf** + +For password generation and modification, refer to the openEuler imageTailor manual section on [Configuring Initial Passwords](../../../tools/community_tools/image_tailor/imagetailor_userguide.md#configuring-initial-passwords).[ + +## Execute the Tailoring Command + +Run the following command to perform the tailoring. The resulting ISO will be saved in **/opt/imageTailor/result**: + +```bash +cd /opt/imageTailor +./mkdliso -p dpuos -c custom/cfg_dpuos --sec --minios force +``` diff --git a/docs/en/server/diversified_computing/dpu_os/figures/dpuos-arch.png b/docs/en/server/diversified_computing/dpu_os/figures/dpuos-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..d6a73ecbf5954f2a4cf337ab16110f2c474f0319 Binary files /dev/null and b/docs/en/server/diversified_computing/dpu_os/figures/dpuos-arch.png differ diff --git a/docs/en/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif b/docs/en/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/diversified_computing/dpu_os/verification_and_deployment.md b/docs/en/server/diversified_computing/dpu_os/verification_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..2795fd8975aac25c12d8c4bdbaf867825eef34df --- /dev/null +++ b/docs/en/server/diversified_computing/dpu_os/verification_and_deployment.md @@ -0,0 +1,38 @@ +# Verification and Deployment + +Once DPU-OS is built, it can be installed and deployed for verification. Since DPU hardware is still in its early stages, you can also use VirtualBox to set up a virtual machine (VM) for deployment and testing. + +## Deploying DPU-OS on VirtualBox + +This section outlines the steps to install and deploy DPU-OS using the VirtualBox hypervisor. + +### Preparation for Verification + +Before deploying DPU-OS, ensure the following prerequisites are met: + +- Obtain the DPU-OS ISO file. +- Ensure the host machine has VirtualBox installed. + +### Initial Installation and Startup + +#### Creating a VM + +Create a new vM in VirtualBox: + +- Configure the vM with at least 2 CPUs and 4GB of RAM. + +- Allocate a virtual disk with a recommended size of 60GB or larger. + +- Enable EFI boot in the system extension properties. + +- In the storage settings, select the local DPU-OS ISO file as the optical drive. + +- Customize other settings such as network or display as needed. + +#### Starting the VM + +Start the newly created vM and choose **Install from ISO** to begin the DPU-OS installation. The installation process is automated and requires no manual input. After installation, the system will reboot automatically. + +Select **Boot From Local Disk** to start DPU-OS. Use the password specified during the DPU-OS creation process. + +By following these steps, you can successfully deploy and verify DPU-OS locally. diff --git a/docs/en/server/high_availability/ha/_toc.yaml b/docs/en/server/high_availability/ha/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b6ec487b42f3642677e6453e2bc07a7897dd78e5 --- /dev/null +++ b/docs/en/server/high_availability/ha/_toc.yaml @@ -0,0 +1,11 @@ +label: HA User Guide +isManual: true +description: HA cluster installation and usage +sections: + - label: + href: ./ha.md + sections: + - label: HA Installation and Deployment + href: ./ha_installation_and_deployment.md + - label: HA Usage Examples + href: ./ha_usecase_examples.md diff --git a/docs/en/server/high_availability/ha/figures/2.png b/docs/en/server/high_availability/ha/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/2.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-add-resource copy.png b/docs/en/server/high_availability/ha/figures/HA-add-resource copy.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-add-resource copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-add-resource.png b/docs/en/server/high_availability/ha/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-add-resource.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-apache-show copy.png b/docs/en/server/high_availability/ha/figures/HA-apache-show copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-apache-show copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-apache-show.png b/docs/en/server/high_availability/ha/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-apache-show.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-apache-suc copy.png b/docs/en/server/high_availability/ha/figures/HA-apache-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-apache-suc copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-apache-suc.png b/docs/en/server/high_availability/ha/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-apache-suc.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-api copy.png b/docs/en/server/high_availability/ha/figures/HA-api copy.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-api copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-api.png b/docs/en/server/high_availability/ha/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-api.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-clone copy.png b/docs/en/server/high_availability/ha/figures/HA-clone copy.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-clone copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-clone-suc copy.png b/docs/en/server/high_availability/ha/figures/HA-clone-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-clone-suc copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-clone-suc.png b/docs/en/server/high_availability/ha/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-clone-suc.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-clone.png b/docs/en/server/high_availability/ha/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-clone.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-corosync.png b/docs/en/server/high_availability/ha/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-corosync.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-firstchoice copy.png b/docs/en/server/high_availability/ha/figures/HA-firstchoice copy.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-firstchoice copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-firstchoice-cmd copy.png b/docs/en/server/high_availability/ha/figures/HA-firstchoice-cmd copy.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-firstchoice-cmd copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-firstchoice-cmd.png b/docs/en/server/high_availability/ha/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-firstchoice-cmd.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-firstchoice.png b/docs/en/server/high_availability/ha/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-firstchoice.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group copy.png b/docs/en/server/high_availability/ha/figures/HA-group copy.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-new copy.png b/docs/en/server/high_availability/ha/figures/HA-group-new copy.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-new copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-new-suc copy.png b/docs/en/server/high_availability/ha/figures/HA-group-new-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-new-suc copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-new-suc.png b/docs/en/server/high_availability/ha/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-new-suc.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-new-suc2 copy.png b/docs/en/server/high_availability/ha/figures/HA-group-new-suc2 copy.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-new-suc2 copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-new-suc2.png b/docs/en/server/high_availability/ha/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-new-suc2.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-new.png b/docs/en/server/high_availability/ha/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-new.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-suc copy.png b/docs/en/server/high_availability/ha/figures/HA-group-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-suc copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group-suc.png b/docs/en/server/high_availability/ha/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group-suc.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-group.png b/docs/en/server/high_availability/ha/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-group.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-home-page copy.png b/docs/en/server/high_availability/ha/figures/HA-home-page copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-home-page copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-home-page.png b/docs/en/server/high_availability/ha/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-home-page.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-login.png b/docs/en/server/high_availability/ha/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-login.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-mariadb copy.png b/docs/en/server/high_availability/ha/figures/HA-mariadb copy.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-mariadb copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-mariadb-suc copy.png b/docs/en/server/high_availability/ha/figures/HA-mariadb-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-mariadb-suc copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-mariadb-suc.png b/docs/en/server/high_availability/ha/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-mariadb-suc.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-mariadb.png b/docs/en/server/high_availability/ha/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-mariadb.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-nfs copy.png b/docs/en/server/high_availability/ha/figures/HA-nfs copy.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-nfs copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-nfs-suc copy.png b/docs/en/server/high_availability/ha/figures/HA-nfs-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-nfs-suc copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-nfs-suc.png b/docs/en/server/high_availability/ha/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-nfs-suc.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-nfs.png b/docs/en/server/high_availability/ha/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-nfs.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-pacemaker.png b/docs/en/server/high_availability/ha/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-pacemaker.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-pcs-status copy.png b/docs/en/server/high_availability/ha/figures/HA-pcs-status copy.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-pcs-status copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-pcs-status.png b/docs/en/server/high_availability/ha/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-pcs-status.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-pcs.png b/docs/en/server/high_availability/ha/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-pcs.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-qdevice copy.png b/docs/en/server/high_availability/ha/figures/HA-qdevice copy.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-qdevice copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-qdevice.png b/docs/en/server/high_availability/ha/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-qdevice.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-refresh copy.png b/docs/en/server/high_availability/ha/figures/HA-refresh copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-refresh copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-refresh.png b/docs/en/server/high_availability/ha/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-refresh.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-vip copy.png b/docs/en/server/high_availability/ha/figures/HA-vip copy.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-vip copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-vip-suc copy.png b/docs/en/server/high_availability/ha/figures/HA-vip-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-vip-suc copy.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-vip-suc.png b/docs/en/server/high_availability/ha/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-vip-suc.png differ diff --git a/docs/en/server/high_availability/ha/figures/HA-vip.png b/docs/en/server/high_availability/ha/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/HA-vip.png differ diff --git a/docs/en/server/high_availability/ha/figures/image.png b/docs/en/server/high_availability/ha/figures/image.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/image.png differ diff --git a/docs/en/server/high_availability/ha/figures/image3.png b/docs/en/server/high_availability/ha/figures/image3.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/image3.png differ diff --git a/docs/en/server/high_availability/ha/figures/image4.png b/docs/en/server/high_availability/ha/figures/image4.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/image4.png differ diff --git a/docs/en/server/high_availability/ha/figures/image5.png b/docs/en/server/high_availability/ha/figures/image5.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/server/high_availability/ha/figures/image5.png differ diff --git a/docs/en/server/high_availability/ha/ha.md b/docs/en/server/high_availability/ha/ha.md new file mode 100644 index 0000000000000000000000000000000000000000..a21b5471bf20089374372e6dde9a54476c10758f --- /dev/null +++ b/docs/en/server/high_availability/ha/ha.md @@ -0,0 +1,3 @@ +# HA User Guide + +This chapter describes how to install and use HA. diff --git a/docs/en/server/high_availability/ha/ha_installation_and_deployment.md b/docs/en/server/high_availability/ha/ha_installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..4dd12efe83a2c13df9e8a4b972076b855de6ffaf --- /dev/null +++ b/docs/en/server/high_availability/ha/ha_installation_and_deployment.md @@ -0,0 +1,199 @@ +# HA Installation and Deployment + +This document describes how to install and deploy an HA cluster. + +## Installation and Deployment + +- Prepare the environment: At least two physical machines or VMs with openEuler installed are required. (This section uses two physical machines or VMs as an example.) For details about how to install openEuler 21.03, see the [_openEuler Installation Guide_](../../installation_upgrade/installation/installation_on_servers.md). + +### Modifying the Host Name and the /etc/hosts File + +- **Note: You need to perform the following operations on both hosts. The following takes one host as an example. IP addresses in this document are for reference only.** + +Before using the HA software, ensure that all host names have been changed and written into the **/etc/hosts** file. + +- Run the following command to change the host name: + +```shell +hostnamectl set-hostname ha1 +``` + +- Edit the **/etc/hosts** file and write the following fields: + +```text +172.30.30.65 ha1 +172.30.30.66 ha2 +``` + +### Configuring the Yum Repository + +After the system is successfully installed, the Yum source is configured by default. The file location is stored in the **/etc/yum.repos.d/openEuler.repo** file. The HA software package uses the following sources: + +```text +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-{version}/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### Installing the HA Software Package Components + +```shell +yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### Setting the hacluster User Password + +```shell +passwd hacluster +``` + +### Modifying the /etc/corosync/corosync.conf File + +```text +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### Managing the Services + +#### Disabling the firewall + +1. Stop the firewall. + + ```shell + systemctl stop firewalld + ``` + +2. Change the status of SELINUX in the **/etc/selinux/config** file to disabled. + + ```text + # SELINUX=disabled + ``` + +#### Managing the pcs service + +1. Start the pcs service. + + ```shell + systemctl start pcsd + ``` + +2. Query the pcs service status. + + ```shell + systemctl status pcsd + ``` + + The service is started successfully if the following information is displayed: + + ![](./figures/HA-pcs.png) + +#### Managing the Pacemaker service + +1. Start the Pacemaker service. + + ```shell + systemctl start pacemaker + ``` + +2. Query the Pacemaker service status. + + ```shell + systemctl status pacemaker + ``` + + The service is started successfully if the following information is displayed: + + ![](./figures/HA-pacemaker.png) + +#### Managing the Corosync service + +1. Start the Corosync service. + + ```shell + systemctl start corosync + ``` + +2. Query the Corosync service status. + + ```shell + systemctl status corosync + ``` + + The service is started successfully if the following information is displayed: + + ![](./figures/HA-corosync.png) + +### Performing Node Authentication + +- **Note: Run this command on any node.** + +```shell +pcs host auth ha1 ha2 +``` + +### Accessing the Front-End Management Platform + +After the preceding services are started, open the browser (Chrome or Firefox is recommended) and enter `https://localhost:2224` in the navigation bar. + +- This page is the native management platform. + +![](./figures/HA-login.png) + +For details about how to install the management platform newly developed by the community, see . + +- The following is the management platform newly developed by the community. + +![](./figures/HA-api.png) + +- For how to quickly use an HA cluster and add an instance, see the [HA Usage Example](ha_usecase_examples.md). diff --git a/docs/en/server/high_availability/ha/ha_usecase_examples.md b/docs/en/server/high_availability/ha/ha_usecase_examples.md new file mode 100644 index 0000000000000000000000000000000000000000..62f53c9ef3ff5346772454cac84c93db5087bfa5 --- /dev/null +++ b/docs/en/server/high_availability/ha/ha_usecase_examples.md @@ -0,0 +1,248 @@ +# HA Usage Examples + +This section describes how to get started with the HA cluster and add an instance. If you are not familiar with HA cluster installation, see [HA Installation and Deployment](ha_installation_and_deployment.md). + +## Quick Start Guide + +The following operations use the management platform newly developed by the community as an example. + +### Login Page + +The user name is `hacluster`, and the password is the one set on the host by the user. + +![](./figures/HA-api.png) + +### Home page + +After logging in to the system, the main page is displayed. The main page consists of the side navigation bar, the top operation area, the resource node list area, and the node operation floating area. + +The following describes the features and usage of the four areas in detail. + +![](./figures/HA-home-page.png) + +#### Navigation bar + +The side navigation bar consists of two parts: the name and logo of the HA cluster software, and the system navigation. The system navigation consists of three parts: **System**, **Cluster Configurations**, and **Tools**. **System** is the default option and the corresponding item to the home page. It displays the information and operation entries of all resources in the system. **Preference Settings** and **Heartbeat Configurations** are set under **Cluster Configurations**. **Log Download** and **Quick Cluster Operation** are set under **Tools**. These two items are displayed in a pop-up box after you click them. + +#### Top Operation Area + +The current login user is displayed statically. When you hover the mouse cursor on the user icon, the operation menu items are displayed, including **Refresh Settings** and **Log Out**. After you click **Refresh Settings**, the **Refresh Settings** dialog box is displayed with the **Refresh Settings** option. You can set the automatic refresh modes for the system, the options are **Do not refresh automatically**, **Refresh every 5 seconds**, and **Refresh every 10 seconds**. By default, **Do not refresh automatically** is selected. Click **Log Out** to log out and jump to the login page. After that, a re-login is required if you want to continue to access the system. + +![](./figures/HA-refresh.png) + +#### Resource Node List Area + +The resource node list displays the resource information such as **Resource Name**, **Status**, **Resource Type**, **Service**, and **Running Node** of all resources in the system, and the node information such as all nodes in the system and the running status of the nodes. In addition, you can **Add**, **Edit**, **Start**, **Stop**, **Clear**, **Migrate**, **Migrate Back**, **Delete**, and **Associate** the resources. + +#### Node Operation Floating Area + +By default, the node operation floating area is collapsed. When you click a node in the heading of the resource node list, the node operation area is displayed on the right, as shown in the preceding figure. This area consists of the collapse button, the node name, the stop button, and the standby button, and provides the stop and standby operations. Click the arrow in the upper left corner of the area to collapse the area. + +### Preference Settings + +The following operations can be performed using command lines. The following is a simple example. For more command details, run the `pcs --help` command. + +- Through the CLI + + ```shell + # pcs property set stonith-enabled=false + # pcs property set no-quorum-policy=ignore + ``` + + Run the following command to view all configurations: + + ```shell + pcs property + ``` + + ![](./figures/HA-firstchoice-cmd.png) + +- Through the GUI + Clicking **Preference Settings** in the navigation bar, the **Preference Settings** dialog box is displayed. Change the values of **No Quorum Policy** and **Stonith Enabled** from the default values to the values shown in the following figure. Then, click OK. + + ![](./figures/HA-firstchoice.png) + +### Add Resource + +#### Adding Common Resources + +1. Click **Add Common Resource**. The **Create Resource** dialog box is displayed. + All mandatory configuration items of a resource are displayed on the **Basic** page. After you select a resource type on the **Basic** page, other mandatory and optional configuration items of the resource are displayed. + +2. Enter the resource configuration information. + A gray text area is displayed on the right of the dialog box to describe the current configuration item. After all mandatory parameters are set, click **OK** to create a common resource or click **Cancel** to cancel the add operation. + The optional configuration items on the **Instance Attribute**, **Meta Attribute**, or **Operation Attribute** page are optional. If they are not configured, the resource creation process is not affected. You can modify them as required. Otherwise, the default values are used. + +The following uses Apache as an example to describe how to add resources through the CLI and GUI. + +- Through the CLI + + ```shell + # pcs resource create httpd ocf:heartbeat:apache + ``` + + Check the resource running status: + + ```shell + # pcs status + ``` + + ![](./figures/HA-pcs-status.png) + +- Through the GUI + +1. Enter the resource name and resource type, as shown in the following figure. + + ![](./figures/HA-add-resource.png) + +2. If the following information is displayed, the resource is successfully added and started, and runs on a node, for example, ha1. + + ![](./figures/HA-apache-suc.png) +3. Access the Apache page. + + ![](./figures/HA-apache-show.png) + +#### Adding Group Resources + +>**Note:** +> Adding group resources requires at least one common resource in the cluster. + +1. Click **Add Group Resource**. The **Create Resource** dialog box is displayed. + All the parameters on the **Basic** tab page are mandatory. After setting the parameters, click **OK** to add the resource or click **Cancel** to cancel the add operation. + + ![](./figures/HA-group.png) + + > **Notes:** + > Group resources are started in the sequence of child resources. Therefore, you need to select child resources in sequence. + +2. If the following information is displayed, the resource is added successfully. + + ![](./figures/HA-group-suc.png) + +#### Adding Clone Resources + +1. Click **Add Clone Resource**. The **Create Resource** dialog box is displayed. + On the **Basic** page, enter the object to be cloned. The resource name is automatically generated. After entering the object name, click **OK** to add the resource, or click **Cancel** to cancel the add operation. + + ![](./figures/HA-clone.png) + +2. If the following information is displayed, the resource is added successfully. + + ![](./figures/HA-clone-suc.png) + +### Editing Resources + +- Starting a resource: Select a target resource from the resource node list. The target resource must not be running. Start the resource. +- Stopping a resource: Select a target resource from the resource node list. The target resource must be running. Stop the resource. +- Clearing a resource: Select a target resource from the resource node list. Clear the resource. +- Migrating a resource: Select a target resource from the resource node list. The resource must be a common resource or group resource in the running status. Migrate the resource to migrate it to a specified node. +- Migrating back a resource: Select a target resource from the resource node list. The resource must be a migrated resource. Migrate back the resource to clear the migration settings of the resource and migrate the resource back to the original node. After you click **Migrate Back**, the status change of the resource item in the list is the same as that when the resource is started. +- Deleting a resource: Select a target resource from the resource node list. Delete the resource. + +### Setting Resource Relationships + +Resource relationships are used to set restrictions for the target resources. There are three types resource restrictions: resource location, resource collaboration, and resource order. + +- Resource location: sets the running level of the resource on the nodes in the cluster to determine the node where the resource runs during startup or switchover. The running levels are Master Node and Slave 1 in descending order. +- Resource collaboration: indicates whether the target resource and other resources in the cluster run on the same node. **Same Node** indicates that this node must run on the same node as the target resource. **Mutually Exclusive** indicates that this node cannot run on the same node as the target resource. +- Resource order: Set the order in which the target resource and other resources in the cluster are started. **Front Resource** indicates that this resource must be started before the target resource. **Follow-up Resource** indicates that this resource can be started only after the target resource is started. + +## HA MySQL Configuration Example + +### Configuring the Virtual IP Address + +1. On the home page, choose **Add** > **Add Common Resource**, and set the parameters as follows: + + ![](./figures/HA-vip.png) + +2. The resource is successfully created and started, and runs on a node, for example, ha1. +3. The IP address can be pinged and connected. After login, you can perform various operations normally. Resources can be switched to ha2 and can be accessed normally. See the following figure. + ![](./figures/HA-vip-suc.png) + +### Configuring NFS Storage + +Perform the following steps to configure another host as the NFS server: + +1. Install the software package. + + ```shell + # yum install -y nfs-utils rpcbind + ``` + +2. Disable the firewall. + + ```shell + # systemctl stop firewalld && systemctl disable firewalld + ``` + +3. Modify the /etc/selinux/config file to change the status of SELinux to disabled. + + ```shell + # SELINUX=disabled + ``` + +4. Start services. + + ```shell + # systemctl start rpcbind && systemctl enable rpcbind + # systemctl start nfs-server && systemctl enable nfs-server + ``` + +5. Create a shared directory on the server. + + ```shell + # mkdir -p /test + ``` + +6. Modify the NFS configuration file. + + ```shell + # vim /etc/exports + # /test *(rw,no_root_squash) + ``` + +7. Reload the service. + + ```shell + # systemctl reload nfs + ``` + +8. Install the software package on the client. Install MySQL first and then mount NFS to the MySQL data path. + + ```shell + # yum install -y nfs-utils mariadb-server + ``` + +9. On the home page, choose **Add** > **Add Common Resource** and configure the NFS resource as follows: + + ![](./figures/HA-nfs.png) + +10. The resource is successfully created and started, and runs on a node, for example, ha1. The NFS is mounted to the `/var/lib/mysql` directory. The resource is switched to ha2. The NFS is unmounted from ha1 and automatically mounted to ha2. See the following figure. + + ![](./figures/HA-nfs-suc.png) + +### Configuring MySQL + +1. On the home page, choose **Add** > **Add Common Resource** and configure the MySQL resource as follows: + + ![](./figures/HA-mariadb.png) + +2. If the following information is displayed, the resource is successfully added: + + ![](./figures/HA-mariadb-suc.png) + +### Adding the Preceding Resources as a Group Resource + +1. Add the three resources in the resource startup sequence. + + On the home page, choose **Add** > **Add Group Resource** and configure the group resource as follows: + + ![](./figures/HA-group-new.png) + +2. The group resource is successfully created and started. If the command output is the same as that of the preceding common resources, the group resource is successfully added. + + ![](./figures/HA-group-new-suc.png) + +3. Use ha1 as the standby node and migrate the group resource to the ha2 node. The system is running properly. + + ![](./figures/HA-group-new-suc2.png) diff --git a/docs/en/server/installation_upgrade/installation/_toc.yaml b/docs/en/server/installation_upgrade/installation/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..41d397e6644d444082ebf4adfb12ca3daca6b2c4 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/_toc.yaml @@ -0,0 +1,40 @@ +label: Installation Guide +isManual: true +description: Installing openEuler +sections: + - label: Installation on Servers + href: ./installation_on_servers.md + sections: + - label: Installation Preparations + href: ./installation_preparations.md + - label: Installation Modes + href: ./installation_modes.md + - label: Installation Guide + href: ./installation_guide.md + - label: Using Kickstart for Automatic Installation + href: ./using_kickstart_for_automatic_installation.md + - label: Installation on Raspberry Pi + href: ./install_pi.md + sections: + - label: Installation Preparations + href: ./installation_preparations_1.md + - label: Installation Modes + href: ./installation_modes_1.md + - label: Installation Guide + href: ./installation_guide_1.md + - label: Using Kickstart for Automatic Installation + href: ./using_kickstart_for_automatic_installation.md + - label: More Reroutes + href: ./more_resources.md + - label: Installation on RISC-V + href: ./risc_v.md + sections: + - label: Installation on QEMU + href: ./risc_v_qemu.md + - label: Installation on PioneerBox + href: ./risc_v_pioneer1.3.md + - label: Installation on LicheePiA + href: ./risc_v_licheepi4a.md + - label: RISCV-OLK6.6 Source-Compatible Version Guide + href: ./riscv_olk6.6_homologous_version.md + \ No newline at end of file diff --git a/docs/en/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png b/docs/en/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..29fc332ed3ecdc70b2a031d2633a6ec4ec5a9f0b Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Automatic_installation_complete.png b/docs/en/server/installation_upgrade/installation/figures/Automatic_installation_complete.png new file mode 100644 index 0000000000000000000000000000000000000000..f2169685ef202bae133ae74fec620ec64aea46df Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Automatic_installation_complete.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/BIOS.png b/docs/en/server/installation_upgrade/installation/figures/BIOS.png new file mode 100644 index 0000000000000000000000000000000000000000..d5a96738001c5a910174c030af583bb09ff29ce6 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/BIOS.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png b/docs/en/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..9e87cfaf1bdee860b3cbc35150decd8db492f8aa Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Configuration_error_prompt.png b/docs/en/server/installation_upgrade/installation/figures/Configuration_error_prompt.png new file mode 100644 index 0000000000000000000000000000000000000000..a4eb734b3b84247bb2aa897e74898e8b5375aec8 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Configuration_error_prompt.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Disk_encryption_password.png b/docs/en/server/installation_upgrade/installation/figures/Disk_encryption_password.png new file mode 100644 index 0000000000000000000000000000000000000000..c76b59d3214da2c55119f0300103be0b9c2d8792 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Disk_encryption_password.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Image_dialog_box.png b/docs/en/server/installation_upgrade/installation/figures/Image_dialog_box.png new file mode 100644 index 0000000000000000000000000000000000000000..e72253b3d16d4388fa051c73b94e8923020ad467 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Image_dialog_box.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Installation_source.png b/docs/en/server/installation_upgrade/installation/figures/Installation_source.png new file mode 100644 index 0000000000000000000000000000000000000000..b2ff6ff142722b27b4aa474ca246f5aedc278df8 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Installation_source.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Installation_wizard.png b/docs/en/server/installation_upgrade/installation/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..fc3a96c0cd4b5a2ece94a0b3fc484720440adace Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Installation_wizard.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Keyboard_layout.png b/docs/en/server/installation_upgrade/installation/figures/Keyboard_layout.png new file mode 100644 index 0000000000000000000000000000000000000000..12447c247e913ff4460dc2e736b1ece57a8d128b Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Keyboard_layout.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Manual_partitioning.png b/docs/en/server/installation_upgrade/installation/figures/Manual_partitioning.png new file mode 100644 index 0000000000000000000000000000000000000000..4ff41957f520ee0abdf55fbe90cd92dd0ea35f1f Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Manual_partitioning.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Manual_partitioning1.png b/docs/en/server/installation_upgrade/installation/figures/Manual_partitioning1.png new file mode 100644 index 0000000000000000000000000000000000000000..4097e12f77be60a965c4b00b57d41c19c90619d8 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Manual_partitioning1.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png b/docs/en/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png new file mode 100644 index 0000000000000000000000000000000000000000..9f5a9e0f03055c59148830c8f8894196acd6861f Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/NetworkandHostName.png b/docs/en/server/installation_upgrade/installation/figures/NetworkandHostName.png new file mode 100644 index 0000000000000000000000000000000000000000..5d77ccbe602dd1ce565e77c48e27628cc9ec591a Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/NetworkandHostName.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/No-bootable-device-page.png b/docs/en/server/installation_upgrade/installation/figures/No-bootable-device-page.png new file mode 100644 index 0000000000000000000000000000000000000000..944c658d621f00b18e4aa75eaca420d76c08715c Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/No-bootable-device-page.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/No-bootable-device.png b/docs/en/server/installation_upgrade/installation/figures/No-bootable-device.png new file mode 100644 index 0000000000000000000000000000000000000000..944c658d621f00b18e4aa75eaca420d76c08715c Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/No-bootable-device.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Partition_expansion.png b/docs/en/server/installation_upgrade/installation/figures/Partition_expansion.png new file mode 100644 index 0000000000000000000000000000000000000000..37a6ef7a2371a9a5518f6d2ce0dc6d36fc71fe1b Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Partition_expansion.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png b/docs/en/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png new file mode 100644 index 0000000000000000000000000000000000000000..682f555c3a6da63e1cf6e6eed402e2851c4a7ebb Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/Target_installation_position.png b/docs/en/server/installation_upgrade/installation/figures/Target_installation_position.png new file mode 100644 index 0000000000000000000000000000000000000000..5dcf04a4bfa256efef32a1cf7dd146161030381d Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/Target_installation_position.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/cancle_disk.png b/docs/en/server/installation_upgrade/installation/figures/cancle_disk.png new file mode 100644 index 0000000000000000000000000000000000000000..ff0e9a143fc14dc725d0b1e770bd54ce874aeec6 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/cancle_disk.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/choice.png b/docs/en/server/installation_upgrade/installation/figures/choice.png new file mode 100644 index 0000000000000000000000000000000000000000..0e40f5fd8d73dbcbad6bdcec5d56d3883d54023a Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/choice.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/choicelanguage.png b/docs/en/server/installation_upgrade/installation/figures/choicelanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..51dfe50057e0652a34b5c94192c411c356133b24 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/choicelanguage.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/choosesoftware.png b/docs/en/server/installation_upgrade/installation/figures/choosesoftware.png new file mode 100644 index 0000000000000000000000000000000000000000..e9f4dbfb6de56498a46752cbebe88ab623366160 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/choosesoftware.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/confignetwork1.png b/docs/en/server/installation_upgrade/installation/figures/confignetwork1.png new file mode 100644 index 0000000000000000000000000000000000000000..d46f71cc21fb8f2defab62c08ba5537f225be328 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/confignetwork1.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/createuser.png b/docs/en/server/installation_upgrade/installation/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..a280f355f07f34e590bfcb5c33a16b2201051857 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/createuser.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/custom_paratition.png b/docs/en/server/installation_upgrade/installation/figures/custom_paratition.png new file mode 100644 index 0000000000000000000000000000000000000000..0f46bc9fcfbf57cd986661029c6b2c037dac2919 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/custom_paratition.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/dateandtime.png b/docs/en/server/installation_upgrade/installation/figures/dateandtime.png new file mode 100644 index 0000000000000000000000000000000000000000..10ff8aceeb1789333833f79a668214eb69e50643 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/dateandtime.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/enforce-secure-boot.png b/docs/en/server/installation_upgrade/installation/figures/enforce-secure-boot.png new file mode 100644 index 0000000000000000000000000000000000000000..0e40f5fd8d73dbcbad6bdcec5d56d3883d54023a Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/enforce-secure-boot.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/installation_overview.png b/docs/en/server/installation_upgrade/installation/figures/installation_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..fb9c052855bd920532c0cf69c658eaadab628f5f Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/installation_overview.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/installation_procedure.png b/docs/en/server/installation_upgrade/installation/figures/installation_procedure.png new file mode 100644 index 0000000000000000000000000000000000000000..06a9d14a166bdfe86c5eec0be7929a7a99c5ea45 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/installation_procedure.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/installsource.png b/docs/en/server/installation_upgrade/installation/figures/installsource.png new file mode 100644 index 0000000000000000000000000000000000000000..df788bdb010a1e711eef0446348587dce7b55b95 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/installsource.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/languagesupport.png b/docs/en/server/installation_upgrade/installation/figures/languagesupport.png new file mode 100644 index 0000000000000000000000000000000000000000..322a38cfea59362ae595ff204d907ae1fd41dc30 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/languagesupport.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/reset_devices.png b/docs/en/server/installation_upgrade/installation/figures/reset_devices.png new file mode 100644 index 0000000000000000000000000000000000000000..70cc2e0138dd48950f4704bd3f1160448d5058a1 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/reset_devices.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/restart_icon.png b/docs/en/server/installation_upgrade/installation/figures/restart_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..a1b02b2dff42c90845d2491192507ea6967352e3 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/restart_icon.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/restarticon.png b/docs/en/server/installation_upgrade/installation/figures/restarticon.png new file mode 100644 index 0000000000000000000000000000000000000000..33bf7cd2e435ff04f3947eb39ba20019b12bf2d2 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/restarticon.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg b/docs/en/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg new file mode 100644 index 0000000000000000000000000000000000000000..8a00c4fd2033954b1d0d99eb376ea5c1436db7fb Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg differ diff --git a/docs/en/server/installation_upgrade/installation/figures/root_password.png b/docs/en/server/installation_upgrade/installation/figures/root_password.png new file mode 100644 index 0000000000000000000000000000000000000000..fe285fc2bfd682e1ef3799e62ef2786507e49372 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/root_password.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/security.png b/docs/en/server/installation_upgrade/installation/figures/security.png new file mode 100644 index 0000000000000000000000000000000000000000..59ac7bfcef796fc32d0127a9d6095d32cb282fb2 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/security.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/select.png b/docs/en/server/installation_upgrade/installation/figures/select.png new file mode 100644 index 0000000000000000000000000000000000000000..0e40f5fd8d73dbcbad6bdcec5d56d3883d54023a Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/select.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/select_software.png b/docs/en/server/installation_upgrade/installation/figures/select_software.png new file mode 100644 index 0000000000000000000000000000000000000000..4b1384943d2770317396be452b137b6602d1dfea Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/select_software.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/selectlanguage.png b/docs/en/server/installation_upgrade/installation/figures/selectlanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..4351e637cb673e156864cf5110e68efb3c3e1f2b Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/selectlanguage.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/sourceftp.png b/docs/en/server/installation_upgrade/installation/figures/sourceftp.png new file mode 100644 index 0000000000000000000000000000000000000000..6866700da46d0a283cb1585dc425feb79337f726 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/sourceftp.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/sourcenfs.png b/docs/en/server/installation_upgrade/installation/figures/sourcenfs.png new file mode 100644 index 0000000000000000000000000000000000000000..430d9433904fef0ac833495ec1ae704acdd9026f Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/sourcenfs.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/startparam.png b/docs/en/server/installation_upgrade/installation/figures/startparam.png new file mode 100644 index 0000000000000000000000000000000000000000..661febc759a150367509505577ea7ea216f911be Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/startparam.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/target_install_position.png b/docs/en/server/installation_upgrade/installation/figures/target_install_position.png new file mode 100644 index 0000000000000000000000000000000000000000..5dcf04a4bfa256efef32a1cf7dd146161030381d Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/target_install_position.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png new file mode 100644 index 0000000000000000000000000000000000000000..2418510f855facae4b47129840894490a1eac7ca Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png new file mode 100644 index 0000000000000000000000000000000000000000..d67b599b9ab74017c0800529053befed3efab8a7 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg new file mode 100644 index 0000000000000000000000000000000000000000..3f0a0658e08010f4f453e558a41e31257783b416 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png new file mode 100644 index 0000000000000000000000000000000000000000..deefef68670d64c131e4c41911a01236158f1dd1 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png new file mode 100644 index 0000000000000000000000000000000000000000..e0ad8102bddd886c3bd7a306b088e8a52e2b99c9 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png new file mode 100644 index 0000000000000000000000000000000000000000..5754e734c48b23ace2a4fbf1302b820077cd7b71 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png new file mode 100644 index 0000000000000000000000000000000000000000..4ffcb081e2c8f82bcc49a65a939f2cd8bd6f949b Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png new file mode 100644 index 0000000000000000000000000000000000000000..86c61a4b8e2a5795baff2fc74629924d01d7b97b Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png differ diff --git a/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png new file mode 100644 index 0000000000000000000000000000000000000000..bea985ef710c57aeba16600067304b1005ad92e8 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png differ diff --git a/docs/en/server/installation_upgrade/installation/install_pi.md b/docs/en/server/installation_upgrade/installation/install_pi.md new file mode 100644 index 0000000000000000000000000000000000000000..9c643080454ac812127fbe4c24e2cfbf41cda648 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/install_pi.md @@ -0,0 +1,3 @@ +# Installation on Raspberry Pi + +This section describes how to install openEuler on Raspberry Pi. Users must have basic knowledge of Linux OS management. diff --git a/docs/en/server/installation_upgrade/installation/installation_guide.md b/docs/en/server/installation_upgrade/installation/installation_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..cffd2e5986cda9166fcabcbdfcaae38b3499001b --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/installation_guide.md @@ -0,0 +1,331 @@ +# Installation Guideline + +This section describes how to install openEuler using a CD/DVD-ROM. The installation process is the same for other installation modes except the boot option. + +## Starting the Installation + +### Booting from the CD/DVD-ROM Drive + +Load the ISO image of openEuler from the CD/DVD-ROM drive of the server and restart the server. The procedure is as follows: + +>![](./public_sys-resources/icon-note.gif) **Note** +>Before the installation, ensure that the server boots from the CD/DVD-ROM drive preferentially. The following steps describe how to install openEuler using a virtual CD/DVD-ROM drive on the baseboard management controller (BMC). The procedure for installing openEuler from a physical drive is the same as that of a virtual drive. + +1. On the toolbar, click the icon shown in the following figure. + + **Figure 1** Drive icon + ![](./figures/CD-ROM_drive_icon.png) + + An image dialog box is displayed, as shown in the following figure. + + **Figure 2** Image dialog box + ![](./figures/Image_dialog_box.png) + +2. Select **Image File** and then click **...**. The **Open** dialog box is displayed. +3. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. +4. On the toolbar, click the restart icon shown in the following figure to restart the device. + + **Figure 3** Restart icon + ![](./figures/restarticon.png) + +### Installation Wizard + +A boot menu is displayed after the system is booted using the boot medium. In addition to options for starting the installation program, some other options are available on the boot menu. During system installation, the **Test this media & install openEuler {version}** mode is used by default. Press the arrow keys on the keyboard to change the selection, and press **Enter** when the desired option is highlighted. + +>![](./public_sys-resources/icon-note.gif) **Note** +> +>- If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media & install openEuler {version}** and enters the installation page. +>- During physical machine installation, if you cannot use the arrow keys to select boot >- During physical machine installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](./figures/zh-cn_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**.en-us_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**. + +**Figure 4** Installation Wizard +![](./figures/Installation_wizard.png) + +Installation wizard options are described as follows: + +- **Install openEuler {version}**: Install openEuler on your server in GUI mode. + +- **Test this media & install openEuler {version}**: Default option. Install openEuler on your server in GUI mode. The integrity of the installation medium is checked before the installation program is started. + +- **Troubleshooting**: Troubleshooting mode, which is used when the system cannot be installed properly. In troubleshooting mode, the following options are available: + - **Install openEuler {version} in basic graphics mode**: Basic graphics installation mode. In this mode, the video driver is not started before the system starts and runs. + - **Rescue the openEuler system**: Rescue mode, which is used to restore the system. In rescue mode, the installation process is printed to the Virtual Network Computing (VNC) or BMC interface, and the serial port is unavailable. + +On the installation wizard screen, press **e** to go to the parameter editing screen of the selected option, and press **c** to go to the command line interface (CLI). + +### Installation in GUI Mode + +On the installation wizard page, select **Test this media & install openEuler {version}** to enter the GUI installation mode. + +Perform graphical installation operations using a keyboard. + +- Press **Tab** or **Shift+Tab** to move between GUI controls (such as buttons, area boxes, and check boxes). +- Press the up or down arrow key to move a target in the list. +- Press the left or right arrow key to move between the horizontal toolbar and watch bar. +- Press the spacebar or **Enter** to select or delete highlighted options, expand or collapse a drop-down list. +- Press **Alt+a shortcut key** (the shortcut key varies for different pages) to select the control where the shortcut key is located. The shortcut key can be highlighted (underlined) by holding down **Alt**. + +## Configuring an Installation Program Language + +After the installation starts, the system will prompt the language that is used during the installation process. English is configured by default, as shown in the following figure. Configure another language as required. + +**Figure 5** Selecting a language +![](./figures/selectlanguage.png) + +After the language is set, click **Continue**. The installation page is displayed. + +If you want to exit the installation, click **Exit**. The message **Are you sure you want to exit the installation program?** is displayed. Click **Yes** in the dialog box to go back to the installation wizard page. + +## Entering the Installation Page + +After the installation program starts, the installation page is displayed, as shown in the following figure. On the page, you can configure the time, language, installation source, network, and storage device. + +Some configuration items are matched with safety symbols. A safety symbol will disappear after the item is configured. Start the installation only when all the safety symbols disappear from the page. + +If you want to exit the installation, click **Exit**. The message **Are you sure you want to exit the installation program?** is displayed. Click **Yes** in the dialog box to go back to the installation wizard page. + +**Figure 6** Installation summary +![](./figures/installation_overview.png) + +## Setting the Keyboard Layout + +On the **INSTALLATION SUMMARY** page, click **KEYBOARD**. You can add or delete multiple keyboard layouts in the system. + +- To view the keyboard layout: Select a keyboard layout in the left box and click **keyboard** under the box. +- To test the keyboard layout: Select the keyboard layout in the left box and click keyboard icon in the upper right corner to switch to the desired layout, and then type in the right text box to ensure that the keyboard layout can work properly. + +**Figure 7** Setting the keyboard layout +![](./figures/Keyboard_layout.png) + +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +## Setting a System Language + +On the **INSTALLATION SUMMARY** page, click **LANGUAGE SUPPORT** to set the system language, as shown in the following figure. Set another language as required, such as Chinese. + +>![](./public_sys-resources/icon-note.gif) **Note** +>If you select **Chinese**, the system does not support the display of Chinese characters when you log in to the system using VNC, but supports the display of Chinese characters when you log in to the system using a serial port. When you log in to the system using SSH, whether the system supports the display of Chinese characters depends on the SSH client. If you select **English**, the display is not affected. + +**Figure 8** Setting a system language + +![](./figures/languagesupport.png) + +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +## Setting Date and Time + +On the **INSTALLATION SUMMARY** page, click **TIME & DATE**. On the **TIME & DATE** page, set the system time zone, date, and time. + +When setting the time zone, select a region from the drop-down list of **Region** and a city from the drop-down list of **City** at the top of the page, as shown in the following figure. + +If your city is not displayed in the drop-down list, select the nearest city in the same time zone. + +>![](./public_sys-resources/icon-note.gif) **Note** +> +>- Before manually setting the time zone, disable the network time synchronization function in the upper right corner. +>- If you want to use the network time, ensure that the network can connect to the remote NTP server. For details about how to set the network, see [Setting the Network and Host Name](#setting-the-network-and-host-name). + +**Figure 9** Setting date and time + +![](./figures/dateandtime.png) + +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +## Setting the Installation Source + +On the **INSTALLATION SUMMARY** page, click **INSTALLATION SOURCE** to locate the installation source. + +- When you use a complete CD/DVD-ROM for installation, the installation program automatically detects and displays the installation source information. You can use the default settings, as shown in the following figure. + + **Figure 10** Installation source + ![](./figures/Installation_source.png) + +- When the network source is used for installation, you need to set the URL of the network source. + + - HTTP or HTTPS mode + + The following figure shows the installation source in HTTP or HTTPS mode: + + ![](./figures/installsource.png) + + If the HTTPS server uses a private certificate, press **e** on the installation wizard page to go to the parameter editing page of the selected option, and add the **inst.noverifyssl** parameter. + + Enter the actual installation source address, for example, ****, where **openEuler-{version}** indicates the version number, and **x86-64** indicates the CPU architecture. Use the actual version number and CPU architecture. + + - FTP mode + + The following figure shows the installation source in FTP mode. Enter the FTP address in the text box. + + ![](./figures/sourceftp.png) + + You need to set up an FTP server, mount the **openEuler-{version}-x86_64-dvd.iso** image, and copy the mounted files to the shared directory on the FTP server. **x86_64** indicates the CPU architecture. Use the actual image. + + - NFS mode + + The following figure shows the installation source in NFS mode. Enter the NFS address in the text box. + + ![](./figures/sourcenfs.png) + + You need to set up an NFS server, mount the **openEuler-{version}-x86_64-dvd.iso** image, and copy the mounted file to the shared directory on the NFS server. **x86_64** indicates the CPU architecture. Use the actual image. + +During the installation, if you have any questions about configuring the installation source, see [An Exception Occurs During the Selection of the Installation Source](https://gitee.com/openeuler/docs/blob/5232a58d1e76f59c50d68183bdfd3f6dc1603390/docs/en/docs/Installation/faqs.md#an-exception-occurs-during-the-selection-of-the-installation-source). + +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +## Selecting Installation Software + +On the **INSTALLATION SUMMARY** page, click **SOFTWARE SELECTION** to specify the software package to be installed. + +Based on the actual requirements, select **Minimal Install** in the left box and select an add-on in the **Additional software for Selected Environment** area in the right box, as shown in the following figure. + +**Figure 11** Selecting installation software +![](./figures/choosesoftware.png) + +>![](./public_sys-resources/icon-note.gif) **Note** +> +>- In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local host as a repo source, and use DNF to install the package. +>- If you select **Virtualization Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. + +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +## Setting the Installation Destination + +On the **INSTALLATION SUMMARY** page, click **INSTALLATION DESTINATION** to select the OS installation disk and partition. + +You can view available local storage devices in the following figure. + +**Figure 12** Setting the installation destination +![](./figures/Target_installation_position.png) + +### Storage Configuration + +On the **INSTALLATION DESTINATION** page, configure storage for system partition. You can either manually configure partitions or select **Automatic** for automatic partitioning. + +>![](./public_sys-resources/icon-note.gif) **Note** +> +>- During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. See [Table 1](#table1). +>- If the system is configured with the **swap** partition, the **swap** partition is used when the physical memory of the system is insufficient. Although the **swap** partition can be used to expand the physical memory, if it is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure it in the system with sufficient physical memory or in the performance sensitive system. +>- If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. + +**Table 1** Suggested disk partitions + + +| Partition Type | Partition Type | Partition Size | Description | +| --- | --- | --- | --- | +| Primary partition | / | 20 GB | Root directory used to install the OS. | +| Primary partition | /boot | 1 GB | Boot partition. | +| Primary partition | /swap | 16 GB | Swap partition. | +| Logical partition | /home | 1 GB | Stores local user data. | +| Logical partition | /tmp | 10 GB | Stores temporary files. | +| Logical partition | /var | 5 GB | Stores the dynamic data of the daemon process and other system service processes. | +| Logical partition | /var/log | 10 GB | Stores system log data. | +| Logical partition | /var/log/audit | 2 GB | Stores system audit log data. | +| Logical partition | /usr| 5 GB | Stores shared and read-only applications. | +| Logical partition | /var/tmp | 5 GB | Stores temporary files that can be retained during system reboot. | +| Logical partition | /opt | Size of the remaining disk space. | Used to install application software. | + +**Automatic** + +Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +**Custom** + +If you need to manually partition the disk, click **Custom** and click **Done** in the upper left corner. The following page is displayed. + +On the **MANUAL PARTITIONING** page, you can partition the disk in either of the following ways. After the partitioning is completed, the window shown in the following figure is displayed. + +- Automatic creation: Click **Click here to create them automatically**. The system automatically assigns four mount points according to the available storage space: **/boot**, **/**, **/home**, **/boot/efi**, and **swap**. + +- Manual creation: Click ![](./figures/zh-cn_image_0229291243.png) to add a mount point. It is recommended that the expected capacity of each mount point not exceed the available space.It is recommended that the expected capacity of each mount point not exceed the available space. + + >![](./public_sys-resources/icon-note.gif) **Note** + >If the expected capacity of the mount point exceeds the available space, the system allocates the remaining available space to the mount point. + +**Figure 13** MANUAL PARTITIONING page +![](./figures/Manual_partitioning.png) + +>![](./public_sys-resources/icon-note.gif) **Note** +>If non-UEFI mode is selected, the **/boot/efi** partition is not required. Otherwise, it is required. + +After the setting is complete, click **Done** in the upper left corner to go back to the **SUMMARY OF CHANGES** page. + +Click **Accept Changes** to go back to the **INSTALLATION SUMMARY** page. + +## Setting the Network and Host Name + +On the **INSTALLATION SUMMARY** page, select **NETWORK & HOST NAME** to configure the system network functions. + +The installation program automatically detects a local access interface. The detected interface is listed in the left box, and the interface details are displayed in the right area, as shown in [Figure 14](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig123700157297). You can enable or disable a network interface by clicking the switch in the upper right corner of the page. The switch is turned off by default. If the installation source is set to network, turn on the switch. You can also click **Configure** to configure the selected interface. Select **Connect automatically with priority** to enable the NIC automatic startup upon system startup, as shown in [Figure 15](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig6). + +In the lower left box, enter the host name. The host name can be the fully quantified domain name (FQDN) in the format of *hostname.domain_name* or the brief host name in the format of *hostname*. + +**Figure 14** Setting the network and host name +![](./figures/NetworkandHostName.png) + +**Figure 15** Configuring the network +![](./figures/confignetwork1.png) + +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +## Setting the Root Password + +Select Root Password on the **INSTALLATION SUMMARY** page. The **Root Password** page is displayed, as shown in the following figure. Enter a password based on [Password Complexity](#password-complexity) requirements and confirm the password. + +>![](./public_sys-resources/icon-note.gif) **Note** +> +>- The **root** account is used to perform key system management tasks. You are not advised to use the **root** account for daily work or system access. +>- If you select **Lock root account** on the **Root Password** page, the **root** account will be disabled. + +**Figure 16** root password +![](./figures/root_password.png) + +### Password Complexity + +The password of the **root** user or the password of the new user must meet the password complexity requirements. Otherwise, the password configuration or user creation will fail. The password complexity requirements are as follows: + +1. A password must contain at least eight characters. + +2. A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters. + +3. A password must be different from the account name. + +4. A password cannot contain words in the dictionary. + + >![](./public_sys-resources/icon-note.gif) **Note** + >In the installed openEuler environment, you can run the`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. + +After the settings are completed, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + +## Creating a User + +Click **User Creation**. [Figure 17](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter a username and set a password. By clicking **Advanced**, you can also configure a home directory and a user group, as shown in [Figure 18](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312). + +**Figure 17** Creating a user +![](./figures/createuser.png) + +**Figure 18** Advanced user configuration +![](./figures/Advanced_User_Configuration.png) + +After configuration, click **Done** in the left-upper corner to switch back to the **INSTALLATION SUMMARY** page. + +## Starting Installation + +On the installation page, after all the mandatory items are configured, the alarm symbols will disappear. Then, you can click **Begin Installation** to install the system. + +## Installation Procedure + +After the installation starts, the overall installation progress and the progress of writing the software package to the system are displayed. See the following figure. + +>![](./figures/zh-cn_image_0229291229.png) +>If you click **Exit** or reset or power off the server during the installation, the installation is interrupted and the system is unavailable. In this case, you need to reinstall the system. + +**Figure 19** Installation process +![](./figures/installation_procedure.png) + +## Completing the Installation + +After openEuler is installed, Click **Reboot** to restart the system. + +>![](./public_sys-resources/icon-note.gif) **Note** +> +>- If a physical CD/DVD-ROM is used for installation and it is not automatically ejected during the restart, manually remove it. Then, the openEuler CLI login page is displayed. +>- If a virtual CD/DVD-ROM is used for installation, change the server boot option to **Hard Disk** and restart the server. Then, the openEuler CLI login page is displayed. diff --git a/docs/en/server/installation_upgrade/installation/installation_guide_1.md b/docs/en/server/installation_upgrade/installation/installation_guide_1.md new file mode 100644 index 0000000000000000000000000000000000000000..50572f614cd1ad43cb71e43742230f9ca17bc9d8 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/installation_guide_1.md @@ -0,0 +1,176 @@ +# Installation Guide + +This section describes how to enable the Raspberry Pi function after [Writing Raspberry Pi Images into the SD card](./installation_modes_1.md). + +## Starting the System + +After an image is written into the SD card, insert the SD card into the Raspberry Pi and power on the SD card. + +For details about the Raspberry Pi hardware, visit the [Raspberry Pi official website](https://www.raspberrypi.org/). + +## Logging in to the System + +You can log in to the Raspberry Pi in either of the following ways: + +1. Local login + + Connect the Raspberry Pi to the monitor (the Raspberry Pi video output interface is Micro HDMI), keyboard, and mouse, and start the Raspberry Pi. The Raspberry Pi startup log is displayed on the monitor. After Raspberry Pi is started, enter the user name **root** and password **openeuler** to log in. + +2. SSH remote login + + By default, the Raspberry Pi uses the DHCP mode to automatically obtain the IP address. If the Raspberry Pi is connected to a known router, you can log in to the router to check the IP address. The new IP address is the Raspberry Pi IP address. + + According to the preceding figure, the IP address of the Raspberry Pi is **192.168.31.109**. You can run the `ssh root@192.168.31.109` command and enter the password `openeuler` to remotely log in to the Raspberry Pi. + +## Configuring the System + +### Expanding the Root Directory Partition + +The space of the default root directory partition is small. Therefore, you need to expand the partition capacity before using it. + +To expand the root directory partition capacity, perform the following procedure: + +1. Run the `fdisk -l` command as the root user to check the drive partition information. The command output is as follows: + + ```shell + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 5044223 3450880 1.7G 83 Linux + ``` + + The drive letter of the SD card is **/dev/mmcblk0**, which contains three partitions: + + - **/dev/mmcblk0p1**: boot partition + - **/dev/mmcblk0p2**: swap partition + - **/dev/mmcblk0p3**: root directory partition + + Here, we need to expand the capacity of `/dev/mmcblk0p3`. + +2. Run the `fdisk /dev/mmcblk0` command as the root user and the interactive command line interface (CLI) is displayed. To expand the partition capacity, perform the following procedure as shown in [Figure 2](#zh-cn_topic_0151920806_f6ff7658b349942ea87f4521c0256c315). + + 1. Enter `p` to check the partition information. + + Record the start sector number of `/dev/mmcblk0p3`. That is, the value in the `Start` column of the `/dev/mmcblk0p3` information. In the example, the start sector number is `1593344`. + + 2. Enter `d` to delete the partition. + + 3. Enter `3` or press `Enter` to delete the partition whose number is `3`. That is, the `/dev/mmcblk0p3`. + + 4. Enter `n` to create a partition. + + 5. Enter `p` or press `Enter` to create a partition of the `Primary` type. + + 6. Enter `3` or press `Enter` to create a partition whose number is `3`. That is, the `/dev/mmcblk0p3`. + + 7. Enter the start sector number of the new partition. That is, the start sector number recorded in Step `1`. In the example, the start sector number is `1593344`. + + > ![](./public_sys-resources/icon-notice.gif) **NOTE:** + > Do not press **Enter** or use the default parameters. + + 8. Press `Enter` to use the last sector number by default as the end sector number of the new partition. + + 9. Enter `N` without changing the sector ID. + + 10. Enter `w` to save the partition settings and exit the interactive CLI. + + **Figure 2** Expand the partition capacity + ![](./figures/Partition_expansion.png) + +3. Run the `fdisk -l` command as the root user to check the drive partition information and ensure that the drive partition is correct. The command output is as follows: + + ```shell + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 31116287 29522944 14.1G 83 Linux + ``` + +4. Run the `resize2fs /dev/mmcblk0p3` command as the root user to increase the size of the unloaded file system. + +5. Run the `df -lh` command to check the drive space information and ensure that the root directory partition has been expanded. + + > ![](./public_sys-resources/icon-notice.gif) **NOTE:** + > If the root directory partition is not expanded, run the `reboot` command to restart the Raspberry Pi and then run the `resize2fs /dev/mmcblk0p3` command as the root user. + +### Connecting to the Wi-Fi Network + +To connect to the Wi-Fi network, perform the following procedure: + +1. Check the IP address and network adapter information. + + `ip a` + + Obtain information about the wireless network adapter **wlan0**: + + ```text + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41570sec preferred_lft 41570sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 + link/ether e2:e6:99:89:47:0c brd ff:ff:ff:ff:ff:ff + ``` + +2. Scan information about available Wi-Fi networks. + + `nmcli dev wifi` + +3. Connect to the Wi-Fi network. + + Run the `nmcli dev wifi connect SSID password PWD` command as the root user to connect to the Wi-Fi network. + + In the command, `SSID` indicates the SSID of the available Wi-Fi network scanned in the preceding step, and `PWD` indicates the password of the Wi-Fi network. For example, if the `SSID` is `openEuler-wifi`and the password is `12345678`, the command for connecting to the Wi-Fi network is `nmcli dev wifi connect openEuler-wifi password 12345678`. The connection is successful. + + ```text + Device 'wlan0' successfully activated with '26becaab-4adc-4c8e-9bf0-1d63cf5fa3f1'. + ``` + +4. Check the IP address and wireless network adapter information. + + `ip a` + + ```text + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41386sec preferred_lft 41386sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether dc:a6:32:50:de:58 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.110/24 brd 192.168.31.255 scope global dynamic noprefixroute wlan0 + valid_lft 43094sec preferred_lft 43094sec + inet6 fe80::394:d086:27fa:deba/64 scope link noprefixroute + valid_lft forever preferred_lft forever + ``` diff --git a/docs/en/server/installation_upgrade/installation/installation_modes.md b/docs/en/server/installation_upgrade/installation/installation_modes.md new file mode 100644 index 0000000000000000000000000000000000000000..e49fba8d79d932651c0cf1d092129de49a4b02d4 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/installation_modes.md @@ -0,0 +1,180 @@ +# Installation Modes + +>![](./public_sys-resources/icon-notice.gif) **NOTICE** +> +>- Only TaiShan 200 servers and FusionServer Pro rack server are supported. For details about the supported server models, see [Hardware Compatibility](./installation_preparations.md#hardware-compatibility). Only a virtualization platform created by the virtualization components \(openEuler as the host OS and QEMU and KVM provided in the release package\) of openEuler and the x86 virtualization platform of Huawei public cloud are supported. +>- Currently, only installation modes such as DVD-ROM, USB flash drive, network, QCOW2 image, and private image are supported. In addition, only the x86 virtualization platform of Huawei public cloud supports the private image installation mode. + +## Installation Through a DVD-ROM + +This section describes how to create or use a DVD-ROM to install the openEuler. + +### Preparing the Installation Source + +If you have obtained a DVD-ROM, directly install the OS using the DVD-ROM. If you have obtained an ISO file, record the ISO file to a DVD and install the OS using the obtained DVD. + +### Starting the Installation + +Perform the following operations to start the installation: + +>![](./public_sys-resources/icon-note.gif) **NOTE** +>Set the system to preferentially boot from the DVD-ROM drive. Take BIOS as an example. You need to move the **CD/DVD-ROM Drive** option under **Boot Type Order** to the top. + +1. Disconnect all drives that are not required, such as USB drives. +2. Start your computer system. +3. Insert the installation DVD-ROM into the computer. +4. Restart the computer system. + +After a short delay, a graphical wizard page is displayed, which contains different boot options. If you do not perform any operation within one minute, the installation starts automatically with the default option. + +## Installation Through a USB Flash Drive + +This section describes how to create or use a USB flash drive to install the openEuler. + +### Preparing the Installation Source + +Pay attention to the capacity of the USB flash drive. The USB flash drive must have sufficient space to store the entire image. It is recommended that the USB flash drive have more than 16 GB space. + +1. Connect the USB flash drive to the system and run the **dmesg** command to view related log. At the end of the log, you can view the information generated by the USB flash drive that is just connected. The information is similar to the following: + + ```text + [ 170.171135] sd 5:0:0:0: [sdb] Attached SCSI removable disk + ``` + + >![](./public_sys-resources/icon-note.gif) **NOTE** + >Take the **sdb** USB flash drive as an example. + +2. Switch to user **root**. When running the **su** command, you need to enter the password. + + ```bash + su - root + ``` + +3. Ensure that the USB flash drive is not mounted. + + ```bash + findmnt /dev/sdb + ``` + + - If no command output is displayed, the file system is not mounted. Go to the next step. + + - If the following information is displayed, the USB flash drive is automatically mounted. + + ```bash + $ findmnt /dev/sdb + TARGET SOURCE FSTYPE OPTIONS + /mnt/iso /dev/sdb iso9660 ro,relatime + ``` + + In this case, you need to run the **umount** command to uninstall the device. + + ```bash + umount /mnt/iso + ``` + +4. Run the **dd** command to write the ISO image to the USB flash drive. + + ```bash + dd if=/path/to/image.iso of=/dev/device bs=blocksize + ``` + + Replace **/path/to/image.iso** with the complete path of the downloaded ISO image file, replace **device** with the device name provided by the **dmesg** command, and set a proper block size \(for example, 512 KB\) to replace **blocksize** to accelerate the write progress. + + For example, if the ISO image file name is **/home/testuser/Downloads/openEuler-21.09-aarch64-dvd.iso** and the detected device name is **sdb**, run the following command: + + ```bash + dd if=/home/testuser/Downloads/openEuler-21.09-aarch64-dvd.iso of=/dev/sdb bs=512k + ``` + + >![](./public_sys-resources/icon-note.gif) **NOTE** + >As described in ISOLINUX, the ISO 9660 file system created by the **mkisofs** command will boot through BIOS firmware, but only from the CD-ROM, DVD-ROM, or BD. In this case, you need to run the **isohybrid -u your.iso** command to process the ISO file and then run the **dd** command to write the ISO file to the USB flash drive. (This problem affects only the x86 architecture.) + +5. After the image is written, remove the USB flash drive. + + No progress is displayed during the image write process. When the number sign (#) appears again, run the following command to write the data to the drive. Then exit the **root** account and remove the USB flash drive. In this case, you can use the USB drive as the installation source of the system. + + ```bash + sync + ``` + +### Starting the Installation + +Perform the following operations to start the installation: + +>![](./public_sys-resources/icon-note.gif) **NOTE** +>Set the system to preferentially boot from the USB flash drive. Take the BIOS as an example. You need to move the **USB** option under **Boot Type Order** to the top. + +1. Disconnect all drives that are not required. +2. Open your computer system. +3. Insert the USB flash drive into the computer. +4. Restart the computer system. + +After a short delay, a graphical wizard page is displayed, which contains different boot options. If you do not perform any operation within one minute, the installation program automatically starts the installation. + +## Installation Through the Network Using PXE + +To boot with PXE, you need to properly configure the server and your computer's network interface shall support PXE. + +If the target hardware is installed with a PXE-enabled NIC, configure it to boot the computer from network system files rather than local media \(such as DVD-ROMs\) and execute the Anaconda installation program. + +For installation through the network using PXE, the client uses a PXE-enabled NIC to send a broadcast request for DHCP information and IP address to the network. The DHCP server provides the client with an IP address and other network information, such as the IP address or host name of the DNS and FTP server \(which provides the files required for starting the installation program\), and the location of the files on the server. + +>![](./public_sys-resources/icon-note.gif) **NOTE** +>The TFTP, DHCP, and HTTP server configurations are not described here. For details, see [Full-automatic Installation Guide](using_kickstart_for_automatic_installation.md#using-kickstart-for-automatic-installation). + +## Installation Through a QCOW2 Image + +This section describes how to create or use a QCOW2 image to install the openEuler. + +### Creating a QCOW2 Image + +1. Install the **qemu-img** software package. + + ```bash + dnf install -y qemu-img + ``` + +2. Run the **create** command of the qemu-img tool to create an image file. The command format is as follows: + + ```bash + qemu-img create -f -o + ``` + + The parameters are described as follows: + + - _imgFormat_: Image format. The value can be **raw** or **qcow2**. + - _fileOption_: File option, which is used to set features of an image file, such as specifying a backend image file, compressing, and encrypting. + - _fileName_: File name. + - _diskSize_: Disk size, which specifies the size of a block disk. The unit can be K, M, G, or T, indicating KiB, MiB, GiB, or TiB. + + For example, to create an image file **openEuler-image.qcow2** whose disk size is 32 GB and format is qcow2, the command and output are as follows: + + ```bash + $ qemu-img create -f qcow2 openEuler-image.qcow2 32G + Formatting 'openEuler-image.qcow2', fmt=qcow2 size=34359738368 cluster_size=65536 lazy_refcounts=off refcount_bits=16 + ``` + +### Starting the Installation + +Perform the following operations to start the installation: + +1. Prepare a QCOW2 image file. +2. Prepare the VM network. +3. Prepare the UEFI boot tool set EDK II. +4. Prepare the VM XML configuration file. +5. Create a VM. +6. Start the VM. + +For details, see the [*Virtualization User Guide*](https://gitee.com/openeuler/Virt-docs/blob/openEuler-24.03-LTS-SP2/docs/en/virtualization_platform/virtualization/introduction_to_virtualization.md). + +## Installation Through a Private Image + +This section describes how to create or use a private image to install the openEuler. + +### Creating a Private Image + +For instructions about how to create a private image, see [*Image Management Service User Guide*](https://support.huaweicloud.com/intl/en-us/usermanual-ims/en-us_topic_0013901628.html). + +### Starting the Installation + +For details about how to start the x86 virtualization platform of Huawei public cloud, see [Elastic Cloud Server User Guide](https://support.huaweicloud.com/intl/en-us/wtsnew-ims/index.html). diff --git a/docs/en/server/installation_upgrade/installation/installation_modes_1.md b/docs/en/server/installation_upgrade/installation/installation_modes_1.md new file mode 100644 index 0000000000000000000000000000000000000000..5344fcb32eef8de86f714c7282493259b2e555c7 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/installation_modes_1.md @@ -0,0 +1,101 @@ +# Installation Modes + +> ![](./public_sys-resources/icon-notice.gif) **NOTE** +> +> - The hardware supports only Raspberry Pi 3B/3B+/4B. +> - The installation is performed by writing images to the SD card. This section describes how to write images on Windows, Linux, and Mac. +> - The image used in this section is the Raspberry Pi image of openEuler. For details about how to obtain the image, see [Installation Preparations](installation_preparations_1.md). + +## Writing Images on Windows + +This section uses Windows 10 as an example to describe how to write images to the SD card in the Windows environment. + +### Formatting the SD Card + +To format the SD card, perform the following procedures: + +1. Download and install a SD card formatting tool. The following operations use SD Card Formatter as an example. + +2. Start SD Card Formatter. In **Select card**, select the drive letter of the SD card to be formatted. + + If no image has been installed in the SD card, only one drive letter exists. In **Select card**, select the drive letter of the SD card to be formatted. + + If an image has been installed in the SD card, one or more drive letters exist. For example, the SD card corresponds to three drive letters: E, G, and H. In **Select card**, you can select the drive letter E of the boot partition. + +3. In **Formatting options**, select a formatting mode. The default mode is **Quick format**. + +4. Click **Format** to start formatting. A progress bar is displayed to show the formatting progress. + +5. After the formatting is completed, the message "Formatting was successfully completed" is displayed. Click **OK**. + +### Writing Images to the SD Card + +> ![](./public_sys-resources/icon-notice.gif) **NOTE** +If the compressed image file **openEuler-{version}-raspi-aarch64.img.xz** is obtained, decompress the file to obtain the **openEuler-{version}-raspi-aarch64.img** image file. + +To write the **openEuler-{version}-raspi-aarch64.img** image file to the SD card, perform the following procedures: + +1. Download and install a tool for writing images. The following operations use Win32 Disk Imager as an example. +2. Start Win32 Disk Imager and right-click **Run as administrator**. +3. Select the path of the image file in IMG format from the **Image File** drop-down list box. +4. In **Device**, select the drive letter of the SD card to which the image is written. +5. Click **Write**. A progress bar is displayed to show the progress of writing the image to the SD card. +6. After the write operation is completed, a dialog box is displayed, indicating that the write operation is successfully completed. Click **OK**. + +## Writing Images on Linux + +This section describes how to write images to the SD card in the Linux environment. + +### Checking Drive Partition Information + +Run the ` **fdisk -l** ` command as the **root** user to obtain the drive information of the SD card. For example, the drive partition corresponding to the SD card can be **/dev/sdb**. + +### Unmounting the SD Card + +1. Run the ` **df -lh** ` command to check the mounted volumes. + +2. If the partitions corresponding to the SD card are not mounted, skip this step. If the partitions (for example, /dev/sdb1 and /dev/sdb3) are mounted, run the following commands as the **root** user to unmount them: + + `umount /dev/sdb1` + + `umount /dev/sdb3` + +### Writing Images to the SD Card + +1. If the image obtained is compressed, run the ` **xz -d openEuler-{version}-raspi-aarch64.img.xz** ` command to decompress the compressed file to obtain the **openEuler-{version}-raspi-aarch64.img** image file. Otherwise, skip this step. + +2. Run the following command as the **root** user to write the `openEuler-{version}-raspi-aarch64.img` image to the SD card: + + `dd bs=4M if=openEuler-{version}-raspi-aarch64.img of=/dev/sdb` + + > ![](./public_sys-resources/icon-note.gif) **NOTE** + Generally, the block size is set to 4 MB. If the write operation fails or the written image cannot be used, you can set the block size to 1 MB and try again. However, the write operation is time-consuming when the block size is set to 1 MB. + +## Writing Images on Mac + +This section describes how to flash images to the SD card in the Mac environment. + +### Checking Drive Partition Information + +Run the ` **diskutil list** ` command as the **root** user to obtain the drive information of the SD card. For example, the drive partition corresponding to the SD card can be **/dev/disk3**. + +### Unmounting the SD Card + +1. Run the ` **df -lh** ` command to check the mounted volumes. + +2. If the partitions corresponding to the SD card are not mounted, skip this step. If the partitions (for example, dev/disk3s1 and /dev/disk3s3) are mounted, run the following commands as the **root** user to unmount them: + + `diskutil umount /dev/disk3s1` + + `diskutil umount /dev/disk3s3` + +### Writing Images to the SD Card + +1. If the image obtained is compressed, run the `xz -d openEuler-{version}-raspi-aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-{version}-raspi-aarch64.img** image file. Otherwise, skip this step. + +2. Run the following command as the **root** user to write the image `openEuler-{version}-raspi-aarch64.img` to the SD card: + + `dd bs=4m if=openEuler-{version}-raspi-aarch64.img of=/dev/disk3` + + > ![](./public_sys-resources/icon-note.gif) **NOTE** + > Generally, the block size is set to 4 MB. If the write operation fails or the written image cannot be used, you can set the block size to 1 MB and try again. However, the write operation is time-consuming when the block size is set to 1 MB. diff --git a/docs/en/server/installation_upgrade/installation/installation_on_servers.md b/docs/en/server/installation_upgrade/installation/installation_on_servers.md new file mode 100644 index 0000000000000000000000000000000000000000..33dbf9a416e60c59d3d99cf34ae308adba1e4736 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/installation_on_servers.md @@ -0,0 +1,3 @@ +# Installation on Servers + +This section describes how to install openEuler on servers. Users must have basic knowledge of Linux OS management. diff --git a/docs/en/server/installation_upgrade/installation/installation_preparations.md b/docs/en/server/installation_upgrade/installation/installation_preparations.md new file mode 100644 index 0000000000000000000000000000000000000000..bdf886b5662004278f4330591f18aae4c7a14c9b --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/installation_preparations.md @@ -0,0 +1,121 @@ +# Installation Preparations + +This section describes the compatibility of the hardware and software and the related configurations and preparations required for the installation. + +## Obtaining the Installation Source + +Obtain the openEuler release package and verification file before the installation. + +Perform the following operations to obtain the openEuler release package: + +1. Visit the [openEuler](https://www.openeuler.org/en/) website. +2. Click **Downloads**. +3. Click **Community Editions**. The version list is displayed. +4. Click **Download** on the right of **openEuler 22.03 LTS SP2**. +5. Download the required openEuler release package and the corresponding verification file based on the architecture and scenario. + 1. If the architecture is AArch64: + 1. Click **AArch64**. + 2. If you install openEuler from a local source, download the **Offline Standard ISO** or **Offline Everything ISO** release package **openEuler-22.03-LTS-SP2-(everything-)aarch64-dvd.iso** to the local host. + 3. If you install openEuler through the network, download the **Network Install ISO** release package **openEuler-22.03-LTS-SP2-netinst-aarch64-dvd.iso** to the local host. + 2. If the architecture is x86_64: + 1. Click **x86_64**. + 2. If you install openEuler from a local source, download the **Offline Standard ISO** or **Offline Everything ISO** release package **openEuler-22.03-LTS-SP2-(everything-)x86_64-dvd.iso** to the local host. + 3. If you install openEuler through the network, download the **Network Install ISO** release package **openEuler-22.03-LTS-SP2-netinst-x86_64-dvd.iso** to the local host. + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - When the network is available, install the environment on the network because the ISO release package is small. +> - The release package of the AArch64 architecture supports the UEFI mode, while the release package of the x86\_64 architecture supports both the UEFI and Legacy modes. + +## Release Package Integrity Check + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> This section describes how to verify the integrity of the release package in the AArch64 architecture. The procedure for verifying the integrity of the release package in the x86_64 architecture is the same. + +### Introduction + +To prevent the software package from being incompletely downloaded due to network or storage device faults during transmission, you need to verify the integrity of the software package after obtaining it. Only the software package that passes the verification can be installed. + +Compare the verification value recorded in the verification file with the .iso file verification value calculated manually to check whether the software package passes the verification. If the values are consistent, the .iso file is not damaged. Otherwise, the file is damaged and you need to obtain it again. + +### Prerequisites + +Before verifying the integrity of the release package, prepare the following files: + +ISO file: **openEuler-22.03-LTS-SP2-aarch64-dvd.iso** + +Verification file: Copy and save the **Integrity Check** SHA256 value to a local file. + +### Procedures + +To verify the file integrity, perform the following operations: + +1. Calculate the SHA256 verification value of the file. Run the following command: + + ```shell + sha256sum openEuler-22.03-LTS-SP2-aarch64-dvd.iso + ``` + + After the command is run, the verification value is displayed. + +2. Check whether the calculated value is the same as that of the saved SHA256 value. + + If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, you can confirm that the file is damaged and you need to obtain the file again. + +## Installation Requirements for PMs + +To install the openEuler OS on a PM, the PM must meet the following requirements. + +### Hardware Compatibility + +You need to take hardware compatibility into account during openEuler installation. [Table 1](#table14948632047) describes the types of supported servers. + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - TaiShan 200 servers are backed by Huawei Kunpeng 920 processors. +> - Currently, only Huawei TaiShan and FusionServer Pro servers are supported. More servers from other vendors will be supported in the future. + +**Table 1** Supported servers + +| Server Type | Server Name | Server Model | +| :---- | :---- | :---- | +| Rack server | TaiShan 200 | 2280 balanced model | +| Rack server | FusionServer Pro | FusionServer Pro 2288H V5
NOTE:
The server must be configured with the Avago SAS3508 RAID controller card and the LOM-X722 NIC.| + +### Minimum Hardware Specifications + +[Table 2](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications supported by openEuler. + +**Table 2** Minimum hardware specifications + +| Component | Minimum Hardware Specifications | +| :---- | :---- | +| Architecture | AArch64 or x86_64 | +| CPU | Two CPUs | +| Memory | ≥ 4 GB (8 GB or higher recommended for better user experience) | +| Hard disk | ≥ 32 GB (120 GB or higher recommended for better user experience) | + +## Installation Requirements for VMs + +To install the openEuler OS on a VM, the PM must meet the following requirements. + +### Virtualization Platform Compatibility + +When installing openEuler, pay attention to the compatibility of the virtualization platform. Currently, the following virtualization platforms are supported: + +- A virtualization platform created by the virtualization components \(openEuler as the host OS and QEMU and KVM provided in the release package\) of openEuler +- x86 virtualization platform of Huawei public cloud + +### Minimum Virtualization Space + +[Table 3](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum virtualization space required by openEuler. + +**Table 3** Minimum virtualization space + +| Component | Minimum Virtualization Space | +| :---- | :---- | +| Architecture | AArch64 or x86_64 | +| CPU | Two CPUs| +| Memory | ≥ 4 GB (8 GB or higher recommended for better user experience) | +| Hard disk | ≥ 32 GB (120 GB or higher recommended for better user experience) | diff --git a/docs/en/server/installation_upgrade/installation/installation_preparations_1.md b/docs/en/server/installation_upgrade/installation/installation_preparations_1.md new file mode 100644 index 0000000000000000000000000000000000000000..c05cb607124732ec7b2b66ff734621fce93be4ee --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/installation_preparations_1.md @@ -0,0 +1,102 @@ +# Installation Preparations + +This section describes the compatibility of the hardware and software and the related configurations and preparations required for the installation. + +## Obtaining the Installation Source + +Before installation, obtain the openEuler Raspberry Pi image and its verification file. + +1. Visit [openEuler Repo](https://repo.openeuler.org/). +2. Choose **openEuler 24.03 LTS SP1**. +3. Click **raspi_img**. The download list of Raspberry Pi images is displayed. +4. Click **openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz** to download the openEuler Raspberry Pi image to the local PC. +5. Click **openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum** to download the verification file of the openEuler Raspberry Pi image to the local PC. + +## Verifying the Image Integrity + +### Overview + +During package transmission, to prevent software packages from being incompletely downloaded due to network or storage device problems, you need to verify the integrity of the software packages after obtaining them. Only the software packages that pass the verification can be deployed. + +Compare the verification value recorded in the verification file with the verification value that is manually calculated to determine whether the software package is complete. If the two values are the same, the downloaded file is complete. Otherwise, the downloaded file is incomplete and you need to obtain the software package again. + +### Prerequisites + +Before verifying the integrity of the image file, ensure that the following files are available: + +Image file: **openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz** +Image file: **openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz** + +Verification file: **openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum** +Verification file: **openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum** + +### Procedures + +To verify the file integrity, perform the following procedures: + +1. Obtain the verification value from the verification file. Run the following command: + + ```shell + cat openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum + ``` + +2. Calculate the SHA256 verification value of the file. Run the following command: + + ```shell + sha256sum openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz + ``` + + After the command is executed, the verification value is displayed. + +3. Check whether the verification values obtained from the step 1 and step 2 are consistent. + + If they are consistent, the downloaded file is not damaged. Otherwise, the downloaded file is incomplete and you need to obtain the file again. + +## Installation Requirements + +If the openEuler OS is installed in the Raspberry Pi environment, the Raspberry Pi environment must meet the following requirements. + +### Hardware Compatibility + +Currently, the openEuler Raspberry Pi image supports the 3B, 3B+, and 4B versions. + +### Minimum Hardware Specifications + +[Table 1](#tff48b99c9bf24b84bb602c53229e2542) lists the minimum hardware specifications for the openEuler Raspberry Pi image. + +**Table 1** Minimum hardware specifications + + + + + + + + + + + + + + + + + + + + + + +

Component Name

+

Minimum Hardware Specifications

+

Description

+

Raspberry Pi version

+
  • Raspberry Pi 3B
  • Raspberry Pi 3B+
  • Raspberry Pi 4B
  • Raspberry Pi 400
+

-

+

Memory

+

≥ 2 GB (4 GB or higher recommended for better user experience)

+

-

+

Drive

+

8 GB or higher recommended for better user experience

+

-

+
diff --git a/docs/en/server/installation_upgrade/installation/more_resources.md b/docs/en/server/installation_upgrade/installation/more_resources.md new file mode 100644 index 0000000000000000000000000000000000000000..cd9bd5ba09e6596781b3903cffed3a8617627347 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/more_resources.md @@ -0,0 +1,4 @@ +# Reference + +- [How to Create a Raspberry Pi Image File](https://gitee.com/openeuler/raspberrypi/blob/master/documents/openEuler%E9%95%9C%E5%83%8F%E7%9A%84%E6%9E%84%E5%BB%BA.md) +- [How to Use Raspberry Pi](https://gitee.com/openeuler/raspberrypi/blob/master/documents/%E6%A0%91%E8%8E%93%E6%B4%BE%E4%BD%BF%E7%94%A8.md) diff --git a/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-note.gif b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/installation_upgrade/installation/risc_v.md b/docs/en/server/installation_upgrade/installation/risc_v.md new file mode 100644 index 0000000000000000000000000000000000000000..042190766519991c91849ab2a405ebaf590a64af --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/risc_v.md @@ -0,0 +1,5 @@ +# RISC-V Installation Guide + +This document describes how to install openEuler on RISC-V. + +This document is intended for openEuler users with basic understanding of Linux system management. diff --git a/docs/en/server/installation_upgrade/installation/risc_v_licheepi4a.md b/docs/en/server/installation_upgrade/installation/risc_v_licheepi4a.md new file mode 100644 index 0000000000000000000000000000000000000000..e408d28eab44cf875b3906478f1a215d4bc740ed --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/risc_v_licheepi4a.md @@ -0,0 +1,96 @@ +# Installing on Licheepi4A + +## Hardware Preparation + +- `Sipeed LicheePi 4A` device (either `8 GB` or `16 GB` version) +- Monitor +- `USB` keyboard and mouse +- Equipment/components required for serial operation (optional) +- `RJ45` network cable and router/switch for wired network connection + +## Device Firmware + +Different memory versions of `LicheePi4A` require different firmware: + +- `u-boot-with-spl-lpi4a.bin` is the u-boot file for the 8 GB version. +- `u-boot-with-spl-lpi4a-16g.bin` is the u-boot file for the 16 GB version. + +The following flashing method uses the `16GB + 128GB` core board as an example, assuming the user already downloaded `base` image and the corresponding u-boot file. + +## Flashing Method + +### Flashing Tools + +Please use `fastboot` command for flashing. You can download `burn_tools.zip` from `https://dl.sipeed.com/shareURL/LICHEE/licheepi4a/07_Tools`. The archive contains flashing tools for `Windows`, `macOS`, and `Linux`. + +### Set Hardware to Enter Flashing Mode + +> Please first check that the DIP switch on the baseboard is set to EMMC boot mode. After confirming, you can proceed with the flashing. + +Hold down the `BOOT` button on the board, then insert the `USB-C` cable to power on the device (the other end of the cable should be connected to a `PC`), entering `USB` flashing mode. +On `Windows`, check the device manager for the `USB download gadget` device. +On `Linux`, use `lsusb` to check for the device, showing: `ID 2345:7654 T-HEAD USB download gadget`. + +### Driver Installation on Windows + +> Note: +> The provided image does not include Windows drivers. You can download `burn_tools.zip` [here](https://dl.sipeed.com/shareURL/LICHEE/licheepi4a/07_Tools) and find the `windows/usb_driver-fullmask` folder inside. This folder contains the drivers needed for Windows. + +To flash on Windows, you need to enter advanced startup mode and disable digital signature enforcement. Follow the steps below to disable digital signature enforcement: + +#### Windows 10 + +1. Go to `Settings` -> `Update & Security` +2. Click `Recovery` on the left, then click `Restart now` under `Advanced startup`. Your computer will restart. Save any ongoing work before proceeding. + +#### Windows 11 + +1. Go to `Settings` -> `System` -> `Recovery` +2. Click `Restart now` under `Advanced startup`. Your computer will restart. Save any ongoing work before proceeding. + +##### After Restart + +1. Click `Troubleshoot`, then `Advanced options` -> `Startup Settings`. The system will restart again. +2. After restarting, select `Disable driver signature enforcement`. This option is usually number 7 but may vary. After selecting the appropriate option, the system will restart again. +3. After rebooting into the system, install the driver. Open `Device Manager`, find `USB download gadget` under `Other devices`, and double-click it. +4. Click `Update driver` under the `General` tab. +5. On the `Browse my computer for drivers` page, paste the path to the `usb_driver-fullmask` directory. +6. Click `Next` to install the driver. + +### Flashing the Image + +After entering flashing mode, use fastboot to flash the image. On macOS or Linux, if fastboot is self-installed, you may need to give it executable permissions. + +#### Windows Steps + +First, add `fastboot` to the system environment variable `PATH`, or place `fastboot` in the same directory. Also, extract the image files. Open `PowerShell` and execute the following commands: + +```bash +# Replace with the u-boot file corresponding to your board version +fastboot flash ram u-boot-with-spl-lpi4a-16g.bin +fastboot reboot +# After rebooting, wait 5 seconds before continuing +# Replace with the u-boot file corresponding to your board version +fastboot flash uboot u-boot-with-spl-lpi4a-16g.bin +fastboot flash boot openEuler-24.03-LTS-riscv64-lpi4a-base-boot.ext4 +fastboot flash root openEuler-24.03-LTS-riscv64-lpi4a-base-root.ext4 +``` + +#### Linux/macOS Steps + +You may need to prefix the fastboot commands with `sudo`. + +```bash +# Replace with the u-boot file corresponding to your board version +sudo fastboot flash ram u-boot-with-spl-lpi4a-16g.bin +sudo fastboot reboot +# After rebooting, wait 5 seconds before continuing +# Replace with the u-boot file corresponding to your board version +sudo fastboot flash uboot u-boot-with-spl-lpi4a-16g.bin +sudo fastboot flash boot openEuler-24.03-LTS-riscv64-lpi4a-base-boot.ext4 +sudo fastboot flash root openEuler-24.03-LTS-riscv64-lpi4a-base-root.ext4 +``` + +## Hardware Availability + +The official release is based on the [`openEuler kernel 6.6`](riscv_olk6.6_homologous_version.md) version, and not all kernel modules are fully supported. This version emphasizes a consistent official ecosystem experience. For more complete hardware functionality, use third-party releases. diff --git a/docs/en/server/installation_upgrade/installation/risc_v_pioneer1.3.md b/docs/en/server/installation_upgrade/installation/risc_v_pioneer1.3.md new file mode 100644 index 0000000000000000000000000000000000000000..5a9c54c8efa2d9752e5a83596006570bcd8e5acb --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/risc_v_pioneer1.3.md @@ -0,0 +1,104 @@ +# Installing on Pioneer Box + +## Hardware Preparation + +- `Milk-V Pioneer v1.3` device or motherboard (with necessary peripherals) - 1 set + +- `m.2 NVMe` solid-state drive - 1 unit + +> If it contains data, format it to clear the data (make sure to back up personal files) +> +> If you have a `PCIe` adapter card, place it in the first `PCIe` slot of the device (recommended) +> +> If no `PCIe` adapter card, use the onboard `NVMe` interface + +- `AMD R5 230` graphics card - 1 unit + +> Place it in the second `PCIe` slot of the device + +- `USB` flash drive - 1 unit + +> Should be at least `16GiB` + +- `microSD card` - 1 unit + +> Should be at least `4GiB` + +- Monitor (the display interface should match the graphics card) + +- `USB` keyboard and mouse - 1 set + +- Equipment/components required for serial operation (optional) + +- `RJ45` network cable - at least 1, and router/switch for wired network connection + +> It is recommended to use the device's onboard `RJ45` network port rather than the manufacturer's provided `PCIe` network card. +> +> The device does not come with a `WiFi` network card and does not support WiFi or Bluetooth connectivity. Please prepare the corresponding equipment if needed. + +## Types of Images + +### ISO + +> `ISO` images support booting via `UEFI`, corresponding to the **UEFI version** firmware described below. + +Download the `ISO` file (e.g., `openEuler-24.03-LTS-riscv64-dvd.iso`) from the official download page and burn it to a **USB flash drive**. + +- It is recommended to use the `Balena Etcher` software for graphical burning (download from `https://github.com/balena-io/etcher/releases/latest`). The burning process is not detailed here. +- In a command-line environment, you can also use the `dd` method to burn the image. Refer to the following command: + +```txt +~$ sudo dd if=openEuler-24.03-LTS-riscv64-dvd.iso of=/dev/sda bs=512K iflag=fullblock oflag=direct conv=fsync status=progress +``` + +### Image + +> `Image` images support booting via `Legacy`, corresponding to the **non-UEFI version** firmware described below. + +Download the `Zip` archive containing the image (e.g., `openEuler-24.03-LTS-riscv64-sg2042.img.zip`) from the official download page and burn it directly to an **SDCARD** or **solid-state drive**. + +## Device Firmware + +> Since the device's factory firmware currently does not support `UEFI`, users of the `ISO` version need to manually replace the firmware with the `UEFI` version based on `EDK2`. + +Download the device firmware archive `sg2042_firmware_uefi.zip` from the official download page under the **Embedded category**, extract it, and burn the `img` file to an **SDCARD**. + +```txt +~$ sudo dd if=firmware_single_sg2042-master.img of=/dev/sda bs=512K iflag=fullblock oflag=direct conv=fsync status=progress +261619712 bytes (262 MB, 250 MiB) copied, 20 s, 13.1 MB/s +268435456 bytes (268 MB, 256 MiB) copied, 20.561 s, 13.1 MB/s + +512+0 records in +512+0 records out +268435456 bytes (268 MB, 256 MiB) copied, 20.5611 s, 13.1 MB/s +``` + +> Due to the older firmware version shipped with the device, Image users who want to use a newer version of the firmware can update to the **non-UEFI version** of the firmware. + +Download the device firmware package `sg2042_firmware_uboot.zip` from the embedded category on the download page, and follow the same procedure as the UEFI firmware to extract and flash the img file to the **SDCARD**. + +After burning, insert the **SDCARD** into the device's card slot. + +## Pre-Startup Checks + +For `ISO` version users: + +- Ensure the `microSD card` with the `UEFI` firmware is inserted into the device's card slot. + + > The current `UEFI` firmware cannot manually adjust or specify the boot order, please understand. + +- If using the factory-provided solid-state drive, or if another bootable `RISC-V` operating system exists on the drive, remove the solid-state drive for formatting or replace it with another empty solid-state drive to avoid interference with the boot order. + +For `Image` version users: + +- If using the factory-provided solid-state drive, or if another bootable `RISC-V` operating system exists on the drive, remove the solid-state drive for formatting or replace it with another empty solid-state drive to avoid interference with the boot order. + +## Notes for Use + +For `ISO` version users: + +- Due to the limitations of the current version of the `UEFI` firmware, the `Grub2` boot menu may take a long time (~15s) to load and respond slowly if the graphics card is inserted into the `PCIe` slot during startup. + +For `Image` version users: + +- Due to the limitations of the current factory firmware, the `RISC-V` serial output is incomplete during device startup, and the serial output will be closed before the operating system is fully loaded. The graphics card needs to be inserted into the `PCIe` slot and connected to a monitor to observe the complete startup process. diff --git a/docs/en/server/installation_upgrade/installation/risc_v_qemu.md b/docs/en/server/installation_upgrade/installation/risc_v_qemu.md new file mode 100644 index 0000000000000000000000000000000000000000..a578dbe2a1b678d1bec434a84e1c8d284d804388 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/risc_v_qemu.md @@ -0,0 +1,70 @@ +# Installing on QEMU + +## Firmware + +### Standard EFI Firmware + +Download the following binaries from the download page: + +``` text +RISCV_VIRT_CODE.fd +RISCV_VIRT_VARS.fd +``` + +Alternatively, compile the latest EDK2 OVMF firmware locally according to the [official documentation](https://github.com/tianocore/edk2/tree/master/OvmfPkg/RiscVVirt) + +### EFI Firmware with Penglai TEE Support + +Download the following binary from the download page: + +``` text +fw_dynamic_oe_2403_penglai.bin +``` + +## QEMU Version + +>To support UEFI, QEMU version 8.1 or above is required. +> +>During compilation, the libslirp dependency needs to be installed (package name varies by distribution, for openEuler it's libslirp-devel) and the --enable-slirp parameter should be added. + +``` bash +~$ qemu-system-riscv64 --version +QEMU emulator version 8.2.2 +Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers +``` + +## qcow2 Image + +Obtain the ISO file (e.g., `openEuler-24.03-LTS-SP1-riscv64.qcow2.xz`) + +``` bash +~$ ls *.qcow2.xz +openEuler-24.03-LTS-SP1-riscv64.qcow2.xz +``` + +## Getting the Startup Script + +Obtain the startup script from the download page: + +- `start_vm.sh`: Default script, requires manual installation of the desktop environment. +- `start_vm_penglai.sh`: Script supporting Penglai TEE functionality. + +Script Parameters: + +- `ssh_port`: Local SSH forwarding port, default is 12055. +- `vcpu`: Number of threads for QEMU execution, default is 8 cores, adjustable as needed. +- `memory`: Amount of memory allocated for QEMU execution, default is 8GiB, adjustable as needed. +- `fw`: Firmware payload for booting. +- `drive`: Path to the virtual disk, adjustable as needed. +- `bios` (optional): Boot firmware, can be used to load firmware enabled with Penglai TEE. + +## Creating a Virtual Hard Disk File + +Create a new virtual hard disk file, in the example below, the size of the virtual hard disk is 40GiB. +> Do not use qcow2 virtual hard disk files that already contain data to avoid unexpected situations during the boot process. +> +> Ensure that there is only one qcow2 virtual hard disk file in the current directory to avoid errors in script recognition. + +``` bash +~$ qemu-img create -f qcow2 qemu.qcow2 40G +``` diff --git a/docs/en/server/installation_upgrade/installation/riscv_olk6.6_homologous_version.md b/docs/en/server/installation_upgrade/installation/riscv_olk6.6_homologous_version.md new file mode 100644 index 0000000000000000000000000000000000000000..7a91466c592886e355b64ec999eb6f2f7dc63197 --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/riscv_olk6.6_homologous_version.md @@ -0,0 +1,55 @@ +# RISCV-OLK6.6 Source-Compatible Version Guide + +## RISCV-OLK6.6 Source-Compatible Plan + +Currently, the kernel versions maintained by various RISC-V SoC manufacturers are inconsistent, while the openEuler system requires a unified kernel version. This inconsistency results in various operating system versions based on different development boards having divergent third-party kernels, increasing maintenance difficulty and causing ecosystem fragmentation. The goal of the riscv-kernel project is to establish a unified kernel ecosystem for the RISC-V architecture in openEuler, sharing the benefits of Euler's ecosystem development and influence. This project is under development, and contributions from all parties are welcome. + +The project is primarily developed on the OLK-6.6 branch at and will be further integrated into OLK's source and artifact repositories. + +![riscv-olk6.6](figures/riscv-olk6.6.jpg) + +The project has nearly completed the source compatibility work for SG2042 and the basic source compatibility work for TH1520. + +## Supported Features + +SG2042 Verification Platform: MilkV Pioneer 1.3 + +TH1520 Verification Platform: LicheePi4A + +### Milk-V Pioneer feature status + +| Features | Status | +| ----------------------- | :----: | +| 64 Core CPU | O | +| PCIe Network Card | O | +| PCIe Graghic Card | O | +| PCIe Slots | O | +| 4x DDR4 128GB RAM | O | +| USB | O | +| Reset | O | +| eMMC | O | +| Micro USB debug console | O | +| micro SD card | O | +| SPI flash | O | +| RVV 0.71 | X | + +### LicheePi 4A feature status + +| Features | Status | +| ---------------- | :----: | +| 4 Core CPU | O | +| RAM | O | +| eMMC | O | +| Ethernet | O | +| WIFI | X | +| GPU IMG BXM-4-64 | X | +| NPU 4TOPS@INT8 | X | +| DSP | X | +| USB | O | +| MicroSD | O | +| GPIO | O | +| PWM-fan | O | +| PVT Sensor | O | +| Reboot | O | +| Poweroff | O | +| cpufreq | O | diff --git a/docs/en/server/installation_upgrade/installation/using_kickstart_for_automatic_installation.md b/docs/en/server/installation_upgrade/installation/using_kickstart_for_automatic_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..e727d21bc3156d85d8831d08e32d6e1c30a6754f --- /dev/null +++ b/docs/en/server/installation_upgrade/installation/using_kickstart_for_automatic_installation.md @@ -0,0 +1,350 @@ +# Using Kickstart for Automatic Installation + +## Introduction + +### Overview + +You can use the kickstart tool to automatically install the openEuler OS in either of the following ways: + +- Semi-automatic installation: You only need to specify the location of the kickstart file. Kickstart automatically configures OS attributes such as keyboard, language, and partitions. +- Automatic installation: The OS is automatically installed. + +### Advantages and Disadvantages + +[Table 1](#table1388812373315) lists the advantages and disadvantages of semi-automatic installation and full-automatic installation using kickstart. You can select an installation mode as required. + +**Table 1** Advantages and disadvantages + + + + + + + + + + + + + + + + +

Installation Mode

+

Advantage

+

Disadvantage

+

Semi-automatic installation

+

Services such as TFTP, PXE, and DHCP do not need to be prepared.

+

You need to manually specify the path of the kickstart file.

+

Full-automatic installation

+

The OS is installed automatically.

+

Services, such as TFTP, DHCPD, and PXE, need to be configured.

+
+ +### Background + +**Kickstart** + +Kickstart is an unattended installation mode. The principle of kickstart is to record typical parameters that need to be manually entered during the installation and generate the configuration file **ks.cfg**. During the installation, the installation program searches the **ks.cfg** configuration file first for required parameters. If no matching parameters are found, you need to manually configure these parameters. If all required parameters are covered by the kickstart file, automatic installation can be achieved by only specifying the path of the kickstart file. + +Both full-automatic or semi-automatic installation can be achieved by kickstart. + +**PXE** + +Pre-boot Execution Environment \(PXE\)\) works in client/server network mode. The PXE client can obtain an IP address from the DHCP server during the startup and implement client boot and installation through the network based on protocols such as trivial file transfer protocol \(TFTP\). + +**TFTP** + +TFTP is used to transfer simple and trivial files between clients and the server. + +## Semi-automatic Installation Guide + +### Environment Requirements + +The environment requirements for semi-automatic installation of openEuler OS using kickstart are as follows: + +- PM/VM \(For details about how to create VMs, see the documents from corresponding vendors\): includes the computer where kickstart is used for automatic installation and the computer where the kickstart tool is installed. +- Httpd: stores the kickstart file. +- ISO: openEuler-{version}-aarch64-dvd.iso + +### Procedure + +To use kickstart to perform semi-automatic installation of openEuler, perform the following steps: + +**Environment Preparation** + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> Before the installation, ensure that the firewall of the HTTP server is disabled. Run the following command to disable the firewall: +> +> ```shell +> iptables -F +> ``` + +1. Install httpd and start the service. + + ```shell + # dnf install httpd -y + # systemctl start httpd + # systemctl enable httpd + ``` + +2. Run the following commands to prepare the kickstart file: + + ```shell + # mkdir /var/www/html/ks + #vim /var/www/html/ks/openEuler-ks.cfg ===>The file can be obtained by modifying the **anaconda-ks.cfg** file automatically generated from openEuler OS. + ==================================== + ***Modify the following information as required.*** + #version=DEVEL + ignoredisk --only-use=sda + autopart --type=lvm + # Partition clearing information + clearpart --none --initlabel + # Use graphical install + graphical + # Use CDROM installation media + cdrom + # Keyboard layouts + keyboard --vckeymap=cn --xlayouts='cn' + # System language + lang zh_CN.UTF-8 + + # Network information + network --bootproto=dhcp --device=enp4s0 --ipv6=auto --activate + network --hostname=openeuler.com + # Root password + rootpw --iscrypted $6$fQE83lxEZ48Or4zc$j7/PlUMHn29yTjCD4Fi44WTZL/RzVGxJ/7MGsZMl6QfE3KjIVT7M4UrhFXbafvRq2lUddAFcyWHd5WRmXfEK20 + # Run the Setup Agent on first boot + firstboot --enable + # Do not configure the X Window System + skipx + # System services + services --disabled="chronyd" + # System timezone + timezone Asia/Shanghai --utc --nontp + + %packages + @^minimal-environment + @standard + + %end + + %anaconda + pwpolicy root --minlen=8 --minquality=1 --notstrict --nochanges --notempty + pwpolicy user --minlen=8 --minquality=1 --notstrict --nochanges --emptyok + pwpolicy luks --minlen=8 --minquality=1 --notstrict --nochanges --notempty + %end + + %post + #enable kdump + sed -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg + %end + ===================================== + ``` + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > The method of generating the password ciphertext is as follows: + > + > ```shell + > # python3 + > Python 3.7.0 (default, Apr 1 2019, 00:00:00) + > [GCC 7.3.0] on linux + > Type "help", "copyright", "credits" or "license" for more information. + > >>> import crypt + > >>> passwd = crypt.crypt("myPasswd") + > >>> print (passwd) + > $6$63c4tDmQGn5SDayV$mZoZC4pa9Jdt6/ALgaaDq6mIExiOO2EjzomB.Rf6V1BkEMJDcMddZeGdp17cMyc9l9ML9ldthytBEPVcnboR/0 + > ``` + +3. Mount the ISO image file to the CD-ROM drive of the computer where openEuler is to be installed. + + If you want to install openEuler through the NFS, specify the path \(which is **cdrom** by default\) of installation source in the kickstart file. + +**Installing the System** + +1. The installation selection dialog box is displayed. + 1. On the installation wizard page in [Starting the Installation](installation_modes.md#starting-the-installation), select **Install openEuler {version}** and press **e**. + 2. Add **inst.ks=** to the startup parameters. + + ![startparam.png](https://gitee.com/openeuler/docs/raw/master/docs/zh/docs/Installation/figures/startparam.png "startparam.png") + + 3. Press **Ctrl**+**x** to start the automatic installation. + +2. Verify that the installation is complete. + + After the installation is complete, the system automatically reboots. If the first boot option of the system is set to the CD_ROM, the installation page is displayed again. Shut down the computer and change startup option to start from the hard disk preferentially. + + ![](./figures/Automatic_installation_complete.png) + +## Full-automatic Installation Guide + +### Environment Requirements + +The environment requirements for full-automatic installation of openEuler using kickstart are as follows: + +- PM/VM \(For details about how to create VMs, see the documents from corresponding vendors\): includes the computer where kickstart is used for automatic installation and the computer where the kickstart tool is installed. +- Httpd: stores the kickstart file. +- TFTP: provides vmlinuz and initrd files. +- DHCPD/PXE: provides the DHCP service. +- ISO: openEuler-{version}-aarch64-dvd.iso + +### Procedure + +To use kickstart to perform full-automatic installation of openEuler, perform the following steps: + +**Environment Preparation** + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> Before the installation, ensure that the firewall of the HTTP server is disabled. Run the following command to disable the firewall: +> +> ```shell +> iptables -F +> ``` + +1. Install httpd and start the service. + + ```shell + # dnf install httpd -y + # systemctl start httpd + # systemctl enable httpd + ``` + +2. Install and configure TFTP. + + ```shell + # dnf install tftp-server -y + # vim /etc/xinetd.d/tftp + service tftp + { + socket_type = dgram + protocol = udp + wait = yes + user = root + server = /usr/sbin/in.tftpd + server_args = -s /var/lib/tftpboot + disable = no + per_source = 11 + cps = 100 2 + flags = IPv4 + } + # systemctl start tftp + # systemctl enable tftp + # systemctl start xinetd + # systemctl status xinetd + # systemctl enable xinetd + ``` + +3. Prepare the installation source. + + ```shell + # mount openEuler-{version}-aarch64-dvd.iso /mnt + # cp -r /mnt/* /var/www/html/openEuler/ + ``` + +4. Set and modify the kickstart configuration file **openEuler-ks.cfg**. Select the HTTP installation source by referring to [3](#zh-cn_topic_0229291289_l1692f6b9284e493683ffa2ef804bc7ca). + + ```shell + #vim /var/www/html/ks/openEuler-ks.cfg + ==================================== + ***Modify the following information as required.*** + #version=DEVEL + ignoredisk --only-use=sda + autopart --type=lvm + # Partition clearing information + clearpart --none --initlabel + # Use graphical install + graphical + # Keyboard layouts + keyboard --vckeymap=cn --xlayouts='cn' + # System language + lang zh_CN.UTF-8 + #Use http installation source + url --url=http://192.168.122.1/openEuler/ + %post + #enable kdump + sed -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg + %end + ... + ``` + +5. Modify the PXE configuration file **grub.cfg** as follows. (Note: Currently, openEuler does not support the cfg file in bls format.) + + ```shell + # cp -r /mnt/images/pxeboot/* /var/lib/tftpboot/ + # cp /mnt/EFI/BOOT/grubaa64.efi /var/lib/tftpboot/ + # cp /mnt/EFI/BOOT/grub.cfg /var/lib/tftpboot/ + # ls /var/lib/tftpboot/ + grubaa64.efi grub.cfg initrd.img TRANS.TBL vmlinuz + # vim /var/lib/tftpboot/grub.cfg + set default="1" + + function load_video { + if [ x$feature_all_video_module = xy ]; then + insmod all_video + else + insmod efi_gop + insmod efi_uga + insmod ieee1275_fb + insmod vbe + insmod vga + insmod video_bochs + insmod video_cirrus + fi + } + + load_video + set gfxpayload=keep + insmod gzio + insmod part_gpt + insmod ext2 + + set timeout=60 + + + ### BEGIN /etc/grub.d/10_linux ### + menuentry 'Install openEuler {version} ' --class red --class gnu-linux --class gnu --class os { + set root=(tftp,192.168.122.1) + linux /vmlinuz ro inst.geoloc=0 console=ttyAMA0 console=tty0 rd.iscsi.waitnet=0 inst.ks=http://192.168.122.1/ks/openEuler-ks.cfg + initrd /initrd.img + } + ``` + +6. Configure DHCP \(which can be replaced by DNSmasq\). + + ```shell + # dnf install dhcp -y + # + # DHCP Server Configuration file. + # see /usr/share/doc/dhcp-server/dhcpd.conf.example + # see dhcpd.conf(5) man page + # + # vim /etc/dhcp/dhcpd.conf + ddns-update-style interim; + ignore client-updates; + filename "grubaa64.efi"; # location of the pxelinux startup file; + next-server 192.168.122.1; # (IMPORTANT) IP address of the TFTP server; + subnet 192.168.122.0 netmask 255.255.255.0 { + option routers 192.168.122.1; # Gateway address + option subnet-mask 255.255.255.0; # Subnet mask + range dynamic-bootp 192.168.122.50 192.168.122.200; # Dynamic IP address range + default-lease-time 21600; + max-lease-time 43200; + } + # systemctl start dhcpd + # systemctl enable dhcpd + ``` + +**Installing the System** + +1. On the **Start boot option** screen, press **F2** to boot from the PXE and start automatic installation. + + ![](./figures/zh-cn_image_0229291270.png) + + ![](./figures/zh-cn_image_0229291286.png) + + ![](./figures/zh-cn_image_0229291247.png) + +2. The automatic installation window is displayed. +3. Verify that the installation is complete. + + ![](./figures/Automatic_installation_complete.png) diff --git a/docs/en/server/installation_upgrade/upgrade/_toc.yaml b/docs/en/server/installation_upgrade/upgrade/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e65b42a317afd29358abb3f24a85abbc1f144280 --- /dev/null +++ b/docs/en/server/installation_upgrade/upgrade/_toc.yaml @@ -0,0 +1,6 @@ +label: Upgrade Guide +isManual: true +description: Upgrade openEuler. +sections: + - label: Upgrade and Downgrade Guide + href: ./openEuler_22.03_lts_upgrade_and_downgrade_guide.md diff --git a/docs/en/server/installation_upgrade/upgrade/images/LTS_version.png b/docs/en/server/installation_upgrade/upgrade/images/LTS_version.png new file mode 100644 index 0000000000000000000000000000000000000000..84132f5825f1bdc743736ab2c65cd23c7ec9afa9 Binary files /dev/null and b/docs/en/server/installation_upgrade/upgrade/images/LTS_version.png differ diff --git a/docs/en/server/installation_upgrade/upgrade/images/SP1_repo.png b/docs/en/server/installation_upgrade/upgrade/images/SP1_repo.png new file mode 100644 index 0000000000000000000000000000000000000000..42336cddfc122937e4ac2a8ce07182fa166ce942 Binary files /dev/null and b/docs/en/server/installation_upgrade/upgrade/images/SP1_repo.png differ diff --git a/docs/en/server/installation_upgrade/upgrade/images/SP1_version.png b/docs/en/server/installation_upgrade/upgrade/images/SP1_version.png new file mode 100644 index 0000000000000000000000000000000000000000..d22f8523c22dbd094d21ccdfb86446062b63b5ea Binary files /dev/null and b/docs/en/server/installation_upgrade/upgrade/images/SP1_version.png differ diff --git a/docs/en/server/installation_upgrade/upgrade/openEuler_22.03_lts_upgrade_and_downgrade_guide.md b/docs/en/server/installation_upgrade/upgrade/openEuler_22.03_lts_upgrade_and_downgrade_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..8a38a6fe9f5742bef9965fad78ad01d549d26033 --- /dev/null +++ b/docs/en/server/installation_upgrade/upgrade/openEuler_22.03_lts_upgrade_and_downgrade_guide.md @@ -0,0 +1,73 @@ +# openEuler 22.03 LTS Upgrade and Downgrade Guide + +This document describes how to upgrade openEuler 22.03 LTS to openEuler 22.03 LTS SP1. The operations for other versions are similar. + +## 1. OS Installation + +Obtain an openEuler 22.03 LTS image and install the OS by referring to the installation guide. + +View the versions of openEuler and the kernel in the current environment. + +![LTS_version](./images/LTS_version.png) + +## 2. Compatibility Upgrade + +### 2.1 Adding the openEuler 22.03 LTS SP1 Repositories (openEuler-22.03-LTS-SP1.repo) + +```bash +vi /etc/yum.repos.d/openEuler-22.03-LTS-SP1.repo +``` + +Add information about the following openEuler 22.03 LTS SP1 repositories and save and exit. + +```text +SP1_OS, SP1_everything, SP1_EPOL, SP1_debuginfo, SP1_source, SP1_update +``` + +![SP1_repo](./images/SP1_repo.png) + +### 2.2 Performing the Upgrade + +```bash +dnf update | tee update_log +``` + +Note: + +1. If an error is reported during the upgrade, run `dnf update --skip-broken -x conflict_pkg1 |tee update_log` to avoid the problem. If multiple packages conflict, use the `-x conflict_pkg1 -x conflict_pkg2 -x conflict_pkg3` options to skip the packages and analyze, validate, and update the conflicted packages after the upgrade. +2. Options: + - `--allowerasing`: Allow erasing of installed packages to resolve dependencies. + - `--skip-broken`: Resolve dependency problems by skipping packages. + - `-x`: Used with `--skip-broken` to specify the packages to be skipped. + +### 2.3 Rebooting the OS + +```bash +reboot +``` + +## 3. Upgrade Verification + +View the versions of openEuler and the kernel in the current environment. + +![SP1_version](./images/SP1_version.png) + +## 4. Compatibility Downgrade + +### 4.1 Performing the Downgrade + +```shell +dnf downgrade | tee downgrade_log +``` + +### 4.2 Rebooting the OS + +```shell +reboot +``` + +## 5. Downgrade Verification + +View the versions of openEuler and the kernel in the current environment. + +![LTS_version](./images/LTS_version.png) diff --git a/docs/en/server/maintenance/_toc.yaml b/docs/en/server/maintenance/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c6136476a522d5dccb13b7531e0ff412e3ed30ec --- /dev/null +++ b/docs/en/server/maintenance/_toc.yaml @@ -0,0 +1,9 @@ +label: O&M Guide +isManual: true +description: O&M Guide +sections: + - label: O&M Guide + href: ./overview.md + sections: + - label: O&M Overview + href: ./operation_and_maintenance_overview.md diff --git a/docs/en/server/maintenance/aops/_toc.yaml b/docs/en/server/maintenance/aops/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6475598203aa422c78f4f689c13e1d03d4d1997d --- /dev/null +++ b/docs/en/server/maintenance/aops/_toc.yaml @@ -0,0 +1,22 @@ +label: A-Ops User Guide +isManual: true +description: A-Ops enables quick fault identification and centralized configuration management. +sections: + - label: A-Ops Deployment + href: ./deploying_aops.md + - label: A-Ops Intelligent Location Framework User Guide + href: ./aops_intelligent_positioning_framework_user_manual.md + - label: A-Ops Vulnerability Management Module User Guide + href: ./aops_vulnerability_management_module_user_manual.md + - label: Hot Patch DNF Plugin Command Usage + href: ./dnf_command_usage.md + - label: Configuration Tracing User Guide + href: ./configuration_tracing_service_user_manual.md + - label: Community Hot Patch Creation and Release Process + href: ./community_hotpatch_creation_and_release_process.md + - label: A-Ops Asset Management User Guide + href: ./aops_asset_management_user_manual.md + - label: Quick Deployment of A-Ops + href: ./quick_deployment_of_aops.md + - label: gala-ragdoll User Guide + href: ./configuration_tracing_service_user_manual.md \ No newline at end of file diff --git a/docs/en/server/maintenance/aops/aops_asset_management_user_manual.md b/docs/en/server/maintenance/aops/aops_asset_management_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..304c6db2dc064b73a960d38b7fb5193f3a31dd73 --- /dev/null +++ b/docs/en/server/maintenance/aops/aops_asset_management_user_manual.md @@ -0,0 +1,3 @@ +# A-Ops Asset Management User Guide + +This document is currently not available in English. diff --git a/docs/en/server/maintenance/aops/aops_intelligent_positioning_framework_user_manual.md b/docs/en/server/maintenance/aops/aops_intelligent_positioning_framework_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..0b3c1cf7e390a4a41955c7bb09f4df2891634005 --- /dev/null +++ b/docs/en/server/maintenance/aops/aops_intelligent_positioning_framework_user_manual.md @@ -0,0 +1,3 @@ +# A-Ops Intelligent Location Framework User Guide + +This document is currently not available in English. diff --git a/docs/en/server/maintenance/aops/aops_vulnerability_management_module_user_manual.md b/docs/en/server/maintenance/aops/aops_vulnerability_management_module_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..8e1e596136dd1ccd6f542724c30db33311afe280 --- /dev/null +++ b/docs/en/server/maintenance/aops/aops_vulnerability_management_module_user_manual.md @@ -0,0 +1,3 @@ +# A-Ops Vulnerability Management Module User Guide + +This document is currently not available in English. diff --git a/docs/en/server/maintenance/aops/community_hotpatch_creation_and_release_process.md b/docs/en/server/maintenance/aops/community_hotpatch_creation_and_release_process.md new file mode 100644 index 0000000000000000000000000000000000000000..ac8d71798cd8a8251aec0275a7377753484aa4f6 --- /dev/null +++ b/docs/en/server/maintenance/aops/community_hotpatch_creation_and_release_process.md @@ -0,0 +1,3 @@ +# Community Hot Patch Creation and Release Process + +This document is currently not available in English. diff --git a/docs/en/server/maintenance/aops/configuration_tracing_service_user_manual.md b/docs/en/server/maintenance/aops/configuration_tracing_service_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..a7e7d1c56a51dabffa7d8f9684197a1709590d9a --- /dev/null +++ b/docs/en/server/maintenance/aops/configuration_tracing_service_user_manual.md @@ -0,0 +1,3 @@ +# gala-ragdoll User Guide + +This document is currently not available in English. diff --git a/docs/en/server/maintenance/aops/deploying_aops.md b/docs/en/server/maintenance/aops/deploying_aops.md new file mode 100644 index 0000000000000000000000000000000000000000..52c7d048be6e9746263979034017be9534da479e --- /dev/null +++ b/docs/en/server/maintenance/aops/deploying_aops.md @@ -0,0 +1,943 @@ +# Deploying A-Ops + +## 1 Introduction to A-Ops + +A-Ops is a service used to improve the overall security of hosts. It provides functions such as asset management, vulnerability management, and configuration source tracing to identify and manage information assets, monitor software vulnerabilities, and rectify system faults on hosts, ensuring stable and secure running of hosts. + +The following table describes the modules related to the A-Ops service. + +| Module | Description | +| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| aops-ceres | Client of the A-Ops service.
Collects host data and manages other data collectors (such as gala-gopher).
Responds to the commands delivered by the management center and processes the requirements and operations of the management center. | +| aops-zeus | A-Ops basic application management center, which interacts with other modules. The default port number is 11111.
Provides the basic host management service externally, such as adding and deleting hosts and host groups. | +| aops-hermes | Provides a visualized operation interface for A-Ops to display data information to users, improving service usability. | +| aops-apollo | Vulnerability management module of A-Ops. The default port number is 11116.
Identifies clients, and periodically obtains security notices released by the openEuler community and updates them to the vulnerability database.
Detects vulnerabilities in the system and software by comparing the vulnerabilities with those in the vulnerability database. | +| aops-vulcanus | Basic tool library of A-Ops. **Except aops-ceres and aops-hermes, modules must be installed and used together with this module.** | +| aops-tools | Provides the basic environment deployment script and database table initialization. The script is available in the **/opt/aops/scripts** directory after A-Ops is installed. | +| gala-ragdoll | Configuration source tracing module of A-Ops.
Uses Git to monitor and record configuration file changes. The default port number is 11114. | +| dnf-hotpatch-plugin | DNF plug-in, which allows DNF to recognize hot patch information and provides hot patch scanning and application. | + +## 2 Environment Requirements + +You are advised to use four hosts running openEuler 24.03 LTS for deployment. Use three as the server and one as the managed host managed by A-Ops. **Configure the update repository** ([Q6: update Repository Configuration](#q6-update-repository-configuration)). The deployment scheme is as follows: + +- Host A: For MySQL, Redis, and Elasticsearch deployment. It provides data service support. The recommended memory is more than 8 GB. +- Host B: For the A-Ops asset management service (zeus), frontend display, and complete service function support. The recommended memory is more than 6 GB. +- Host C: For the A-Ops configuration source tracing service (gala-ragdoll) and vulnerability management. The recommended memory is 4 GB or more. +- Host D: As an A-Ops client and is used as a host managed and monitored by A-Ops. (aops-ceres can be deployed on hosts that need to be managed.) + +| Host | IP Address | Module | +| ------ | ----------- | ------------------------------------- | +| Host A | 192.168.1.1 | MySQL, Elasticsearch, Redis | +| Host B | 192.168.1.2 | aops-zeus, aops-hermes, aops-diana | +| Host C | 192.168.1.3 | aops-apollo, gala-ragdoll, aops-diana | +| Host D | 192.168.1.4 | aops-ceres, dnf-hotpatch-plugin | + +>Before deployment, disable the **firewall and SELinux** on each host. + +- Disable the firewall. + +```shell +systemctl stop firewalld +systemctl disable firewalld +systemctl status firewalld +setenforce 0 + +``` + +- Disable SELinux. + +```shell +# Change the status of SELinux to disabled in /etc/selinux/config. + +vi /etc/selinux/config +SELINUX=disabled + +# After changing the value, press ESC and enter :wq to save the modification. +``` + +Note: SELinux will be disabled after a reboot. + +## 3. Server Deployment + +### 3.1 Asset Management + +To use the asset management function, you need to deploy the aops-zeus, aops-hermes, MySQL, and Redis services. + +#### 3.1.1 Node Information + +| Host | IP Address | Module | +| ------ | ----------- | ------------------------------------- | +| Host A | 192.168.1.1 | MySQL, Redis | +| Host B | 192.168.1.2 | aops-zeus, aops-hermes | + +#### 3.1.2 Deployment Procedure + +##### 3.1.2.1 Deploying MySQL + +- Install MySQL. + +```shell +yum install mysql-server +``` + +- Modify the MySQL configuration file. + +```bash +vim /etc/my.cnf +``` + +- Add **bind-address** and set it to the IP address of the local host in the **mysqld** section. + +```ini +[mysqld] +bind-address=192.168.1.1 +``` + +- Restart the MySQL service. + +```bash +systemctl restart mysqld +``` + +- Set the MySQL database access permission for the **root** user. + +```mysql +$ mysql + +mysql> show databases; +mysql> use mysql; +mysql> select user,host from user; -- If the value of host is localhost, only the local host can connect to the MySQL database. The external network and local software client cannot connect to the MySQL database. + ++---------------+-----------+ +| user | host | ++---------------+-----------+ +| root | localhost | +| mysql.session | localhost | +| mysql.sys | localhost | ++---------------+-----------+ +3 rows in set (0.00 sec) +``` + +```mysql +mysql> update user set host = '%' where user='root'; -- Allow the access of the root user using any IP address. +mysql> flush privileges; -- Refresh the permissions. +mysql> exit +``` + +##### 3.1.2.2 Deploying Redis + +- Install Redis. + +```shell +yum install redis -y +``` + +- Modify the Redis configuration file. + +```shell +vim /etc/redis.conf +``` + +Bind IP addresses. + +```ini +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 lookback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES +# JUST COMMENT THE FOLLOWING LINE. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 192.168.1.1# Add the actual IP address of host A. +``` + +- Start the Redis service. + +```shell +systemctl start redis +``` + +##### 3.1.2.3 Deploying Prometheus + +- Install Prometheus. + +```shell +yum install prometheus2 -y +``` + +- Modify the Prometheus configuration file. + +```shell +vim /etc/prometheus/prometheus.yml +``` + +- Add the gala-gopher IP addresses of the managed client to the monitored targets of Prometheus. + +> In this document, host D is the client. Add the gala-gopher address of host D. + +- Modify the **targets** configuration item. + +```yaml +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The job name is added as a label `job=` to any timeseries scraped from this config. + - job_name: 'prometheus' + + # metrics_path defaults to '/metrics' + # scheme defaults to 'http'. + + static_configs: + - targets: ['localhost:9090', '192.168.1.4:8888'] +``` + +Start the Prometheus service. + +```shell +systemctl start prometheus +``` + +##### 3.1.2.4 Deploying aops-zeus + +- Install aops-zeus. + +```shell +yum install aops-zeus -y +``` + +- Modify the configuration file. + +```shell +vim /etc/aops/zeus.ini +``` + +- Change the IP address of each service in the configuration file to the actual IP address. In this document, aops-zeus is deployed on host B. Therefore, you need to set the IP address to the IP address of host B. + +```ini +[zeus] +ip=192.168.1.2 // Change the IP address to the actual IP address of host B. +port=11111 + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/zeus.log +http-timeout=600 +harakiri=600 +processes=2 // Generate a specified number of workers or processes. +gevent=100 // Number of gevent asynchronous cores + +[mysql] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=100 +pool_recycle=7200 + +[agent] +default_instance_port=8888 + +[redis] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=6379 + +[apollo] +ip=192.168.1.3 // Change the IP address to the actual IP address of the apollo service deployment. It is recommended that apollo and zeus be deployed separately. This section is not required if apollo is not used. +port=11116 +``` + +> **Set the MySQL database mode to password mode**. For details, see [Q5: MySQL Password Mode](#q5-mysql-password-mode) + +- Start the aops-zeus service. + +```shell +systemctl start aops-zeus +``` + +**Note: [Initialize the aops-zeus database](#3125-initializing-the-aops-zeus-database) before starting the service.** + +> If the zeus service fails to be started and the error message indicates that the MySQL database cannot be connected, check if a MySQL password is set. If yes, see [Q5: MySQL Password Mode](#q5-mysql-password-mode). + +#### 3.1.2.5 Initializing the aops-zeus Database + +- Initialize the database. + +```shell +cd /opt/aops/scripts/deploy +bash aops-basedatabase.sh init zeus +``` + +**Note: If aops-tools is not installed, run the SQL script to initialize. The script path is /opt/aops/database/zeus.sql** + +[Q5: MySQL Password Mode](#q5-mysql-password-mode) + +[Q7: Nonexisting /opt/aops/scripts/deploy](#q7-nonexisting-optaopsscriptsdeploy) + +##### 3.1.2.6 Deploying aops-hermes + +- Install aops-hermes. + +```shell +yum install aops-hermes -y +``` + +- Modify the configuration file. + +```shell +vim /etc/nginx/aops-nginx.conf +``` + +- Some service configurations: + + > As the services are deployed on host B, configure the Nginx proxy to set the services addresses to the actual IP address of host B. + +```ini + # Ensure that Nginx still uses index.html as the entry when the front-end route changes. + location / { + try_files $uri $uri/ /index.html; + if (!-e $request_filename){ + rewrite ^(.*)$ /index.html last; + } + } + # Change it to the actual IP address of the host where aops-zeus is deployed. + location /api/ { + proxy_pass http://192.168.1.2:11111/; + } + # Enter the IP address of gala-ragdoll. IP addresses that involve port 11114 need to be configured. + location /api/domain { + proxy_pass http://192.168.1.3:11114/; + rewrite ^/api/(.*) /$1 break; + } + # Enter the IP address of gala-apollo. + location /api/vulnerability { + proxy_pass http://192.168.1.3:11116/; + rewrite ^/api/(.*) /$1 break; + } +``` + +- Enable the aops-hermes service. + +```shell +systemctl start aops-hermes +``` + +### 3.2 Vulnerability Management + +The CVE management module is implemented based on the [asset management](#31-asset-management) module. Therefore, you need to [deploy the module](#312-deployment-procedure) before deploying aops-apollo. + +The running of the aops-apollo service requires the support of the **MySQL, Elasticsearch, and Redis** databases. + +#### 3.2.1 Node Information + +| Host | IP Address | Module | +| ------ | ----------- | ------------- | +| Host A | 192.168.1.1 | Elasticsearch | +| Host C | 192.168.1.3 | aops-apollo | + +#### 3.2.2 Deployment Procedure + +See [Asset Management](#312-deployment-procedure). + +##### 3.2.2.1 Deploying Elasticsearch + +- Configure the repository for Elasticsearch. + +```shell +echo "[aops_elasticsearch] +name=Elasticsearch repository for 7.x packages +baseurl=https://artifacts.elastic.co/packages/7.x/yum +gpgcheck=1 +gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch +enabled=1 +autorefresh=1 +type=rpm-md" > "/etc/yum.repos.d/aops_elasticsearch.repo" +``` + +- Install Elasticsearch. + +```shell +yum install elasticsearch-7.14.0-1 -y +``` + +- Modify the Elasticsearch configuration file. + +```shell +vim /etc/elasticsearch/elasticsearch.yml +``` + +```yml +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: node-1 +``` + +```yml +# ---------------------------------- Network ----------------------------------- +# +# By default Elasticsearch is only accessible on localhost. Set a different +# address here to expose this node on the network: +# +# Change the value to the actual IP address of host A. +network.host: 192.168.1.1 +# +# By default Elasticsearch listens for HTTP traffic on the first free port it +# finds starting at 9200. Set a specific HTTP port here: +# +http.port: 9200 +# +# For more information, consult the network module documentation. +# +``` + +```yml +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +cluster.initial_master_nodes: ["node-1"] +# Cross-domain configurations +http.cors.enabled: true +http.cors.allow-origin: "*" +# +``` + +- Restart the Elasticsearch service. + +```shell +systemctl restart elasticsearch +``` + +##### 3.2.2.2 Deploying aops-apollo + +- Install aops-apollo. + +```shell +yum install aops-apollo +``` + +- Modify the configuration file. + +```shell +vim /etc/aops/apollo.ini +``` + +- Change the IP address of each service in the **apollo.ini** to the actual IP address. + +```ini +[apollo] +ip=192.168.1.3// Change it to the actual IP address of host C. +port=11116 +host_vault_dir=/opt/aops +host_vars=/opt/aops/host_vars + +[zeus] +ip=192.168.1.2 // Change it to the actual IP address of host B. +port=11111 + +# hermes info is used to send mail. +[hermes] +ip=192.168.1.2 // Change it to the actual IP address of aops-hermes, for example, the IP address of host B. +port=80 // Change it to the actual port of the hermes service. + +[cve] +cve_fix_function=yum +# value between 0-23, for example, 2 means 2:00 in a day. +cve_scan_time=2 + +[mysql] +ip=192.168.1.1 // Change it to the actual IP address of host A. +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=100 +pool_recycle=7200 + +[elasticsearch] +ip=192.168.1.1 // Change it to the actual IP address of host A. +port=9200 +max_es_query_num=10000000 + +[redis] +ip=192.168.1.1 // Change it to the actual IP address of host A. +port=6379 + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/apollo.log +http-timeout=600 +harakiri=600 +processes=2 +gevent=100 +``` + +> **Set the MySQL database to the password mode**. For details, see [Q5: MySQL Password Mode](#q5-mysql-password-mode). + +- Start the aops-apollo service. + +```shell +systemctl start aops-apollo +``` + +**Note: [Initialize the aops-apollo database](#3223-initializing-the-aops-apollo-database) before starting the service.** + +> If the apollo service fails to be started and the error message indicates that the MySQL database cannot be connected, check if a MySQL password is set. If yes, see [Q5: MySQL Password Mode](#q5-mysql-password-mode). + +#### 3.2.2.3 Initializing the aops-apollo Database + +- Initialize the apollo database. + +```shell +cd /opt/aops/scripts/deploy +bash aops-basedatabase.sh init apollo +``` + +**Note: If aops-tools is not installed, run the SQL script to initialize. The script path is /opt/aops/database/apollo.sql** + +[Q5: MySQL Password Mode](#q5-mysql-password-mode) + +[FAQs: Nonexisting /opt/aops/scripts/deploy](#q7-nonexisting-optaopsscriptsdeploy) + +### 3.3 Configuring Source Tracing + +A-Ops configuration source tracing depends on gala-ragdoll. Therefore, you need to complete the deployment of [Asset Management](#31-asset-management) and then deploy gala-ragdoll. + +#### 3.3.1 Node Information + +| Host | IP Address | Module | +| ------ | ----------- | ------------ | +| Host C | 192.168.1.3 | aops-ragdoll | + +#### 3.3.2 Deployment Procedure + +See [Asset Management](#31-asset-management). + +##### 3.3.2.1 Deploying gala-ragdoll + +- Install gala-ragdoll. + +```shell +yum install gala-ragdoll python3-gala-ragdoll -y +``` + +- Modify the configuration file. + +```shell +vim /etc/ragdoll/gala-ragdoll.conf +``` + +> **Change the IP address in collect_address of the collect section to the IP address of host B, and change the values of collect_api and collect_port to the actual API and port number.** + +```ini +[git] +git_dir = "/home/confTraceTest" +user_name = "user_name" +user_email = "user_email" + +[collect] +collect_address = "http://192.168.1.2" // Change it to the actual IP address of host B. +collect_api = "/manage/config/collect" // The value is an example. Change it to the actual value. +collect_port = 11111 // Change it to the actual port number of the aops-zeus service. + +[sync] +sync_address = "http://192.168.1.2" +sync_api = "/manage/config/sync" // The value is an example. Change it to the actual value. +sync_port = 11111 + +[objectFile] +object_file_address = "http://192.168.1.2" +object_file_api = "/manage/config/objectfile" // The value is an example. Change it to the actual value. +object_file_port = 11111 + +[ragdoll] +port = 11114 +``` + +- Start the gala-ragdoll service. + +```shell +systemctl start gala-ragdoll +``` + +## 3.4 Exception Detection + +The exception detection function is implemented based on the aops-zeus service. Therefore, you need to deploy aops-zeus and then aops-diana. + +Considering distributed deployment, the aops-diana service must be deployed on both host B and host C to act as the producer and consumer in the message queue, respectively. + +The running of the aops-diana service requires the support of MySQL, Elasticsearch, Kafka, and Prometheus. + +### 3.4.1 Node Information + +| Host | IP Address | Module | +| ------ | ----------- | ---------- | +| Host A | 192.168.1.1 | Kafka | +| Host B | 192.168.1.2 | aops-diana | +| Host C | 192.168.1.3 | aops-diana | + +### 3.4.2 Deployment Procedure + +[Asset Management](#312-deployment-procedure) + +[Deploying Elasticsearch](#3221-deploying-elasticsearch) + +#### 3.4.2.1 Deploying Kafka + +Kafka uses ZooKeeper to manage and coordinate agents. Therefore, you need to deploy ZooKeeper when deploying Kafka. + +- Install ZooKeeper. + +```shell +yum install zookeeper -y +``` + +- Start the ZooKeeper service. + +```shell +systemctl start zookeeper +``` + +- Install Kafka. + +```shell +yum install kafka -y +``` + +- Modify the Kafka configuration file. + +```shell +vim /opt/kafka/config/server.properties +``` + +Change the value of **listeners** to the IP address of the local host. + +```yaml +############################# Socket Server Settings ############################# + +# The address the socket server listens on. It will get the value returned from +# java.net.InetAddress.getCanonicalHostName() if not configured. +# FORMAT: +# listeners = listener_name://host_name:port +# EXAMPLE: +# listeners = PLAINTEXT://your.host.name:9092 +listeners=PLAINTEXT://192.168.1.1:9092 +``` + +- Start the Kafka service. + +```shell +cd /opt/kafka/bin +nohup ./kafka-server-start.sh ../config/server.properties & + +# Check all the outputs of nohup. If the IP address of host A and the Kafka startup success INFO are displayed, Kafka is started successfully. +tail -f ./nohup.out +``` + +#### 3.4.2.2 Deploying diana + +- Install aops-diana. + +```shell +yum install aops-diana +``` + +Modify the configuration file. +> The aops-dianas on host B and host C play different roles, which are **distinguished based on the differences in the configuration file**. + +```shell +vim /etc/aops/diana.ini +``` + +(1) Start aops-diana on host C in executor mode. It functions as the consumer in the Kafka message queue. The configuration file to be modified is as follows: + +```ini +[diana] +ip=192.168.1.3 // Change the IP address to the actual IP address of host C. +port=11112 +mode=executor // This mode is the executor mode. It is used as the executor in common diagnosis mode and functions as the consumer in Kafka. +timing_check=on + +[default_mode] +period=60 +step=60 + +[elasticsearch] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=9200 +max_es_query_num=10000000 + + +[mysql] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=10000 +pool_recycle=7200 + +[redis] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=6379 + + +[prometheus] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=9090 +query_range_step=15s + +[agent] +default_instance_port=8888 + +[zeus] +ip=192.168.1.2 // Change the IP address to the actual IP address of host B. +port=11111 + +[consumer] +kafka_server_list=192.168.1.1:9092 // Change the IP address to the actual IP address of host C. +enable_auto_commit=False +auto_offset_reset=earliest +timeout_ms=5 +max_records=3 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID +result_name=CHECK_RESULT + +[producer] +kafka_server_list = 192.168.1.1:9092 // Change the IP address to the actual IP address of host C. +api_version = 0.11.5 +acks = 1 +retries = 3 +retry_backoff_ms = 100 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/diana.log +http-timeout=600 +harakiri=600 +processes=2 +threads=2 +``` + +> **Set the MySQL database to the password mode**. For details, see [Q5: MySQL Password Mode](#q5-mysql-password-mode). + +(2) Start aops-diana on host B in configurable mode. It functions as the producer in the Kafka message queue. The aops-diana port configuration in the aops-hermes file is subject to the IP address and port number of this host. The configuration file to be modified is as follows: + +```ini +[diana] +ip=192.168.1.2 // Change the IP address to the actual IP address of host B. +port=11112 +mode=configurable // This mode is the configurable mode. It is used as a scheduler in common diagnosis mode and functions as the producer. +timing_check=on + +[default_mode] +period=60 +step=60 + +[elasticsearch] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=9200 +max_es_query_num=10000000 + +[mysql] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=100 +pool_recycle=7200 + +[redis] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=6379 + +[prometheus] +ip=192.168.1.1 // Change the IP address to the actual IP address of host A. +port=9090 +query_range_step=15s + +[agent] +default_instance_port=8888 + +[zeus] +ip=192.168.1.2 // Change the IP address to the actual IP address of host B. +port=11111 + +[consumer] +kafka_server_list=192.168.1.1:9092 // Change the IP address to the actual IP address of host A. +enable_auto_commit=False +auto_offset_reset=earliest +timeout_ms=5 +max_records=3 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID +result_name=CHECK_RESULT + +[producer] +kafka_server_list = 192.168.1.1:9092 // Change the IP address to the actual IP address of host A. +api_version = 0.11.5 +acks = 1 +retries = 3 +retry_backoff_ms = 100 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/diana.log +http-timeout=600 +harakiri=600 +processes=2 +threads=2 +``` + +> **Set the MySQL database to the password mode**. For details, see [Q5: MySQL Password Mode](#q5-mysql-password-mode). + +Start the aops-diana service. + +```shell +systemctl start aops-diana +``` + +**Note: [Initialize the aops-diana database](#3423-initializing-the-aops-diana-database) before starting the service.** + +> If the diana service fails to be started and the error message indicates that the MySQL database cannot be connected, check if a MySQL password is set. If yes, see [Q5: MySQL Password Mode](#q5-mysql-password-mode). + +#### 3.4.2.3 Initializing the aops-diana Database + +- Initialize the diana database. + +```shell +cd /opt/aops/scripts/deploy +bash aops-basedatabase.sh init diana +``` + +**Note:If aops-tools is not installed, run the SQL script to initialize. The script path is /opt/aops/database/diana.sql** + +[Q5: MySQL Password Mode](#q5-mysql-password-mode) + +[FAQs: Nonexisting /opt/aops/scripts/deploy](#q7-nonexisting-optaopsscriptsdeploy) + +## 3.5 Client Installation + +aops-ceres functions as the client of A-Ops. It communicates with the A-Ops management center through SSH and provides functions such as host information collection and command response. + +### 3.5.1 Node Information + +| Host | IP Address | Module | +| ------ | ----------- | ---------- | +| Host D | 192.168.1.4 | aops-ceres | + +### 3.5.2 Client Deployment + +```shell +yum install aops-ceres dnf-hotpatch-plugin -y +``` + +## FAQs + +### Q1: Max Number of Connections + +When host interfaces are added in batches, due to the max number of SSH connections (**MaxStartups**) of the host where aops-zeus is installed, some hosts may fail to be connected. You can temporarily increase **MaxStartups** as required. For details, see the [SSH documentation](https://www.man7.org/linux/man-pages/man5/sshd_config.5.html). + +### Q2: 504 Gateway Timeout + +Some HTTP interfaces may take a long time to execute, resulting in error 504 on the web client. You can reduce the probability of error 504 by adding **proxy_read_timeout** to the Nginx configuration or increase its value. + +### Q3: Firewall + +If firewall cannot be disabled, open the ports involved in service deployment on the firewall. Otherwise, services may be inaccessible and A-Ops cannot be used properly. + +### Q4: Elasticsearch Access Denied + +If Elasticsearch is deployed on multiple nodes in a distributed manner, set the cross-domain access configurations properly to enable the access of the nodes. + +### Q5: MySQL Password Mode + +- **Configure the mysql section in the service configuration.** + +To set the password mode for the MySQL database connection (for example, the user is **root**, and the password is **123456**), change the value of **engine_format** in the **\[mysql]** section in apollo and zeus configurations. + +```ini +[mysql] +engine_format=mysql+pymysql://root:123456@%s:%s/%s +``` + +- **Modify the aops-basedatabase.sh initialization script.** + +Modify the 145th line of **aops-basedatabase.sh**. + +> Before modification: + +```shell +database = pymysql.connect(host='$mysql_ip', port=$port, database='mysql', autocommit=True,client_flag=CLIENT.MULTI_STAT EMENTS) +``` + +> After modification: + +```shell +database = pymysql.connect(host='$mysql_ip', port=$port, database='mysql', password='password', user='user', autocommit=True, client_flag=CLIENT.MULTI_STATEMENTS) +``` + +- **Database connection error upon service startup** + +Modify the 178th line in **/usr/bin/aops-vulcanus**. + +> Before modification: + +```shell +connect = pymysql.connect(host='$mysql_ip', port=$port, database='$aops_database') +``` + +> After modification: + +```shell +connect = pymysql.connect(host='$mysql_ip', port=$port, database='$aops_database', password='password', user='user') +``` + +**Note: If a non-root user is used for logging in to the server, add user ="root" or a user allowed by MySQL.** + +### Q6: update Repository Configuration + +```shell +echo "[update] +name=update +baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/update/$basearch/ +enabled=1 +gpgcheck=0 +[update-epol] +name=update-epol +baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/update/main/$basearch/ +enabled=1 +gpgcheck=0" > /etc/yum.repos.d/openEuler-update.repo +``` + +> Note: Change **openEuler-24.03-LTS** to the actual OS version. You can also refer to the repository description in the openEuler official documentation. + +### Q7: Nonexisting /opt/aops/scripts/deploy + +During database initialization, if **/opt/aops/scripts/deploy** does not exits, install the aops-tools package. + +```shell +yum install aops-tools -y +``` diff --git a/docs/en/server/maintenance/aops/dnf_command_usage.md b/docs/en/server/maintenance/aops/dnf_command_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..490e01068364054dfd54e580e949c5d91c147571 --- /dev/null +++ b/docs/en/server/maintenance/aops/dnf_command_usage.md @@ -0,0 +1,757 @@ +# DNF Command Usage + +Af ter installing dnf-hotpatch-plugin, you can run `dnf` commands to use Ceres functions related to hot/cold patches, such as hot patch scanning (`dnf hot-updateinfo`), setting and querying (`dnf hotpatch`), applying (`dnf hotupgrade`), and kabi check before kernel upgrade (`dnf upgrade-en`). This document describes the usage of the commands. + +> Hot patches include ACC (accumulate) and SGL (single) types. +> +> - ACC: A hot patch of the higher version fixes all problems that can be fixed by lower-version hot patches. +> - SGL_xxx: A hot patch fixes the problems related to issue _xxx_. Multiple issue IDs are concatenated by underscores (\_). + +## Hot Patch Scanning + +`dnf hot-updateinfo` can scan hot patches and query hot patches for specified CVEs. + +```shell +$ dnf hot-updateinfo list cves [--available(default) | --installed] [--cve [cve_id]] +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Hot-updateinfo command-specific options: + --available + cves about newer versions of installed packages + (default) + --installed + cves about equal and older versions of installed packages +``` + +- `list cves` + + 1. Query the CVEs on the host that can be fixed and their related cold and hot patches. + + ```shell + $ dnf hot-updateinfo list cves + # cve-id level cold-patch hot-patch + Last metadata expiration check: 2:39:04 ago on Fri 29 Dec 2023 07:45:02. + CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 + CVE-2023-1112 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 + CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64 + ``` + + 2. Query hot and cold patches corresponding to fixed CVEs. + + ```shell + $ dnf hot-updateinfo list cves --installed + # cve-id level cold-patch hot-patch + Last metadata expiration check: 2:39:04 ago on Fri 29 Dec 2023 07:45:02. + CVE-2022-36298 Important/Sec. - patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_36298-1-1.x86_64 + ``` + + 3. Query hot and cold patches for specified CVEs. + + ```shell + $ dnf hot-updateinfo list cves --cve CVE-2022-30594 + # cve-id level cold-patch hot-patch + Last metadata expiration check: 2:39:04 ago on Fri 29 Dec 2023 07:45:02. + CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + ``` + + 4. An empty list will be displayed if the CVE does not exist. + + ```shell + $ dnf hot-updateinfo list cves --cve CVE-2022-3089 + # cve-id level cold-patch hot-patch + Last metadata expiration check: 2:39:04 ago on Fri 29 Dec 2023 07:45:02. + ``` + +## Hot Patch Statuses + +- A hot patch can be in the following statuses: + + - NOT-APPLIED: The hot patch is not applied. + + - DEACTIVED: The hot patch is not activated. + + - ACTIVED: The hot patch is activated. + + - ACCEPT: The hot patch has been activated and will be applied after a reboot. + + ![Hot patch statuses](./figures/syscare_hot_patch_statuses.png) + +## Querying and Changing Hot Patch Statuses + +`dnf hotpatch` can be used to query and convert hot patch statuses. + +```shell +$ dnf hotpatch +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +Hotpatch command-specific options: + --list [{cve, cves}] show list of hotpatch + --apply APPLY_NAME apply hotpatch + --remove REMOVE_NAME remove hotpatch + --active ACTIVE_NAME active hotpatch + --deactive DEACTIVE_NAME + deactive hotpatch + --accept ACCEPT_NAME accept hotpatch +``` + +- Using `dnf hotpatch` to query hot patch statuses. + + - `dnf hotpatch --list` lists available hot patches in the system. + + ```shell + $ dnf hotpatch --list + Last metadata expiration check: 0:09:25 ago on Fri 29 Dec 2023 10:26:45. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - `dnf hotpatch --list cves` queries hot patches related to CVEs. + + ```shell + $ dnf hotpatch --list cves + Last metadata expiration check: 0:09:25 ago on Fri 29 Dec 2023 10:26:45. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - `dnf hotpatch --list cves --cve ` queries hot patches for specified CVEs. + + ```shell + $ dnf hotpatch --list cves --cve CVE-2022-30594 + Last metadata expiration check: 0:09:25 ago on Fri 29 Dec 2023 10:26:45. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - An empty list will be displayed if the specified CVE does not exist when running `dnf hotpatch --list cves --cve `. + + ```shell + $ dnf hotpatch --list cves --cve CVE-2023-1 + Last metadata expiration check: 0:09:25 ago on Fri 29 Dec 2023 10:26:45. + ``` + +- `dnf hotpatch --apply ` applies a hot patch. You can run `dnf hotpatch --list` to query the hot patch status after applying the hot patch. For details about hot patch statuses, see the previous section. + + ```shell + $ dnf hotpatch --list + Last metadata expiration check: 0:13:55 ago on Fri 29 Dec 2023 10:26:45. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + $ dnf hotpatch --apply kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + Last metadata expiration check: 0:15:37 ago on Fri 29 Dec 2023 10:26:45. + Gonna apply this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + apply hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed + $ dnf hotpatch --list + Last metadata expiration check: 0:16:20 ago on Fri 29 Dec 2023 10:26:45. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED + ``` + +- `dnf hotpatch --deactive ` deactivates a hot patch. You can run `dnf hotpatch --` to query the hot patch status after deactivating the hot patch. For details about hot patch statuses, see the previous section. + + ```shell + $ dnf hotpatch --deactive kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + Last metadata expiration check: 0:19:00 ago on Fri 29 Dec 2023 10:26:45. + Gonna deactive this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + deactive hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed + $ dnf hotpatch --list + Last metadata expiration check: 0:19:12 ago on Fri 29 Dec 2023 10:26:45. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux DEACTIVED + ``` + +- `dnf hotpatch --remove ` removes a hot patch. You can run `dnf hotpatch --list` to query the hot patch status after removing the hot patch. For details about hot patch statuses, see the previous section. + + ```shell + $ dnf hotpatch --remove kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + Last metadata expiration check: 0:20:12 ago on Fri 29 Dec 2023 10:26:45. + Gonna remove this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + remove hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed + $ dnf hotpatch --list + Last metadata expiration check: 0:20:23 ago on Fri 29 Dec 2023 10:26:45. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + +- `dnf hotpatch --active ` activating a hot patch.You can run `dnf hotpatch --list` to query the hot patch status after activating the hot patch. For details about hot patch statuses, see the previous section. + + ```shell + $ dnf hotpatch --active kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + Last metadata expiration check: 0:15:37 ago on Fri 29 Dec 2023 10:26:45. + Gonna active this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + active hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed + $ dnf hotpatch --list + Last metadata expiration check: 0:16:20 ago on Fri 29 Dec 2023 10:26:45. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED + ``` + +- `dnf hotpatch --accept ` accepts a hot patch. You can run `dnf hotpatch --list` to query the hot patch status after accepting the hot patch. For details about hot patch statuses, see the previous section. + + ```shell + $ dnf hotpatch --accept kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + Last metadata expiration check: 0:14:19 ago on Fri 29 Dec 2023 10:47:38. + Gonna accept this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 + accept hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed + $ dnf hotpatch --list + Last metadata expiration check: 0:14:34 ago on Fri 29 Dec 2023 10:47:38. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACCEPTED + ``` + +## Applying Hot Patches + +The `hotupgrade` command is used to apply hot patches to fix specified or all CVEs. + +```shell +$ dnf hotupgrade [--cve [cve_id]] [PACKAGE ...] [--takeover] [-f] + + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +command-specific options: + --takeover + kernel cold patch takeover operation + -f + force retain kernel rpm package if kernel kabi check fails + PACKAGE + Package to upgrade +``` + +- Using `dnf hotupgrade PACKAGE` to install target hot patches. + + - Using `dnf hotupgrade PACKAGE` to install target hot patches. + + ```shell + $ dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:26:25 ago on Fri 29 Dec 2023 10:47:38. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - Using `dnf hotupgrade PACKAGE` to install target hot patches when target hot patches have been activated. + + ```shell + $ dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:28:35 ago on Fri 29 Dec 2023 10:47:38. + The hotpatch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'vmlinux' + Package patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 is already installed. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - Using `dnf hotupgrade PACKAGE` to install target hot patches and automatically uninstall hot patches that fail to be activated. + + ```shell + $ dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 + Last metadata expiration check: 0:30:30 ago on Fri 29 Dec 2023 10:47:38. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch failed: redis-6.2.5-1/ACC-1-1. + Error: Operation failed + + Caused by: + 1. Transaction "Apply patch 'redis-6.2.5-1/ACC-1-1'" failed + + Caused by: + Cannot match any patch named "redis-6.2.5-1/ACC-1-1" + + Gonna remove unsuccessfully activated hotpatch rpm. + Remove package succeed: patch-redis-6.2.5-1-ACC-1-1.x86_64. + ``` + +- Using `--cve ` to install hot patches for a CVE. + + - Using `--cve ` to install hot patches for a CVE. + + ```shell + $ dnf hotupgrade --cve CVE-2022-30594 + Last metadata expiration check: 0:26:25 ago on Fri 29 Dec 2023 10:47:38. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - Using `dnf hotupgrade --cve CVE-2022-2021` to install hot patches for the CVE, which does not exist. + + ```shell + $ dnf hotupgrade --cve CVE-2022-2021 + Last metadata expiration check: 1:37:44 ago on Fri 29 Dec 2023 13:49:39. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2022-2021 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - Using `dnf hotupgrade --cve ` to install and apply a hot patch of a higher version for a CVE that has an ACC hot patch of a lower version. The hot patch of the lower version is uninstalled. + + ```shell + $ dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 0:00:48 ago on Tue 02 Jan 2024 11:21:55. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx (Install messages and process upgrade) + Complete! + Apply hot patch succeed: kernel-5.10.0-153.12.0.92.oe2203sp2/ACC-1-3. + $ + ``` + + - Installing and applying a hot patch for a CVE that already has the latest hot patch. + + ```shell + $ dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 1:37:44 ago on Fri 29 Dec 2023 13:49:39. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2023-1070 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + +- Using `dnf hotupgrade` to install all hot patches. + - When no hot patch is installed, running `dnf hotupgrade` will install all available hot patches. + + - When some of the hot patches are installed, running `dnf hotupgrade` will install the remaining hot patches. + +- Using `--takeover` to take over kernel hot patches. + + - Using `dnf hotupgrade PACKAGE --takeover` to install hot patches and take over the related kernel hot patches. If a target kernel cold patch fails to pass the kabi check, it will be automatically uninstalled. The hot patches will be accepted and remain in effect after a reboot. The default kernel boot options will be restored. + + ```shell + $ dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on Fri 29 Dec 2023 13:49:39. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to Kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + No available kernel cold patch for takeover, gonna accept available kernel hot patch. + Accept hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - Using `dnf hotupgrade PACKAGE --takeover -f` to install hot patches. If a kernel cold patch fails to pass the kabi check, the `-f` option forcibly keeps the cold patch. + + ```shell + $ dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on Fri 29 Dec 2023 13:49:39. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + ``` + +## kabi Check before Kernel Upgrade + +`dnf upgrade-en` supports the kabi check before kernel cold patch upgrade. + +```shell +dnf upgrade-en [PACKAGE] [--cve [cve_id]] + +upgrade with KABI(Kernel Application Binary Interface) check. If the loaded +kernel modules have KABI compatibility with the new version kernel rpm, the +kernel modules can be installed and used in the new version kernel without +recompling. + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Upgrade-en command-specific options: + PACKAGE + Package to upgrade +``` + +- Using `dnf upgrade-en PACKAGE` to install target cold patches. + + - Using `dnf upgrade-en` to install target cold patches. If the kabi check is not passed, the kabi difference report will be generated, and the target kernel upgrade package will be uninstalled. + + ```shell + $ dnf upgrade-en kernel-4.19.90-2206.1.0.0153.oe1.x86_64 + Last metadata expiration check: 1:51:54 ago on Fri 29 Dec 2023 13:49:39. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + kvm_apic_write_nodecode : 0x56c989a1 != 0x24c9db31 + kvm_complete_insn_gp : 0x99c2d256 != 0xcd8014bd + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + ``` + + - Using `dnf upgrade-en` to install target cold patches and the kabi check is passed. + + ```shell + $ dnf upgrade-en kernel-4.19.90-2201.1.0.0132.oe1.x86_64 + Last metadata expiration check: 2:02:10 ago on Fri 29 Dec 2023 13:49:39. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2201.1.0.0132.oe1.x86_64: + [Success] Here are 81 loaded kernel modules in this system, 81 pass, 0 fail. + ``` + +- Using `dnf upgrade-en` to install all cold patches. + + If the target kernel upgrade is included in the cold patches, the output is the same as `dnf upgrade-en PACKAGE` according to the kabi check result. + +## Usage Example + +Assume that the repositories of hot and cold patches on this host have been enabled. + +- Hot patches + +Scan CVEs that can be fixed on the host. + +```shell +$ dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on Sat 25 Mar 2023 11:53:46. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +CVE-2021-1, CVE-2021-11, CVE-2021-2, and CVE-2021-22 can be fixed by hot patches. + +Start the Redis service based on the **redis.conf** configuration file. + +```shell +$ sudo redis-server ./redis.conf & +[1] 285075 +$ 285076:C 25 Mar 2023 12:09:51.503 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo +285076:C 25 Mar 2023 12:09:51.503 # Redis version=255.255.255, bits=64, commit=00000000, modified=0, pid=285076, just started +285076:C 25 Mar 2023 12:09:51.503 # Configuration loaded +285076:M 25 Mar 2023 12:09:51.504 * Increased maximum number of open files to 10032 (it was originally set to 1024). +285076:M 25 Mar 2023 12:09:51.504 * monotonic clock: POSIX clock_gettime + _._ + _.-``__ ''-._ + _.-`` `. `_. ''-._ Redis 255.255.255 (00000000/0) 64 bit + .-`` .-```. ```\/ _.,_ ''-._ + ( ' , .-` | `, ) Running in standalone mode + |`-._`-...-` __...-.``-._|'` _.-'| Port: 6380 + | `-._ `._ / _.-' | PID: 285076 + `-._ `-._ `-./ _.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | https://redis.io + `-._ `-._`-.__.-'_.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | + `-._ `-._`-.__.-'_.-' _.-' + `-._ `-.__.-' _.-' + `-._ _.-' + `-.__.-' + +285076:M 25 Mar 2023 12:09:51.505 # Server initialized +285076:M 25 Mar 2023 12:09:51.505 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. +285076:M 25 Mar 2023 12:09:51.506 * Ready to accept connections + +``` + +Test the function before applying the hot patch. + +```shell +$ telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: expected '$', got ' ' +Connection closed by foreign host. +``` + +Specify CVE-2021-1 and ensure that the related hot patch is associated and applied. + +```shell +$ dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 +Last metadata expiration check: 0:01:39 ago on Tue 02 Jan 2024 20:16:45. +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-1.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +Run `dnf hotpatch --list` to check whether the hot patch has been applied (the status is **ACTIVED**). + +```shell +$ dnf hotpatch --list +Last metadata expiration check: 0:04:43 ago on Tue 02 Jan 2024 20:16:45. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED +redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED +redis-6.2.5-1/ACC-1-1/redis-server ACTIVED +``` + +Check whether the CVE has been fixed. Because the **patch-redis-6.2.5-1-ACC-1-1.x86_64** hot patch also fixes CVE-2021-11, CVE-2021-1 and CVE-2021-11 no longer exists. + +```shell +$ dnf hot-updateinfo list cves +Last metadata expiration check: 0:08:48 ago on Sat 25 Mar 2023 11:53:46. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-1076 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26607 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +Test the function after applying the hot patch. + +```shell +$ telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: unauthenticated multibulk length +Connection closed by foreign host. +``` + +Run `dnf hotpatch --remove` and specify the patch name to manually remove the hot patch. + +```shell +$ dnf hotpatch --remove redis-6.2.5-1 +Last metadata expiration check: 0:11:52 ago on Tue 02 Jan 2024 20:16:45. +Gonna remove this hot patch: redis-6.2.5-1 +remove hot patch 'redis-6.2.5-1' succeed +$ dnf hotpatch --list +Last metadata expiration check: 0:12:00 ago on Tue 02 Jan 2024 20:16:45. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-cli NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED +``` + +Scan the CVEs to be fixed on the host. CVE-2021-1 and CVE-2021-11 are displayed. + +```shell +$ dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on Sat 25 Mar 2023 11:53:46. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- installing an ACC patch of a higher version. + +Apply hot patch **patch-redis-6.2.5-1-HP002-1-1.x86_64**. + +```shell +$ dnf hotupgrade patch-redis-6.2.5-1-ACC-1-2.x86_64 +Last metadata expiration check: 0:36:12 ago on Tue 02 Jan 2024 20:16:45. +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-2.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +Scan the CVEs to be fixed on the host. Because **patch-redis-6.2.5-1-ACC-1-2.x86_64** is of a higher version than **patch-redis-6.2.5-1-ACC-1-1.x86_64**, **patch-redis-6.2.5-1-ACC-1-2.x86_64** also fixes CVE-2021-1, CVE-2021-11, CVE-2021-2, and CVE-2021-22. + +```shell +$ dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on Sat Mar 25 11:53:46 2023. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- Version of the software package fixed by the hot patch higher than that of the installed one. + +Open the **xxx-updateinfo.xml.gz** file in the **repodata** directory of the hot patch repository. Check the information related to CVE-2021-33 and CVE-2021-3. + +```xml + + openEuler-HotPatchSA-2023-3 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.5-2-ACC.(CVE-2021-3, CVE-2021-33) + + + openEuler + + patch-redis-6.2.5-2-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.5-2-ACC-1-1.x86_64.rpm + + + + +``` + +The format of the **name** field of **package** (**patch-redis-6.2.5-2-ACC**) is **patch-\-\-\-\**. In the example, **patch-redis-6.2.5-2-ACC** requires the source code version of redis-6.2.5-2 to be installed. Check the version of Redis on the host. + +```shell +$ rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` + +The installed Redis version is lower than 6.2.5-2. Therefore, the hot patch will not be displayed. + +```shell +$ dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on Sat 25 Mar 2023 11:53:46. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- Version of the software package fixed by the hot patch lower than that of the installed one. + +Open the **xxx-updateinfo.xml.gz** file in the **repodata** directory of the hot patch repository. Check the information related to CVE-2021-44 and CVE-2021-4. + +```xml + + openEuler-HotPatchSA-2023-4 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.4-1-ACC.(CVE-2021-44, CVE-2021-4) + + + openEuler + + patch-redis-6.2.4-1-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.4-1-ACC-1-1.x86_64.rpm + + + + +``` + +The format of the **name** field of **package** (**patch-redis-6.2.4-1-ACC**) is **patch-\-\-\-\**. In the example, **patch-redis-6.2.4-1-ACC** requires the source code version of redis-6.2.4-1 to be installed. Check the version of Redis on the host. + +```shell +$ rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` + +The installed Redis version is higher than 6.2.4-1. Therefore, the CVE will not be displayed. + +```shell +$ dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on Sat 25 Mar 2023 11:53:46. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` diff --git "a/docs/en/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" "b/docs/en/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..047c6f1bfe3e38c66d34285563d910f6f3bd07e1 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" differ diff --git a/docs/en/server/maintenance/aops/figures/chakanyuqi.png b/docs/en/server/maintenance/aops/figures/chakanyuqi.png new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/chakanyuqi.png differ diff --git a/docs/en/server/maintenance/aops/figures/chaxunshijipeizhi.png b/docs/en/server/maintenance/aops/figures/chaxunshijipeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/chaxunshijipeizhi.png differ diff --git a/docs/en/server/maintenance/aops/figures/chuangjianyewuyu.png b/docs/en/server/maintenance/aops/figures/chuangjianyewuyu.png new file mode 100644 index 0000000000000000000000000000000000000000..4f5b8de2d2c4ddb9bfdfba1ac17258a834561e2d Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/chuangjianyewuyu.png differ diff --git "a/docs/en/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" "b/docs/en/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" new file mode 100644 index 0000000000000000000000000000000000000000..ab16e9d3661db3fd4adc6c605b2d2d08e79fdc1c Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/en/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..c5a0768be63a98ef7ccc4a56996a8c715f7090af Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/en/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f151965a21d11dd7a3e215cc4ef23d70d059f4b1 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git a/docs/en/server/maintenance/aops/figures/group.PNG b/docs/en/server/maintenance/aops/figures/group.PNG new file mode 100644 index 0000000000000000000000000000000000000000..584fd1f7195694a3419482cace2a71fa1cd9a3ec Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/group.PNG differ diff --git a/docs/en/server/maintenance/aops/figures/icon-note.gif b/docs/en/server/maintenance/aops/figures/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/icon-note.gif differ diff --git a/docs/en/server/maintenance/aops/figures/shanchupeizhi.png b/docs/en/server/maintenance/aops/figures/shanchupeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/shanchupeizhi.png differ diff --git "a/docs/en/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" "b/docs/en/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..5823a116f384801e1197350f151b4d04ef519ac4 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" differ diff --git a/docs/en/server/maintenance/aops/figures/syscare_hot_patch_statuses.png b/docs/en/server/maintenance/aops/figures/syscare_hot_patch_statuses.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd0600fc5c913198dfe1e1bf2aba9c652576a98 Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/syscare_hot_patch_statuses.png differ diff --git a/docs/en/server/maintenance/aops/figures/tianjianode.png b/docs/en/server/maintenance/aops/figures/tianjianode.png new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/tianjianode.png differ diff --git a/docs/en/server/maintenance/aops/figures/xinzengpeizhi.png b/docs/en/server/maintenance/aops/figures/xinzengpeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/xinzengpeizhi.png differ diff --git a/docs/en/server/maintenance/aops/figures/zhuangtaichaxun.png b/docs/en/server/maintenance/aops/figures/zhuangtaichaxun.png new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and b/docs/en/server/maintenance/aops/figures/zhuangtaichaxun.png differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..bd179be46c9e711d7148ee44dc56f4a7a02f56bf Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..23ff4e5fddb87ac157b1002a70c47d9b4c76b873 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1a2b45e860914a1ac0cfb6908b02fb5cad4cbd60 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..89ac88e154275d4be8179d773e7093f2357f425f Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..57844f772853c541f7a1328b007a9b6ae4d5caf0 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5b4830b47897a0d51be28238a879a70b1de9ca3b Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..17fb5b13034e1fc5276c68583fed1952415b0b5f Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..458e023847bb2ad1f198f5a2dd1691748038137e Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa34bb909ee7c86a95126c13fa532ce93410a931 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..05859540cb88e11bd8dedaeb8e03253254574c40 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..f556e0e7e3c4096a89597cb08ba29133375aab07 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..801c7f917d717499c86708b419101be3773348ac Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..0719bb8c0b71d0503d5d3a7d8e9e83da71169c64 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..21c9468ce4378bcadf537e543c756cf7a1347499 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..9cfd080d1a658544c559e83429a14b35dc931fc6 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..7ca43b0a82b7c4dd3e43a5e46cf3b4a79d55d033 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..b9acfbcd7d8e3b2b551c8bb9700142dfba681afe Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..6bc8cc31e05d06dbd5ee4c0f62f281683db048da Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..3bf992f586f7fb4d87bc01cc29f961755a315c9d Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..f73ccaf984e8ab55f8b78f7da5a570ce43685221 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..b183298d96b8ced8954852540c891310aeda05be Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8aa813bc228326b3e8db19e303e03507873a893 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ccebe84f60b21737414b2cb3f972472114a40c5 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..619cc6d42b646df3d9c4e601f40a6ec452712668 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..34b1d4095b8c017f3c66ebfb3c44d114bc8d6ca7 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/en/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5f8a3a95705145787e7aaf9c8d1fff404892240 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..b8f0a87e00d73961907167fcbe43d82b60caf445 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" new file mode 100644 index 0000000000000000000000000000000000000000..ce25657a0627e9dfc3dc9ebf323e086103c2ecdf Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2f2e2e67a98a16e1ad464c794a8ef45ebb229d7f Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..94c9b65719050b79d2cdb9d1e8f67c459925cda7 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..7e4f0da4e88da6f18495a4fb23bd400d0da0a8da Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..1ee8f7bb2456efe6318074f46f5008da355a2cb1 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" new file mode 100644 index 0000000000000000000000000000000000000000..a916eebf306cca9ffa54f733143a0ac2c44313a4 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..31684136510cfe6248adf9b8cd086140ab5b26ef Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..df3991eb16d32d9f2296fbb36873ff26bc82fa18 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..c83daeeb5f8a4d9ab4f40e3debbe7a96f427ce74 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..5ab697c8f9c292097356a26140750f7f615c5d81 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" new file mode 100644 index 0000000000000000000000000000000000000000..4bde1fd7330491fda6f4ed73a2be2e8c0bfabc8d Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..2890e4934ba903324ea134d3ebee85307665270e Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..24f94c0a9ff05897b01786aa4bc8adfe4bc8db09 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" new file mode 100644 index 0000000000000000000000000000000000000000..8849a2fc81dbd14328c6c66c53033164a0b67b52 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1e518157f8def332adfa5516b37fdb89768499c Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8c229bf41b27f1fe6629106957fd5e47851096d Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" differ diff --git "a/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and "b/docs/en/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" differ diff --git a/docs/en/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png b/docs/en/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png new file mode 100644 index 0000000000000000000000000000000000000000..c810b26ad0c052960dfdf4bfd78e9224ce465318 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png differ diff --git "a/docs/en/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" "b/docs/en/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..790df6fd5781ca008124cff14635165a71abf126 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" differ diff --git a/docs/en/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png b/docs/en/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png new file mode 100644 index 0000000000000000000000000000000000000000..6ef6ef9bd126e6c2007389065bbecc1cfdd97f5b Binary files /dev/null and b/docs/en/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png differ diff --git a/docs/en/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png b/docs/en/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png new file mode 100644 index 0000000000000000000000000000000000000000..a2a29d2e1b62f7df409e87d03f2525ba8355f77e Binary files /dev/null and b/docs/en/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png differ diff --git a/docs/en/server/maintenance/aops/image/hotpatch-fix-pr.png b/docs/en/server/maintenance/aops/image/hotpatch-fix-pr.png new file mode 100644 index 0000000000000000000000000000000000000000..d10fd1ec44416f6b59cfd21cca8721d001f7ed19 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/hotpatch-fix-pr.png differ diff --git a/docs/en/server/maintenance/aops/image/hotpatch-pr-1.png b/docs/en/server/maintenance/aops/image/hotpatch-pr-1.png new file mode 100644 index 0000000000000000000000000000000000000000..1dc5269655c51b355d3cd89b71c6688fbb0d8d5d Binary files /dev/null and b/docs/en/server/maintenance/aops/image/hotpatch-pr-1.png differ diff --git a/docs/en/server/maintenance/aops/image/hotpatch-pr-success.png b/docs/en/server/maintenance/aops/image/hotpatch-pr-success.png new file mode 100644 index 0000000000000000000000000000000000000000..48ea807e03c0f8e6efbceacbbc583c6ac3b3c865 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/hotpatch-pr-success.png differ diff --git a/docs/en/server/maintenance/aops/image/hotpatch-pr.png b/docs/en/server/maintenance/aops/image/hotpatch-pr.png new file mode 100644 index 0000000000000000000000000000000000000000..159fd2b7bc76e002554722d1f0f12070a2bd2e19 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/hotpatch-pr.png differ diff --git a/docs/en/server/maintenance/aops/image/hotpatch-xml.PNG b/docs/en/server/maintenance/aops/image/hotpatch-xml.PNG new file mode 100644 index 0000000000000000000000000000000000000000..f1916620d3cc7b1c29059bcc5513fdc7ee94127b Binary files /dev/null and b/docs/en/server/maintenance/aops/image/hotpatch-xml.PNG differ diff --git a/docs/en/server/maintenance/aops/image/image-20230525193235084.png b/docs/en/server/maintenance/aops/image/image-20230525193235084.png new file mode 100644 index 0000000000000000000000000000000000000000..9850a11a0dcfeed69099635f3147a2230fe6faa5 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230525193235084.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230525193254541.png b/docs/en/server/maintenance/aops/image/image-20230525193254541.png new file mode 100644 index 0000000000000000000000000000000000000000..73bfbaa15a2584611ac06839965eca2869b89991 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230525193254541.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230527165206707.png b/docs/en/server/maintenance/aops/image/image-20230527165206707.png new file mode 100644 index 0000000000000000000000000000000000000000..7d7f0992fc048777340678974d38b3c193269385 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230527165206707.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230527165700642.png b/docs/en/server/maintenance/aops/image/image-20230527165700642.png new file mode 100644 index 0000000000000000000000000000000000000000..2c4500cb54ba0225704020160d72b4aaf265d3f7 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230527165700642.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230527165823568.png b/docs/en/server/maintenance/aops/image/image-20230527165823568.png new file mode 100644 index 0000000000000000000000000000000000000000..7b26b545bc7d37f09eca7736f30d2eb3a6062890 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230527165823568.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230527165845170.png b/docs/en/server/maintenance/aops/image/image-20230527165845170.png new file mode 100644 index 0000000000000000000000000000000000000000..9719210a961a18b639d56cbf88b8586370930b4c Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230527165845170.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230527165922876.png b/docs/en/server/maintenance/aops/image/image-20230527165922876.png new file mode 100644 index 0000000000000000000000000000000000000000..56ff3380d12b9c1002881eca98e32a49cc292b9a Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230527165922876.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230527170343909.png b/docs/en/server/maintenance/aops/image/image-20230527170343909.png new file mode 100644 index 0000000000000000000000000000000000000000..57c343360f278b2f67b77d37114a1f567a3ce63a Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230527170343909.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230607161425282.png b/docs/en/server/maintenance/aops/image/image-20230607161425282.png new file mode 100644 index 0000000000000000000000000000000000000000..d2fbca2a23e80edff661d05065987ede1cc7e8af Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230607161425282.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230607163358749.png b/docs/en/server/maintenance/aops/image/image-20230607163358749.png new file mode 100644 index 0000000000000000000000000000000000000000..191c36b65058ce8dea6bb2f1fe10a85b0177f2cf Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230607163358749.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230607172021782.png b/docs/en/server/maintenance/aops/image/image-20230607172021782.png new file mode 100644 index 0000000000000000000000000000000000000000..d25c3ebfb1aefe5d8f36b0b153afa64efd88dd63 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230607172021782.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230612113428096.png b/docs/en/server/maintenance/aops/image/image-20230612113428096.png new file mode 100644 index 0000000000000000000000000000000000000000..48b59b5e6cb4043703de96066c8d67e85eed4f16 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230612113428096.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230612113626330.png b/docs/en/server/maintenance/aops/image/image-20230612113626330.png new file mode 100644 index 0000000000000000000000000000000000000000..9d3621022deb02b267c3eb29315a7fe33c1f095e Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230612113626330.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230908163402743.png b/docs/en/server/maintenance/aops/image/image-20230908163402743.png new file mode 100644 index 0000000000000000000000000000000000000000..c17667178689c6384a039bf0f8025ea7eb360236 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230908163402743.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230908163914778.png b/docs/en/server/maintenance/aops/image/image-20230908163914778.png new file mode 100644 index 0000000000000000000000000000000000000000..a06c7e49b32286ceec9ff0e9a08f73a76c179daf Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230908163914778.png differ diff --git a/docs/en/server/maintenance/aops/image/image-20230908164216528.png b/docs/en/server/maintenance/aops/image/image-20230908164216528.png new file mode 100644 index 0000000000000000000000000000000000000000..15fbc694603837095244451d4f5d7e7af70789be Binary files /dev/null and b/docs/en/server/maintenance/aops/image/image-20230908164216528.png differ diff --git "a/docs/en/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/en/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..29223cbddc39f8fcc0b725a3ed83495709e05f78 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" differ diff --git a/docs/en/server/maintenance/aops/image/patch-file.PNG b/docs/en/server/maintenance/aops/image/patch-file.PNG new file mode 100644 index 0000000000000000000000000000000000000000..f587a48c2be945beaadecf44a6d711da14be50c6 Binary files /dev/null and b/docs/en/server/maintenance/aops/image/patch-file.PNG differ diff --git "a/docs/en/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/en/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..ba3a44433117f0a23fc6048cd3b093fe6af7250c Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" "b/docs/en/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" new file mode 100644 index 0000000000000000000000000000000000000000..2c2e2dd78242f538c21809614e917bef769256ba Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" "b/docs/en/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2914c3eef44bb3d3528686b44157a5f9276da9c6 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" new file mode 100644 index 0000000000000000000000000000000000000000..044be7ccd001ddc2bb69ba53b34f3c2a72511f39 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" new file mode 100644 index 0000000000000000000000000000000000000000..779c2fddcb02968358492e70f6aa9261be26fe48 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..d97fbd1fbb5a20b97ec88989f3c7a0776bb9cdc0 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..3acf2e93550e4962d0a5f927fd6fd0460a64b889 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..5b167be8a40762823223ccdd700d5b62f7e1aa38 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" new file mode 100644 index 0000000000000000000000000000000000000000..a96a4d229b54b301bbf4e7f7a2c41ea1e9faf43d Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..d77335d0097f7504f0c37dd8aca1691d9f1f0a23 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa74c2859588ff2a49d6341dd2a2ac6fe2049eac Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..404ac733fae66bda9ceac2d6c2fa18897c58dc70 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" differ diff --git "a/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..6d32e8874e8e5e7f7fb5c350fca0063da9a77176 Binary files /dev/null and "b/docs/en/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" differ diff --git a/docs/en/server/maintenance/aops/quick_deployment_of_aops.md b/docs/en/server/maintenance/aops/quick_deployment_of_aops.md new file mode 100644 index 0000000000000000000000000000000000000000..0c87a366b2fa87fe91bab6e86e450ee1a4a4efd1 --- /dev/null +++ b/docs/en/server/maintenance/aops/quick_deployment_of_aops.md @@ -0,0 +1,102 @@ +# One-Click Deployment of A-Ops + +One-click deployment of A-Ops is based on Docker and docker-compose to simply deployment and implement one-click start and stop. + +## Environment Requirements + +You are advised to use two or more machines with 8 GB or more memory running openEuler 22.03 LTS SP1 or later. Assume that the machines are host A and B. + +- MySQL, Elasticsearch, Kafka, Redis, and Prometheus are deployed on host A, which provides data services. +- The A-Ops server and A-Ops frontend are deployed on host B to provide service functions as well as display and operations. + +| Host | IP Address | Services | +| -------- | ----------- | -------------------------------------------- | +| Host A | 192.168.1.1 | MySQL, Elasticsearch, Redis, Kafka, Prometheus | +| Host B | 192.168.1.2 | aops-zeus, aops-diana, aops-apollo, aops-hermes | + +## Environment Configuration + +### Disabling the Firewall on Host A + +```shell +systemctl stop firewalld +systemctl disable firewalld +systemctl status firewalld +``` + +### Installing Docker and docker-compose + +```shell +dnf install docker docker-compose +# Set Docker to start upon system startup. +systemctl enable docker +``` + +### Installing aops-vulcanus and aops-tools + +```shell +dnf install aops-vulcanus aops-tools +``` + +### Perform One-Click Deployment + +- Execute the deployment script. + +```shell +cd /opt/aops/scripts/deploy/container +# Execute run.sh. +bash run.sh +``` + +> Enter the interactive CLI. +> +> ```console +> 1. Build the docker container (build). +> 2. Start the container orchestration service (start-service/start-env). +> 3. Stop all container services (stop-service/stop-env). +> run.sh: line 74: read: `Enter to exit the operation (Q/q).': not a valid identifier +> Select an operation procedure to continue: +> +> ``` +> +> **build**: Deployment of basic services (such as MySQL and Kafka) does not need the build operation. +> +> **start-service**: Start the service and frontend of A-Ops. +> +> **start-env**: Start basic service including MySQL, Redis, and Kafka. +> +> **stop-service**: Stop the service and frontend of A-Ops. +> +> **stop-env**: Stop basic services. The data is retained. +> +> **Q/q**: Exit the interactive CLI. + +- Deploy the A-Ops server. + +```shell +# Execute the deployment script on host B. +cd /opt/aops/scripts/deploy/container +bash run.sh +# Run start-service in the interactive CLI. +``` + +- Modify service configuration files. + +> **Note: If the A-Ops service and basic services are deployed on the same host, you do not need to modify the configuration files. In this example, set the IP addresses for connecting to basic services to the IP address of host A in all configuration files.** +> +> **Password-free mode is used in the default MySQL connection string. The MySQL basic service is configured with the default password "123456". Change the configurations as required.** + +```shell +# Modify the IP addresses for connecting to mysql, elasticsearch, kafka, and redis in apollo.ini, diana.ini, and zeus.ini. +cd /etc/aops/ +``` + +- **FAQ** + +**1. The Elasticsearch basic service cannot be started normally.** + +Check whether the permission on the **/opt/es** directory is **777**. You can run `chmod -R 777 /opt/es` to modify the permission. + +**2. The Prometheus basic service cannot be started normally.** + +Check whether the configuration file **prometheus.yml** exists in **/etc/prometheus**. If not, create it. diff --git a/docs/en/server/maintenance/common_skills/_toc.yaml b/docs/en/server/maintenance/common_skills/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3abd8afdd0e4ebd79edc0799cd41371c5acb1d7c --- /dev/null +++ b/docs/en/server/maintenance/common_skills/_toc.yaml @@ -0,0 +1,8 @@ +label: Common Skills +isManual: true +description: Common configurations and commands for O&M +sections: + - label: Information Collection + href: ./information_collection.md + - label: Common Configurations + href: ./common_configurations.md diff --git a/docs/en/server/maintenance/common_skills/common_configurations.md b/docs/en/server/maintenance/common_skills/common_configurations.md new file mode 100644 index 0000000000000000000000000000000000000000..ff079796b648eb341c85252850367cbeeeb298bc --- /dev/null +++ b/docs/en/server/maintenance/common_skills/common_configurations.md @@ -0,0 +1,561 @@ +# Common Configurations + +## Configuring the Network + +1. Configure the IP address. + + Run the `ip` command to configure an address for the interface. `interface-name` indicates the name of the NIC. + + ```shell + ip addr [ add | del ] address dev interface-name + ``` + +2. Configure a static IP address. + + ```shell + # Configure the static IP address. + ip address add 192.168.0.10/24 dev enp3s0 + + # Run the following command as the root user to query the configuration result: + ip addr show dev enp3s0 + + # The result is as follows: + 2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff + inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 + valid_lft 9547sec preferred_lft 9547sec + inet 192.168.0.10/24 scope global enp3s0 + valid_lft forever preferred_lft forever + inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute + valid_lft forever preferred_lft forever + ``` + +3. Configure a static route. + + Run the `ip route add` command to add a static route to the routing table and run the `ip route del` command to delete a static route. The common format of the `ip route` command is as follows: + + ```shell + ip route [ add | del | change | append | replace ] destination-address + ``` + + - To add a static route to the host address, run the following command as the **root** user: + + ```shell + ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] + ``` + + - To add a static route to the network, run the following command as the **root** user: + + ```shell + ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] + ``` + +4. Configure the network using the ifcfg file. + + Modify the **ifcfg-enp4s0** file generated in the **/etc/sysconfig/network-scripts/** directory as the **root** user. The following is an example: + + ```text + TYPE=Ethernet + PROXY_METHOD=none + BROWSER_ONLY=no + BOOTPROTO=none + IPADDR=192.168.0.10 + PREFIX=24 + DEFROUTE=yes + IPV4_FAILURE_FATAL=no + IPV6INIT=yes + IPV6_AUTOCONF=yes + IPV6_DEFROUTE=yes + IPV6_FAILURE_FATAL=no + IPV6_ADDR_GEN_MODE=stable-privacy + NAME=enp4s0static + UUID=xx + DEVICE=enp4s0 + ONBOOT=yes + ``` + +## Managing RPM Packages + +The full name of RPM is RPM Package Manager, which is intended to manage Red Hat software packages. It is used in mainstream distributions such as openEuler, Fedora, Red Hat, Mandriva, SUSE and YellowDog, and distributions developed based on these distributions. + +RPM installs the required software to a set of management programs on the Linux host in database record mode. The software to be installed is compiled and packaged, and the default database record in the packaged software records the dependencies required for the software installation. When a user installs the software on a Linux host, RPM checks whether the dependencies on the Linux host meets the requirements based on the data recorded in it. + +- If yes, install the software. +- If no, do not install the software. + +During the installation, all software information is written into the RPM database for subsequent query, verification, and uninstallation. +![en-us_other_0000001337581224](images/en-us_other_0000001337581224.jpeg) + +1. Default installation path of the RPM packages + + Generally, RPM uses the default installation path. (The default installation path can be queried by running a command and will be described in detail in subsequent sections.) All installation files are distributed to the directories listed in the following table by type. + + RPM installation paths and their meanings + + |Installation Path|Description| + |--|--| + |/etc/|Configuration file installation directory| + |/usr/bin/|Installation directory of the executable commands| + |/usr/lib/|Path for storing the function library used by the program| + |/usr/share/doc|Location where the basic software user manual is saved| + |/usr/share/man/|Path for saving the help file| + + Note: You can manually specify the installation path of RPM, but this method is not recommended. After the installation path is manually specified, all installation files are installed in the specified path, and the command for querying the installation path in the system cannot be used. The command can be identified by the system only after being manually configured. + +2. rpm command options + + **Checking the RPM Signature of the Software Package** + + Before installing the RPM package on a Linux host, check the PGP signature. After ensuring that the signature integrity and source are correct, run the `rpm --checksig` command to verify the validity: + + ```shell + rpm --checksig nano-2.3.1-10.el7.x86_64.rpm + ``` + + **Installing RPM Packages** + + To install RPM packages in Linux, use the `-i` option in the `rpm` command. + + ```shell + rpm -ivh nano-2.3.1-10.el7.x86_64.rpm + ``` + + - `-i`: installs the software package. + - `-v`: displays detailed information. + - `-h`: lists flags during suite installation. + + **Querying an Installed RPM Package** + + To query an RPM package (dnf) installed in the Linux system, use the `-q` option in the `rpm` command. + + ```shell + rpm -q dnf + ``` + + - `-q`: query operation + + If the specified package is not installed, the following error message is displayed: + + ```text + package dnf is not installed + ``` + + **Querying All Installed RPM Packages** + + To query all RPM packages installed in Linux, use the `-qa` option in the `rpm` command. + + ```shell + $ rpm -qa + dracut-config-rescue-055-7.oe2203sp2.x86_64 + parted-3.5-1.oe2203sp2.x86_64 + irqbalance-1.8.0-9.oe2203sp2.x86_64 + ...... + ``` + + Note: When using the `-qa` option, use the pipe character (|) together to improve the search accuracy. + + **Querying Details About an Installed RPM Package** + + Use the `-qi` option in the `rpm` command to query the details of an RPM package installed in the system. + + ```shell + # rpm -qi python3 + Name : python3 + Version : 3.9.9 + Release : 24.oe2203sp2 + Architecture: x86_64 + Install Date: Wed 30 Mar 2022 08:30:23 AM UTC + Group : Unspecified + Size : 35916839 + License : Python + Signature : RSA/SHA1, Wed 30 Mar 2022 03:29:30 AM UTC, Key ID d557065eb25e7f66 + Source RPM : python3-3.9.9-24.oe2203sp2.x86_64.rpm + Build Date : Tue 15 Mar 2022 12:00:00 AM UTC + Build Host : obs-worker1639015616-x86-0001 + Packager : http://openeuler.org + Vendor : http://openeuler.org + URL : https://www.python.org/ + Summary : Interpreter of the Python3 programming language + Description : + Python combines remarkable power with very clear syntax. It has modules, + classes, exceptions, very high level dynamic data types, and dynamic + typing. There are interfaces to many system calls and libraries, as well + as to various windowing systems. New built-in modules are easily written + in C or C++ (or other languages, depending on the chosen implementation). + Python is also usable as an extension language for applications written + in other languages that need easy-to-use scripting or automation interfaces. + + This package Provides python version 3. + ``` + + **Querying All Files in an RPM Package** + + To query the file list of an RPM package that is not installed, use the `-qlp` option in the `rpm` command. + + ```shell + $ rpm -qlp pkgship-2.2.0-10.oe2203sp2.noarch.rpm + /etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-pkgship-2.2.0-10.oe2203sp2.noarch + /etc/ima/digest_lists/0-metadata_list-compact-pkgship-2.2.0-10.oe2203sp2.noarch + /etc/pkgship/auto_install_pkgship_requires.sh + /etc/pkgship/conf.yaml + /etc/pkgship/package.ini + ...... + ``` + + **Querying RPM Package Dependencies** + + To query the list of dependency packages compiled by a specified RPM package that is not installed, use the `-qRp` option in the `rpm` command. + + ```shell + $ rpm -qRp pkgship-2.2.0-10.oe2203sp2.noarch.rpm + /bin/bash + /bin/sh + /usr/bin/python3 + config(pkgship) = 2.2.0-10.oe2203sp2 + python3 + python3-Flask-Limiter + ...... + ``` + + **Verifying All Installed RPM Packages** + + To verify an installed RPM package, use the `-Va` option in the `rpm` command to compare the information about the files installed in the package with the information about the files obtained from the package metadata stored in the RPM database. + + ```shell + $ rpm -Va + S.5....T. c /root/.bashrc + .......T. c /etc/yum.repos.d/openEuler.repo + S.5....T. c /etc/issue + S.5....T. c /etc/issue.net + S.5....T. c /etc/csh.login + S.5....T. c /etc/profile + .M....G.. g /var/log/lastlog + .M....... c /boot/grub2/grubenv + ...... + ``` + + Output fields of the `rpm -Va` command and their meanings + + |Field|Description| + |--|--| + |S|The file length changes.| + |M|The access permission or type of a file changes.| + |5|The MD5 checksum changes.| + |D|The attributes of a device node change.| + |L|The symbolic link of a file changes.| + |U|The owner of a file, subdirectory, or device node changes.| + |G|The group of a file, subdirectory, or device node changes.| + |T|The last modification time of a file changes.| + + **Querying the RPM Package of a Specific File** + + To query an RPM package that provides a specific binary file on Linux, use the `-qf` option in the `rpm` command. + + ```shell + $ rpm -qf /usr/share/doc/pkgship + pkgship-2.2.0-10.oe2203sp2.noarch.rpm + ``` + + **Querying Files in an Installed RPM Package** + + To query the list of installation files of an RPM package, use the `-ql` option in the `rpm` command. + + ```shell + $ rpm -ql dnf + /etc/bash_completion.d/dnf + /etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-dnf-4.14.0-14.oe2203sp2.noarch + /etc/ima/digest_lists/0-metadata_list-compact-dnf-dnf-4.14.0-14.oe2203sp2.noarch + /usr/bin/dnf + /usr/lib/systemd/system/dnf-makecache.service + /usr/lib/systemd/system/dnf-makecache.timer + /usr/share/doc/dnf + /usr/share/doc/dnf/AUTHORS + /usr/share/doc/dnf/README.rst + /usr/share/licenses/dnf + /usr/share/licenses/dnf/COPYING + /usr/share/licenses/dnf/PACKAGE-LICENSING + /var/cache/dnf + ``` + + **Querying the Recently Installed RPM Packages** + + Linux is a multi-user OS. During the use of Linux, other users may have installed some software packages. To query the recently installed packages in the system, use the `-qa --last` options in the `rpm` command. + + ```shell + $ rpm -qa --last + ntp-4.2.8p15-11.oe2203sp2.x86_64 + ntpstat-0.6-4.oe2203sp2.noarch + ntp-help-4.2.8p15-11.oe2203sp2.noarch + ``` + + **Querying Only the Documents of the Installed RPM Packages** + + You can obtain the help information of any command from the **Linux Man** page (path for storing **/usr/share/doc/Package\_Name-Version\_Number/docs\*** documents). To query the list of documents associated with the installed RPM packages, use the `-qdf` option in the `rpm` command and enter the binary file path. + + ```shell + $ rpm -qdf /usr/bin/grep + /usr/share/doc/grep/NEWS + /usr/share/doc/grep/README + /usr/share/doc/grep/THANKS + /usr/share/doc/grep/TODO + /usr/share/info/grep.info.gz + /usr/share/man/man1/egrep.1.gz + /usr/share/man/man1/fgrep.1.gz + /usr/share/man/man1/grep.1.gz + ``` + + **Upgrading an Installed RPM Package** + + You can easily upgrade the installed RPM package to the latest version by using the `-Uvh` option and the `rpm` command. + + ```shell + $ rpm -Uvh pkgship-2.2.0-10.oe2203sp2.noarch.rpm + Preparing... ################################# [100%] + ``` + + Note: When the installed RPM package is upgraded, the old RPM package is deleted and the new RPM package is installed. + + **Removing an Installed RPM Package** + + To remove an RPM package installed on the system, use the `-ev` or `-e` option in the `rpm` command. + + ```shell + rpm -ev pkgship + ``` + + **Rebuilding the Damaged RPM Database** + + When you try to update the system using the `yum update` command, you may receive an error message indicating that the RPM database is damaged. If you receive this message, use the `--rebuilddb` option in the `rpm` command to rebuild the database. + + ```shell + rm /var/lib/rpm/__db* + rpm --rebuilddb + ``` + + **Checking Whether Vulnerabilities in Specific Packages Have Been Fixed** + + You can use the `--changelog` option in the `rpm` command and enter the corresponding CVE ID. + + ```shell + rpm -q --changelog python-2.6.6 | grep -i "CVE-2019-9636" + ``` + + **Importing the RPM GPG Key** + + By default, when a new repository is added to the Linux system, the GPG key is automatically imported. You can also use `--import` in the `rpm` command to manually import the RPM GPG key to check the integrity of a package when downloading it from the repository. + + ```shell + rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-OpenEuler-22.03-LTS-SP2 + ``` + +3. DNF commands + + DNF commands + + |Command|Description| + |--|--| + |repolist|Displays the configured software repository source.| + |install|Installs one or more software packages on Linux.| + |upgrade|Upgrades one or more software packages on Linux.| + |list|Lists a software package or a group of software packages.| + |info|Displays detailed information about a package or package group.| + |updateinfo|Displays the bulletin information about a package.| + |search|Searches for the specified character string in the software package details.| + |check-update|Checks for software package update.| + |remove|Removes one or more software packages from the system.| + |reinstall|Reinstalls a package.| + |downgrade|Downgrades a software package.| + |autoremove|Removes all unnecessary software packages that are installed due to dependency relationships.| + |distro-sync|Synchronizes the installed software package to the latest available version.| + |makecache|Creates a metadata cache.| + |repository-package|Runs commands on all software packages in a specified repository.| + |provides|Searches for the software package that provides the specified content.| + |group|Displays or uses group information.| + |history|Displays or uses transaction history.| + |clean|Deletes cached data.| + + **Displaying Configured Software Repositories** + + By default, the `--enabled` option is added to display the enabled software repositories. + + ```shell + $ dnf repolist --enabled + repo id repo name + EPOL EPOL + OS OS + debuginfo debuginfo + everything everything + pkgship_elasticsearch Elasticsearch repository + source source + update update + ``` + + - `--all`: displays all software repositories. + - `--disabled`: displays disabled software repositories. + - `--enabled`: displays enabled repositories (default). + + Installing One or More Software Packages + + You can run the `install` command to install RPM packages. + + ```shell + dnf install software_package + ``` + + Conflicting packages or packages that cannot be installed may exist during software package installation. You can add `--allowerasing` to the command to replace the conflicting packages or `--skip-broken` to skip the packages that cannot be installed. + + ```shell + dnf install software_package [software_package ...] --allowerasing --skip-broken + ``` + + When dnf is used to install a software package, add `--installroot` to set the root directory for installing the software package. + + ```shell + dnf install software_package --installroot software_package_root_directory + ``` + + If you need to temporarily specify a repository source for installation, you can add the `--setopt=reposdir=` option to specify the loading directory of the repository source. + + ```shell + dnf install software_package --setopt=reposdir=repo_source_directory + ``` + + If interactive confirmation is not required during installation, you can add `-y` or `--assumeyes` to enable all software packages to be installed to automatically answer **Yes**. + + ```shell + dnf install software_package -y + ``` + + To install an RPM package by specifying a specific repository source, you can specify the `--repo` or `--enablerepo` option. To achieve the same effect, you can also use the `--disablerepo` option to disable the matched repository source. You are advised to use the `--repo` option to install the RPM package. + + ```shell + dnf install software_package --repo=repo_source_ + ``` + + **Reinstalling a Software Package** + + You can run the `reinstall` command to reinstall a software package in the system. + + ```shell + dnf reinstall software_package + ``` + + **Upgrading One or More Software Packages** + + - You can use the `upgrade` command to upgrade one or more software packages on Linux. + + ```shell + dnf upgrade software_package [software_package ...] + ``` + + - You can also run the `update` command to upgrade one or more software packages. + + ```shell + dnf update software_package [software_package ...] + ``` + + **Downgrading a Software Package** + + If a compatibility problem occurs because the version of a software package is too late, you can downgrade the software package. + + ```shell + dnf downgrade software_package + ``` + + **Listing a Package or a Group of Packages** + + You can run the `list` command to list the software packages installed in the system and the software packages in the configured repository. + + ```shell + dnf list + ``` + + You can add options to filter the displayed package list. + + - `--all`: displays all software packages (default). + - `--available`: displays only available software packages. + - `--installed`: displays only installed software packages. + - `--extras`: displays only additional software packages. + - `--updates`: displays only the software packages to be upgraded. + - `--upgrades`: displays only the software packages to be upgraded. + - `--autoremove`: displays only the software packages to be removed. + - `--recent`: displays the software packages that have been changed recently. + + **Querying Details About a Software Package** + + You can run the `info` command to query details about a software package. + + ```shell + dnf info software_package + ``` + + **Searching for a Software Package** + + If you need to install a software package in the system but you are not sure about the full name of the software package, you can run the `search` command to search for the matched package. + + ```shell + dnf search software_package + ``` + + **Uninstalling One or More Software Packages** + + You can run the `remove` command to remove an expired or duplicate software package. + + ```shell + dnf remove software_package + ``` + + - `--duplicates`: removes installed (duplicate) software packages. + - `--oldinstallonly`: removes expired installation-only software packages. + + **Automatically Removing Software Packages Installed Due to Dependency Relationships** + + You can run the `autoremove` command to remove unnecessary software packages that are installed due to dependency relationships. + + ```shell + dnf autoremove software_package + ``` + +## Configuring SSH + +1. Introduction to the SSH service + + Secure Shell (SSH) is a reliable protocol that ensures the security of remote login sessions and other network services. The SSH protocol can effectively prevent information leakage during remote management. SSH encrypts transferred data to prevent domain name server (DNS) spoofing and IP spoofing. OpenSSH was created as an open source alternative to the proprietary SSH protocol. + +2. Configuring the SSH Service + + ```shell + # Open and modify the /etc/ssh/sshd_config file. + vi /etc/ssh/sshd_config + + # Restart the SSH service. + systemctl restart sshd + + # Check the SSH service status. + systemctl status sshd + ``` + +3. Main options in the SSH service configuration file + + ```text + $ Specify the SSH protocol version. + Protocol 2 + + # Allowed users + AllowUsers xxx + + # Denied users + DenyUser root + + # Configure session timeout. + ClientAliveInterval 120 + + # Disable SSH root login. + PermitRootLogin no + + # Configure or change the SSH port number. + Port 1234 + + # Disable SSH password authentication. + PasswordAuthentication no + ``` diff --git a/docs/en/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/en/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/en/server/maintenance/common_skills/images/en-us_image_0000001321685172.png b/docs/en/server/maintenance/common_skills/images/en-us_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..acbe1f90720a7cc56dd20d03f00918264680a7db Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/en-us_image_0000001321685172.png differ diff --git a/docs/en/server/maintenance/common_skills/images/en-us_other_0000001337581224.jpeg b/docs/en/server/maintenance/common_skills/images/en-us_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/en-us_other_0000001337581224.jpeg differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/en/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg b/docs/en/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/en/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/en/server/maintenance/common_skills/information_collection.md b/docs/en/server/maintenance/common_skills/information_collection.md new file mode 100644 index 0000000000000000000000000000000000000000..3b2d7e31a29bed9e79c94851e82a155c547459ea --- /dev/null +++ b/docs/en/server/maintenance/common_skills/information_collection.md @@ -0,0 +1,157 @@ +# Information Collection + +## Querying OS Information + +1. Query the OS version. + + ```shell + cat /etc/openEuler-latest + cat /etc/os-release + cat /etc/openEuler-release + ``` + +2. Query the kernel version. + + ```shell + uname -a + ``` + +## Querying Hardware Information + +1. Query CPU statistics. + + ```shell + lscpu + ``` + +2. View CPU parameters. + + ```shell + cat /proc/cpuinfo + ``` + +3. View system memory information. + + ```shell + cat /proc/meminfo + ``` + +4. View memory information. + + ```shell + dmidecode -t memory + ``` + +5. View hard drive and partition distribution. + + ```shell + lsblk + ``` + +6. View details about hard drives and partitions. + + ```shell + fdisk -l + ``` + +7. View NIC information. + + ```shell + lspci | grep -i 'eth' + ``` + +8. View all network interfaces. + + ```shell + ip a + yum install -y net-tools + ifconfig + ``` + +9. View details about a network interface. + + ```shell + ethtool enp7s0 # (enp7s0 is used as an example.) + ``` + +10. View PCI information. + + ```shell + lspci + ``` + +11. View the device tree. + + ```shell + lspci -t + ``` + +12. View BIOS information. + + ```shell + dmidecode -t bios + ``` + +## Querying Software Information + +1. Query details about a software package. + + ```shell + rpm -qi systemd # (systemd is used as an example.) + ``` + +2. View the modules provided by a software package. + + ```shell + rpm -q --provides systemd # (systemd is used as an example.) + ``` + +3. View all installed software packages. + + ```shell + rpm -qa | grep systemd # (systemd is used as an example.) + ``` + +4. View the file list of a software package. + + ```shell + rpm -ql python3-rpm # (python3-rpm is used as an example.) + ``` + +## Viewing OS Logs + +1. View the information and error logs after the system is started. + + ```shell + cat /var/log/messages + ``` + +2. View the security-related logs. + + ```shell + cat /var/log/secure + ``` + +3. View the email-related logs. + + ```shell + cat /var/log/maillog + ``` + +4. View the logs related to scheduled tasks. + + ```shell + cat /var/log/cron + ``` + +5. View the logs related to UUCP and news devices. + + ```shell + cat /var/log/spooler + ``` + +6. View the logs related to the startup and stop of the daemon process. + + ```shell + cat /var/log/boot.log + ``` diff --git a/docs/en/server/maintenance/common_tools/_toc.yaml b/docs/en/server/maintenance/common_tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f48edbf0cd1b52b11213535f0d8ef935b8926fb6 --- /dev/null +++ b/docs/en/server/maintenance/common_tools/_toc.yaml @@ -0,0 +1,6 @@ +label: Commonly Used Tools for Location and Demarcation +isManual: true +description: Commonly used tools for location and demarcation, including ftrace, strace, and kdump +sections: + - label: Commonly Used Tools for Location and Demarcation + href: ./commonly_used_tools.md diff --git a/docs/en/server/maintenance/common_tools/commonly_used_tools.md b/docs/en/server/maintenance/common_tools/commonly_used_tools.md new file mode 100644 index 0000000000000000000000000000000000000000..ec56cda1bef2583fdbdc2cf9402568a5d3e1f178 --- /dev/null +++ b/docs/en/server/maintenance/common_tools/commonly_used_tools.md @@ -0,0 +1,199 @@ +# Commonly Used Tools + +## ftrace + +1. ftrace: a debug tool for the Linux kernel space. The kernel provides trace events for you to trace . ftrace can capture events so that you can intuitively view these events and trace kernel functions. +2. Configuration and usage of ftrace: To use ftrace, you need to compile its dependencies into the kernel. By default, openEuler compiles the ftrace option. If the ftrace option is not enabled, you can enable it by choosing **Kernel hacking** > **Tracers** > **Trace syscalls** in **menuconfig**. In addition, you need to compile the debugfs by choosing **Kernel hacking** > **Generic Kernel Debugging Instruments** > **Debug Filesystem**. + +- **Configuring the ftrace function** + +ftrace provides access interfaces for user space through the debugfs. After the debugfs is configured in the kernel, the **/sys/kernel/debug** directory is created. The debugfs is mounted to this directory. If the kernel supports ftrace-related configuration items, a **tracing** directory is created in the debugfs. The debugfs is mounted to this directory. The following figure shows the content of this directory. + +![](./images/zh-cn_image_0000001322372918.png) + +- **Introduction to the ftrace debugfs interface** + + You can view some control and output files provided by ftrace through the debugfs. The common files are described as follows: + +```shell +available_tracers: available tracers + +current_tracer: running tracer + +available_events: lists all available trace events in the OS + +events: This directory differentiates events by module. + +set_event: lists the events to be traced. + +tracing_on: enables or disables tracing. echo 0 > tracing_on indicates that tracing is disabled, and 1 indicates that tracing is enabled. + +trace: queries trace data. +``` + +- **Available tracers** + +![zh-cn_image_0000001373373585](./images/zh-cn_image_0000001373373585.png) + +```shell +function: a function call tracing program that does not require parameters +function_graph: a function call tracer that uses subcalls +``` + +- **Trace events** + +```shell +# Specify the arm_event of the RAS to be traced. +echo ras:arm_event > /sys/kernel/debug/tracing/set_event + +# This file contains the event format and fields to be printed. +cat /sys/kernel/debug/tracing/events/ras/arm_event/format + +# Start tracing. +echo 1 > /sys/kernel/debug/tracing/tracing_on + +# Observe the trace output. +tail -f /sys/kernel/debug/tracing/trace +``` + +![c50cb9df64f4659787c810167c89feb4_1884x257](./images/c50cb9df64f4659787c810167c89feb4_1884x257.png) + +- **Tracing input parameters of kernel functions** + +Trace mmap, which corresponds to the system call **do_mmap**. Output the **addr** input parameter. + +![zh-cn_image_0000001373379529](./images/zh-cn_image_0000001373379529.png) + +```shell +# Trace through the kprobe. +echo 'p:probe1 do_mmap addr=%x1' > kprobe_events + +# Enable kprobe. +echo 1 > events/kprobes/probe1/enable + +# Start tracing. +echo 1 > tracing_on + +# View trace data. +``` + +![zh-cn_image_0000001322379488](./images/zh-cn_image_0000001322379488.png) + +- **Tracing function calls** + +```shell +# Select a tracing type. +echo function_graph > current_tracer + +# Set the PID of the process to be filtered. +echo set_ftrace_pid + +# Start tracing. +echo 1 > tracing_on + +# View trace data. +``` + +![zh-cn_image_0000001322219840](./images/zh-cn_image_0000001322219840.png) + +## strace + +The `strace` command is a diagnosis and debugging tool. You can use the `strace` command to analyze system calls and signal transmission of applications to solve problems or understand the application execution process. + +You can run the `strace -h` command to view the functions provided by strace. + +![zh-cn_image_0000001322112990](./images/zh-cn_image_0000001322112990.png) + +The most common usage is to trace a command, trace the forks, print the time, and output the result to the **output** file. + +```shell +strace -f -tt -o output xx +``` + +## kdump + +1. crash/kdump Principles + + kdump is a snapshot of the memory status of the OS running at a certain time point. It helps O&M personnel debug and analyze the cause of system breakdown. kdump is usually used when system breakdown and panic happen. + + The process is as follows. + + ![zh-cn_image_0000001321685172](./images/zh-cn_image_0000001321685172.png) + +2. Installing and configuring related tools + + ```shell + # Use Yum to install the corresponding software package. + yum install kernel-debuginfo-$(uname -r) kexec-tools crash -y + + # Set the reserved memory size for **crashkernel**. + vim /etc/default/grub + ``` + + ![zh-cn_image_0000001372821865](./images/zh-cn_image_0000001372821865.png) + + ```shell + # Regenerate the grub configuration file. + grub2-mkconfig -o /boot/efi/EFI/openEuler/grub.cfg + reboot + + # Start the kdump service. + systemctl start kdump #Start kdump. + systemctl enable kdump #Set the kdump to start upon system startup. + ``` + +3. Triggering a crash + + Step 1. Retain the default settings of the kernel. When a hard lock or oops occurs, a panic is triggered. + + ![zh-cn_image_0000001372824637](./images/zh-cn_image_0000001372824637.png) + + Step 2. Modify the settings. The following commands cam make the settings take effect only once and become invalid after the system is restarted. + + ```shell + # Set a soft lock to trigger a panic. + echo 1 > /proc/sys/kernel/softlockup_panic + + # Trigger a kernel panic when an out of memory (OOM) error occurs. + echo 1 > /proc/sys/vm/panic_on_oom + + # A panic occurs when a process is hung. + echo 1 > /proc/sys/kernel/hung_task_panic + + # Set the timeout interval of the hung task mechanism. + echo 60 > /proc/sys/kernel/kernel.hung_task_timeout_secs + ``` + + Step 3. To make the configuration take effect permanently, write the following parameters to the **/etc/sysctl.conf** file and run the `sysctl -p` command: + + ```shell + kernel.hung_task_panic=1 + kernel.hung_task_timeout_secs=60 + kernel.softlockup_panic=1 + vm.panic_on_oom=1 + ``` + +4. Analyzing the crash + +Step 1. Enable crash debugging. + +Step 2. Find the generated **vmcore** file generated in the **/var/crash** directory. + +Step 3. Run the following command to start crash debugging: + +```shell +crash {vmcore file} {debug kernel vmlinux} +``` + +![zh-cn_image_0000001372748125](./images/zh-cn_image_0000001372748125.png) + +The format of the **crash** debugging command is *command args*. *command* indicates the command to be executed, and *args* indicates the parameters required by some debugging commands. + +|Command|Description| +|--|--| +|help|Prints the help information of a command. You can view the supported commands or the help information of a specific command. For example, run `help bt`.| +|bt|Prints the function call stack information.| +|log|Prints the system message buffer. Parameters can be appended, for example, **log**.| +|ps|Displays the process status. **>** indicates that the process is active.| +|dis|Disassembles a specified function or address. Example: `dis -l [func]`| +|mount|Displays information about the current file system.| diff --git a/docs/en/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/en/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/en/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg b/docs/en/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/en/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/en/server/maintenance/gala/_toc.yaml b/docs/en/server/maintenance/gala/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b83983d46f641aea2be5d83aefcc2e028eb58395 --- /dev/null +++ b/docs/en/server/maintenance/gala/_toc.yaml @@ -0,0 +1,10 @@ +label: gala User Guide +isManual: true +description: Smart fault detection, performance data gathering and analysis, and resource monitoring and management +sections: + - label: gala-anteater User Guide + href: ./using_gala_anteater.md + - label: gala_gopher User Guide + href: ./using_gala_gopher.md + - label: gala-spider User Guide + href: ./using_gala_spider.md diff --git "a/docs/en/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" "b/docs/en/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..047c6f1bfe3e38c66d34285563d910f6f3bd07e1 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" differ diff --git a/docs/en/server/maintenance/gala/figures/chakanyuqi.png b/docs/en/server/maintenance/gala/figures/chakanyuqi.png new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/chakanyuqi.png differ diff --git a/docs/en/server/maintenance/gala/figures/chaxunshijipeizhi.png b/docs/en/server/maintenance/gala/figures/chaxunshijipeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/chaxunshijipeizhi.png differ diff --git a/docs/en/server/maintenance/gala/figures/chuangjianyewuyu.png b/docs/en/server/maintenance/gala/figures/chuangjianyewuyu.png new file mode 100644 index 0000000000000000000000000000000000000000..4f5b8de2d2c4ddb9bfdfba1ac17258a834561e2d Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/chuangjianyewuyu.png differ diff --git a/docs/en/server/maintenance/gala/figures/gala-gopher-start-success.png b/docs/en/server/maintenance/gala/figures/gala-gopher-start-success.png new file mode 100644 index 0000000000000000000000000000000000000000..ab16e9d3661db3fd4adc6c605b2d2d08e79fdc1c Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/gala-gopher-start-success.png differ diff --git a/docs/en/server/maintenance/gala/figures/gala-spider-arch.png b/docs/en/server/maintenance/gala/figures/gala-spider-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..c5a0768be63a98ef7ccc4a56996a8c715f7090af Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/gala-spider-arch.png differ diff --git "a/docs/en/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/en/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..c5a0768be63a98ef7ccc4a56996a8c715f7090af Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git a/docs/en/server/maintenance/gala/figures/gopher-arch.png b/docs/en/server/maintenance/gala/figures/gopher-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..f151965a21d11dd7a3e215cc4ef23d70d059f4b1 Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/gopher-arch.png differ diff --git a/docs/en/server/maintenance/gala/figures/group.PNG b/docs/en/server/maintenance/gala/figures/group.PNG new file mode 100644 index 0000000000000000000000000000000000000000..584fd1f7195694a3419482cace2a71fa1cd9a3ec Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/group.PNG differ diff --git a/docs/en/server/maintenance/gala/figures/icon-note.gif b/docs/en/server/maintenance/gala/figures/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/icon-note.gif differ diff --git a/docs/en/server/maintenance/gala/figures/shanchupeizhi.png b/docs/en/server/maintenance/gala/figures/shanchupeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/shanchupeizhi.png differ diff --git a/docs/en/server/maintenance/gala/figures/spider_topology.png b/docs/en/server/maintenance/gala/figures/spider_topology.png new file mode 100644 index 0000000000000000000000000000000000000000..5823a116f384801e1197350f151b4d04ef519ac4 Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/spider_topology.png differ diff --git "a/docs/en/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" "b/docs/en/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..5823a116f384801e1197350f151b4d04ef519ac4 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/en/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbd0600fc5c913198dfe1e1bf2aba9c652576a98 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git a/docs/en/server/maintenance/gala/figures/tianjianode.png b/docs/en/server/maintenance/gala/figures/tianjianode.png new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/tianjianode.png differ diff --git a/docs/en/server/maintenance/gala/figures/xinzengpeizhi.png b/docs/en/server/maintenance/gala/figures/xinzengpeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/xinzengpeizhi.png differ diff --git a/docs/en/server/maintenance/gala/figures/zhuangtaichaxun.png b/docs/en/server/maintenance/gala/figures/zhuangtaichaxun.png new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and b/docs/en/server/maintenance/gala/figures/zhuangtaichaxun.png differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..bd179be46c9e711d7148ee44dc56f4a7a02f56bf Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..23ff4e5fddb87ac157b1002a70c47d9b4c76b873 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1a2b45e860914a1ac0cfb6908b02fb5cad4cbd60 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..89ac88e154275d4be8179d773e7093f2357f425f Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..57844f772853c541f7a1328b007a9b6ae4d5caf0 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5b4830b47897a0d51be28238a879a70b1de9ca3b Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..17fb5b13034e1fc5276c68583fed1952415b0b5f Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..458e023847bb2ad1f198f5a2dd1691748038137e Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa34bb909ee7c86a95126c13fa532ce93410a931 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..05859540cb88e11bd8dedaeb8e03253254574c40 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..f556e0e7e3c4096a89597cb08ba29133375aab07 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..801c7f917d717499c86708b419101be3773348ac Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..0719bb8c0b71d0503d5d3a7d8e9e83da71169c64 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..21c9468ce4378bcadf537e543c756cf7a1347499 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..9cfd080d1a658544c559e83429a14b35dc931fc6 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..7ca43b0a82b7c4dd3e43a5e46cf3b4a79d55d033 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..b9acfbcd7d8e3b2b551c8bb9700142dfba681afe Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..6bc8cc31e05d06dbd5ee4c0f62f281683db048da Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..3bf992f586f7fb4d87bc01cc29f961755a315c9d Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..f73ccaf984e8ab55f8b78f7da5a570ce43685221 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..b183298d96b8ced8954852540c891310aeda05be Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8aa813bc228326b3e8db19e303e03507873a893 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ccebe84f60b21737414b2cb3f972472114a40c5 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..619cc6d42b646df3d9c4e601f40a6ec452712668 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..34b1d4095b8c017f3c66ebfb3c44d114bc8d6ca7 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/en/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5f8a3a95705145787e7aaf9c8d1fff404892240 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..b8f0a87e00d73961907167fcbe43d82b60caf445 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" new file mode 100644 index 0000000000000000000000000000000000000000..ce25657a0627e9dfc3dc9ebf323e086103c2ecdf Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2f2e2e67a98a16e1ad464c794a8ef45ebb229d7f Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..94c9b65719050b79d2cdb9d1e8f67c459925cda7 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..7e4f0da4e88da6f18495a4fb23bd400d0da0a8da Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..1ee8f7bb2456efe6318074f46f5008da355a2cb1 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" new file mode 100644 index 0000000000000000000000000000000000000000..a916eebf306cca9ffa54f733143a0ac2c44313a4 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..31684136510cfe6248adf9b8cd086140ab5b26ef Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..df3991eb16d32d9f2296fbb36873ff26bc82fa18 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..c83daeeb5f8a4d9ab4f40e3debbe7a96f427ce74 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..5ab697c8f9c292097356a26140750f7f615c5d81 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" new file mode 100644 index 0000000000000000000000000000000000000000..4bde1fd7330491fda6f4ed73a2be2e8c0bfabc8d Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..2890e4934ba903324ea134d3ebee85307665270e Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..24f94c0a9ff05897b01786aa4bc8adfe4bc8db09 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" new file mode 100644 index 0000000000000000000000000000000000000000..8849a2fc81dbd14328c6c66c53033164a0b67b52 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1e518157f8def332adfa5516b37fdb89768499c Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8c229bf41b27f1fe6629106957fd5e47851096d Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" differ diff --git "a/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and "b/docs/en/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" differ diff --git a/docs/en/server/maintenance/gala/using_gala_anteater.md b/docs/en/server/maintenance/gala/using_gala_anteater.md new file mode 100644 index 0000000000000000000000000000000000000000..a1eaec1fc575e2625c0256ba8d2579cc08e4908c --- /dev/null +++ b/docs/en/server/maintenance/gala/using_gala_anteater.md @@ -0,0 +1,214 @@ +# Using gala-anteater + +gala-anteater is an AI-based operating system exception detection platform. It provides functions such as time series data preprocessing, exception detection, and exception reporting. Based on offline pre-training, online model incremental learning and model update, it can be well adapted to multi-dimensional and multi-modal data fault diagnosis. + +This chapter describes how to deploy and use the gala-anteater service. + +## Installation + +Mount the repositories. + +```conf +[everything] +name=everything +baseurl=http://121.36.84.172/dailybuild/EBS-24.03-LTS-SP1/EBS-24.03-LTS-SP1/everything/$basearch/ +enabled=1 +gpgcheck=0 +priority=1 + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ +enabled=1 +gpgcheck=0 +priority=1 +``` + +Install gala-anteater. + +```bash +yum install gala-anteater +``` + +## Configuration + +> Note: gala-anteater uses a configuration file (**/etc/gala-anteater/config/gala-anteater.yaml**) for its startup settings. + +### Configuration Parameters + +```yaml +Global: + data_source: "prometheus" + +Arangodb: + url: "http://localhost:8529" + db_name: "spider" + +Kafka:f + server: "192.168.122.100" + port: "9092" + model_topic: "gala_anteater_hybrid_model" + rca_topic: "gala_cause_inference" + meta_topic: "gala_gopher_metadata" + group_id: "gala_anteater_kafka" + # auth_type: plaintext/sasl_plaintext, please set "" for no auth + auth_type: "" + username: "" + password: "" + +Prometheus: + server: "localhost" + port: "9090" + steps: "5" + +Aom: + base_url: "" + project_id: "" + auth_type: "token" + auth_info: + iam_server: "" + iam_domain: "" + iam_user_name: "" + iam_password: "" + ssl_verify: 0 + +Schedule: + duration: 1 +``` + +| Parameter | Description | Default Value | +| ----------- | --------------------------------------------------------------------------------------------- | ---------------------------- | +| Global | | | +| data_source | Data source | "prometheus" | +| Arangodb | | | +| url | IP address of the ArangoDB graph database | "" | +| db_name | Name of the ArangoDB database | "spider" | +| Kafka | | | +| server | IP address of the Kafka server. Configure according to the installation node IP address. | | +| port | Port of the Kafka server (for example, 9092) | | +| model_topic | Topic for reporting fault detection results | "gala_anteater_hybrid_model" | +| rca_topic | Topic for reporting root cause analysis results | "gala_cause_inference" | +| meta_topic | Topic for gopher to collect metric data | "gala_gopher_metadata" | +| group_id | Kafka group ID | "gala_anteater_kafka" | +| Prometheus | | | +| server | IP address of the Prometheus server. Configure according to the installation node IP address. | | +| port | Port of the Prometheus server (for example, 9090) | | +| steps | Metric sampling interval | | +| Schedule | Cyclic scheduling settings | Dictionary type | +| duration | Execution interval (minutes) for the anomaly detection model | 1 | +| Suppression | Alarm suppression settings | Dictionary type | +| interval | Suppression window (minutes) for filtering duplicate alarms within this time of last alarm | 10 | + +## Start + +Start gala-anteater. + +```bash +systemctl start gala-anteater +``` + +> ![](./figures/icon-note.gif)**Note:** +> +> gala-anteater supports running one process instance, as multiple instances would lead to excessive memory consumption and disorganized logging. + +### gala-anteater Service Status Query + +If the following information is displayed, the service is started successfully. The startup log is saved to the **/var/log/gala-anteater/gala-anteater.log** file. + +```log +2024-12-02 16:25:20,727 - INFO - anteater - Groups-0, metric: npu_chip_info_hbm_used_memory, start detection. +2024-12-02 16:25:20,735 - INFO - anteater - Metric-npu_chip_info_hbm_used_memory single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:20,739 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection start. +2024-12-02 16:25:21,128 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:21,137 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,139 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,141 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,142 - INFO - anteater - space_nodes_compare result: []. +2024-12-02 16:25:21,142 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:21,144 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection end. + +2024-12-02 16:25:21,144 - INFO - anteater - Groups-0, metric: npu_chip_info_aicore_current_freq, start detection. +2024-12-02 16:25:21,153 - INFO - anteater - Metric-npu_chip_info_aicore_current_freq single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:21,157 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection start. +2024-12-02 16:25:21,584 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:21,592 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,594 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,597 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,598 - INFO - anteater - space_nodes_compare result: []. +2024-12-02 16:25:21,598 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:21,598 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection end. + +2024-12-02 16:25:21,598 - INFO - anteater - Groups-0, metric: npu_chip_roce_tx_err_pkt_num, start detection. +2024-12-02 16:25:21,607 - INFO - anteater - Metric-npu_chip_roce_tx_err_pkt_num single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:21,611 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection start. +2024-12-02 16:25:22,040 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:22,040 - INFO - anteater - Skip space nodes compare. +2024-12-02 16:25:22,040 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:22,040 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection end. + +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 1/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 2/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 3/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 4/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 5/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 6/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 7/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 8/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 9/9 +2024-12-02 16:25:22,043 - INFO - anteater - SlowNodeDetector._execute costs 1.83 seconds! +2024-12-02 16:25:22,043 - INFO - anteater - END! +``` + +## Output Data of Fault Detection + +If gala-anteater detects an exception, it sends the result to `model_topic` of Kafka. The output data format is as follows: + +```json +{ + "Timestamp": 1730732076935, + "Attributes": { + "resultCode": 201, + "compute": false, + "network": false, + "storage": true, + "abnormalDetail": [{ + "objectId": "-1", + "serverIp": "96.13.19.31", + "deviceInfo": "96.13.19.31:8888*-1", + "kpiId": "gala_gopher_disk_wspeed_kB", + "methodType": "TIME", + "kpiData": [], + "relaIds": [], + "omittedDevices": [] + }], + "normalDetail": [], + "errorMsg": "" + }, + "SeverityText": "WARN", + "SeverityNumber": 13, + "is_anomaly": true +} +``` + +## Output Fields + +| Output Field | Unit | Description | +| -------------- | ------ | ----------------------------------------------------------------- | +| Timestamp | ms | Timestamp of fault detection and reporting | +| resultCode | int | Status code: 201 for fault, 200 for normal operation | +| compute | bool | Compute fault flag | +| network | bool | Network fault flag | +| storage | bool | Storage fault flag | +| abnormalDetail | list | Fault details | +| objectId | int | Fault object ID (-1 for node fault, 0 to 7 for the specific card) | +| serverIp | string | Faulty object IP address | +| deviceInfo | string | Detailed fault description | +| kpiId | string | Detection algorithm type ("TIME" or "SPACE") | +| kpiData | list | Fault time-series data (disabled by default) | +| relaIds | list | Related normal cards for comparison ("SPACE" algorithm) | +| omittedDevices | list | Cards to exclude from display | +| normalDetail | list | Time-series data of normal cards | +| errorMsg | string | Error description | +| SeverityText | string | Severity classification ("WARN" or "ERROR") | +| SeverityNumber | int | Severity level | +| is_anomaly | bool | Fault status indicator | diff --git a/docs/en/server/maintenance/gala/using_gala_gopher.md b/docs/en/server/maintenance/gala/using_gala_gopher.md new file mode 100644 index 0000000000000000000000000000000000000000..85c7cbf144811f6e89eaec79ec4f0b167c896768 --- /dev/null +++ b/docs/en/server/maintenance/gala/using_gala_gopher.md @@ -0,0 +1,228 @@ +# Using gala-gopher + +As a data collection module, gala-gopher provides OS-level monitoring capabilities, supports dynamic probe installation and uninstallation, and integrates third-party probes in a non-intrusive manner to quickly expand the monitoring scope. + +This chapter describes how to deploy and use the gala-gopher service. + +## Installation + +Mount the repositories. + +```basic +[oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 officially released repository +name=oe-2203-lts-sp3-everything +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-update] # openEuler 22.03-LTS-SP3 Update officially released repository +name=oe-22.03-lts-sp3-epol-update +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/update/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL officially released repository +name=oe-22.03-lts-sp3-epol-main +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 +``` + +Install gala-gopher. + +```bash +# yum install gala-gopher +``` + +## Configuration + +### Configuration Description + +The configuration file of gala-gopher is **/opt/gala-gopher/gala-gopher.conf**. The configuration items in the file are described as follows (the parts that do not need to be manually configured are not described): + +The following configurations can be modified as required: + +- `global`: Global configuration for gala-gopher + - `log_file_name`: Log file name for gala-gopher + - `log_level`: Log level for gala-gopher (currently unavailable) + - `pin_path`: Storage path for eBPF probe shared maps (default configuration recommended) +- `metric`: Metrics output configuration + - `out_channel`: Output channels for metrics (web_server|kafka), leave blank to disable + - `kafka_topic`: Kafka topic configuration (when using kafka channel) +- `event`: Event output configuration + - `out_channel`: Output channels for events (logs|kafka), leave blank to disable + - `kafka_topic`: Kafka topic configuration (when using kafka channel) +- `meta`: Metadata output configuration + - `out_channel`: Output channels for metadata (logs|kafka), leave blank to disable + - `kafka_topic`: Kafka topic configuration (when using kafka channel) +- `imdb`: Cache configuration specifications + - `max_tables_num`: Maximum number of cache tables (each meta file in /opt/gala-gopher/meta corresponds to one table) + - `max_records_num`: Maximum records per table (each probe typically generates at least one observation record per cycle) + - `max_metrics_num`: Maximum metrics per observation record + - `record_timeout`: Record expiration time (records older than this will be deleted, in seconds) +- `web_server`: Web server configuration + - `port`: Listening port +- `kafka`: Kafka output configuration + - `kafka_broker`: Kafka server IP address and port +- `logs`: Log output configuration + - `metric_dir`: Directory for metrics logs + - `event_dir`: Directory for event logs + - `meta_dir`: Directory for metadata logs + - `debug_dir`: Directory for runtime logs +- `probes`: Native probe configuration + - `name`: Probe name (must match native probe name, such as "example" for example.probe) + - `param`: Startup parameters (see [Startup Parameters](#startup-parameters)) + - `switch`: Probe status (on/off) +- `extend_probes`: Third-party probe configuration + - `name`: Probe name + - `command`: Startup command + - `param`: Startup parameters (see [Startup Parameters](#startup-parameters)) + - `start_check`: Condition check for auto mode (determines whether to start probe) + - `switch`: Probe status (on/off/auto; auto mode uses "start_check" result) + +### Startup Parameters + +| Parameter | Description | +| --------- | ------------------------------------------------------------------------------------------------------------ | +| -l | Enable/disable abnormal event reporting. | +| -t | Sampling interval (seconds), defaulting to 5s. | +| -T | Delay threshold (ms), defaulting to 0 ms. | +| -J | Jitter threshold (ms), defaulting to 0 ms. | +| -O | Offline threshold (ms), defaulting to 0 ms. | +| -D | Packet loss threshold, defaulting to 0 packets. | +| -F | `task` means to filter by **task_whitelist.conf**; `[pid]` means to monitor specific process only. | +| -P | Detection program scope for each probe (affects tcpprobe/taskprobe). | +| -U | Max resource utilization threshold, defaulting to 0%. | +| -L | Min resource utilization threshold, defaulting to 0%. | +| -c | Probe (tcp) client port identification, defaulting to disabled (0). | +| -N | Process observed by the probe (ksliprobe), defaulting to NULL. | +| -p | Target process binary path (such as `-p /user/local/sbin/nginx`), defaulting to NULL. | +| -w | Application filter path (such as `-w /opt/gala-gopher/task_whitelist.conf`), defaulting to NULL (no filter). | +| -n | NIC for tc ebpf (defaulting to all interfaces), such as `-n eth0`. | + +### Configuration File Example + +- Select the data output channels. + + ```yaml + metric = + { + out_channel = "web_server"; + kafka_topic = "gala_gopher"; + }; + + event = + { + out_channel = "kafka"; + kafka_topic = "gala_gopher_event"; + }; + + meta = + { + out_channel = "kafka"; + kafka_topic = "gala_gopher_metadata"; + }; + ``` + +- Configure Kafka and Web Server. + + ```yaml + web_server = + { + port = 8888; + }; + + kafka = + { + kafka_broker = ":9092"; + }; + ``` + +- Select the probe to be enabled. The following is an example. + + ```yaml + probes = + ( + { + name = "system_infos"; + param = "-t 5 -w /opt/gala-gopher/task_whitelist.conf -l warn -U 80"; + switch = "on"; + }, + ); + extend_probes = + ( + { + name = "tcp"; + command = "/opt/gala-gopher/extend_probes/tcpprobe"; + param = "-l warn -c 1 -P 7"; + switch = "on"; + } + ); + ``` + +## Start + +After the configuration is complete, start gala-gopher. + +```bash +# systemctl start gala-gopher.service +``` + +Query the status of the gala-gopher service. + +```bash +# systemctl status gala-gopher.service +``` + +If the following information is displayed, the service is started successfully: Check whether the enabled probe is started. If the probe thread does not exist, check the configuration file and gala-gopher run log file. + +![](./figures/gala-gopher-start-success.png) + +> Note: The root permission is required for deploying and running gala-gopher. + +## How to Use + +## Deployment of External Dependent Software + +![](./figures/gopher-arch.png) + +As shown in the preceding figure, the green parts are external dependent components of gala-gopher. gala-gopher outputs metric data to Prometheus, metadata and abnormal events to Kafka. gala-anteater and gala-spider in gray rectangles obtain data from Prometheus and Kafka. + +> Note: Obtain the installation packages of Kafka and Prometheus from the official websites. + +## Output Data + +- **Metric** + + Prometheus Server has a built-in Express Browser UI. You can use PromQL statements to query metric data. For details, see [Using the expression browser](https://prometheus.io/docs/prometheus/latest/getting_started/#using-the-expression-browser) in the official document. The following is an example. + + If the specified metric is `gala_gopher_tcp_link_rcv_rtt`, the metric data displayed on the UI is as follows: + + ```basic + gala_gopher_tcp_link_rcv_rtt{client_ip="x.x.x.165",client_port="1234",hostname="openEuler",instance="x.x.x.172:8888",job="prometheus",machine_id="1fd3774xx",protocol="2",role="0",server_ip="x.x.x.172",server_port="3742",tgid="1516"} 1 + ``` + +- **Metadata** + + You can directly consume data from the Kafka topic `gala_gopher_metadata`. The following is an example. + + ```bash + # Input request + ./bin/kafka-console-consumer.sh --bootstrap-server x.x.x.165:9092 --topic gala_gopher_metadata + # Output data + {"timestamp": 1655888408000, "meta_name": "thread", "entity_name": "thread", "version": "1.0.0", "keys": ["machine_id", "pid"], "labels": ["hostname", "tgid", "comm", "major", "minor"], "metrics": ["fork_count", "task_io_wait_time_us", "task_io_count", "task_io_time_us", "task_hang_count"]} + ``` + +- **Abnormal events** + + You can directly consume data from the Kafka topic `gala_gopher_event`. The following is an example. + + ```bash + # Input request + ./bin/kafka-console-consumer.sh --bootstrap-server x.x.x.165:9092 --topic gala_gopher_event + # Output data + {"timestamp": 1655888408000, "meta_name": "thread", "entity_name": "thread", "version": "1.0.0", "keys": ["machine_id", "pid"], "labels": ["hostname", "tgid", "comm", "major", "minor"], "metrics": ["fork_count", "task_io_wait_time_us", "task_io_count", "task_io_time_us", "task_hang_count"]} + ``` diff --git a/docs/en/server/maintenance/gala/using_gala_spider.md b/docs/en/server/maintenance/gala/using_gala_spider.md new file mode 100644 index 0000000000000000000000000000000000000000..a63d9560673ee32eecb5f8380ab5ff6991e281aa --- /dev/null +++ b/docs/en/server/maintenance/gala/using_gala_spider.md @@ -0,0 +1,541 @@ +# Using gala-spider + +This chapter describes how to deploy and use gala-spider and gala-inference. + +## gala-spider + +gala-spider provides the OS-level topology drawing function. It periodically obtains the data of all observed objects collected by gala-gopher (an OS-level data collection software) at a certain time point and calculates the topology relationship between them. The generated topology is saved to the graph database ArangoDB. + +### Installation + +Mount the Yum sources. + +```basic +[oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 officially released repository +name=oe-2203-lts-sp3-everything +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-update] # openEuler 22.03-LTS-SP3 Update officially released repository +name=oe-22.03-lts-sp3-epol-update +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/update/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL officially released repository +name=oe-22.03-lts-sp3-epol-main +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 +``` + +Install gala-spider. + +```sh +# yum install gala-spider +``` + +### Configuration + +#### Configuration File Description + +The configuration file of gala-spider is **/etc/gala-spider/gala-spider.yaml**. The configuration items in this file are described as follows: + +- `global`: global configuration information. + - `data_source`: database for collecting observation metrics. Currently, only `prometheus` is supported. + - `data_agent`: agent for collecting observation metrics. Currently, only `gala_gopher` is supported. +- `spider`: spider configuration information. + - `log_conf`: log configuration information. + - `log_path`: log file path. + - `log_level`: level of the logs to be printed. The value can be `DEBUG`, `INFO`, `WARNING`, `ERROR`, or `CRITICAL`. + - `max_size`: log file size, in MB. + - `backup_count`: number of backup log files. +- `storage`: configuration information about the topology storage service. + - `period`: storage period, in seconds, indicating the interval for storing the topology. + - `database`: graph database for storage. Currently, only `arangodb` is supported. + - `db_conf`: configuration information of the graph database. + - `url`: IP address of the graph database server. + - `db_name`: name of the database where the topology is stored. +- `kafka`: Kafka configuration information. + - `server`: Kafka server address. + - `metadata_topic`: topic name of the observed metadata messages. + - `metadata_group_id`: consumer group ID of the observed metadata messages. +- `prometheus`: Prometheus database configuration information. + - `base_url`: IP address of the Prometheus server. + - `instant_api`: API for collecting data at a single time point. + - `range_api`: API for collecting data in a time range. + - `step`: collection time step, which is configured for `range_api`. + +#### Configuration File Example + +```yaml +global: + data_source: "prometheus" + data_agent: "gala_gopher" + +prometheus: + base_url: "http://localhost:9090/" + instant_api: "/api/v1/query" + range_api: "/api/v1/query_range" + step: 1 + +spider: + log_conf: + log_path: "/var/log/gala-spider/spider.log" + # log level: DEBUG/INFO/WARNING/ERROR/CRITICAL + log_level: INFO + # unit: MB + max_size: 10 + backup_count: 10 + +storage: + # unit: second + period: 60 + database: arangodb + db_conf: + url: "http://localhost:8529" + db_name: "spider" + +kafka: + server: "localhost:9092" + metadata_topic: "gala_gopher_metadata" + metadata_group_id: "metadata-spider" +``` + +### Start + +- Run the following command to start gala-spider. + + ```sh + # spider-storage + ``` + +- Use the systemd service to start gala-spider. + + ```sh + # systemctl start gala-spider + ``` + +### How to Use + +#### Deployment of External Dependent Software + +The running of gala-spider depends on multiple external software for interaction. Therefore, before starting gala-spider, you need to deploy the software on which gala-spider depends. The following figure shows the software dependency of gala-spider. + +![gala-spider-arch](./figures/gala-spider-arch.png) + +The dotted box on the right indicates the two functional components of gala-spider. The green parts indicate the external components that gala-spider directly depends on, and the gray rectangles indicate the external components that gala-spider indirectly depends on. + +- **spider-storage**: core component of gala-spider, which provides the topology storage function. + 1. Obtains the metadata of the observation object from Kafka. + 2. Obtains information about all observation object instances from Prometheus. + 3. Saves the generated topology to the graph database ArangoDB. +- **gala-inference**: core component of gala-spider, which provides the root cause locating function. It subscribes to abnormal KPI events from Kafka to trigger the root cause locating process of abnormal KPIs, constructs a fault propagation graph based on the topology obtained from the ArangoDB, and outputs the root cause locating result to Kafka. +- **prometheus**: time series database. The observation metric data collected by the gala-gopher component is reported to Prometheus for further processing. +- **kafka**: messaging middleware, which is used to store the observation object metadata reported by gala-gopher, exception events reported by the exception detection component gala-anteater, and root cause locating results reported by the cause-inference component. +- **arangodb**: graph database, which is used to store the topology generated by spider-storage. +- **gala-gopher**: data collection component. It must be deployed in advance. +- **arangodb-ui**: UI provided by ArangoDB, which can be used to query topologies. + +The two functional components in gala-spider are released as independent software packages. + +**spider-storage**: corresponds to the gala-spider software package in this section. + +**gala-inference**: corresponds to the gala-inference software package. + +For details about how to deploy the gala-gopher software, see [Using gala-gopher](using_gala_gopher.md). This section only describes how to deploy ArangoDB. + +The current ArangoDB version is 3.8.7, which has the following requirements on the operating environment: + +- Only the x86 system is supported. +- GCC 10 or later + +For details about ArangoDB deployment, see [Deployment](https://www.arangodb.com/docs/3.9/deployment.html) in the ArangoDB official document. + +The RPM-based ArangoDB deployment process is as follows: + +1. Configure the Yum sources. + + ```basic + [oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 officially released repository + name=oe-2203-lts-sp3-everything + baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ + enabled=1 + gpgcheck=0 + priority=1 + + [oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL officially released repository + name=oe-22.03-lts-sp3-epol-main + baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ + enabled=1 + gpgcheck=0 + priority=1 + ``` + +2. Install arangodb3. + + ```sh + # yum install arangodb3 + ``` + +3. Modify the configurations. + + The configuration file of the arangodb3 server is **/etc/arangodb3/arangod.conf**. You need to modify the following configurations: + + - `endpoint`: IP address of the arangodb3 server. + - `authentication`: whether identity authentication is required for accessing the arangodb3 server. Currently, gala-spider does not support identity authentication. Therefore, set `authentication` to `false`. + + The following is an example. + + ```yaml + [server] + endpoint = tcp://0.0.0.0:8529 + authentication = false + ``` + +4. Start arangodb3. + + ```sh + # systemctl start arangodb3 + ``` + +#### Modifying gala-spider Configuration Items + +After the dependent software is started, you need to modify some configuration items in the gala-spider configuration file. The following is an example. + +Configure the Kafka server address. + +```yaml +kafka: + server: "localhost:9092" +``` + +Configure the Prometheus server address. + +```yaml +prometheus: + base_url: "http://localhost:9090/" +``` + +Configure the IP address of the ArangoDB server. + +```yaml +storage: + db_conf: + url: "http://localhost:8529" +``` + +#### Starting the Service + +Run `systemctl start gala-spider` to start the service. Run `systemctl status gala-spider` to check the startup status. If the following information is displayed, the startup is successful: + +```sh +[root@openEuler ~]# systemctl status gala-spider +● gala-spider.service - a-ops gala spider service + Loaded: loaded (/usr/lib/systemd/system/gala-spider.service; enabled; vendor preset: disabled) + Active: active (running) since Tue 2022-08-30 17:28:38 CST; 1 day 22h ago + Main PID: 2263793 (spider-storage) + Tasks: 3 (limit: 98900) + Memory: 44.2M + CGroup: /system.slice/gala-spider.service + └─2263793 /usr/bin/python3 /usr/bin/spider-storage +``` + +#### Output Example + +You can query the topology generated by gala-spider on the UI provided by ArangoDB. The procedure is as follows: + +1. Enter the IP address of the ArangoDB server in the address box of the browser, for example, ****. The ArangoDB UI is displayed. + +2. Click **DB** in the upper right corner of the page to switch to the spider database. + +3. On the **COLLECTIONS** page, you can view the collections of observation object instances and topology relationships stored in different time segments, as shown in the following figure. + + ![spider_topology](./figures/spider_topology.png) + +4. You can query the stored topology using the AQL statements provided by ArangoDB. For details, see the [AQL Documentation](https://www.arangodb.com/docs/3.8/aql/). + +## gala-inference + +gala-inference provides the capability of locating root causes of abnormal KPIs. It uses the exception detection result and topology as the input and outputs the root cause locating result to Kafka. The gala-inference component is archived in the gala-spider project. + +### Installation + +Mount the Yum sources. + +```basic +[oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 officially released repository +name=oe-2203-lts-sp3-everything +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-update] # openEuler 22.03-LTS-SP3 Update officially released repository +name=oe-22.03-lts-sp3-epol-update +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/update/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL officially released repository +name=oe-22.03-lts-sp3-epol-main +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 +``` + +Install gala-inference. + +```sh +# yum install gala-inference +``` + +### Configuration + +#### Configuration File Description + +The configuration items in the gala-inference configuration file **/etc/gala-inference/gala-inference.yaml** are described as follows: + +- `inference`: configuration information about the root cause locating algorithm. + - `tolerated_bias`: tolerable time offset for querying the topology at the exception time point, in seconds. + - `topo_depth`: maximum depth for topology query. + - `root_topk`: top *K* root cause metrics generated in the root cause locating result. + - `infer_policy`: root cause derivation policy, which can be `dfs` or `rw`. + - `sample_duration`: sampling period of historical metric data, in seconds. + - `evt_valid_duration`: valid period of abnormal system metric events during root cause locating, in seconds. + - `evt_aging_duration`: aging period of abnormal metric events during root cause locating, in seconds. +- `kafka`: Kafka configuration information. + - `server`: IP address of the Kafka server. + - `metadata_topic`: configuration information about the observed metadata messages. + - `topic_id`: topic name of the observed metadata messages. + - `group_id`: consumer group ID of the observed metadata messages. + - `abnormal_kpi_topic`: configuration information about abnormal KPI event messages. + - `topic_id`: topic name of the abnormal KPI event messages. + - `group_id`: consumer group ID of the abnormal KPI event messages. + - `abnormal_metric_topic`: configuration information about abnormal metric event messages. + - `topic_id`: topic name of the abnormal metric event messages. + - `group_id`: consumer group ID of the abnormal system metric event messages. + - `consumer_to`: timeout interval for consuming abnormal system metric event messages, in seconds. + - `inference_topic`: configuration information about the output event messages of the root cause locating result. + - `topic_id`: topic name of the output event messages of the root cause locating result. +- `arangodb`: configuration information about the ArangoDB graph database, which is used to query sub-topologies required for root cause locating. + - `url`: IP address of the graph database server. + - `db_name`: name of the database where the topology is stored. +- `log_conf`: log configuration information. + - `log_path`: log file path. + - `log_level`: level of the logs to be printed. The value can be `DEBUG`, `INFO`, `WARNING`, `ERROR`, or `CRITICAL`. + - `max_size`: log file size, in MB. + - `backup_count`: number of backup log files. +- `prometheus`: Prometheus database configuration information, which is used to obtain historical time series data of metrics. + - `base_url`: IP address of the Prometheus server. + - `range_api`: API for collecting data in a time range. + - `step`: collection time step, which is configured for `range_api`. + +#### Configuration File Example + +```yaml +inference: + # Tolerable time offset for querying the topology at the exception time point, in seconds. + tolerated_bias: 120 + topo_depth: 10 + root_topk: 3 + infer_policy: "dfs" + # Unit: second + sample_duration: 600 + # Valid period of abnormal metric events during root cause locating, in seconds. + evt_valid_duration: 120 + # Aging period of abnormal metric events, in seconds. + evt_aging_duration: 600 + +kafka: + server: "localhost:9092" + metadata_topic: + topic_id: "gala_gopher_metadata" + group_id: "metadata-inference" + abnormal_kpi_topic: + topic_id: "gala_anteater_hybrid_model" + group_id: "abn-kpi-inference" + abnormal_metric_topic: + topic_id: "gala_anteater_metric" + group_id: "abn-metric-inference" + consumer_to: 1 + inference_topic: + topic_id: "gala_cause_inference" + +arangodb: + url: "http://localhost:8529" + db_name: "spider" + +log: + log_path: "/var/log/gala-inference/inference.log" + # log level: DEBUG/INFO/WARNING/ERROR/CRITICAL + log_level: INFO + # unit: MB + max_size: 10 + backup_count: 10 + +prometheus: + base_url: "http://localhost:9090/" + range_api: "/api/v1/query_range" + step: 5 +``` + +### Start + +- Run the following command to start gala-inference. + + ```sh + # gala-inference + ``` + +- Use the systemd service to start gala-inference. + + ```sh + # systemctl start gala-inference + ``` + +### How to Use + +#### Dependent Software Deployment + +The running dependency of gala-inference is the same as that of gala-spider. For details, see [Deployment of External Dependent Software](#deployment-of-external-dependent-software). In addition, gala-inference indirectly depends on the running of [gala-spider](#gala-spider) and [gala-anteater](using_gala_anteater.md). Deploy gala-spider and gala-anteater in advance. + +#### Modify configuration items + +Modify some configuration items in the gala-inference configuration file. The following is an example. + +Configure the Kafka server address. + +```yaml +kafka: + server: "localhost:9092" +``` + +Configure the Prometheus server address. + +```yaml +prometheus: + base_url: "http://localhost:9090/" +``` + +Configure the IP address of the ArangoDB server. + +```yaml +arangodb: + url: "http://localhost:8529" +``` + +#### Starting the Service + +Run `systemctl start gala-inference` to start the service. Run `systemctl status gala-inference` to check the startup status. If the following information is displayed, the startup is successful: + +```sh +[root@openEuler ~]# systemctl status gala-inference +● gala-inference.service - a-ops gala inference service + Loaded: loaded (/usr/lib/systemd/system/gala-inference.service; enabled; vendor preset: disabled) + Active: active (running) since Tue 2022-08-30 17:55:33 CST; 1 day 22h ago + Main PID: 2445875 (gala-inference) + Tasks: 10 (limit: 98900) + Memory: 48.7M + CGroup: /system.slice/gala-inference.service + └─2445875 /usr/bin/python3 /usr/bin/gala-inference +``` + +#### Output Example + +When the exception detection module gala-anteater detects a KPI exception, it exports the corresponding abnormal KPI event to Kafka. The gala-inference keeps monitoring the message of the abnormal KPI event. If gala-inference receives the message of the abnormal KPI event, root cause locating is triggered. The root cause locating result is exported to Kafka. You can view the root cause locating result on the Kafka server. The basic procedure is as follows: + +1. If Kafka is installed using the source code, go to the Kafka installation directory. + + ```sh + cd /root/kafka_2.13-2.8.0 + ``` + +2. Run the command for consuming the topic to obtain the output of root cause locating. + + ```sh + ./bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic gala_cause_inference + ``` + + Output example: + + ```json + { + "Timestamp": 1661853360000, + "event_id": "1661853360000_1fd37742xxxx_sli_12154_19", + "Attributes": { + "event_id": "1661853360000_1fd37742xxxx_sli_12154_19" + }, + "Resource": { + "abnormal_kpi": { + "metric_id": "gala_gopher_sli_rtt_nsec", + "entity_id": "1fd37742xxxx_sli_12154_19", + "timestamp": 1661853360000, + "metric_labels": { + "machine_id": "1fd37742xxxx", + "tgid": "12154", + "conn_fd": "19" + } + }, + "cause_metrics": [ + { + "metric_id": "gala_gopher_proc_write_bytes", + "entity_id": "1fd37742xxxx_proc_12154", + "metric_labels": { + "__name__": "gala_gopher_proc_write_bytes", + "cmdline": "/opt/redis/redis-server x.x.x.172:3742", + "comm": "redis-server", + "container_id": "5a10635e2c43", + "hostname": "openEuler", + "instance": "x.x.x.172:8888", + "job": "prometheus", + "machine_id": "1fd37742xxxx", + "pgid": "12154", + "ppid": "12126", + "tgid": "12154" + }, + "timestamp": 1661853360000, + "path": [ + { + "metric_id": "gala_gopher_proc_write_bytes", + "entity_id": "1fd37742xxxx_proc_12154", + "metric_labels": { + "__name__": "gala_gopher_proc_write_bytes", + "cmdline": "/opt/redis/redis-server x.x.x.172:3742", + "comm": "redis-server", + "container_id": "5a10635e2c43", + "hostname": "openEuler", + "instance": "x.x.x.172:8888", + "job": "prometheus", + "machine_id": "1fd37742xxxx", + "pgid": "12154", + "ppid": "12126", + "tgid": "12154" + }, + "timestamp": 1661853360000 + }, + { + "metric_id": "gala_gopher_sli_rtt_nsec", + "entity_id": "1fd37742xxxx_sli_12154_19", + "metric_labels": { + "machine_id": "1fd37742xxxx", + "tgid": "12154", + "conn_fd": "19" + }, + "timestamp": 1661853360000 + } + ] + } + ] + }, + "SeverityText": "WARN", + "SeverityNumber": 13, + "Body": "A cause inferring event for an abnormal event" + } + ``` diff --git a/docs/en/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/en/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/en/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001321685172.png b/docs/en/server/maintenance/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001322112990.png b/docs/en/server/maintenance/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001322219840.png b/docs/en/server/maintenance/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001322372918.png b/docs/en/server/maintenance/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001322379488.png b/docs/en/server/maintenance/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001335457246.png b/docs/en/server/maintenance/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001335816300.png b/docs/en/server/maintenance/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001336448570.png b/docs/en/server/maintenance/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001336729664.png b/docs/en/server/maintenance/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337000118.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337039920.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337051916.jpg b/docs/en/server/maintenance/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337053248.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337172594.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337212144.jpg b/docs/en/server/maintenance/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337260780.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337268560.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337268820.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337419960.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337420372.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337422904.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337424024.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337424304.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337427216.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337427392.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337533690.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337536842.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337579708.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337580216.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337584296.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337696078.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337740252.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337740540.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337747132.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337748300.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001337748528.png b/docs/en/server/maintenance/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001372249333.png b/docs/en/server/maintenance/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001372748125.png b/docs/en/server/maintenance/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001372821865.png b/docs/en/server/maintenance/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001372824637.png b/docs/en/server/maintenance/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001373373585.png b/docs/en/server/maintenance/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001373379529.png b/docs/en/server/maintenance/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001384808269.png b/docs/en/server/maintenance/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001385585749.png b/docs/en/server/maintenance/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001385611905.png b/docs/en/server/maintenance/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001385905845.png b/docs/en/server/maintenance/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001386149037.png b/docs/en/server/maintenance/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001386699925.png b/docs/en/server/maintenance/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387293085.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387413509.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387413793.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387415629.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387691985.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387692269.jpg b/docs/en/server/maintenance/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387692893.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387755969.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387780357.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387784693.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387787605.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387855149.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387857005.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387902849.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387907229.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387908045.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387908453.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001387961737.png b/docs/en/server/maintenance/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388020197.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388024321.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388024397.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388028161.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388028537.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388184025.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388187249.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388187325.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388188365.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388241577.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001388972645.png b/docs/en/server/maintenance/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_image_0000001389098425.png b/docs/en/server/maintenance/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/en/server/maintenance/images/zh-cn_other_0000001337581224.jpeg b/docs/en/server/maintenance/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/en/server/maintenance/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/en/server/maintenance/kernel_live_upgrade/_toc.yaml b/docs/en/server/maintenance/kernel_live_upgrade/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9f99686c0502e0acf75339a28c552da99fd60573 --- /dev/null +++ b/docs/en/server/maintenance/kernel_live_upgrade/_toc.yaml @@ -0,0 +1,13 @@ +label: Kernel Live Upgrade Guide +isManual: true +description: User-space automation tool that facilitates rapid kernel restarts and program live migration, enabling kernel hot-swapping functionality +sections:sections: + - label: Kernel Live Upgrade Guide + href: ./kernel_live_upgrade.md + sections:sections: + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage Guide + href: ./usage_guide.md + - label: Common Issues and Solutions + href: ./faqs_and_solutions.md diff --git a/docs/en/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md b/docs/en/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..909e9628c789fcf30dec904c8bba7d97cef4beb8 --- /dev/null +++ b/docs/en/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md @@ -0,0 +1,29 @@ +# Common Issues and Solutions + +## Issue 1: After the `nvwa update` Command Is Executed, the System Is Not Upgraded + +Cause: An error occurs when the running information is retained or the kernel is replaced. + +Solution: View logs to find the error cause. + +## Issue 2: After the Acceleration Feature Is Enabled, the `nvwa` Command Fails to Be Executed + +Cause: NVWA provides many acceleration features, including quick kexec, pin memory, and cpu park. These features involve the cmdline configuration and memory allocation. When selecting the memory, run cat /proc/iomemory to ensure that the selected memory does not conflict with that of other programs. If necessary, run the dmesg command to check whether error logs exist after the feature is enabled. + +## Issue 3: After the Hot Upgrade, the Related Process Is Not Recovered + +Cause: Check whether the nvwa service is running. If the nvwa service is running, the service or process may fail to be recovered. + +Solution: Run the service `nvwa status` command to view the nvwa logs. If the service fails to be started, check whether the service is enabled, and then run the `systemd` command to view the logs of the corresponding service. Further logs are stored in the process or service folder named after the path specified by **criu_dir**. The dump.log file stores the logs generated when the running information is retained, and the restore.log file restores the logs generated for process recovery. + +## Issue 4: The Recovery Fails, and the Log Displays "Can't Fork for 948: File Exists." + +Cause: The kernel hot upgrade tool finds that the PID of the program is occupied during program recovery. + +Solution: The current kernel does not provide a mechanism for retaining PIDs. Related policies are being developed. This restriction will be resolved in later kernel versions. Currently, you can only manually restart related processes. + +## Issue 5: When the `nvwa` Command Is Used to Save and Recover a Simple Program (Hello World), the System Displays a Message Indicating That the Operation Fails or the Program Is Not Running + +Cause: There are many restrictions on the use of CRIU. + +Solution: View the NVWA logs. If the error is related to the CRIU, check the dump.log or restore.log file in the corresponding directory. For details about the usage restrictions related to the CRIU, see [CRIU WiKi](https://criu.org/What_cannot_be_checkpointed). diff --git a/docs/en/server/maintenance/kernel_live_upgrade/installation_and_deployment.md b/docs/en/server/maintenance/kernel_live_upgrade/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..c00c6fdfa89afd997555772c782a7bb584934462 --- /dev/null +++ b/docs/en/server/maintenance/kernel_live_upgrade/installation_and_deployment.md @@ -0,0 +1,166 @@ +# Installation and Deployment + +This document describes how to install and deploy the kernel hot upgrade tool. + +## Hardware and Software Requirements + +### Hardware Requirements + +- Currently, only the ARM64 architecture is supported. + +### Software Requirements + +- Operating system: openEuler openEuler 24.03 + +## Environment Preparation + +- Install the openEuler system. For details, see the [_openEuler Installation Guide_](../../installation_upgrade/installation/installation_on_servers.md) + +- The root permission is required for installing the kernel hot upgrade tool. + +## Installing the Kernel Hot Upgrade Tool + +This section describes how to install the kernel live upgrade tool. + +Perform the following steps: + +1. Mount the ISO file of openEuler. + + ```shell + mount openEuler 24.03-everything-aarch64-dvd.iso /mnt + ``` + +2. Configure the local Yum repository. + + ```shell + vim /etc/yum.repos.d/local.repo + ``` + + The configurations are as follows: + + ```conf + [local] + name=local + baseurl=file:///mnt + gpgcheck=1 + enabled=1 + ``` + +3. Import the GPG public key of the RPM digital signature to the system. + + ```shell + rpm --import /mnt/RPM-GPG-KEY-openEuler + ``` + +4. Install the kernel hot upgrade tool. + + ```shell + yum install nvwa -y + ``` + +5. Check whether the installation is successful. If the command output is as follows, the installation is successful. + + ```shell + $ rpm -qa | grep nvwa + nvwa-xxx + ``` + +## Deploying the Kernel Hot Upgrade Tool + +This section describes how to configure and deploy the kernel hot upgrade tool. + +### Configurations + +The configuration files of the kernel hot upgrade tool are stored in **/etc/nvwa**. The configuration files are as follows: + +- nvwa-restore.yaml + + This configuration file is used to instruct the kernel hot upgrade tool to save and recover the process during the kernel hot upgrade. The configuration is as follows: + + - pids + + Specifies the processes that need to be retained and recovered during the NVWA hot upgrade. The processes are identified by process ID (PID). Note that the processes managed by NVWA are automatically recovered after the NVWA service is started. + + - services + + Specifies the services that need to be retained and recovered during NVWA hot upgrade. Compared to PIDs, the kernel hot upgrade tool can directly save and recover the process. For services, the kernel hot upgrade tool depends on the systemd to perform related operations. The service name must be the same as the service name used in systemd. Note that whether the service managed by NVWA needs to be automatically recovered when the NVWA is started depends on whether the service is enabled in the systemd. Currently, only the notify and oneshot service types are supported. + + - restore_net + + Specifies whether the kernel hot upgrade tool is required to save and recover the network configuration. If the network configuration is incorrect, the network may be unavailable after the recovery. This function is disabled by default. + + - enable_quick_kexec + + Used to specify whether to enable the quick kexec feature. quick kexec is a feature launched by the NVWA community to accelerate the kernel restart process. To use this feature, add "quickkexec=128M" to cmdline. 128 indicates the size of the memory allocated to the quick kexec feature. The memory is used to load the kernel and initramfs during the upgrade. Therefore, the size must be greater than the total size of the kernel and initramfs involved in the upgrade. This feature is disabled by default. + + - enable_pin_memory + + Used to specify whether to enable the pin memory feature. pin memory is a feature launched by the NVWA community to accelerate the process storage and recovery process. The pin_memory feature is not supported for multi-process recovery. To use the feature, you need to add "max_pin_pid_num=10 redirect_space_size=2M pinmemory=200M@0x640000000" to cmdline. + + max_pin_pid_num indicates the maximum number of processes that support pin memory recovery. redirect_space_size indicates the reserved memory space required for redirecting physical pages during pin memory recovery. You are advised to set redirect_space_size to 1/100 of the total reserved pin memory. pinmemory indicates the start point and size of the memory segment. The 200 MB space starting from 0x640000000 is the total memory space used by the pin memory. This space should not be used by other programs. + +- Configuration example of **nvwa-restore.yaml** + +```yaml +pids: + - 14109 +services: + - redis +restore_net: false +enable_quick_kexec: true +enable_pin_memory: true +``` + +- **nvwa-server.yaml** + + This file contains the configuration information required during the running of the kernel hot upgrade tool. The details are as follows: + + - criu_dir + + This parameter specifies the directory for storing the information generated when the kernel hot upgrade tool saves the running information. Note that the information may occupy a large amount of disk space. + + - criu_exe + + This parameter specifies the path of the CRIU executable file used by the kernel hot upgrade tool. You are advised not to change the path unless you need to debug the CRIU. + + - kexec_exe + + This parameter specifies the path of the kexec executable file used by the kernel hot upgrade tool. You are advised not to change the path unless you need to debug kexec. + + - systemd_etc + + This parameter specifies the path of the folder used to overwrite the systemd configuration file. The path is determined by the systemd. Generally, you do not need to change the path. + + - log_dir + + This parameter stores the log information generated by the kernel hot upgrade tool. The log module is not enabled currently. For details about how to view logs of the kernel hot upgrade tool, see How to Run. + +- Configuration example of **nvwa-server.yaml** + +```yaml +criu_dir: /var/nvwa/running/ +criu_exe: /usr/sbin/criu +kexec_exe: /usr/sbin/kexec +systemd_etc: /etc/systemd/system/ +log_dir: /etc/nvwa/log/ +``` + +## Enabling the Kernel Hot Upgrade Tool + +The running of the kernel hot upgrade tool depends on the configuration file. After the configuration file is modified, you need to run the kernel hot upgrade tool again. + +After the installation is successful, you can run the systemd commands to operate the kernel hot upgrade tool. + +- Enable NVWA. + + systemctl enable nvwa + +- Start nvwa. + + systemctl start nvwa + +- View the NVWA logs. + + service nvwa status + +- For more usage, see the usage of systemd. diff --git a/docs/en/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md b/docs/en/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md new file mode 100644 index 0000000000000000000000000000000000000000..a12557cb441503e148a1e3462d25ac05e1767f32 --- /dev/null +++ b/docs/en/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md @@ -0,0 +1,14 @@ +# Kernel Live Upgrade Guide + +This document describes how to install, deploy, and use the kernel live upgrade feature on openEuler. This kernel live upgrade feature on openEuler is implemented through quick kernel restart and hot program migration. A user-mode tool is provided to automate this process. + +This document is intended for community developers, open-source enthusiasts, and partners who want to learn about and use the openEuler system and kernel live upgrade. The users are expected to know basics about the Linux operating system. + +## Application Scenario + +The kernel live upgrade is to save and restore the process running data with the second-level end-to-end latency. + +The following two conditions must be met: + +1. The kernel needs to be restarted due to vulnerability fixing or version update. +2. Services running on the kernel can be quickly recovered after the kernel is restarted. diff --git a/docs/en/server/maintenance/kernel_live_upgrade/usage_guide.md b/docs/en/server/maintenance/kernel_live_upgrade/usage_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..d6367423a3f07028ed6f056a6be933aa9c90dca6 --- /dev/null +++ b/docs/en/server/maintenance/kernel_live_upgrade/usage_guide.md @@ -0,0 +1,103 @@ +# Usage Guide + +## Command + +- `nvwa help` + + Prints the help information. The printed information is as follows: + + ```text + NAME: + nvwa - a tool used for openEuler kernel update. + + USAGE: + nvwa [global options] command [command options] [arguments...] + + VERSION: + 0.1 + + COMMANDS: + update specify kernel version for nvwa to update + init init nvwa running environment + help, h Shows a list of commands or help for one command + + GLOBAL OPTIONS: + --help, -h show help (default: false) + --version, -v print the version (default: false) + ``` + + Note that global options such as `nvwa --help` and `nvwa --version` are not supported due to parameter parsing restrictions. This problem will be resolved in later versions. + To view the NVWA version installed in the system, run the `rpm -qa nvwa` command. + +- `nvwa update ` + + When the kernel is hot upgraded to a version, the NVWA searches for the kernel image and ramfs in the /boot directory. The kernel must be named in the vmlinuz-\ format, and rootfs in the initramfs-\.img format. + + Note that the upgrade may fail. If the upgrade fails, some processes or services that are dumped will stop running. + + You can run the `uname -r` command to obtain the \ of the current version. You can find all existing versions in the /boot directory by referring to the format of the \. + +- `nvwa init` + + Clears the running information generated by NVWA and modifies the systemd configuration. This command is used to clear the running information before the NVWA is executed or after the execution fails. + +## Restrictions + +1. For services that need to be saved using NVWA, you need to set StandardOutput and StandardError in the configuration. The following uses Redis as an example: + + ```conf + [Unit] + Description=Redis persistent key-value database + After=network.target + [Service] + ExecStart=/usr/bin/redis-server /etc/redis.conf --supervised systemd + Type=notify + User=redis + Group=redis + RuntimeDirectory=redis + RuntimeDirectoryMode=0755 + StandardOutput=file:/root/log1.log + StandardError=file:/root/log2.log + [Install] + WantedBy=multi-user.target + ``` + +2. To use the acceleration feature, you need to modify the cmdline and allocate proper memory. For details, see [NVWA Acceleration Feature Description and Usage](#nvwa-acceleration-feature-description-and-usage). + +3. SELINUX needs to be disabled during the running process. + + Theoretically, you need to disable the NVWA service only after you run the NVWA update command and before you restart the system to restore the process. It is recommended that SELinux be disabled during the entire process. + +## NVWA Acceleration Feature Description and Usage + +1. cpu park + + The cpu park command uses the kexec process to make the CPU stay busy waiting, so as to respond to the interrupt request sent by the primary core more quickly, and reduce the status changes. + + To use cpu park, you need to add "cpuparkmem=0x200000000" to cmdline. 0x200000000 is the start address of the memory that is not used by other programs. cpuparkmem occupies the memory space whose size is about 1 MB from this address. + + Note that if the memory is sufficient, it is recommended that the address range be after 4G(0x100000000). The first 4 GB is usually reserved by each system component, which is prone to conflict. + +2. quick kexec + + quick kexec accelerates image loading using kexec. + + To use quick kexec, you need to enable related options in the configuration file. For more information, see [Configurations](./installation-and-deployment.md#configurations). + +3. pin_memory + + pin memory accelerates the storage and recovery of the CRIU. + + To use pin memory, you need to enable related options in the configuration file. For more information, see [Configurations](./installation-and-deployment.md#configurations). + +## Generated Log Information + +The logs generated by the kernel hot upgrade tool consist of two parts: + +- Logs generated during running + + Run the service `nvwa status` command to view logs. + +- Logs generated while retaining the running information + + The logs are stored in the process/service folder in the path specified by **criu_dir**. diff --git a/docs/en/server/maintenance/operation_and_maintenance_overview.md b/docs/en/server/maintenance/operation_and_maintenance_overview.md new file mode 100644 index 0000000000000000000000000000000000000000..c5893a9ca3c9aca32d05da975fb82a759b24efa9 --- /dev/null +++ b/docs/en/server/maintenance/operation_and_maintenance_overview.md @@ -0,0 +1,9 @@ +# O&M Overview + +IT O&M means that the IT department of an enterprise uses technical means to manage the IT system. It is a comprehensive, sophisticated, and specific service. Routine IT O&M services include software management and hardware management. In software management, maintaining device stability and efficiency through the OS is the core and key part of IT O&M. + +Specifically, by monitoring dynamic changes of performance metrics such as the CPU, memory, and I/O in a device, related problems can be effectively prevented or located. For example, the CPU is overloaded due to various service reasons, which slows down the service response. In this case, you need to monitor the CPU usage. When the memory usage remains high for a long time, you need to use the memory analysis tool to monitor related hardware or processes. When the efficiency of read/write operations is low, I/O data needs to be monitored to evaluate I/O performance. + +In addition, when a fault such as system breakdown, deadlock, or breakdown occurs, you need to perform troubleshooting on the OS to quickly locate and rectify the fault. For example, you can trigger kdump to collect system kernel information and then analyze the information. When you need to change the system password, enter the single-user mode and change the password of the **root** user. The file system can be damaged due to frequent forcible power-on and power-off. If the OS fails to automatically repair the file system, you need to manually repair it. For example, modify the **drop\_caches** content to manually release the memory. In addition, you need to collect information, such as log files and device files, when a fault occurs, so that you can comprehensively analyze the root cause of the fault. + +Therefore, being familiar with the usage of the OS performance analysis tool and fault rectification operations is the key to implementing comprehensive IT O&M management. diff --git a/docs/en/server/maintenance/overview.md b/docs/en/server/maintenance/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..6f19668adba0fe51e991b83960ae8921c7624a87 --- /dev/null +++ b/docs/en/server/maintenance/overview.md @@ -0,0 +1,3 @@ +# O&M Guide + +This document describes how to operate and maintain the openEuler operating system (OS), including performance monitoring tools, information collection methods, emergency handling solutions, and common tools. diff --git a/docs/en/server/maintenance/syscare/_toc.yaml b/docs/en/server/maintenance/syscare/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c1a1b9545af2480b9e61b79900263954192929b3 --- /dev/null +++ b/docs/en/server/maintenance/syscare/_toc.yaml @@ -0,0 +1,17 @@ +label: SysCare User Guide +isManual: true +description: Online hot patching +sections: + - label: SysCare User Guide + href: ./syscare_user_guide.md + sections: + - label: SysCare Introduction + href: ./syscare_introduction.md + - label: SysCare Installation + href: ./installing_syscare.md + - label: SysCare Usage + href: ./using_syscare.md + - label: Constraints + href: ./constraints.md + - label: Common Issues and Solutions + href: ./faqs_and_solutions.md diff --git a/docs/en/server/maintenance/syscare/constraints.md b/docs/en/server/maintenance/syscare/constraints.md new file mode 100644 index 0000000000000000000000000000000000000000..c97ca8e954b7139fbb9f0b8f1ffa0174e2a452b1 --- /dev/null +++ b/docs/en/server/maintenance/syscare/constraints.md @@ -0,0 +1,37 @@ +# Constraints + +## Version Constraints + +OS version: openEuler openEuler 22.03 LTS SP1 +Architecture: x86 or AArch64 + +## Application Constraints + +Currently, user-mode patches support only Redis and Nginx. + +Note: + +1. Currently, each software needs to be adapted to process the LINE macro. Currently, only Redis and Nginx are adapted. Other software that is not adapted may cause the patch size to be too large. (Parameters will be introduced in the future to support user adaptation.) +2. Each user-mode live patch can contain only one ELF file. To fix multiple bugs, you can pass the patch files of multiple bug fixes to the patch making parameters to make a live patch for multiple bugs. + +## Language Constraints + +Theoretically, patches are compared at the object file level, which is irrelevant to the programming language. Currently, only the C and C++ languages are tested. + +## Others + +- Only 64-bit OSs are supported. +- Only the ELF format can be hot-patched. Interpreted languages are not supported. +- Only GCC and G++ compilers are supported. +- The compiler must support the `-gdwarf`, `-ffunction-sections`, and `-fdata-sections` parameters. +- The debug information must be in the DWARF format. +- Cross compilation is not supported. +- Source files that are in different paths but have the same file name, same global variables, and same functions cannot be recognized. +- Assembly code, including **.S** files and inline assembly code, cannot be modified. +- External symbols (dynamic library dependencies) cannot be added. +- Multiple patches cannot be applied to the same binary file. +- Mixed compilation of C and C++ is not supported. +- C++ exceptions cannot be modified. +- The `-g3` group section compilation option, specific compilation optimization options, and specific GCC plugins are not supported. +- ifunc cannot be added by using `__attribute__((ifunc("foo")))`. +- TLS variables cannot be added by using `__thread int foo`. diff --git a/docs/en/server/maintenance/syscare/faqs_and_solutions.md b/docs/en/server/maintenance/syscare/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..0203440f4d006419efe239298ca85ce3a09edf81 --- /dev/null +++ b/docs/en/server/maintenance/syscare/faqs_and_solutions.md @@ -0,0 +1,19 @@ +# Common Issues and Solutions + +## Issue 1: "alloc upatch module memory failed" + +Possible cause: The SELinux constraint is triggered. + +Solution: Manually add policies according to the error. The policies to be added vary according to the actual situation. For details, see . + +## Issue 2: "patch file error 2" + +Possible cause: The patch cannot be detected. + +Solution: Use another patch. + +## Issue 3: "build project error 11" + +Possible cause: The source package fails to be compiled. + +Solution: Run `rpmbuild -ra *.src.rpm` to check if the source package can be compiled and the compilation dependencies are satisfied. diff --git a/docs/en/server/maintenance/syscare/figures/syscare_arch.png b/docs/en/server/maintenance/syscare/figures/syscare_arch.png new file mode 100644 index 0000000000000000000000000000000000000000..e8c931ad3ba6743224ffa133808f8b66239ce486 Binary files /dev/null and b/docs/en/server/maintenance/syscare/figures/syscare_arch.png differ diff --git a/docs/en/server/maintenance/syscare/installing_syscare.md b/docs/en/server/maintenance/syscare/installing_syscare.md new file mode 100644 index 0000000000000000000000000000000000000000..65ea6ed23e22b30b599589aa8c00bbb42170f281 --- /dev/null +++ b/docs/en/server/maintenance/syscare/installing_syscare.md @@ -0,0 +1,51 @@ +# Installing SysCare + +This chapter describes how to install SysCare on openEuler. + +## Installing SysCare Core Components + +### Minimum Hardware Requirements + +* 2 CPUs (x86_64 or AArch64) +* 4 GB memory +* 100 GB drive + +### Prerequisites + +1. openEuler 24.03 LTS SP1 has been installed. + +### Installing from Source + +Clone the SysCare source code and then compile and install SysCare. + +Before compilation, install dependencies: + +```shell +dnf install cmake make rust cargo kernel-devel elfutils-libelf-devel llvm clang bpftool libbpf libbpf-devel libbpf-static +``` + +Compile and install SysCare: + +```shell +git clone https://gitee.com/openeuler/syscare.git +cd syscare +mkdir build +cd build +cmake -DCMAKE_INSTALL_PREFIX=/usr -DKERNEL_VERSION=$(uname -r) .. +make +make install +``` + +### Installing SysCare from a Repository + +If the repository source contains SysCare packages, you can use the `dnf` or `yum` command to download and install them. + +```shell +dnf/yum install syscare syscare-kmod syscare-build syscare-build-ebpf +``` + +### Uninstalling SysCare + +```shell +dnf/yum erase syscare syscare-kmod syscare-build syscare-build-ebpf +``` diff --git a/docs/en/server/maintenance/syscare/syscare_introduction.md b/docs/en/server/maintenance/syscare/syscare_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..17c05d1368dda9dd18380122ac23d1d1cd3c15b0 --- /dev/null +++ b/docs/en/server/maintenance/syscare/syscare_introduction.md @@ -0,0 +1,22 @@ +# Introduction to SysCare + +## Overview + +SysCare is an online live patching tool that automatically fixes bugs and vulnerabilities in OS components, such as kernels, user-mode services, and dynamic libraries. + +![img](./figures/syscare_arch.png) + +## SysCare Functions + +SysCare supports live patching for kernels and user-mode services: + +1. One-click creation + SysCare is a unified environment for both kernel- and user-mode live patches that ignores differences between patches, ensuring they can be created with just one click. +2. Patch lifecycle operations + SysCare provides a unified patch management interface for users to install, activate, uninstall, and query patches. + +## SysCare Technologies + +1. Unified patches: SysCare masks differences in detail when creating patches, providing a unified management tool to improve O&M efficiency. +2. User-mode live patching: SysCare supports live patching of multi-process and multi-thread services in user mode, which takes effect when a process or thread is started or restarted. +3. Lazy mechanism: SysCare fixes the ptrace defect (all kernel calls are ended) and improves the fix success rate. diff --git a/docs/en/server/maintenance/syscare/syscare_user_guide.md b/docs/en/server/maintenance/syscare/syscare_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..f16dbf170ce949d9af6db5e57c032f7c98d957fe --- /dev/null +++ b/docs/en/server/maintenance/syscare/syscare_user_guide.md @@ -0,0 +1,11 @@ +# SysCare User Guide + +This document describes how to install and use SysCare on openEuler. + +## Intended Audience + +This document is intended for openEuler users who need to use hot patches. Users must: + +* Know basic Linux operations. +* Understand core software compilation concepts. +* Have working knowledge of RPM packages and their build processes. diff --git a/docs/en/server/maintenance/syscare/using_syscare.md b/docs/en/server/maintenance/syscare/using_syscare.md new file mode 100644 index 0000000000000000000000000000000000000000..3fe274a103c62c7b1c07a560edf74ce073a16f72 --- /dev/null +++ b/docs/en/server/maintenance/syscare/using_syscare.md @@ -0,0 +1,359 @@ +# Using SysCare + +This chapter describes how to use SysCare on openEuler. + +## Prerequisites + +openEuler 24.03 LTS SP1 has been installed. + +## SysCare Usage + +This chapter describes how to use SysCare, covering both hot patch creation and management. + +### Hot Patch Creation + +Users can create hot patches using the `sycare build` command. This command is a pure CLI tool that generates hot patch packages from RPM packages. The hot patch packages are packaged and maintained as RPM packages and support the creation of both kernel and user-space hot patches. + +#### Hot Patch Creation Process + +1. Prepare the source RPM package and the debuginfo RPM package for the target software. + + Example: + + ```shell + yumdownloader kernel --source --debuginfo + ``` + +2. Ensure that the necessary compilation dependencies for the corresponding software are met. + + Example: + + ```shell + dnf install make gcc bison flex openssl-devel dwarves python3-devel elfutils-libelf-devel + ``` + +3. Execute the `syscare build` command to build the hot patch. + + Example: + + ```shell + syscare build \ + --patch_name HP001 \ + --source kernel-5.10.0-60.66.0.91.oe2203.src.rpm \ + --debuginfo kernel-debuginfo-5.10.0-60.66.0.91.oe2203.x86_64.rpm \ + --output output \ + --patch 001-kernel-patch-test.patch + ``` + + During the hot patch creation process, a temporary folder starting with `syscare-build` will be created in the directory specified by the `--workdir` parameter (defaulting to the current directory). This folder will store temporary files and compilation logs. + + Example: + + ```shell + dev@openeuler-dev:[~]$ ls -l syscare-build.111602/ + total 100 + -rw-r--r--. 1 dev dev 92303 Nov 12 00:00 build.log + drwxr-xr-x. 6 dev dev 4096 Nov 12 00:00 package + drwxr-xr-x. 4 dev dev 4096 Nov 12 00:00 patch + ``` + + The compilation log, named `build.log`, will be generated within the temporary folder. + + ```shell + dev@openeuler-dev:[~]$ cat syscare-build.111602/build.log | less + ``` + + If the patch is successfully created and the `--skip-compiler-check` parameter is not used, the temporary folder will be automatically removed. + +4. Check the build results. + + Example: + + ```shell + dev@openeuler-dev:[~]$ ls -l + total 189680 + -rw-r--r--. 1 dev dev 194218767 Nov 12 00:00 kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.src.rpm + -rw-r--r--. 1 dev dev 10937 Nov 12 00:00 patch-kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.rpm + ``` + + Here: + + - `patch-kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.rpm` is the patch package. + - `kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.src.rpm` is the source RPM package. + +#### Hot Patch Creation Tool + +```shell +USAGE: + syscare build [OPTIONS] --patch_name --source --debuginfo ... --patch ... + +OPTIONS: + -n, --patch_name Patch name + --patch_arch Patch architecture [default: x86_64] + --patch_version Patch version [default: 1] + --patch_release Patch release [default: 1] + --patch_description Patch description [default: (none)] + -s, --source Source package + -d, --debuginfo ... Debuginfo package(s) + --workdir Working directory [default: .] + -o, --output Output directory [default: .] + -j, --jobs Parllel build jobs [default: 96] + --skip_compiler_check Skip compiler version check (not recommended) + --skip_cleanup Skip post-build cleanup + -v, --verbose Provide more detailed info + -p, --patch ... Patch file(s) + -h, --help Prints help information + -V, --version Prints version information +``` + +| Name | Description | Type | Notes | +| ----------------------------------------- | ------------------------------------------------------ | ------ | ------------------------------------------------------------------------------ | +| -n, --patch_name `` | Patch name | String | Required parameter; must comply with RPM naming conventions. | +| --patch_arch `` | Patch architecture | String | Defaults to the current architecture; must comply with RPM naming conventions. | +| --patch_version `` | Patch version number | String | Default value is 1; must comply with RPM naming conventions. | +| --patch_release `` | Patch release | Number | Default value is 1; must comply with RPM naming conventions. | +| --patch_description `` | Patch description | String | Defaults to (none). | +| -s, --source `` | Path to the target software's src.rpm source package. | String | Required parameter; must be a valid path. | +| -d, --debuginfo `...` | Path(s) to the target software's debuginfo package(s). | String | Required parameter; multiple can be specified; must be a valid path. | +| --workdir `` | Path to the temporary working directory. | String | Defaults to the current execution directory; must be a valid path. | +| -o, --output `` | Output folder for the generated patch. | String | Defaults to the current execution directory; must be a valid path. | +| -j, --jobs `` | Number of parallel compilation threads. | Number | Defaults to the number of CPU threads. | +| --skip-compiler-check | Skip the compiler version check (not recommended). | Flag | - | +| --skip-cleanup | Skip the cleanup of temporary files after the build. | Flag | - | +| -v, --verbose | Print detailed information. | Flag | - | +| -p, --patch `...` | Path(s) to the patch file(s). | String | Required parameter; multiple can be specified; must be a valid path. | +| -h, --help | Print help information. | Flag | - | +| -V, --version | Print version information. | Flag | - | +| | | | | + +Example: + +```shell +syscare build \ + --patch_name \"HP001\" \\ + --patch_description \"CVE-2021-32675 - When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users.\" \\ + --source ./redis-6.2.5-1.src.rpm \\ + --debuginfo ./redis-debuginfo-6.2.5-1.x86_64.rpm \\ + --output ./output \\ + --patch ./0001-Prevent-unauthenticated-client-from-easily-consuming.patch +``` + +#### Hot Patch Package Naming Convention + +- Hot patch package: `patch----..rpm` +- Hot patch source package: `---..src.rpm` + +#### Package Contents + +- Hot patch package: Contains SysCare hot patch binaries and metadata for patch installation +- Hot patch source package: Includes target software source code and additional patch files for creating new hot patch versions + +#### Troubleshooting + +If errors occur during hot patch creation, check the compilation log named `build.log` in the working directory. + +Example: + +```shell +Building patch, this may take a while +- Preparing build requirements +- Building patch +Error: UserPatchBuilder: Failed to build patch + +Caused by: + Process "/usr/libexec/syscare/upatch-build" exited unsuccessfully, exit_code=253 +For more information, please check "/home/dev/syscare-build.345549/build.log" +``` + +### Hot Patch Package Management + +Installing or uninstalling hot patches requires specifying the corresponding RPM package name, denoted here as `$patch_package`. + +1. Installing a hot patch package + + ```shell + dnf install $patch_package.rpm + ``` + + After installation, hot patch files are stored in: + /usr/lib/syscare/patches + +2. Uninstalling a hot patch package + + ```shell + dnf remove $patch_package + ``` + + Note: Hot patches in `ACTIVED` state or higher will be automatically uninstalled. + +### Hot Patch Management + +The `syscare` command is used to manage hot patches. + +To operate on a specific hot patch, users must provide a search string (denoted as `$patch_identifier`). + +Search follows these rules: `/`. The `/` prefix can be omitted if the patch name is unique. UUID can also be used for management. + +- Target package name: Name of the software package to be patched +- Patch name: Name of the hot patch + +#### Patch Metadata + +Patch metadata includes the following fields: + +| Field | Description | +| ----------- | ------------------------- | +| uuid | Unique patch identifier | +| name | Patch name | +| version | Version number | +| release | Release number | +| arch | Architecture | +| type | Patch type | +| target | Target software name | +| entities | Executable files affected | +| digest | Cryptographic fingerprint | +| license | Software license | +| description | Patch details | +| patch | List of patch files | + +### Hot Patch Package Management + +Installing or uninstalling hot patches requires specifying the corresponding RPM package name, denoted here as `$patch_package`. + +1. Installing a hot patch package + + ```shell + dnf install $patch_package.rpm + ``` + + After installation, hot patch files are stored in: + /usr/lib/syscare/patches + +2. Uninstalling a hot patch package + + ```shell + dnf remove $patch_package + ``` + + Note: Hot patches in `ACTIVED` state or higher will be automatically uninstalled. + +### Hot Patch Management + +The `syscare` command is used to manage hot patches. + +To operate on a specific hot patch, users must provide a search string (denoted as `$patch_identifier`). + +Search follows these rules: `/`. The `/` prefix can be omitted if the patch name is unique. UUID can also be used for management. + +- Target package name: Name of the software package to be patched +- Patch name: Name of the hot patch + +#### Patch Metadata + +Patch metadata includes the following fields: + +| Field | Description | +| ----------- | ------------------------- | +| uuid | Unique patch identifier | +| name | Patch name | +| version | Version number | +| release | Release number | +| arch | Architecture | +| type | Patch type | +| target | Target software name | +| entities | Executable files affected | +| digest | Cryptographic fingerprint | +| license | Software license | +| description | Patch details | +| patch | List of patch files | + +Example: + +```shell +sudo syscare info redis-6.2.5-1/HP002-1-1 +uuid: 980fa0d0-e753-447c-8494-01de595f35d0 +name: HP002 +version: 1 +release: 1 +arch: x86_64 +type: UserPatch +target: redis-6.2.5-1 +target_elf: redis-server, redis-benchmark, redis-cli +license: BSD and MIT +description: CVE-2021-32675 - When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. +patch: +0001-Prevent-unauthenticated-client-from-easily-consuming.patch +``` + +#### Hot Patch States + +SysCare categorizes the hot patch lifecycle into these states: + +- Unloaded: `NOT-APPLIED` +- Inactive: `DEACTIVED` +- Active: `ACTIVED` +- Accepted: `ACCEPTED` + +#### Patch Information Queries + +1. View basic patch information: + + ```shell + syscare info $patch_identifier + ``` + +2. Check patch status: + + ```shell + syscare status $patch_identifier + ``` + +3. List all patch statuses: + + ```shell + syscare list + ``` + +#### Hot Patch State Management + +1. Load a patch: + + ```shell + syscare apply $patch_identifier + ``` + +2. Unload a patch: + + ```shell + syscare remove $patch_identifier + ``` + +3. Activate a patch: + + ```shell + syscare active $patch_identifier + ``` + +4. Deactivate a patch: + + ```shell + syscare deactive $patch_identifier + ``` + +5. Accept a patch: + + ```shell + syscare accept $patch_identifier + ``` + +6. Save all patch states: + + ```shell + syscare save + ``` + +7. Restore all patch states: + + ```shell + syscare restore + ``` diff --git a/docs/en/server/maintenance/sysmonitor/_toc.yaml b/docs/en/server/maintenance/sysmonitor/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3420297c6b037af047c5c0f8889f143b7151fd76 --- /dev/null +++ b/docs/en/server/maintenance/sysmonitor/_toc.yaml @@ -0,0 +1,6 @@ +label: sysmonitor User Guide +isManual: true +description: sysmonitor tracks exceptions in the OS during runtime. +sections: + - label: sysmonitor User Guide + href: ./sysmonitor_user_guide.md diff --git a/docs/en/server/maintenance/sysmonitor/figures/sysmonitor_functions.png b/docs/en/server/maintenance/sysmonitor/figures/sysmonitor_functions.png new file mode 100644 index 0000000000000000000000000000000000000000..e9655456ebce192d196e5f55c5fc09c03fa440d8 Binary files /dev/null and b/docs/en/server/maintenance/sysmonitor/figures/sysmonitor_functions.png differ diff --git a/docs/en/server/maintenance/sysmonitor/sysmonitor_user_guide.md b/docs/en/server/maintenance/sysmonitor/sysmonitor_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..3147a5e8c7f3bb8739acc51ca98363935420d06f --- /dev/null +++ b/docs/en/server/maintenance/sysmonitor/sysmonitor_user_guide.md @@ -0,0 +1,798 @@ +# sysmonitor User Guide + +## Introduction + +The system monitor (sysmonitor) daemon monitors exceptions that occur during OS running and records the exceptions in the system log file **/var/log/sysmonitor.log**. sysmonitor runs as a service. You can run the `systemctl start|stop|restart|reload sysmonitor` command to start, stop, restart, and reload the service. You are advised to deploy sysmonitor to locate system exceptions. + +![](./figures/sysmonitor_functions.png) + +### Precautions + +- sysmonitor cannot run concurrently. +- Ensure that all configuration files are valid. Otherwise, the monitoring service may be abnormal. +- The root privilege is required for sysmonitor service operations, configuration file modification, and log query. The **root** user has the highest permission in the system. When performing operations as the **root** user, follow the operation guide to avoid system management and security risks caused by improper operations. + +### Configuration Overview + +Configuration file **/etc/sysconfig/sysmonitor** of sysmonitor defines the monitoring period of each monitoring item and specifies whether to enable monitoring. Spaces are not allowed between the configuration item, equal sign (=), and configuration value, for example, **PROCESS_MONITOR="on"**. + +Configuration description + +| Item | Description | Mandatory| Default Value | +| ------------------------- | ------------------------------------------------------------ | -------- | -------------------------------------- | +| PROCESS_MONITOR | Whether to enable key process monitoring. The value can be **on** or **off**. | No | on | +| PROCESS_MONITOR_PERIOD | Monitoring period on key processes, in seconds. | No | 3 | +| PROCESS_RECALL_PERIOD | Interval for attempting to restart a key process after the process fails to be recovered, in minutes. The value can be an integer ranging from 1 to 1440.| No | 1 | +| PROCESS_RESTART_TIMEOUT | Timeout interval for recovering a key process service from an exception, in seconds. The value can be an integer ranging from 30 to 300.| No | 90 | +| PROCESS_ALARM_SUPRESS_NUM | Number of alarm suppression times when the key process monitoring configuration uses the alarm command to report alarms. The value is a positive integer.| No | 5 | +| FILESYSTEM_MONITOR | Whether to enable ext3 and ext4 file system monitoring. The value can be **on** or **off**. | No | on | +| DISK_MONITOR | Whether to enable drive partition monitoring. The value can be **on** or **off**. | No | on | +| DISK_MONITOR_PERIOD | Drive monitoring period, in seconds. | No | 60 | +| INODE_MONITOR | Whether to enable drive inode monitoring. The value can be **on** or **off**. | No | on | +| INODE_MONITOR_PERIOD | Drive inode monitoring period, in seconds. | No | 60 | +| NETCARD_MONITOR | Whether to enable NIC monitoring. The value can be **on** or **off**. | No | on | +| FILE_MONITOR | Whether to enable file monitoring. The value can be **on** or **off**. | No | on | +| CPU_MONITOR | Whether to enable CPU monitoring. The value can be **on** or **off**. | No | on | +| MEM_MONITOR | Whether to enable memory monitoring. The value can be **on** or **off**. | No | on | +| PSCNT_MONITOR | Whether to enable process count monitoring. The value can be **on** or **off**. | No | on | +| FDCNT_MONITOR | Whether to enable file descriptor (FD) count monitoring. The value can be **on** or **off**. | No | on | +| CUSTOM_DAEMON_MONITOR | Whether to enable custom daemon item monitoring. The value can be **on** or **off**. | No | on | +| CUSTOM_PERIODIC_MONITOR | Whether to enable custom periodic item monitoring. The value can be **on** or **off**. | No | on | +| IO_DELAY_MONITOR | Whether to enable local drive I/O latency monitoring. The value can be **on** or **off**. | No | off | +| PROCESS_FD_NUM_MONITOR | Whether to enable process FD count monitoring. The value can be **on** or **off**. | No | on | +| PROCESS_MONITOR_DELAY | Whether to wait until all monitoring items are normal when sysmonitor is started. The value can be **on** (wait) or **off** (do not wait).| No | on | +| NET_RATE_LIMIT_BURST | NIC route information printing rate, that is, the number of logs printed per second. | No | 5
Valid range: 0 to 100 | +| FD_MONITOR_LOG_PATH | FD monitoring log file | No | /var/log/sysmonitor.log| +| ZOMBIE_MONITOR | Whether to monitor zombie processes | No | off | +| CHECK_THREAD_MONITOR | Whether to enable internal thread self-healing. The value can be **on** or **off**. | No | on | +| CHECK_THREAD_FAILURE_NUM | Number of internal thread self-healing checks in a period. | No | 3
Valid range: 2 to 10 | + +- After modifying the **/etc/sysconfig/sysmonitor** configuration file, restart the sysmonitor service for the configurations to take effect. +- If an item is not configured in the configuration file, it is enabled by default. +- After the internal thread self-healing function is enabled, if a sub-thread of the monitoring item is suspended and the number of checks in a period exceeds the configured value, the sysmonitor service is restarted for restoration. The configuration is reloaded. The configured key process monitoring and customized monitoring are restarted. If this function affects user experience, you can disable it. + +### Command Reference + +- Start sysmonitor. + +```shell +systemctl start sysmonitor +``` + +- Stop sysmonitor. + +```shell +systemctl stop sysmonitor +``` + +- Restart sysmonitor. + +```shell +systemctl restart sysmonitor +``` + +- Reload sysmonitor for the modified configurations to take effect. + +```shell +systemctl reload sysmonitor +``` + +### Monitoring Logs + +By default, logs is split and dumped to prevent the **sysmonitor.log** file from getting to large. Logs are dumped to a drive directory. In this way, a certain number of logs can be retained. + +The configuration file is **/etc/rsyslog.d/sysmonitor.conf**. Because this rsyslog configuration file is added, after sysmonitor is installed for the first time, you need to restart the rsyslog service to make the sysmonitor log configuration take effect. + +```text +$template sysmonitorformat,"%TIMESTAMP:::date-rfc3339%|%syslogseverity-text%|%msg%\n" + +$outchannel sysmonitor, /var/log/sysmonitor.log, 2097152, /usr/libexec/sysmonitor/sysmonitor_log_dump.sh +if ($programname == 'sysmonitor' and $syslogseverity <= 6) then { +:omfile:$sysmonitor;sysmonitorformat +stop +} + +if ($msg contains 'Time has been changed') then { +:omfile:$sysmonitor;sysmonitorformat +stop +} + +if ($programname == 'sysmonitor' and $syslogseverity > 6) then { +/dev/null +stop +} +``` + +## ext3/ext4 Filesystem Monitoring + +### Introduction + +A fault in the filesystem may trigger I/O operation errors, which further cause OS faults. File system fault detection can detect the faults in real time so that system administrators or users can rectify them in a timely manner. + +### Configuration File Description + +None + +### Exception Logs + +For a file system to which the errors=remount-ro mounting option is added, if the ext3 or ext4 file system is faulty, the following exception information is recorded in the **sysmonitor.log** file: + +```text +info|sysmonitor[127]: loop0 filesystem error. Remount filesystem read-only. +``` + +In other exception scenarios, if the ext3 or ext4 file system is faulty, the following exception information is recorded in the **sysmonitor.log** file: + +```text +info|sysmonitor[127]: fs_monitor_ext3_4: loop0 filesystem error. flag is 1879113728. +``` + +## Key Processing Monitoring + +### Introduction + +Key processes in the system are periodically monitored. When a key process exits abnormally, sysmonitor automatically attempts to recover the key process. If the recovery fails, alarms can be reported. The system administrator can be promptly notified of the abnormal process exit event and whether the process is restarted. Fault locating personnel can locate the time when the process exits abnormally from logs. + +### Configuration File Description + +The configuration file directory is **/etc/sysmonitor/process**. Each process or module corresponds to a configuration file. + +```text +USER=root +NAME=irqbalance +RECOVER_COMMAND=systemctl restart irqbalance +MONITOR_COMMAND=systemctl status irqbalance +STOP_COMMAND=systemctl stop irqbalance +``` + +The configuration items are as follows: + +| Item | Description | Mandatory| Default Value | +| ---------------------- | ------------------------------------------------------------ | -------- | --------------------------------------------------- | +| NAME | Process or module name | Yes | None | +| RECOVER_COMMAND | Recovery command | No | None | +| MONITOR_COMMAND | Monitoring command
If the command output is 0, the process is normal. If the command output is greater than 0, the process is abnormal.| No | pgrep -f $(which xxx)
*xxx* is the process name configured in the **NAME** field.| +| STOP_COMMAND | Stopping command | No | None | +| USER | User name
User for executing the monitoring, recovery, and stopping commands or scripts | No | If this item is left blank, the **root** user is used by default. | +| CHECK_AS_PARAM | Parameter passing switch
If this item is on, the return value of **MONITOR_COMMAND** is transferred to the **RECOVER_COMMAND** command or script as an input parameter. If this item is set to off or other values, the function is disabled.| No | None | +| MONITOR_MODE | Monitoring mode
- **parallel** or **serial**
| No | serial | +| MONITOR_PERIOD | Monitoring period
- Parallel monitoring period
- This item does not take effect when the monitoring mode is **serial**.| No | 3 | +| USE_CMD_ALARM | Alarm mode
If this parameter is set to **on** or **ON**, alarms are reported using the alarm reporting command. | No | None | +| ALARM_COMMAND | Alarm reporting command | No | None | +| ALARM_RECOVER_COMMAND | Alarm recovery command | No | No | + +- After modifying the configuration file for monitoring key processes, run `systemctl reload sysmonitor`. The new configuration takes effect after a monitoring period. +- The recovery command and monitoring command must not block. Otherwise, the monitoring thread of the key process becomes abnormal. +- When the recovery command is executed for more than 90 seconds, the stopping command is executed to stop the process. +- If the recovery command is empty or not configured, the monitoring command does not attempt to recover the key process when detecting that the key process is abnormal. +- If a key process is abnormal and fails to be started for three consecutive times, the process is started based on the period specified by **PROCESS_RECALL_PERIOD** in the global configuration file. +- If the monitored process is not a daemon process, **MONITOR_COMMAND** is mandatory. +- If the configured key service does not exist in the current system, the monitoring does not take effect and the corresponding information is printed in the log. If a fatal error occurs in other configuration items, the default configuration is used and no error is reported. +- The permission on the configuration file is 600. You are advised to set the monitoring item to the **service** type of systemd (for example, **MONITOR_COMMAND=systemctl status irqbalance**). If a process is monitored, ensure that the **NAME** field is an absolute path. +- The restart, reload, and stop of sysmonitor do not affect the monitored processes or services. +- If **USE_CMD_ALARM** is set to **on**, you must ensure the validiy of **ALARM_COMMAND** and **ALARM_RECOVER_COMMAND**. If **ALARM_COMMAND** or **ALARM_RECOVER_COMMAND** is empty or not configured, no alarm is reported. +- The security of user-defined commands, such as the monitoring, recovery, stopping, alarm reporting, and alarm recovery commands, is ensured by users. Commands are executed by the user **root**. You are advised to set the script command permission to be used only by the user **root** to prevent privilege escalation for common users. +- If the length of the monitoring command cannot be greater than 200 characters. Otherwise, the process monitoring fails to be added. +- When the recovery command is set to a systemd service restart command (for example, **RECOVER_COMMAND=systemctl restart irqbalance**), check whether the recovery command conflicts with the open source systemd service recovery mechanism. Otherwise, the behavior of key processes may be affected after exceptions occur. +- The processes started by the sysmonitor service are in the same cgroup as the sysmonitor service, and resources cannot be restricted separately. Therefore, you are advised to use the open source systemd mechanism to recover the processes. + +### Exception Logs + +- **RECOVER_COMMAND** configured + + If a process or module exception is detected, the following exception information is recorded in the **/var/log/sysmonitor.log** file: + + ```text + info|sysmonitor[127]: irqbalance is abnormal, check cmd return 1, use "systemctl restart irqbalance" to recover + ``` + + If the process or module recovers, the following information is recorded in the **/var/log/sysmonitor.log** file: + + ```text + info|sysmonitor[127]: irqbalance is recovered + ``` + +- **RECOVER_COMMAND** not configured + + If a process or module exception is detected, the following exception information is recorded in the **/var/log/sysmonitor.log** file: + + ```text + info|sysmonitor[127]: irqbalance is abnormal, check cmd return 1, recover cmd is null, will not recover + ``` + + If the process or module recovers, the following information is recorded in the **/var/log/sysmonitor.log** file: + + ```text + info|sysmonitor[127]: irqbalance is recovered + ``` + +## File Monitoring + +### Introduction + +If key system files are deleted accidentally, the system may run abnormally or even break down. Through file monitoring, you can learn about the deletion of key files or the addition of malicious files in the system in a timely manner, so that administrators and users can learn and rectify faults in a timely manner. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/file**. Each monitoring configuration item occupies a line. A monitoring configuration item contains the file (directory) and event to be monitored. The file (directory) to be monitored is an absolute path. The file (directory) to be monitored and the event to be monitored are separated by one or more spaces. + +The file monitoring configuration items can be added to the **/etc/sysmonitor/file.d** directory. The configuration method is the same as that of the **/etc/sysmonitor/file** directory. + +- Due to the log length limit, it is recommended that the absolute path of a file or directory be less than 223 characters. Otherwise, the printed logs may be incomplete. + +- Ensure that the path of the monitored file is correct. If the configured file does not exist or the path is incorrect, the file cannot be monitored. + +- Due to the path length limit of the system, the absolute path of the monitored file or directory must be less than 4096 characters. + +- Directories and regular files can be monitored. **/proc**, **/proc/\***, **/dev**, **/dev/\***, **/sys**, **/sys/\***, pipe files, or socket files cannot be monitored. + +- Only deletion events can be monitored in **/var/log** and **/var/log/\***. + +- If multiple identical paths exist in the configuration file, the first valid configuration takes effect. In the log file, you can see messages indicating that the identical paths are ignored. + +- Soft links cannot be monitored. When a hard link file deletion event is configured, the event is printed only after the file and all its hard links are deleted. + +- When a monitored event occurs after the file monitoring is successfully added, the monitoring log records the absolute path of the configured file. + +- Currently, directories cannot be monitored recursively. The configured directory is monitored but not its subdirectories. + +- The events to be monitored are configured using bitmaps as follows. + +```text + ------------------------------- + | 11~32 | 10 | 9 | 1~8 | + ------------------------------- +``` + +Each bit in the event bitmap represents an event. If bit _n_ is set to 1, the event corresponding to bit _n_ is monitored. The hexadecimal number corresponding to the monitoring bitmap is the event monitoring item written to the configuration file. + +| Item| Description | Mandatory| +| ------ | ------------------ | -------- | +| 1~8 | Reserved | No | +| 9 | File or directory addition event| Yes | +| 10 | File or directory deletion event| Yes | +| 11~32 | Reserved | No | + +- After modifying the file monitoring configuration file, run `systemctl reload sysmonitor`. The new configuration takes effect within 60 seconds. +- Strictly follow the preceding rules to configure events to be monitored. If the configuration is incorrect, the events cannot be monitored. If an event to be monitored in the configuration item is empty, only the deletion event is monitored by default, that is, **0x200**. +- After a file or directory is deleted, the deletion event is reported only when all processes that open the file stop. +- If a monitored a is modified by `vi` or `sed`, "File XXX may have been changed" is recorded in the monitoring log. +- Currently, file addition and deletion events can be monitored, that is, the ninth and tenth bits take effect. Other bits are reserved and do not take effect. If a reserved bit is configured, the monitoring log displays a message indicating that the event monitoring is incorrectly configured. + +**Example** + +Monitor the subdirectory addition and deletion events in **/home**. The lower 12-bit bitmap is 001100000000. The configuration is as follows: + +```text +/home 0x300 +``` + +Monitor the file deletion events of **/etc/ssh/sshd_config**. The lower 12-bit bitmap is 001000000000. The configuration is as follows: + +```text +/etc/sshd/sshd_config 0x200 +``` + +### Exception Logs + +If a configured event occurs to the monitored file, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]: 1 events queued +info|sysmonitor[127]: 1th events handled +info|sysmonitor[127]: Subfile "111" under "/home" was added. +``` + +## Drive Partition Monitoring + +### Introduction + +The system periodically monitors the drive partitions mounted to the system. When the drive partition usage is greater than or equal to the configured alarm threshold, the system records a drive space alarm. When the drive partition usage falls below the configured alarm recovery threshold, a drive space recovery alarm is recorded. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/disk**. + +```text +DISK="/var/log" ALARM="90" RESUME="80" +DISK="/" ALARM="95" RESUME="85" +``` + +| Item| Description | Mandatory| Default Value| +| ------ | ---------------------- | -------- | ------ | +| DISK | Mount directory | Yes | None | +| ALARM | Integer indicating the drive space alarm threshold| No | 90 | +| RESUME | Integer indicating the drive space alarm recovery threshold| No | 80 | + +- After modifying the configuration file for drive space monitoring, run `systemctl reload sysmonitor`. The new configuration takes effect after a monitoring period. +- If a mount directory is configured repeatedly, the last configuration item takes effect. +- The value of **ALARM** must be greater than that of **RESUME**. +- Only the mount point or the drive partition of the mount point can be monitored. +- When the CPU usage and I/O usage are high, the `df` command execution may time out. As a result, the drive usage cannot be obtained. +- If a drive partition is mounted to multiple mount points, an alarm is reported for each mount point. + +### Exception Logs + +If a drive space alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +warning|sysmonitor[127]: report disk alarm, /var/log used:90% alarm:90% +info|sysmonitor[127]: report disk recovered, /var/log used:4% resume:10% +``` + +## NIC Status Monitoring + +### Introduction + +During system running, the NIC status or IP address may change due to human factors or exceptions. You can monitor the NIC status and IP address changes to detect exceptions in a timely manner and locate exception causes. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/network**. + +```text +#dev event +eth1 UP +``` + +The following table describes the configuration items. + +| Item| Description | Mandatory| Default Value | +| ------ | ------------------------------------------------------------ | -------- | ------------------------------------------------- | +| dev | NIC name | Yes | None | +| event | Event to be monitored. The value can be **UP**, **DOWN**, **NEWADDR**, or **DELADDR**.
- UP: The NIC is up.
- DOWN: The NIC is down.
- NEWADDR: An IP address is added.
- DELADDR: An IP address is deleted.| No | If this item is empty, **UP**, **DOWN**, **NEWADDR**, and **DELADDR** are monitored.| + +- After modifying the configuration file for NIC monitoring, run `systemctl reload sysmonitor` for the new configuration to take effect. +- The **UP** and **DOWN** status of virtual NICs cannot be monitored. +- Ensure that each line in the NIC monitoring configuration file contains less than 4096 characters. Otherwise, a configuration error message will be recorded in the monitoring log. +- By default, all events of all NICs are monitored. That is, if no NIC monitoring is configured, the **UP**, **DOWN**, **NEWADDR**, and **DELADDR** events of all NICs are monitored. +- If a NIC is configured but no event is configured, all events of the NIC are monitored by default. +- The events of route addition can be recorded five times per second. You can change the number of times by setting **NET_RATE_LIMIT_BURST** in **/etc/sysconfig/sysmonitor**. + +### Exception Logs + +If a NIC event is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]: lo: ip[::1] prefixlen[128] is added, comm: (ostnamed)[1046], parent comm: syst emd[1] +info|sysmonitor[127]: lo: device is up, comm: (ostnamed)[1046], parent comm: systemd[1] +``` + +If a route event is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[881]: Fib4 replace table=255 192.168.122.255/32, comm: daemon-init[1724], parent com m: systemd[1] +info|sysmonitor[881]: Fib4 replace table=254 192.168.122.0/24, comm: daemon-init[1724], parent comm: systemd[1] +info|sysmonitor[881]: Fib4 replace table=255 192.168.122.0/32, comm: daemon-init[1724], parent comm: systemd[1] +info|sysmonitor[881]: Fib6 replace fe80::5054:ff:fef6:b73e/128, comm: kworker/1:3[209], parent comm: kthreadd[2] +``` + +## CPU Monitoring + +### Introduction + +The system monitors the global CPU usage or the CPU usage in a specified domain. When the CPU usage exceeds the configured alarm threshold, the system runs the configured log collection command. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/cpu**. + +When the global CPU usage of the system is monitored, an example of the configuration file is as follows: + +```text +# cpu usage alarm percent +ALARM="90" + +# cpu usage alarm resume percent +RESUME="80" + +# monitor period (second) +MONITOR_PERIOD="60" + +# stat period (second) +STAT_PERIOD="300" + +# command executed when cpu usage exceeds alarm percent +REPORT_COMMAND="" +``` + +When the CPU usage of a specific domain is monitored, an example of the configuration file is as follows: + +```text +# monitor period (second) +MONITOR_PERIOD="60" + +# stat period (second) +STAT_PERIOD="300" + +DOMAIN="0,1" ALARM="90" RESUME="80" +DOMAIN="2,3" ALARM="50" RESUME="40" + +# command executed when cpu usage exceeds alarm percent +REPORT_COMMAND="" +``` + +| Item | Description | Mandatory| Default Value| +| -------------- | ------------------------------------------------------------ | -------- | ------ | +| ALARM | Number greater than 0, indicating the CPU usage alarm threshold | No | 90 | +| RESUME | Number greater than or equal to 0, indicating the CPU usage alarm recovery threshold | No | 80 | +| MONITOR_PERIOD | Monitoring period, in seconds. The value is greater than 0. | No | 60 | +| STAT_PERIOD | Statistical period, in seconds. The value is greater than 0. | No | 300 | +| DOMAIN | CPU IDs in the domain, represented by decimal numbers
- CPU IDs can be enumerated and separated by commas, for example, **1,2,3**. CPU IDs can be specified as a range in the format of _X_-_Y_, for example, **0-2**. The two representations can be used together, for example, **0, 1, 2-3** or **0-1, 2-3**. Spaces or other characters are not allowed.
- Each monitoring domain has an independent configuration item. Each configuration item supports a maximum of 256 CPUs. A CPU ID must be unique in a domain and across domains.| No | None | +| REPORT_COMMAND | Command for collecting logs after the CPU usage exceeds the alarm threshold | No | None | + +- After modifying the configuration file for CPU monitoring, run `systemctl reload sysmonitor`. The new configuration takes effect after a monitoring period. +- The value of **ALARM** must be greater than that of **RESUME**. +- After the CPU domain monitoring is configured, the global average CPU usage of the system is not monitored, and the separately configured **ALARM** and **RESUME** values do not take effect. +- If the configuration of a monitoring domain is invalid, CPU monitoring is not performed at all. +- All CPUs configured in **DOMAIN** must be online. Otherwise, the domain cannot be monitored. +- The command of **REPORT_COMMAND** cannot contain insecure characters such as **&**, **;**, and **>**, and the total length cannot exceed 159 characters. Otherwise, the command cannot be executed. +- Ensure the security and validity of **REPORT_COMMAND**. sysmonitor is responsible only for running the command as the **root** user. +- **REPORT_COMMAND** must not block. When the execution time of the command exceeds 60s, the sysmonitor forcibly stops the execution. +- Even if the CPU usage of multiple domains exceeds the threshold in a monitoring period, **REPORT_COMMAND** is executed only once. + +### Exception Logs + +If a global CPU usage alarm is detected or cleared and the log collection command is configured, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]: CPU usage alarm: 91.3% +info|sysmonitor[127]: cpu monitor: execute REPORT_COMMAND[sysmoniotrcpu] successfully +info|sysmonitor[127]: CPU usage resume 70.1% +``` + +If a domain average CPU usage alarm is detected or cleared and the log collection command is configured, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]: CPU 1,2,3 usage alarm: 91.3% +info|sysmonitor[127]: cpu monitor: execute REPORT_COMMAND[sysmoniotrcpu] successfully +info|sysmonitor[127]: CPU 1,2,3 usage resume 70.1% +``` + +## Memory Monitoring + +### Introduction + +Monitors the system memory usage and records logs when the memory usage exceeds or falls below the threshold. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/memory**. + +```text +# memory usage alarm percent +ALARM="90" + +# memory usage alarm resume percent +RESUME="80" + +# monitor period(second) +PERIOD="60" +``` + +### Configuration Item Description + +| Item| Description | Mandatory| Default Value| +| ------ | ----------------------------- | -------- | ------ | +| ALARM | Number greater than 0, indicating the memory usage alarm threshold | No | 90 | +| RESUME | Number greater than or equal to 0, indicating the memory usage alarm recovery threshold| No | 80 | +| PERIOD | Monitoring period, in seconds. The value is greater than 0. | No | 60 | + +- After modifying the configuration file for memory monitoring, run `systemctl reload sysmonitor`. The new configuration takes effect after a monitoring period. +- The value of **ALARM** must be greater than that of **RESUME**. +- The average memory usage in three monitoring periods is used to determine whether an alarm is reported or cleared. + +### Exception Logs + +If a memory alarm is detected, sysmonitor obtains the **/proc/meminfo** information and prints the information in the **/var/log/sysmonitor.log** file. The information is as follows: + +```text +info|sysmonitor[127]: memory usage alarm: 90% +info|sysmonitor[127]:---------------show /proc/meminfo: --------------- +info|sysmonitor[127]:MemTotal: 3496388 kB +info|sysmonitor[127]:MemFree: 2738100 kB +info|sysmonitor[127]:MemAvailable: 2901888 kB +info|sysmonitor[127]:Buffers: 165064 kB +info|sysmonitor[127]:Cached: 282360 kB +info|sysmonitor[127]:SwapCached: 4492 kB +...... +info|sysmonitor[127]:---------------show_memory_info end. --------------- +``` + +If the following information is printed, sysmonitor runs `echo m > /proc/sysrq-trigger` to export memory allocation information. You can view the information in **/var/log/messages**. + +```text +info|sysmonitor[127]: sysrq show memory ifno in message. +``` + +When the alarm is recovered, the following information is displayed: + +```text +info|sysmonitor[127]: memory usage resume: 4.6% +``` + +## Process and Thread Monitoring + +### Introduction + +Monitors the number of processes and threads. When the total number of processes or threads exceeds or falls below the threshold, a log is recorded or an alarm is reported. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/pscnt**. + +```text +# number of processes(include threads) when alarm occur +ALARM="1600" + +# number of processes(include threads) when alarm resume +RESUME="1500" + +# monitor period(second) +PERIOD="60" + +# process count usage alarm percent +ALARM_RATIO="90" + +# process count usage resume percent +RESUME_RATIO="80" + +# print top process info with largest num of threads when threads alarm +# (range: 0-1024, default: 10, monitor for thread off:0) +SHOW_TOP_PROC_NUM="10" +``` + +| Item | Description | Mandatory| Default Value| +| ----------------- | ------------------------------------------------------------ | -------- | ------ | +| ALARM | Integer greater than 0, indicating the process count alarm threshold | No | 1600 | +| RESUME | Integer greater than or equal to 0, indicating the process count alarm recovery threshold | No | 1500 | +| PERIOD | Monitoring period, in seconds. The value is greater than 0. | No | 60 | +| ALARM_RATIO | Number greater than 0 and less than or equal to 100. Process count alarm threshold. | No | 90 | +| RESUME_RATIO | Number greater than 0 and less than or equal to 100. Process count alarm recovery threshold, which must be less than **ALARM_RATIO**.| No | 80 | +| SHOW_TOP_PROC_NUM | Whether to use the latest `top` information about threads | No | 10 | + +- After modifying the configuration file for process count monitoring, run `systemctl reload sysmonitor`. The new configuration takes effect after a monitoring period. +- The value of **ALARM** must be greater than that of **RESUME**. +- The process count alarm threshold is the larger between **ALARM** and **ALARM_RATIO** in **/proc/sys/kernel/pid_max**. The alarm recovery threshold is the larger of **RESUME** and **RESUME_RATIO** in **/proc/sys/kernel/pid_max**. +- The thread count alarm threshold is the larger between **ALARM** and **ALARM_RATIO** in **/proc/sys/kernel/threads-max**. The alarm recovery threshold is the larger of **RESUME** and **RESUME_RATIO** in **/proc/sys/kernel/threads-max**. +- The value of **SHOW_TOP_PROC_NUM** ranges from 0 to 1024. 0 indicates that thread monitoring is disabled. A larger value, for example, 1024, indicates that thread alarms will be generated in the environment. If the alarm threshold is high, the performance is affected. You are advised to set this parameter to the default value 10 or a smaller value. If the impact is huge, you are advised to set this parameter to 0 to disable thread monitoring. +- The value of **PSCNT_MONITOR** in **/etc/sysconfig/sysmonitor** and the value of **SHOW_TOP_PROC_NUM** in **/etc/sysmonitor/pscnt** determine whether thread monitoring is enabled. + - If **PSCNT_MONITOR** is on and **SHOW_TOP_PROC_NUM** is set to a valid value, thread monitoring is enabled. + - If **PSCNT_MONITOR** is on and **SHOW_TOP_PROC_NUM** is 0, thread monitoring is disabled. + - If **PSCNT_MONITOR** is off, thread monitoring is disabled. +- When a process count alarm is generated, the system FD usage information and memory information (**/proc/meminfo**) are printed. +- When a thread count alarm is generated, the total number of threads, `top` process information, number of processes in the current environment, number of system FDs, and memory information (**/proc/meminfo**) are printed. +- If system resources are insufficient before a monitoring period ends, for example, the thread count exceeds the maximum number allowed, the monitoring cannot run properly due to resource limitation. As a result, the alarm cannot be generated. + +### Exception Logs + +If a process count alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]:---------------process count alarm start: --------------- +info|sysmonitor[127]: process count alarm:1657 +info|sysmonitor[127]: process count alarm, show sys fd count: 2592 +info|sysmonitor[127]: process count alarm, show mem info +info|sysmonitor[127]:---------------show /proc/meminfo: --------------- +info|sysmonitor[127]:MemTotal: 3496388 kB +info|sysmonitor[127]:MemFree: 2738100 kB +info|sysmonitor[127]:MemAvailable: 2901888 kB +info|sysmonitor[127]:Buffers: 165064 kB +info|sysmonitor[127]:Cached: 282360 kB +info|sysmonitor[127]:SwapCached: 4492 kB +...... +info|sysmonitor[127]:---------------show_memory_info end. --------------- +info|sysmonitor[127]:---------------process count alarm end: --------------- +``` + +If a process count recovery alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]: process count resume: 1200 +``` + +If a thread count alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]:---------------threads count alarm start: --------------- +info|sysmonitor[127]:threads count alarm: 273 +info|sysmonitor[127]:open threads most 10 processes is [top1:pid=1756900,openthreadsnum=13,cmd=/usr/bin/sysmonitor --daemon] +info|sysmonitor[127]:open threads most 10 processes is [top2:pid=3130,openthreadsnum=13,cmd=/usr/lib/gassproxy -D] +..... +info|sysmonitor[127]:---------------threads count alarm end. --------------- +``` + +## System FD Count Monitoring + +### Introduction + +Monitors the number of system FDs. When the total number of system FDs exceeds or is less than the threshold, a log is recorded. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/sys_fd_conf**. + +```text +# system fd usage alarm percent +SYS_FD_ALARM="80" +# system fd usage alarm resume percent +SYS_FD_RESUME="70" +# monitor period (second) +SYS_FD_PERIOD="600" +``` + +Configuration items: + +| Item | Description | Mandatory| Default Value| +| ------------- | --------------------------------------------------------- | -------- | ------ | +| SYS_FD_ALARM | Integer greater than 0 and less than 100, indicating the alarm threshold of the percentage of the total number of FDs and the maximum number of FDs allowed.| No | 80 | +| SYS_FD_RESUME | Integer greater than 0 and less than 100, indicating the alarm recovery threshold of the percentage of the total number of FDs and the maximum number of FDs allowed.| No | 70 | +| SYS_FD_PERIOD | Integer between 100 and 86400, indicating the monitor period in seconds | No | 600 | + +- After modifying the configuration file for FD count monitoring, run `systemctl reload sysmonitor`. The new configuration takes effect after a monitoring period. +- The value of **SYS_FD_ALARM** must be greater than that of **SYS_FD_RESUME**. If the value is invalid, the default value is used and a log is recorded. + +### Exception Logs + +An FD count alarm is recorded in the monitoring logs when detected. The following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]: sys fd count alarm: 259296 +``` + +When a system FD usage alarm is generated, the top three processes that use the most FDs are printed. + +```text +info|sysmonitor[127]:open fd most three processes is:[top1:pid=23233,openfdnum=5000,cmd=/home/openfile] +info|sysmonitor[127]:open fd most three processes is:[top2:pid=23267,openfdnum=5000,cmd=/home/openfile] +info|sysmonitor[127]:open fd most three processes is:[top3:pid=30144,openfdnum=5000,cmd=/home/openfile] +``` + +## Drive Inode Monitoring + +### Introduction + +Periodically monitors the inodes of mounted drive partitions. When the drive partition inode usage is greater than or equal to the configured alarm threshold, the system records a drive inode alarm. When the drive inode usage falls below the configured alarm recovery threshold, a drive inode recovery alarm is recorded. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/inode**. + +```text +DISK="/" +DISK="/var/log" +``` + +| Item| Description | Mandatory| Default Value| +| ------ | ------------------------- | -------- | ------ | +| DISK | Mount directory | Yes | None | +| ALARM | Integer indicating the drive inode alarm threshold| No | 90 | +| RESUME | Integer indicating the drive inode alarm recovery threshold| No | 80 | + +- After modifying the configuration file for drive inode monitoring, run `systemctl reload sysmonitor`. The new configuration takes effect after a monitoring period. +- If a mount directory is configured repeatedly, the last configuration item takes effect. +- The value of **ALARM** must be greater than that of **RESUME**. +- Only the mount point or the drive partition of the mount point can be monitored. +- When the CPU usage and I/O usage are high, the `df` command execution may time out. As a result, the drive inode usage cannot be obtained. +- If a drive partition is mounted to multiple mount points, an alarm is reported for each mount point. + +### Exception Logs + +If a drive inode alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[4570]:report disk inode alarm, /var/log used:90% alarm:90% +info|sysmonitor[4570]:report disk inode recovered, /var/log used:79% alarm:80% +``` + +## Local Drive I/O Latency Monitoring + +### Introduction + +Reads the local drive I/O latency data every 5 seconds and collects statistics on 60 groups of data every 5 minutes. If more than 30 groups of data are greater than the configured maximum I/O latency, the system records a log indicating excessive drive I/O latency. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/iodelay**. + +```text +DELAY_VALUE="500" +``` + +| Item | Description | Mandatory| Default Value| +| ----------- | -------------------- | -------- | ------ | +| DELAY_VALUE | Maximum drive I/O latency| Yes | 500 | + +### Exception Logs + +If a drive I/O latency alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]:local disk sda IO delay is too large, I/O delay threshold is 70. +info|sysmonitor[127]:disk is sda, io delay data: 71 72 75 87 99 29 78 ...... +``` + +If a drive I/O latency recovery alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]:local disk sda IO delay is normal, I/O delay threshold is 70. +info|sysmonitor[127]:disk is sda, io delay data: 11 22 35 8 9 29 38 ...... +``` + +## Zombie Process Monitoring + +### Introduction + +Monitors the number of zombie processes in the system. If the number is greater than the alarm threshold, an alarm log is recorded. When the number drops lower than the recovery threshold, a recovery alarm is reported. + +### Configuration File Description + +The configuration file is **/etc/sysmonitor/zombie**. + +```text +# Ceiling zombie process counts of alarm +ALARM="500" + +# Floor zombie process counts of resume +RESUME="400" + +# Periodic (second) +PERIOD="600" +``` + +| Item| Description | Mandatory| Default Value| +| ------ | ------------------------------- | -------- | ------ | +| ALARM | Number greater than 0, indicating the zombie process count alarm threshold | No | 500 | +| RESUME | Number greater than or equal to 0, indicating the zombie process count recovery threshold| No | 400 | +| PERIOD | Monitoring period, in seconds. The value is greater than 0. | No | 60 | + +### Exception Logs + +If a zombie process count alarm is detected, the following information is displayed in the **/var/log/sysmonitor.log** file: + +```text +info|sysmonitor[127]: zombie process count alarm: 600 +info|sysmonitor[127]: zombie process count resume: 100 +``` + +## Custom Monitoring + +### Introduction + +You can customize monitoring items. The monitoring framework reads the content of the configuration file, parses the monitoring attributes, and calls the monitoring actions to be performed. The monitoring module provides only the monitoring framework. It is not aware of what users are monitoring or how to monitor, and does not report alarms. + +### Configuration File Description + +The configuration files are stored in **/etc/sysmonitor.d/**. Each process or module corresponds to a configuration file. + +```text +MONITOR_SWITCH="on" +TYPE="periodic" +EXECSTART="/usr/sbin/iomonitor_daemon" +PERIOD="1800" +``` + +| Item | Description | Mandatory | Default Value| +| -------------- | ------------------------------------------------------------ | --------------------- | ------ | +| MONITOR_SWITCH | Monitoring switch | No | off | +| TYPE | Custom monitoring item type
**daemon**: background execution
**periodic**: periodic execution| Yes | None | +| EXECSTART | Monitoring command | Yes | None | +| ENVIROMENTFILE | Environment variable file | No | None | +| PERIOD | If the type is **periodic**, this parameter is mandatory and sets the monitoring period. The value is an integer greater than 0.| Yes when the type is **periodic**| None | + +- The absolute path of the configuration file or environment variable file cannot contain more than 127 characters. The environment variable file path cannot be a soft link path. +- The length of the **EXECSTART** command cannot exceed 159 characters. No space is allowed in the key field. +- The execution of the periodic monitoring command cannot time out. Otherwise, the custom monitoring framework will be affected. +- Currently, a maximum of 256 environment variables can be configured. +- The custom monitoring of the daemon type checks whether the `reload` command is delivered or whether the daemon process exits abnormally every 10 seconds. If the `reload` command is delivered, the new configuration is loaded 10 seconds later. If a daemon process exits abnormally, the daemon process is restarted 10 seconds later. +- If the content of the **ENVIROMENTFILE** file changes, for example, an environment variable is added or the environment variable value changes, you need to restart the sysmonitor service for the new environment variable to take effect. +- You are advised to set the permission on the configuration files in the **/etc/sysmonitor.d/** directory to 600. If **EXECSTART** is only an executable file, you are advised to set the permission on the executable file to 550. +- After a daemon process exits abnormally, sysmonitor reloads the configuration file of the daemon process. + +### Exception Logs + +If a monitoring item of the daemon type exits abnormally, the **/var/log/sysmonitor.log** file records the following information: + +```text +info|sysmonitor[127]: custom daemon monitor: child process[11609] name unetwork_alarm exit code[127],[1] times. +``` diff --git a/docs/en/server/maintenance/troubleshooting/_toc.yaml b/docs/en/server/maintenance/troubleshooting/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6de6fa3cf5a6c31eaf17d3890e9ddfeef2db4e92 --- /dev/null +++ b/docs/en/server/maintenance/troubleshooting/_toc.yaml @@ -0,0 +1,6 @@ +label: Troubleshooting +isManual: true +description: Common troubleshooting methods +sections: + - label: Troubleshooting + href: ./troubleshooting.md diff --git a/docs/en/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/en/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/en/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg b/docs/en/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/en/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/en/server/maintenance/troubleshooting/troubleshooting.md b/docs/en/server/maintenance/troubleshooting/troubleshooting.md new file mode 100644 index 0000000000000000000000000000000000000000..17901093bdd6cc73fb141e143e02049e16435e19 --- /dev/null +++ b/docs/en/server/maintenance/troubleshooting/troubleshooting.md @@ -0,0 +1,93 @@ +# Troubleshooting + +## Triggering kdump Restart + +```shell +# Write 1 to the sysrq file to enable the SysRq function. After this function is enabled, the kernel will respond to any operation. +echo 1 > /proc/sys/kernel/sysrq + +# Make the system crash. +echo c > /proc/sysrq-trigger +``` + +## Performing Forcible Restart + +You can use either of the following methods to forcibly restart the OS: + +- Manually restart the OS. + +```shell +reboot -f +``` + +- Forcibly power on and off the OS through iBMC. + +## Restarting the Network + +openEuler uses NetworkManager to manage the network. Run the following command to restart the network: + +```shell +systemctl restart NetworkManager +``` + +## Repairing the File System + +After the OS is forcibly powered off and then powered on, the file system may be damaged. When the OS is started, it automatically checks and repairs the file system. If the file system fails to be repaired, you need to run the `fsck` command to scan for and repair the file system. + +```shell +# In this case, the system enters the rescue mode. Check which file system is damaged in the log. +journalctl -xb +# Check whether the partition has been mounted before the repair. +cat /proc/mounts +# Uninstall the directory. +umount xxx +# If the directory cannot be uninstalled, kill the process that occupies the directory. +lsof | grep xxx +kill xxx +# Run the fsck command to rectify the fault. Enter yes or no when prompted. +fsck -y /dev/xxx +``` + +## Manually Dropping Cache + +```shell +#Different values of N can achieve different clearance purposes. According to the Linux kernel document, run the sync command before clearing data. (The drop operation does not release any dirty objects. The sync command writes all unwritten system buffers to drives, including modified inodes, delayed block I/Os, and read/write mapping files. In this way, dirty objects can be reduced so that more objects can be released.) +echo N > /proc/sys/vm/drop_caches + +#Release the page caches. +echo 1 > /proc/sys/vm/drop_caches + +#Release dentries and inodes. +echo 2 > /proc/sys/vm/drop_caches + +#Release the page caches, dentries, and inodes. +echo 3 > /proc/sys/vm/drop_caches +``` + +## Rescue Mode and Single-User Mode + +- Rescue mode + + Mount the openEuler 22.03 LTS SP2 ISO image and enter the rescue mode. + + 1. Select **Troubleshooting**. + 2. Select **Rescue a openEuler system**. + 3. Proceed as prompted. + + ```text + 1)Continue + + 2)Read-only mount + + 3)Skip to shell + + 4)Quit(Reboot) + ``` + +- Single-user mode + + On the login page, enter **e** to go to the grub page, add **init=/bin/sh** to the **linux** line, and press **Ctrl**+**X**. + + 1. Run the `mount -o remount,rw /` command. + 2. Perform operations such as changing the password. + 3. Enter **exit** to exit. diff --git a/docs/en/server/memory_storage/etmem/_toc.yaml b/docs/en/server/memory_storage/etmem/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..22d465a29fa6166bd9bc16c0646cb8885c9b7285 --- /dev/null +++ b/docs/en/server/memory_storage/etmem/_toc.yaml @@ -0,0 +1,6 @@ +label: etmem User Guide +isManual: true +description: Expand memory capacity with etmem. +sections: + - label: Using etmem + href: ./etmem_user_guide.md diff --git a/docs/en/server/memory_storage/etmem/etmem_user_guide.md b/docs/en/server/memory_storage/etmem/etmem_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..5490e7171f1b0620127b3d97e6c639dbce8fa0d5 --- /dev/null +++ b/docs/en/server/memory_storage/etmem/etmem_user_guide.md @@ -0,0 +1,773 @@ +# etmem User Guide + +## Introduction + +The development of CPU computing power, particularly lower costs of ARM cores, makes memory cost and capacity become the core frustration that restricts business costs and performance. Therefore, the most pressing issue is how to save memory cost and how to expand memory capacity. + +etmem is a tiered memory expansion technology that uses DRAM+memory compression/high-performance storage media to form tiered memory storage. Memory data is tiered, and cold data is migrated from memory media to high-performance storage media to release memory space and reduce memory costs. + +The tools provided by the etmem software package include the etmem client and the etmemd server. etmemd runs continuously after being launched and implements functions such as recognition and elimination of cold and hot memory of target processes. etmem runs once when called and controls etmemd to respond with different operations based on different command parameters. + +## Compilation + +1. Download the etmem source code. + + ```shell + git clone https://gitee.com/openeuler/etmem.git + ``` + +2. Install the compilation and running dependency. The compilation and running of etmem depend on the libboundscheck component. + + Install the dependency: + + ```bash + yum install libboundscheck + ``` + + Use the `rpm` command to check if the package is installed: + + ```bash + rpm -qi libboundscheck + ``` + +3. Build source code. + + ```bash + cd etmem + mkdir build + cd build + cmake .. + make + ``` + +## Precautions + +### Dependencies + +As a memory expansion tool, etmem needs to rely on kernel features. To identify memory access conditions and support the active writing of memory into the swap partition to achieve the requirement of vertical memory expansion, etmem needs to insert the **etmem_scan** and **etmem_swap** modules at runtime: + +```bash +modprobe etmem_scan +modprobe etmem_swap +``` + +### Restrictions + +The etmem process requires root privileges. The root user has the highest system privileges. When using the root user to perform operations, strictly follow the operation instructions to avoid system management and security risks. + +### Constraints + +- The client and server of etmem must be deployed on the same server. Cross-server communication is not supported. +- etmem can scan target processes whose process name is less than or equal to 15 characters. Supported characters in process names are letters, numbers, periods (.), slashes (/), hyphens (-), and underscores (\_). +- When AEP media is used for memory expansion, it relies on the system being able to correctly recognize the AEP device and initialize the device as a NUMA node. Additionally, the **vm_flags** field in the configuration file can only be configured as **ht**. +- The private commands of the engine are only valid for the corresponding engine and tasks under the engine, such as `showhostpages` and `showtaskpages` supported by cslide. +- In a third-party policy implementations, **fd** in the `eng_mgt_func` interface cannot be written with the **0xff** and **0xfe** characters. +- Multiple different third-party policy dynamic libraries, distinguished by **eng_name** in the configuration file, can be added within a project. +- Concurrent scanning of the same process is prohibited. +- Using the **/proc/xxx/idle_pages** and **/proc/xxx/swap_pages** files is prohibited when **etmem_scan** and **etmem_swap** modules are not loaded. +- The etmem configuration file requires the owner to be the root user, with permissions of 600 or 400. The size of the configuration file cannot exceed 10 MB. +- When etmem injects a third-party policy, the **so** of the third-party policy requires the owner to be the root user, with permissions of 500 or 700. + +## Instructions + +### etmem Configuration Files + +Before running the etmem process, the administrator needs to decide the memory of which processes needs to be expanded, configure the process information in the etmem configuration files, and configure information such as the memory scanning cycle, scanning times, and memory hot and cold thresholds. + +The configuration file examples are included in the source package and stored in the **/etc/etmem** directory. There are three example files: + +```text +/etc/etmem/cslide_conf.yaml +/etc/etmem/slide_conf.yaml +/etc/etmem/thirdparty_conf.yaml +``` + +Contents of the files are as follows: + +```sh +#slide engine example +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 +swapcache_high_vmark=10 +swapcache_low_vmark=6 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes + +#cslide engine example +#cslide_conf.yaml +[engine] +name=cslide +project=test +node_pair=2,0;3,1 +hot_threshold=1 +node_mig_quota=1024 +node_hot_reserve=1024 + +[task] +project=test +engine=cslide +name=background_cslide +type=pid +name=23456 +vm_flags=ht +anon_only=no +ign_host=no + +#Third-party engine example +#thirdparty_conf.yaml +[engine] +name=thirdparty +project=test +eng_name=my_engine +libname=/usr/lib/etmem_fetch/my_engine.so +ops_name=my_engine_ops +engine_private_key=engine_private_value + +[task] +project=test +engine=my_engine +name=background_third +type=pid +value=12345 +task_private_key=task_private_value +``` + +Fields in the configuration files are described as follows: + +| Item | Description | Mandatory | Contains Parameters | Parameter Range | Example | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | ------------------- | -------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| \[project\] | Beginning identifier of the project public configuration section | No | No | N/A | Beginning identifier of the project parameters, indicating that the parameters below are within the range of the project section until another \[xxx\] or the end of the file | +| name | Name of the project | Yes | Yes | String of up to 64 characters | Specifies that the project, engine and task need to be mounted to the specified project during configuration. | +| loop | Number of loops for memory scan | Yes | Yes | 1~120 | loop=3 // Memory is scanned 3 times. | +| interval | Time interval for each memory scan | Yes | Yes | 1~1200 | interval=5 // The interval is 5s. | +| sleep | Time interval for each memory scan+operation | Yes | Yes | 1~1200 | sleep=10 //The interval is 10s | +| sysmem_threshold | Memory swapping threshold. This is a slide engine configuration item. | No | Yes | 0~100 | sysmem_threshold=50 // When available memory is less than 50%, etmem swaps out memory. | +| swapcache_high_wmark | High watermark of swapcache. This is a slide engine configuration item. | No | Yes | 1~100 | swapcache_high_wmark=5 // swapcache can be up to 5% of the system memory. If this ratio is reached, etmem triggers swapcache recycling.
Note: swapcache_high_wmark must be greater than swapcache_low_wmark. | +| swapcache_low_wmark | Low watermark of swapcache. This is a slide engine configuration item. | No | Yes | \[1~swapcache_high_wmark\) | swapcache_low_wmark=3 //When swapcache recycling is triggered, the system recycles the swapcache memory occupancy to less than 3%. | +| \[engine\] | Beginning identifier of the engine public configuration section | No | No | N/A | Beginning identifier of the engine parameters, indicating that the parameters below are within the range of the engine section until another \[xxx\] or the end of the file | +| project | project to which the engine belongs | Yes | Yes | String of up to 64 characters | If a project named test exists, the item can be **project=test**. | +| engine | engine to which the engine belongs | Yes | Yes | slide/cslide/thirdparty | Specifies the policy to use (**slide**, **cslide**, or **thirdparty**) | +| node_pair | Node pair of AEP and DRAM. This is a cslide engine configuration item. | Yes when **engine** is **cslide** | Yes | Pair the node numbers of AEP and DRAM. Separate AEP and DRAM using a comma, and separate each pair using semicolons. | node_pair=2,0;3,1 | +| hot_threshold | Threshold of hot memory watermark. This is a cslide engine configuration item. | Yes when **engine** is **cslide** | Yes | An integer greater than or equal to 0 and less than or equal to INT_MAX | hot_threshold=3 // Memory with less than 3 accesses will be recognized as cold memory. | +| node_mig_quota | Maximum one-way flow when DRAM and AEP migrate mutually. This is a cslide engine configuration item. | Yes when **engine** is **cslide** | Yes | An integer greater than or equal to 0 and less than or equal to INT_MAX | node_mig_quota=1024 // The unit is MB. A maximum of 1024 MB can be migrated from AEP to DRAM or from DRAM to AEP each time. | +| node_hot_reserve | Size of the reserved space for hot memory in DRAM. This is a cslide engine configuration item. | Yes when **engine** is **cslide** | Yes | An integer greater than or equal to 0 and less than or equal to INT_MAX | node_hot_reserve=1024 //The unit is MB. When the hot memory of all VMs is greater than this configuration value, the hot memory will also be migrated to AEP. | +| eng_name | Name of the engine for mounting by task. This is a third-party engine configuration item. | Yes when **engine** is **thirdparty** | Yes | String of up to 64 characters | eng_name=my_engine // When mounting a task to the third-party policy engine, specify **engine=my_engine** in the task. | +| libname | Absolute path to the dynamic library of the third-party policy. This is a third-party engine configuration item. | Yes when **engine** is **thirdparty** | Yes | String of up to 256 characters | libname=/user/lib/etmem_fetch/code_test/my_engine.so | +| ops_name | Name of the operator in the dynamic library of the third-party policy. This is a third-party engine configuration item. | Yes when **engine** is **thirdparty** | Yes | String of up to 256 characters | ops_name=my_engine_ops // Name of the struct for the third-party policy implementation interface | +| engine_private_key | Reserved item for third-party policies to parse private parameters by themselves. This is a third-party engine configuration item. | No | No | Restrict according to the third-party policy's private parameters. | Configure the private engine parameters according to the third-party policy. | +| \[task\] | Beginning identifier of the task public configuration section | No | No | N/A | Beginning identifier of the task parameters, indicating that the parameters below are within the range of the project section until another \[xxx\] or the end of the file | +| project | project to which the task belongs | Yes | Yes | String of up to 64 characters | If a project named test exists, the item can be **project=test**. | +| engine | engine to which the task belongs | Yes | Yes | String of up to 64 characters | Name of the engine to which the task belongs | +| name | Name of the task | Yes | Yes | String of up to 64 characters | name=background1 // The name of the task is background1. | +| type | How the target process is identified | Yes | Yes | pid/name | **pid** specifies to identify by PID. **name** specifies to identify by name. | +| value | Value to be identified for the target process | Yes | Yes | Actual PID/name | Used with **type** to specify the PID or name of the target process. Ensure the configuration is correct and unique. | +| T | Threshold of hot memory watermark. This is a slide engine configuration item. | Yes when **engine** is **slide** | Yes | 0~loop * 3 | T=3 // Memory with less than 3 accesses will be recognized as cold memory. | +| max_threads | Maximum number of threads in the etmem internal thread pool, with each thread handling a process/subprocess memory scan+operation task. This is a slide engine configuration item. | No | Yes | 1~2 * number of cores + 1, the default value is 1. | Controls the number of internal processing threads for the etmemd server without external representation. When the target process has multiple child processes, the larger the item value, the more concurrent executions, but the more resources consumed. | +| vm_flags | Flag of the VMA to be scanned. This is a cslide engine configuration item. | No | Yes | String of up to 256 characters, with different flags separated by spaces. | vm_flags=ht // Scans memory of the VMA whose flag is ht. | +| anon_only | Scans anonymous pages only. This is a cslide engine configuration item. | No | Yes | yes/no | anon_only=no | +| ign_host | Ignores page table scan information on the host. This is a cslide engine configuration item. | No | Yes | yes/no | ign_host=no | +| task_private_key | Reserved for a task of a third-party policy to parse private parameters. This is a third-party engine configuration item. | No | No | Restrict according to the third-party policy's private parameters. | Configure the private task parameters according to the third-party policy. | +| swap_threshold | Process memory swapping threshold. This is a slide engine configuration item. | No | Yes | Absolute value of memory available to the process | swap_threshold=10g // Memory swapping will not be triggered when the process memory is less than 10 GB.
Currently, the unit can only be **g** or **G**. This item is used with **sysmem_threshold**. When system memory is lower than **sysmem_threshold**, memory of processes in the allowlist is checked. | +| swap_flag | Enables process memory swapping. This is a slide engine configuration item. | No | Yes | yes/no | swap_flag=yes | + +### Starting etmemd + +Modify related configuration files before using etmem services. After being started, etmemd stays in the system to operate the memory of the target processes.To start etmemd, you can either run the `etmemd` command or configure a service file for `systemctl` to start etmemd. The latter requires the `mode-systemctl` option. + +#### How to Use + +Run the following command to start etmemd: + +```bash +etmemd -l 0 -s etmemd_socket +``` + +or + +```bash +etmemd --log-level 0 --socket etmemd_socket +``` + +The `0` parameter of option `-l` and the `etmemd_socket` parameter of option `-s` are user-defined parameters and are described as follows. + +#### Command Parameters + +| Option | Description | Mandatory | Contains Parameters | Parameter Range | Example | +| --------------- | ---------------------------------- | -------- | ---------- | --------------------- | ------------------------------------------------------------ | +| -l or \-\-log-level | etmemd log level | No | Yes | 0~3 | 0: debug level
1: info level
2: warning level
3: error level
Logs whose levels are higher than the specified value are printed to **/var/log/message**. | +| -s or \-\-socket | Socket listened by etmemd to interact with the client | Yes | Yes | String of up to 107 characters | Socket listened by etmemd | +| -m or \-\-mode-systemctl| Starts the etmemd service through systemctl | No| No| N/A| The `-m` option needs to be specified in the service file.| +| -h or \-\-help | Prints help information | No | No | N/A | This option prints help information and exit. | + +### Adding and Deleting Projects, Engines, and Tasks Using the etmem Client + +#### Scenario + +1. The administrator adds a project, engine, or task to etmem (a project can contain multiple etmem engines, an engine can contain multiple tasks). + +2. The administrator deletes an existing etmem project, engine, or task (all tasks in a project is stopped before the project is deleted). + +#### Usage + +When etmemd is running normally, run `etmem` with the `obj` option to perform addition and deletion. etmem automatically identifies projects, engines, or tasks according to the content of the configuration file. + +- Add an object. + + ```bash + etmem obj add -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + or + + ```bash + etmem obj add --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +- Delete an object. + + ```bash + etmem obj del -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + or + + ```bash + etmem obj del --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +#### Command Parameters + +| Option | Description | Mandatory | Contains Parameters | Parameter Range | Example | +| ---------------- | -------------------------------------------------------------------------------------------------------------- | --------- | ------------------- | ----------------------------------------------------------------------------------------------------- | ------- | +| -f or \-\-file | Specifies the configuration file of the object. | Yes | Yes | Specify the path. | | +| -s or \-\-socket | Socket used for communication with etmemd, which must be the same as the one specified when etmemd is started. | Yes | Yes | The administrator can use this option to specify an etmemd server when multiple etmemd servers exist. | | + +### Querying, Starting, and Stopping Projects Using the etmem Client + +#### Scenario + +A project is added by using `etmem obj add` and is not deleted by using `etmem obj del`. In this case, the project can be started and stopped. + +1. The administrator starts an added project. + +2. The administrator stops a started project. + +A started project will be stopped if the administrator run `obj del` to delete the project. + +#### Usage + +Added projects can be started and stopped by using `etmem project` commands. + +- Query a project. + + ```bash + etmem project show -n test -s etmemd_socket + ``` + + or + + ```bash + etmem project show --name test --socket etmemd_socket + ``` + +- Start a project. + + ```bash + etmem project start -n test -s etmemd_socket + ``` + + or + + ```bash + etmem project start --name test --socket etmemd_socket + ``` + +- Stop a project. + + ```bash + etmem project stop -n test -s etmemd_socket + ``` + + or + + ```bash + etmem project stop --name test --socket etmemd_socket + ``` + +- Print help information. + + ```bash + etmem project help + ``` + +#### Command Parameters + +| Option | Description | Mandatory | Contains Parameters | Parameter Range | Example | +| ---------------- | -------------------------------------------------------------------------------------------------------------- | --------- | ------------------- | ----------------------------------------------------------------------------------------------------- | ------- | +| -n or \-\-name | Name of the project | Yes | Yes | The project name corresponds to the configuration file. | | +| -s or \-\-socket | Socket used for communication with etmemd, which must be the same as the one specified when etmemd is started. | Yes | Yes | The administrator can use this option to specify an etmemd server when multiple etmemd servers exist. | | + +### Specifying System Memory Swapping Threshold and Process Memory Swapping Using the etmem Client + +Only slide policies support private features. + +- Process or system memory swapping threshold + +It is necessary to consider the timing of etmem memory swapping for optimal performance. Memory swapping is not performed when the system has enough available memory or a process occupies a low amount of memory. Memory swapping threshold can be specified for the system and processes. + +- Process memory swapping + +The memory of I/O latency-sensitive service processes should not be swapped in the storage scenario. In this case, you can disable memory swapping for certain services. + +Process and system memory swapping thresholds and process memory swapping are controlled by the **sysmem_threshold**, **swap_threshold**, and **swap_flag** parameters in the configuration file. For details, see [etmem Configuration Files](#etmem-configuration-files). + +```sh +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes +``` + +#### System Memory Swapping Threshold + +The **sysmem_threshold** parameter is used to set system memory swapping threshold. The value range for **sysmem_threshold** is 0 to 100. If **sysmem_threshold** is set in the configuration file, etmem will swap memory when system memory is lower than **sysmem_threshold**. + +For example: + +1. Compose the configuration according to the example. Set **sysmem_threshold** to **20**. +2. Start the server, add a project to the server, and start the project. + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. Observe the memory swapping results. etmem swaps memory only when the system available memory is less than 20%. + +#### Process Memory Swapping Threshold + +The **swap_threshold** parameter is used to set process memory swapping threshold. **swap_threshold** is the absolute memory usage of a process in the format of \**g/G**. If **swap_threshold** is set in the configuration file, etmem will not swap memory of the process when the process memory usage is lower then **swap_threshold**. + +For example: + +1. Compose the configuration according to the example. Set **swap_threshold** to **5g**. +2. Start the server, add a project to the server, and start the project. + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. Observe the memory swapping results. etmem swaps memory only when the process memory usage reaches 5 GB. + +#### Process Memory Swapping + +The **swap_flag** parameter is used to enable the process memory swapping feature. The value of **swap_flag** can be **yes** or **no**. If **swap_flag** is **no** or not configured, etmem swaps memory normally. If **swap_flag** is **yes**, etmem swaps memory of the specified processes only. + +For example: + +1. Compose the configuration according to the example. Set **swap_flag** to **yes**. +2. Flag the memory to be swapped for the service process. + + ```bash + madvise(addr_start, addr_len, MADV_SWAPFLAG) + ``` + +3. Start the server, add a project to the server, and start the project. + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +4. Observe the memory swapping results. Only the flagged memory is swapped. Other memory is retained in the DRAM. + +In the process memory page swapping scenario, `ioctl` is added to the original scan interface file **idle_pages** to ensure that VMAs that are not flagged do not participate in memory scanning and swapping. + +Scan management interface: + +- Function prototype + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- Input parameters + 1. fd: file descriptor, which is obtained by opening a file under /proc/pid/idle_pages using the open system call + 2. cmd: controls the scan actions. The following values are supported: + VMA_SCAN_ADD_FLAGS: adds VMA memory swapping flags to scan only flagged VMAs + VMA_SCAN_REMOVE_FLAGS: removes added VMA memory swapping flags + 3. args: integer pointer parameter used to pass a specific mask. The following value is supported: + VMA_SCAN_FLAG: Before the etmem_scan.ko module starts scanning, the walk_page_test interface is called to determine whether the VMA address meets the scanning requirements. If this flag is set, only the VMA addresses that contain specific swap flags are scanned. + +- Return values + 1. 0 if the command succeeds + 2. Other values if the command fails + +- Precautions + Unsupported flags are ignored and do not return errors. + +### Specifying swapcache Memory Recycling Instructions Using the etmem Client + +The user-mode etmem initiates a memory elimination and recycling operation and interacts with the kernel-mode memory recycling module through the **write procfs** interface. The memory recycling module parses the virtual address sent from the user space, obtains the page corresponding to the address, and calls the native kernel interface to swap and recycle the memory corresponding to the page. During memory swapping, swapcache will use some system memory. To further save memory, the swapcache memory recycling feature is added. + +Add **swapcache_high_wmark** and **swapcache_low_wmark** parameters to use the swapcache memory recycling feature. + +- **swapcache_high_wmark**: High system memory water of swapcache +- **swapcache_low_wmark**: Low system memory water of swapcache + +After etmem swaps memory, it checks the swapcache memory occupancy. When the occupancy exceeds the high watermark, an `ioctl` instruction will be issued through **swap_pages** to trigger the swapcache memory recycling and stop when swapcache memory occupancy reaches the low watermark. + +An example configuration file is as follows. For details, see [etmem Configuration Files](#etmem-configuration-files). + +```sh +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +swapcache_high_vmark=5 +swapcache_low_vmark=3 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +``` + +During memory swapping, swapcache memory needs to be recycled to further save memory. An `ioctl` interface is added to the original memory swap interface to configure swapcache watermarks and swapcache memory recycling. + +- Function prototype + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- Input parameters + 1. fd: file descriptor, which is obtained by opening a file under /proc/pid/idle_pages using the open system call + 2. cmd: controls the scan actions. The following values are supported: + RECLAIM_SWAPCACHE_ON: enables swapcache memory swapping + RECLAIM_SWAPCACHE_OFF: disables swapcache memory swapping + SET_SWAPCACHE_WMARK: configures swapcache memory watermarks + 3. args: integer pointer parameter used to pass a specific mask. The following value is supported: + Parameters that pass the values of swapcache watermarks + +- Return values + 1. 0 if the command succeeds + 2. Other values if the command fails + +- Precautions + Unsupported flags are ignored and do not return errors. + +### Executing Private Commands and Functions Using the etmem Client + +Only the cslide policy support private commands. + +- `showtaskpages` +- `showhostpages` + +For engines and tasks of engines that use the cslide policy, you can run the commands above to query the page access of tasks and the usage of system huge pages on the host of VMs. + +For example: + +```bash +etmem engine showtaskpages <-t task_name> -n proj_name -e cslide -s etmemd_socket + +etmem engine showhostpages -n proj_name -e cslide -s etmemd_socket +``` + +**Note**: `showtaskpages` and `showhostpages` are supported by the cslide policy only. + +#### Command Parameters + +| Option | Description | Mandatory | Contains Parameters | Parameter Range | Example | +| ------------------- | -------------------------------------------------------------------------------------------------------------- | --------- | ------------------- | ----------------------------------------------------------------------------------------------------- | ------- | +| -n or \-\-proj_name | Name of the project | Yes | Yes | Name of an existing project to run | | +| -s or \-\-socket | Socket used for communication with etmemd, which must be the same as the one specified when etmemd is started. | Yes | Yes | The administrator can use this option to specify an etmemd server when multiple etmemd servers exist. | | +| -e or \-\-engine | Name of the engine to run | Yes | Yes | Name of an existing engine to run | | +| -t or \-\-task_name | Name of the task to run | No | Yes | Name of an existing task to run | | + +### Enabling and Disabling Kernel Swap + +When etmem swaps memory to the drive to expand memory, you can choose to enable the kernel swap feature. You can disable the native kernel swap mechanism to void swapping memory undesirably, resulting in problems with user-mode processes. + +A sys interface is provided to implement such control. A **kobj** named **kernel_swap_enable** is created in **/sys/kernel/mm/swap** to enable and disable kerne swap. The default value of **kernel_swap_enable** is **true**. + +For example: + +```sh +# Enable kernel swap +echo true > /sys/kernel/mm/swap/kernel_swap_enable +or +echo 1 > /sys/kernel/mm/swap/kernel_swap_enable + +# Disable kernel swap +echo false > /sys/kernel/mm/swap/kernel_swap_enable +or +echo 0 > /sys/kernel/mm/swap/kernel_swap_enable + +``` + +### Starting etmem Upon System Startup + +#### Scenario + +You can configure the systemd configuration file to run etmemd as a forking service of systemd. + +#### Usage + +Compose a service configuration file to start etmemd with the `-m` option. For example: + +```bash +etmemd -l 0 -s etmemd_socket -m +``` + +#### Command Parameters + +| Option | Description | Mandatory | Contains Parameters | Parameter Range | Example | +| --------------- | ---------------------------------- | -------- | ---------- | --------------------- | ------------------------------------------------------------ | +| -l or \-\-log-level | etmemd log level | No | Yes | 0~3 | 0: debug level
1: info level
2: warning level
3: error level
Logs whose levels are higher than the specified value are printed to **/var/log/message**. | +| -s or \-\-socket | Socket listened by etmemd to interact with the client | Yes | Yes | String of up to 107 characters | Socket listened by etmemd | +| -m or \-\-mode-systemctl| Starts the etmemd service through systemctl | No| No| N/A| The `-m` option needs to be specified in the service file.| +| -h or \-\-help | Prints help information | No | No | N/A | This option prints help information and exit. | + +### Supporting Third-party Memory Expansion Policies With etmem + +#### Scenario + +etmem provides third-party memory expansion policy registration and module scanning dynamic library and can eliminate memory according to third-party policies. + +You can use the module scanning dynamic library to implement the interface of the struct required for connecting to etmem. + +#### Usage + +To use a third-party memory expansion elimination policy, perform the following steps: + +1. Invoke the scanning interface of the module as required. + +2. Implement the interfaces using the function template provided by the etmem header file and encapsulate them into a struct. + +3. Build a dynamic library of the third-party memory expansion elimination policy. + +4. Specify the **thirdparty** engine in the configuration file. + +5. Enter the names of the library and the interface struct to the corresponding **task** fields in the configuration file. + +Other steps are similar to those of using other engines. + +Interface struct template: + +```c +struct engine_ops { + +/* Parsing private parameters of the engine. Implement the interface if required, otherwise, set it to NULL. */ + +int (*fill_eng_params)(GKeyFile *config, struct engine *eng); + +/* Clearing private parameters of the engine. Implement the interface if required, otherwise, set it to NULL. */ + +void (*clear_eng_params)(struct engine *eng); + +/* Parsing private parameters of the task. Implement the interface if required, otherwise, set it to NULL. */ + +int (*fill_task_params)(GKeyFile *config, struct task *task); + +/* Clearing private parameters of the task. Implement the interface if required, otherwise, set it to NULL. */ + +void (*clear_task_params)(struct task *tk); + +/* Task starting interface */ + +int (*start_task)(struct engine *eng, struct task *tk); + +/* Task stopping interface */ + +void (*stop_task)(struct engine *eng, struct task *tk); + +/* Allocate PID-related private parameters */ + +int (*alloc_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* Destroy PID-related private parameters */ + +void (*free_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* Support for private commands required by the third-party policy. If this interface is not required, set it to NULL */ + +int (*eng_mgt_func)(struct engine *eng, struct task *tk, char *cmd, int fd); + +}; +``` + +External interfaces of the scanning module: + +| Interface |Description| +| ------------ | --------------------- | +| etmemd_scan_init | Initializes the scanning module| +| etmemd_scan_exit | Exits the scanning module| +| etmemd_get_vmas | Gets the VMAs to be scanned| +| etmemd_free_vmas | Releases VMAs scanned by `etmemd_get_vmas`| +| etmemd_get_page_refs | Scans pages in VMAs| +| etmemd_free_page_refs | Release the page access information list obtained by `etmemd_get_page_refs` | + +In the VM scanning scenario, `ioctl` is added to the original scan interface file **idle_pages** to distinguish the EPT scanning granularity and specify whether to ignore page access flags on the hosts. + +In the process memory page swapping scenario, `ioctl` is added to the original scan interface file **idle_pages** to ensure that VMAs that are not flagged do not participate in memory scanning and swapping. + +Scan management interface: + +- Function prototype + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- Input parameters + 1. fd: file descriptor, which is obtained by opening a file under /proc/pid/idle_pages using the open system call + 2. cmd: controls the scan actions. The following values are supported: + IDLE_SCAN_ADD_FLAG: adds a scanning flag + IDLE_SCAM_REMOVE_FLAGS: removes a scanning flag + VMA_SCAN_ADD_FLAGS: adds VMA memory swapping flags to scan only flagged VMAs + VMA_SCAN_REMOVE_FLAGS: removes added VMA memory swapping flags + 3. args: integer pointer parameter used to pass a specific mask. The following value is supported: + SCAN_AS_HUGE: scans the pages according to the 2 MB granularity to see if the pages have been accessed when scanning the EPT page table. If this parameter is not set, the granularity will be the granularity of the EPT page table itself. + SCAN_IGN_HUGE: ignores page access flags on the hosts when scanning VMs. + VMA_SCAN_FLAG: Before the etmem_scan.ko module starts scanning, the walk_page_test interface is called to determine whether the VMA address meets the scanning requirements. If this flag is set, only the VMA addresses that contain specific swap flags are scanned. + +- Return values + 1. 0 if the command succeeds + 2. Other values if the command fails + +- Precautions + Unsupported flags are ignored and do not return errors. + +An example configuration file is as follows. For details, see [etmem Configuration Files](#etmem-configuration-files). + +```text +#thirdparty +[engine] + +name=thirdparty + +project=test + +eng_name=my_engine + +libname=/user/lib/etmem_fetch/code_test/my_engine.so + +ops_name=my_engine_ops + +engine_private_key=engine_private_value + +[task] + +project=test + +engine=my_engine + +name=background1 + +type=pid + +value=1798245 + +task_private_key=task_private_value +``` + + **Note**: + +You need to use the module scanning dynamic library to implement the interface of the struct required for connecting to etmem. + +**fd** in the `eng_mgt_func` interface cannot be written with the **0xff** and **0xfe** characters. + +Multiple different third-party policy dynamic libraries, distinguished by **eng_name** in the configuration file, can be added within a project. + +### Help Information of the etmem Client and Server + +Run the following command to print help information of the etmem server: + +```bash +etmemd -h +``` + +or: + +```bash +etmemd --help +``` + +Run the following command to print help information of the etmem client: + +```bash +etmem help +``` + +Run the following command to print help information of project, engine, and task operations: + +```bash +etmem obj help +``` + +Run the following command to print help information of projects: + +```bash +etmem project help +``` + +## How to Contribute + +1. Fork this repository. +2. Create a branch. +3. Commit your code. +4. Create a pull request (PR). diff --git a/docs/en/server/memory_storage/gmem/_toc.yaml b/docs/en/server/memory_storage/gmem/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..49b2def515716e5bdfe27c780d5785ae5b762a8c --- /dev/null +++ b/docs/en/server/memory_storage/gmem/_toc.yaml @@ -0,0 +1,10 @@ +label: GMEM User Guide +isManual: true +description: Centralized management for heterogeneous memory interconnections +sections: + - label: Overview + href: ./introduction_to_gmem.md + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage Instructions + href: ./usage_instructions.md diff --git a/docs/en/server/memory_storage/gmem/images/GMEM_architecture.png b/docs/en/server/memory_storage/gmem/images/GMEM_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..59b82d647166525b296529d3e3dfede3eca48f4a Binary files /dev/null and b/docs/en/server/memory_storage/gmem/images/GMEM_architecture.png differ diff --git a/docs/en/server/memory_storage/gmem/installation_and_deployment.md b/docs/en/server/memory_storage/gmem/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..a98966df13d2efb5de4eae4ca47562b415354309 --- /dev/null +++ b/docs/en/server/memory_storage/gmem/installation_and_deployment.md @@ -0,0 +1,116 @@ +# Installation and Deployment + +This section describes how to install and deploy GMEM. + +## Software and Hardware Requirements + +* Kunpeng 920 CPU +* Ascend 910 processor +* openEuler 24.03 + +## Environment Requirements + +* The root permission is required for using and configuring GMEM. +* GMEM can be enabled or disabled only at the system level. +* The administrator must ensure that the GMEM configuration is safe and available. + +## Installing GMEM + +* Prepare files. + + [CANN Community Version History - Ascend Community (hiascend.com)](https://www.hiascend.com/en/software/cann/community-history) + + [Firmware and Driver - Ascend Community (hiascend.com)](https://www.hiascend.com/en/hardware/firmware-drivers/community?product=2&model=19&cann=6.0.1.alpha001&driver=1.0.18.alpha) + + | Source | Software Package | + | ------------------------------------------------------------ | ------------------------------------------------------------ | + | openEuler 24.03 | kernel-6.4.0-xxx.aarch64.rpm
kernel-devel-6.4.0-xxx.aarch64.rpm
libgmem-xxx.aarch64.rpm
libgmem-devel-xxx.aarch64.rpm | + | Ascend community | CANN package:
Ascend-cann-toolkit-xxx-linux.aarch64.rpm
NPU firmware and driver:
Ascend-hdk-910-npu-driver-xxx.aarch64.rpm
Ascend-hdk-910-npu-firmware-xxx.noarch.rpm | + | Contact the maintainers of the GMEM community.
[@yang_yanchao](https://gitee.com/yang_yanchao) email:
[@LemmyHuang](https://gitee.com/LemmyHuang) email: | gmem-example-xxx.aarch64.rpm
mindspore-xxx-linux_aarch64.whl | + +* Install the kernel. + + Ensure that GMEM compilation options are enabled (enabled by default) for the openEuler kernel. + + ```sh + [root@localhost ~]# cat /boot/config-`uname -r` | grep CONFIG_GMEM + CONFIG_GMEM=y + CONFIG_GMEM_DEV=m + + [root@localhost ~]# cat /boot/config-`uname -r` | grep CONFIG_REMOTE_PAGER + CONFIG_REMOTE_PAGER=m + CONFIG_REMOTE_PAGER_MASTER=m + ``` + + Add **gmem=on** to the boot options. + + ```sh + [root@localhost gmem]# cat /proc/cmdline + BOOT_IMAGE=/vmlinuz-xxx root=/dev/mapper/openeuler-root ... gmem=on + ``` + + Configure **transparent_hugepage**. + + ```sh + echo always > /sys/kernel/mm/transparent_hugepage/enabled + ``` + +* Install the user-mode dynamic library libgmem. + + ```sh + yum install libgmem libgmem-devel + ``` + +* Install the CANN framework. + + Install the matching CANN, including the toolkit, driver, and firmware. After the installation is complete, restart the system. + + ```sh + rpm -ivh Ascend-cann-toolkit-xxx-linux.aarch64.rpm + # Use the tool provided by libgmem to install the NPU driver. + sh /usr/local/gmem/install_npu_driver.sh Ascend-hdk-910-npu-driver-xxx.aarch64.rpm + rpm -ivh Ascend-hdk-910-npu-firmware-xxx.noarch.rpm + ``` + + Run the environment configuration script in the **Ascend** directory to configure environment variables. + + ```sh + source /usr/local/Ascend/ascend-toolkit/set_env.sh + ``` + + Check whether the NPU is working properly. + + ```sh + [root@localhost ~]# npu-smi info + +-------------------------------------------------------------------------------------------+ + | npu-smi 22.0.4.1 Version: 22.0.4.1 | + +----------------------+---------------+----------------------------------------------------+ + | NPU Name | Health | Power(W) Temp(C) Hugepages-Usage(page)| + | Chip | Bus-Id | AICore(%) Memory-Usage(MB) HBM-Usage(MB) | + +======================+===============+====================================================+ + | 0 910B | OK | 79.4 82 0 / 0 | + | 0 | 0000:81:00.0 | 0 1979 / 15039 0 / 32768 | + +======================+===============+====================================================+ + ``` + +* Install the gmem-example software package. + + gmem-example updates the host driver, NPU driver, and NPU kernel. After the installation is complete, restart the system for the driver to take effect. + + ```sh + rpm -ivh gmem-example-xxx.aarch64.rpm + ``` + +* Install MindSpore. + + Obtain the correct MindSpore version and install it. After the installation, run the following command to check whether MindSpore functions are normal: + + ```sh + python -c "import mindspore;mindspore.run_check()" + MindSpore version: x.x.x + The result of multiplication calculation is correct, MindSpore has been installed on platform [Ascend] successfully! + ``` + +## Performing Training or Inference + +After installation is complete, you can execute MindSpore-based training or inference directly without any adaptation. diff --git a/docs/en/server/memory_storage/gmem/introduction_to_gmem.md b/docs/en/server/memory_storage/gmem/introduction_to_gmem.md new file mode 100644 index 0000000000000000000000000000000000000000..1841bc0ee7362b1c6a6020a23391215b389f4529 --- /dev/null +++ b/docs/en/server/memory_storage/gmem/introduction_to_gmem.md @@ -0,0 +1,37 @@ +# Introduction to GMEM + +## Introduction + +Memory management on the CPU side is separated from that on the heterogeneous accelerator side. Explicit data migration makes it difficult to balance usability and performance. The high bandwidth memory (HBM) of heterogeneous accelerators is generally insufficient for large language models, and manual swap causes a large performance loss and applies only to dedicated scenarios. A large number of invalid data migrations occur in search & recommendation and big data scenarios, and no efficient memory pooling solution is available. The Heterogeneous Memory Management (HMM) feature of Linux is confronted with complicated programming, unsatisfying performance, and poor portability, and depends greatly on manual tuning. As a result, OS communities are not willing to use HMM. An efficient memory management solution is needed to address the preceding issues on heterogeneous accelerators. + +Generalized Memory Management (GMEM) provides centralized management for heterogeneous memory interconnection. The GMEM APIs allow devices to connect to a unified address space and obtains programming optimization for heterogeneous memory, separating CPU architecture-related implementations from the memory management system of Linux. + +After the memory of the CPU and accelerator is encapsulated into a unified virtual address space, developers do not need to manually migrate the memory between two parallel address spaces. Instead, they only need to use a unified set of application and release functions. The dynamic random access memory (DRAM) of the CPU can even serve as the cache of the accelerator without much overhead. + +## Architecture + +![GMEM-architecture.png](images/GMEM_architecture.png) + +## Application Scenarios + +Foundation model training and inference + +* GMEM implements transparent heterogeneous memory capacity expansion and automatic HBM overcommitment, enabling high-performance and low-threshold training and inference. +* GMEM provides OS-native simplified heterogeneous memory management. With memory overcommitment, the performance of foundation model training is 60% higher than that of NVIDIA. + +Large memory sharing + +* GMEM provides flexible policies for remote access and on-demand memory migration to eliminate memory migration bottlenecks and improve end-to-end performance of search & recommendation and big data applications. + +## Functions + +For driver developers, GMEM provides unified function registration interfaces to reduce repeated work and the size of memory management code and avoid additional vulnerabilities. + +* Interfaces provided by GMEM can simplify the code for the driver to access the physical memory. +* The unified interfaces help avoid vulnerabilities when the driver developer implements the same function repeatedly. + +For users, GMEM provides stronger programmability for AI model and machine learning framework development using accelerators. You do not need to manually manage the data storage location. + +* Memory of the CPU and the accelerator can be accessed through unified memory application and release functions. +* Addresses of both CPU memory and accelerator memory can be mapped to the same virtual address space. +* GMEM encapsulates memory management code, improving the management performance. diff --git a/docs/en/server/memory_storage/gmem/usage_instructions.md b/docs/en/server/memory_storage/gmem/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..14ae5dfaaf8381ae4092440127fa06d7519eba0e --- /dev/null +++ b/docs/en/server/memory_storage/gmem/usage_instructions.md @@ -0,0 +1,66 @@ +# Usage Instructions + +## Introduction + +GMEM applies for virtual memory that is peer-to-peer accessible through a specific flag and provides some memory optimization semantics externally. Performance can be optimized through the memory semantics. +libgmem is the abstraction layer of the GMEM user API. It encapsulates the preceding memory semantics to simplify user operations. + +## Available APIs + +* Memory application + + GMEM extends `mmap` semantics and adds a MAP_PEER_SHARED flag to apply for heterogeneous memory. When the flag is used, 2 MB-aligned virtual addresses are returned by default. + + ```c + addr = mmap(NULL , size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_PEER_SHARED, -1, 0); + ``` + +* Memory release + + `munmap` is used to release memory of hosts and devices. + + ```c + munmap(addr, size); + ``` + +* Memory semantics + + `FreeEager`: For an address segment within the specified range \[**addr**, **addr** + **size**], `FreeEager` releases a complete page that aligns the page size inwards (the default page size is 2 MB). If no complete page exists in the range, a success message is returned. + + If the API is invoked successfully, 0 is returned. Otherwise, an error code is returned. + + ```c + Prototype: `int gmemFreeEager(unsigned long addr, size_t size, void *stream);` + Usage: `ret = gmemFreeEager(addr, size, stream);` + ``` + + `Prefetch`: For an address segment with the specified range \[**addr**, **addr** + **size**], `Prefetch` prefetches a complete page (covering the entire address segment) whose range is outward aligned with the page size. This ensures that the subsequent access to the virtual memory area initiated by the specified computing unit device **hnid** does not trigger a page fault. + + If the API is invoked successfully, 0 is returned. Otherwise, an error code is returned. + + ```c + Prototype: `int gmemPrefetch(unsigned long addr, size_t size, int hnid, void *stream);` + Usage: `ret = gmemPrefetch(addr, size, hnid, stream);` + ``` + + If the value of **stream** is empty, the invocation is synchronous. Otherwise, the invocation is asynchronous. + +* Other APIs + + Obtain the NUMA ID of the current device. If the API is invoked successfully, the NUMA ID is returned. Otherwise, an error code is returned. + + ```c + Prototype: `int gmemGetNumaId (void);` + Usage: `numaid = gmemGetNumaId ();` + ``` + + Obtain the GMEM statistics of the kernel. + + ```sh + cat /proc/gmemstat + ``` + +## Constraints + +1. GMEM supports only 2 MB huge pages. Therefore, transparent huge pages of the host OS and NPU OS must be enabled to use GMEM. +2. The heterogeneous memory obtained using `MAP_PEER_SHARED` cannot be inherited during forking. diff --git a/docs/en/server/memory_storage/hsak/_toc.yaml b/docs/en/server/memory_storage/hsak/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6f7405c60f936edcdbc7804a42a6c9dcf8eb8b8e --- /dev/null +++ b/docs/en/server/memory_storage/hsak/_toc.yaml @@ -0,0 +1,12 @@ +label: HSAK Developer Guide +isManual: true +description: HSAK delivers a high-performance IO software stack optimized for new storage media, offering both high bandwidth and low latency. +sections: + - label: Overview + href: ./hsak_developer_guide.md + - label: Development with HSAK + href: ./development_with_hsak.md + - label: HSAK Tool Usage + href: ./hsak_tools_usage.md + - label: HSAK C APIs + href: ./hsak_c_apis.md diff --git a/docs/en/server/memory_storage/hsak/development_with_hsak.md b/docs/en/server/memory_storage/hsak/development_with_hsak.md new file mode 100644 index 0000000000000000000000000000000000000000..4a47c498968984c6fede9b08ff465af48b0ec1d0 --- /dev/null +++ b/docs/en/server/memory_storage/hsak/development_with_hsak.md @@ -0,0 +1,231 @@ +# Development with HSAK + +## Instructions + +### **nvme.conf.in** Configuration File + +By default, the HSAK configuration file is located in **/etc/spdk/nvme.conf.in**. You can modify the configuration file based on service requirements. The content of the configuration file is as follows: + +- \[Global\] + +1. **ReactorMask**: cores used for I/O polling. The value is a hexadecimal number and cannot be set to core 0. The bits from the least significant one to the most significant one indicate different CPU cores. For example, 0x1 indicates core 0, and 0x6 indicates cores 1 and 2. This parameter supports a maximum of 34 characters, including the hexadecimal flag **0x**. Each hexadecimal character can be F at most, indicating four cores. Therefore, a maximum of 128 (32 x 4) cores are supported. +2. **LogLevel**: HSAK log print level (**0**: error; **1**: warning; **2**: notice; **3**: info; **4**: debug). +3. **MemSize**: memory occupied by HSAK (The minimum value is 500 MB.) +4. **MultiQ**: whether to enable multi-queue on the same block device. +5. **E2eDif**: DIF type (**1**: half-way protection; **2**: full protection). Drives from different vendors may have different DIF support capabilities. For details, see the documents provided by hardware vendors. +6. **IoStat**: whether to enable the I/O statistics function. The options are **Yes** and **No**. +7. **RpcServer**: whether to start the RPC listening thread. The options are **Yes** and **No**. +8. **NvmeCUSE**: whether to enable the CUSE function. The options are **Yes** and **No**. After the function is enabled, the NVMe character device is generated in the **/dev/spdk** directory. + +- \[Nvme\] + +1. **TransportID**: PCI address and name of the NVMe controller. The format is **TransportID "trtype:PCIe traddr:0000:09:00.0" nvme0**. +2. **RetryCount**: number of retries upon an I/O failure. The value **0** indicates no retry. The maximum value is **255**. +3. **TimeoutUsec**: I/O timeout interval. If this parameter is set to **0** or left blank, no timeout interval is set. The unit is μs. +4. **ActionOnTimeout**: I/O timeout behavior (**None**: prints information only; **Reset**: resets the controller; **abort**: aborts the command). The default value is **None**. + +- \[Reactor\] + +1. **BatchSize**: number of I/Os that can be submitted in batches. The default value is **8**, and the maximum value is **32**. + +### Header File Reference + +HSAK provides two external header files. Include the two files when using HSAK for development. + +1. **bdev_rw.h**: defines the macros, enumerations, data structures, and APIs of the user-mode I/O operations on the data plane. +2. **ublock.h**: defines macros, enumerations, data structures, and APIs for functions such as device management and information obtaining on the management plane. + +### Service Running + +After software development and compilation, you must run the **setup.sh** script to rebind the NVMe drive driver to the user mode before running the software. The script is located in **/opt/spdk** by default. +Run the following commands to change the drive driver's binding mode from kernel to user and reserve 1024 x 2 MB huge pages: + +```shell +[root@localhost ~]# cd /opt/spdk +[root@localhost spdk]# ./setup.sh +0000:3f:00.0 (8086 2701): nvme -> uio_pci_generic +0000:40:00.0 (8086 2701): nvme -> uio_pci_generic +``` + +Run the following commands to restore the drive driver's mode from user to kernel and free the reserved huge pages: + +```shell +[root@localhost ~]# cd /opt/spdk +[root@localhost spdk]# ./setup.sh reset +0000:3f:00.0 (8086 2701): uio_pci_generic -> nvme +0000:40:00.0 (8086 2701): uio_pci_generic -> nvme +``` + +### User-Mode I/O Read and Write Scenarios + +Call HSAK APIs in the following sequence to read and write service data through the user-mode I/O channel: + +1. Initialize the HSAK UIO module. + Call **libstorage_init_module** to initialize the HSAK user-mode I/O channel. + +2. Open a drive block device. + Call **libstorage_open** to open a specified block device. If multiple block devices need to be opened, call this API repeatedly. + +3. Allocate I/O memory. + Call **libstorage_alloc_io_buf** or **libstorage_mem_reserve** to allocate memory. **libstorage_alloc_io_buf** can allocate a maximum of 65 KB I/Os, and **libstorage_mem_reserve** can allocate unlimited memory unless there is no available space. + +4. Perform read and write operations on a drive. + You can call the following APIs to perform read and write operations based on service requirements: + + - libstorage_async_read + - libstorage_async_readv + - libstorage_async_write + - libstorage_async_writev + - libstorage_sync_read + - libstorage_sync_write + +5. Free I/O memory. + Call **libstorage_free_io_buf** or **libstorage_mem_free** to free memory, which must correspond to the API used to allocate memory. + +6. Close a drive block device. + Call **libstorage_close** to close a specified block device. If multiple block devices are opened, call this API repeatedly to close them. + + | API | Description | + | ----------------------- | ----------------------------------------------------------------------------------- | + | libstorage_init_module | Initializes the HSAK module. | + | libstorage_open | Opens a block device. | + | libstorage_alloc_io_buf | Allocates memory from buf_small_pool or buf_large_pool of SPDK. | + | libstorage_mem_reserve | Allocates memory space from the huge page memory reserved by DPDK. | + | libstorage_async_read | Delivers asynchronous I/O read requests (the read buffer is a contiguous buffer). | + | libstorage_async_readv | Delivers asynchronous I/O read requests (the read buffer is a discrete buffer). | + | libstorage_async_write | Delivers asynchronous I/O write requests (the write buffer is a contiguous buffer). | + | libstorage_async_wrtiev | Delivers asynchronous I/O write requests (the write buffer is a discrete buffer). | + | libstorage_sync_read | Delivers synchronous I/O read requests (the read buffer is a contiguous buffer). | + | libstorage_sync_write | Delivers synchronous I/O write requests (the write buffer is a contiguous buffer). | + | libstorage_free_io_buf | Frees the allocated memory to buf_small_pool or buf_large_pool of SPDK. | + | libstorage_mem_free | Frees the memory space that libstorage_mem_reserve allocates. | + | libstorage_close | Closes a block device. | + | libstorage_exit_module | Exits the HSAK module. | + +### Drive Management Scenarios + +HSAK contains a group of C APIs, which can be used to format drives and create and delete namespaces. + +1. Call the C API to initialize the HSAK UIO component. If the HSAK UIO component has been initialized, skip this operation. + + libstorage_init_module + +2. Call corresponding APIs to perform drive operations based on service requirements. The following APIs can be called separately: + + - libstorage_create_namespace + + - libstorage_delete_namespace + + - libstorage_delete_all_namespace + + - libstorage_nvme_create_ctrlr + + - libstorage_nvme_delete_ctrlr + + - libstorage_nvme_reload_ctrlr + + - libstorage_low_level_format_nvm + + - libstorage_deallocate_block + +3. If you exit the program, destroy the HSAK UIO. If other services are using the HSAK UIO, you do not need to exit the program and destroy the HSAK UIO. + + libstorage_exit_module + + | API | Description | + | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | + | libstorage_create_namespace | Creates a namespace on a specified controller (the prerequisite is that the controller supports namespace management). | + | libstorage_delete_namespace | Deletes a namespace from a specified controller. | + | libstorage_delete_all_namespace | Deletes all namespaces from a specified controller. | + | libstorage_nvme_create_ctrlr | Creates an NVMe controller based on the PCI address. | + | libstorage_nvme_delete_ctrlr | Destroys an NVMe controller based on the controller name. | + | libstorage_nvme_reload_ctrlr | Automatically creates or destroys the NVMe controller based on the input configuration file. | + | libstorage_low_level_format_nvm | Low-level formats an NVMe drive. | + | libstorage_deallocate_block | Notifies NVMe drives of blocks that can be freed for garbage collection. | + +### Data-Plane Drive Information Query + +The I/O data plane of HSAK provides a group of C APIs for querying drive information. Upper-layer services can process service logic based on the queried information. + +1. Call the C API to initialize the HSAK UIO component. If the HSAK UIO component has been initialized, skip this operation. + + libstorage_init_module + +2. Call corresponding APIs to query information based on service requirements. The following APIs can be called separately: + + - libstorage_get_nvme_ctrlr_info + + - libstorage_get_mgr_info_by_esn + + - libstorage_get_mgr_smart_by_esn + + - libstorage_get_bdev_ns_info + + - libstorage_get_ctrl_ns_info + +3. If you exit the program, destroy the HSAK UIO. If other services are using the HSAK UIO, you do not need to exit the program and destroy the HSAK UIO. + + libstorage_exit_module + + | API | Description | + | ------------------------------- | ------------------------------------------------------------------------ | + | libstorage_get_nvme_ctrlr_info | Obtains information about all controllers. | + | libstorage_get_mgr_info_by_esn | Obtains the management information of the drive corresponding to an ESN. | + | libstorage_get_mgr_smart_by_esn | Obtains the S.M.A.R.T. information of the drive corresponding to an ESN. | + | libstorage_get_bdev_ns_info | Obtains namespace information based on the device name. | + | libstorage_get_ctrl_ns_info | Obtains information about all namespaces based on the controller name. | + +### Management-Plane Drive Information Query + +The management plane component Ublock of HSAK provides a group of C APIs for querying drive information on the management plane. + +1. Call the C API to initialize the HSAK Ublock server. + +2. Call the HSAK UIO component initialization API in another process based on service requirements. + +3. If multiple processes are required to query drive information, initialize the Ublock client. + +4. Call the APIs listed in the following table on the Ublock server process or client process to query information. + +5. After obtaining the block device list, call the APIs listed in the following table to free resources. + +6. If you exit the program, destroy the HSAK Ublock module (the destruction method on the server is the same as that on the client). + + | API | Description | + | ---------------------------- | ------------------------------------------------------------ | + | init_ublock | Initializes the Ublock function module. This API must be called before the other Ublock APIs. A process can be initialized only once because the init_ublock API initializes DPDK. The initial memory allocated by DPDK is bound to the process PID. One PID can be bound to only one memory. In addition, DPDK does not provide an API for freeing the memory. The memory can be freed only by exiting the process. | + | ublock_init | It is the macro definition of the init_ublock API. It can be considered as initializing Ublock to an RPC service. | + | ublock_init_norpc | It is the macro definition of the init_ublock API. It can be considered as initializing Ublock to a non-RPC service. | + | ublock_get_bdevs | Obtains the device list. The obtained device list contains only PCI addresses and does not contain specific device information. To obtain specific device information, call the ublock_get_bdev API. | + | ublock_get_bdev | Obtains information about a specific device, including the device serial number, model, and firmware version. The information is stored in character arrays instead of character strings. | + | ublock_get_bdev_by_esn | Obtains the device information based on the specified ESN, including the serial number, model, and firmware version. | + | ublock_get_SMART_info | Obtains the S.M.A.R.T. information of a specified device. | + | ublock_get_SMART_info_by_esn | Obtains the S.M.A.R.T. information of the device corresponding to an ESN. | + | ublock_get_error_log_info | Obtains the error log information of a device. | + | ublock_get_log_page | Obtains information about a specified log page of a specified device. | + | ublock_free_bdevs | Frees the device list. | + | ublock_free_bdev | Frees device resources. | + | ublock_fini | Destroys the Ublock module. This API destroys the Ublock module and internally created resources. This API must be used together with the Ublock initialization API. | + +### Log Management + +HSAK logs are exported to **/var/log/messages** through syslog by default and managed by the rsyslog service of the OS. If a custom log directory is required, use rsyslog to configure the log directory. + +1. Modify the **/etc/rsyslog.conf** configuration file. + +2. Restart the rsyslog service: + + ```shell + if ($programname == 'LibStorage') then { + action(type="omfile" fileCreateMode="0600" file="/var/log/HSAK/run.log") + stop + } + ``` + +3. Start the HSAK process. The log information is redirected to the target directory. + + ```shell + sysemctl restart rsyslog + ``` + +4. If redirected logs need to be dumped, manually configure log dump in the **/etc/logrotate.d/syslog** file. diff --git a/docs/en/server/memory_storage/hsak/hsak_c_apis.md b/docs/en/server/memory_storage/hsak/hsak_c_apis.md new file mode 100644 index 0000000000000000000000000000000000000000..ccb1e774803c91c94e4aa95a760d157b6ba73aa7 --- /dev/null +++ b/docs/en/server/memory_storage/hsak/hsak_c_apis.md @@ -0,0 +1,2521 @@ +# C APIs + +## Macro Definition and Enumeration + +### bdev_rw.h + +#### enum libstorage_ns_lba_size + +1. Prototype + + ```c + enum libstorage_ns_lba_size + { + LIBSTORAGE_NVME_NS_LBA_SIZE_512 = 0x9, + LIBSTORAGE_NVME_NS_LBA_SIZE_4K = 0xc + }; + ``` + +2. Description + + Sector (data) size of a drive. + +#### enum libstorage_ns_md_size + +1. Prototype + + ```c + enum libstorage_ns_md_size + { + LIBSTORAGE_METADATA_SIZE_0 = 0, + LIBSTORAGE_METADATA_SIZE_8 = 8, + LIBSTORAGE_METADATA_SIZE_64 = 64 + }; + ``` + +2. Description + + Metadata size of a drive. + +3. Remarks + + - ES3000 V3 (single-port) supports formatting of five sector types (512+0, 512+8, 4K+64, 4K, and 4K+8). + + - ES3000 V3 (dual-port) supports formatting of four sector types (512+0, 512+8, 4K+64, and 4K). + + - ES3000 V5 supports formatting of five sector types (512+0, 512+8, 4K+64, 4K, and 4K+8). + + - Optane drives support formatting of seven sector types (512+0, 512+8, 512+16,4K, 4K+8, 4K+64, and 4K+128). + +#### enum libstorage_ns_pi_type + +1. Prototype + + ```c + enum libstorage_ns_pi_type + { + LIBSTORAGE_FMT_NVM_PROTECTION_DISABLE = 0x0, + LIBSTORAGE_FMT_NVM_PROTECTION_TYPE1 = 0x1, + LIBSTORAGE_FMT_NVM_PROTECTION_TYPE2 = 0x2, + LIBSTORAGE_FMT_NVM_PROTECTION_TYPE3 = 0x3, + }; + ``` + +2. Description + + Protection type supported by drives. + +3. Remarks + + ES3000 supports only protection types 0 and 3. Optane drives support only protection types 0 and 1. + +#### enum libstorage_crc_and_prchk + +1. Prototype + + ```c + enum libstorage_crc_and_prchk + { + LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK = 0x0, + LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK = 0x1, + LIBSTORAGE_LIB_CRC_AND_DISABLE_PRCHK = 0x2, + LIBSTORAGE_LIB_CRC_AND_ENABLE_PRCHK = 0x3, + #define NVME_NO_REF 0x4 + LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK_NO_REF = LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK | NVME_NO_REF, + LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK_NO_REF = LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK | NVME_NO_REF, + }; + ``` + +2. Description + + - **LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK**: Cyclic redundancy check (CRC) is performed for the application layer, but not for HSAK. CRC is disabled for drives. + + - **LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK**: CRC is performed for the application layer, but not for HSAK. CRC is enabled for drives. + + - **LIBSTORAGE_LIB_CRC_AND_DISABLE_PRCHK**: CRC is performed for HSAK, but not for the application layer. CRC is disabled for drives. + + - **LIBSTORAGE_LIB_CRC_AND_ENABLE_PRCHK**: CRC is performed for HSAK, but not for the application layer. CRC is enabled for drives. + + - **LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK_NO_REF**: CRC is performed for the application layer, but not for HSAK. CRC is disabled for drives. REF tag verification is disabled for drives whose PI TYPE is 1 (Intel Optane P4800). + + - **LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK_NO_REF**: CRC is performed for the application layer, but not for HSAK. CRC is enabled for drives. REF tag verification is disabled for drives whose PI TYPE is 1 (Intel Optane P4800). + + - If PI TYPE of an Intel Optane P4800 drive is 1, the CRC and REF tag of the metadata area are verified by default. + + - Intel Optane P4800 drives support DIF in 512+8 format but does not support DIF in 4096+64 format. + + - For ES3000 V3 and ES3000 V5, PI TYPE of the drives is 3. By default, only the CRC of the metadata area is performed. + + - ES3000 V3 supports DIF in 512+8 format but does not support DIF in 4096+64 format. ES3000 V5 supports DIF in both 512+8 and 4096+64 formats. + + The summary is as follows: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
E2E Verification ModeCtrl FlagCRC Generator Write ProcessRead Process
Application VerificationCRC for HSAKCRC for DrivesApplication VerificationCRC for HSAKCRC for Drives
Halfway protection0ControllerXXXXXX
1ControllerXXXXX
2ControllerXXXXXX
3ControllerXXXXX
Full protection0AppXXXX
1AppXX
2HSAKXXXX
3HSAKXX
+ +#### enum libstorage_print_log_level + +1. Prototype + + ```c + enum libstorage_print_log_level + { + LIBSTORAGE_PRINT_LOG_ERROR, + LIBSTORAGE_PRINT_LOG_WARN, + LIBSTORAGE_PRINT_LOG_NOTICE, + LIBSTORAGE_PRINT_LOG_INFO, + LIBSTORAGE_PRINT_LOG_DEBUG, + }; + ``` + +2. Description + + Storage Performance Development Kit (SPDK) log print levels: ERROR, WARN, NOTICE, INFO, and DEBUG, corresponding to 0 to 4 in the configuration file. + +#### MAX_BDEV_NAME_LEN + +1. Prototype + + ```c + #define MAX_BDEV_NAME_LEN 24 + ``` + +2. Description + + Maximum length of a block device name. + +#### MAX_CTRL_NAME_LEN + +1. Prototype + + ```c + #define MAX_CTRL_NAME_LEN 16 + ``` + +2. Description + + Maximum length of a controller. + +#### LBA_FORMAT_NUM + +1. Prototype + + ```c + #define LBA_FORMAT_NUM 16 + ``` + +2. Description + + Number of LBA formats supported by a controller. + +#### LIBSTORAGE_MAX_DSM_RANGE_DESC_COUNT + +1. Prototype + + ```c + #define LIBSTORAGE_MAX_DSM_RANGE_DESC_COUNT 256 + ``` + +2. Description + + Maximum number of 16-byte sets in the dataset management command. + +### ublock.h + +#### UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO + +1. Prototype + + ```c + #define UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO 1 + ``` + +2. Description + + This macro is used to define that the subsystem corresponding to the uevent event is the userspace I/O subsystem (UIO) provided by the kernel. When the service receives the uevent event, this macro is used to determine whether the event is a UIO event that needs to be processed. + + The value of the int subsystem member in struct ublock_uevent is **UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO**. Currently, only this value is available. + +#### UBLOCK_TRADDR_MAX_LEN + +1. Prototype + + ```c + #define UBLOCK_TRADDR_MAX_LEN 256 + ``` + +2. Description + + The *Domain:Bus:Device.Function* (**%04x:%02x:%02x.%x**) format indicates the maximum length of the PCI address character string. The actual length is far less than 256 bytes. + +#### UBLOCK_PCI_ADDR_MAX_LEN + +1. Prototype + + ```c + #define UBLOCK_PCI_ADDR_MAX_LEN 256 + ``` + +2. Description + + Maximum length of the PCI address character string. The actual length is far less than 256 bytes. The possible formats of the PCI address are as follows: + + - Full address: **%x:%x:%x.%x** or **%x.%x.%x.%x** + + - When the **Function** value is **0**: **%x:%x:%x** + + - When the **Domain** value is **0**: **%x:%x.%x** or **%x.%x.%x** + + - When the **Domain** and **Function** values are **0**: **%x:%x** or **%x.%x** + +#### UBLOCK_SMART_INFO_LEN + +1. Prototype + + ```c + #define UBLOCK_SMART_INFO_LEN 512 + ``` + +2. Description + + Size of the structure for the S.M.A.R.T. information of an NVMe drive, which is 512 bytes. + +#### enum ublock_rpc_server_status + +1. Prototype + + ```c + enum ublock_rpc_server_status { + // start rpc server or not + UBLOCK_RPC_SERVER_DISABLE = 0, + UBLOCK_RPC_SERVER_ENABLE = 1, + }; + ``` + +2. Description + + Status of the RPC service in HSAK. The status can be enabled or disabled. + +#### enum ublock_nvme_uevent_action + +1. Prototype + + ```c + enum ublock_nvme_uevent_action { + UBLOCK_NVME_UEVENT_ADD = 0, + UBLOCK_NVME_UEVENT_REMOVE = 1, + UBLOCK_NVME_UEVENT_INVALID, + }; + ``` + +2. Description + + Indicates whether the uevent hot swap event is to insert or remove a drive. + +#### enum ublock_subsystem_type + +1. Prototype + + ```c + enum ublock_subsystem_type { + SUBSYSTEM_UIO = 0, + SUBSYSTEM_NVME = 1, + SUBSYSTEM_TOP + }; + ``` + +2. Description + + Type of the callback function, which is used to determine whether the callback function is registered for the UIO driver or kernel NVMe driver. + +## Data Structure + +### bdev_rw.h + +#### struct libstorage_namespace_info + +1. Prototype + + ```c + struct libstorage_namespace_info + { + char name[MAX_BDEV_NAME_LEN]; + uint64_t size; /** namespace size in bytes */ + uint64_t sectors; /** number of sectors */ + uint32_t sector_size; /** sector size in bytes */ + uint32_t md_size; /** metadata size in bytes */ + uint32_t max_io_xfer_size; /** maximum i/o size in bytes */ + uint16_t id; /** namespace id */ + uint8_t pi_type; /** end-to-end data protection information type */ + uint8_t is_active :1; /** namespace is active or not */ + uint8_t ext_lba :1; /** namespace support extending LBA size or not */ + uint8_t dsm :1; /** namespace supports Dataset Management or not */ + uint8_t pad :3; + uint64_t reserved; + }; + ``` + +2. Description + + This data structure contains the namespace information of a drive. + +3. Struct members + + | Member | Description | + | ---------------------------- | ------------------------------------------------------------ | + | char name\[MAX_BDEV_NAME_LEN] | Name of the namespace. | + | uint64_t size | Size of the drive space allocated to the namespace, in bytes. | + | uint64_t sectors | Number of sectors. | + | uint32_t sector_size | Size of each sector, in bytes. | + | uint32_t md_size | Metadata size, in bytes. | + | uint32_t max_io_xfer_size | Maximum size of data in a single I/O operation, in bytes. | + | uint16_t id | Namespace ID. | + | uint8_t pi_type | Data protection type. The value is obtained from enum libstorage_ns_pi_type. | + | uint8_t is_active :1 | Namespace active or not. | + | uint8_t ext_lba :1 | Whether the namespace supports logical block addressing (LBA) in extended mode. | + | uint8_t dsm :1 | Whether the namespace supports dataset management. | + | uint8_t pad :3 | Reserved parameter. | + | uint64_t reserved | Reserved parameter. | + +#### struct libstorage_nvme_ctrlr_info + +1. Prototype + + ```c + struct libstorage_nvme_ctrlr_info { + char name[MAX_CTRL_NAME_LEN]; + char address[24]; + struct { + uint32_t domain; + uint8_t bus; + uint8_t dev; + uint8_t func; + } pci_addr; + uint64_t totalcap; /* Total NVM Capacity in bytes */ + uint64_t unusecap; /* Unallocated NVM Capacity in bytes */ + int8_t sn[20]; /* Serial number */ + uint8_t fr[8]; /* Firmware revision */ + uint32_t max_num_ns; /* Number of namespaces */ + uint32_t version; + uint16_t num_io_queues; /* num of io queues */ + uint16_t io_queue_size; /* io queue size */ + uint16_t ctrlid; /* Controller id */ + uint16_t pad1; + struct { + struct { + uint32_t ms : 16; /* metadata size */ + uint32_t lbads : 8; /* lba data size */ + uint32_t reserved : 8; + } lbaf[LBA_FORMAT_NUM]; + uint8_t nlbaf; + uint8_t pad2[3]; + uint32_t cur_format : 4; + uint32_t cur_extended : 1; + uint32_t cur_pi : 3; + uint32_t cur_pil : 1; + uint32_t cur_can_share : 1; + uint32_t mc_extented : 1; + uint32_t mc_pointer : 1; + uint32_t pi_type1 : 1; + uint32_t pi_type2 : 1; + uint32_t pi_type3 : 1; + uint32_t md_start : 1; + uint32_t md_end : 1; + uint32_t ns_manage : 1; /* Supports the Namespace Management and Namespace Attachment commands */ + uint32_t directives : 1; /* Controller support Directives or not */ + uint32_t streams : 1; /* Controller support Streams Directives or not */ + uint32_t dsm : 1; /* Controller support Dataset Management or not */ + uint32_t reserved : 11; + } cap_info; + }; + ``` + +2. Description + + This data structure contains the controller information of a drive. + +3. Struct members + + | Member | Description | + | ------------------------------------------------------------ | ------------------------------------------------------------ | + | char name\[MAX_CTRL_NAME_LEN] | Controller name. | + | char address\[24] | PCI address, which is a character string. | + | struct
{
uint32_t domain;
uint8_t bus;
uint8_t dev;
uint8_t func;
} pci_addr | PCI address, in segments. | + | uint64_t totalcap | Total capacity of the controller, in bytes. Optane drives are based on the NVMe 1.0 protocol and do not support this parameter. | + | uint64_t unusecap | Free capacity of the controller, in bytes. Optane drives are based on the NVMe 1.0 protocol and do not support this parameter. | + | int8_t sn\[20]; | Serial number of a drive, which is an ASCII character string without **0**. | + | uint8_t fr\[8]; | Drive firmware version, which is an ASCII character string without **0**. | + | uint32_t max_num_ns | Maximum number of namespaces. | + | uint32_t version | NVMe protocol version supported by the controller. | + | uint16_t num_io_queues | Number of I/O queues supported by a drive. | + | uint16_t io_queue_size | Maximum length of an I/O queue. | + | uint16_t ctrlid | Controller ID. | + | uint16_t pad1 | Reserved parameter. | + + Members of the struct cap_info substructure: + + | Member | Description | + | ------------------------------------------------------------ | ------------------------------------------------------------ | + | struct
{
uint32_t ms : 16;
uint32_t lbads : 8;
uint32_t reserved : 8;
}lbaf\[LBA_FORMAT_NUM] | **ms**: metadata size. The minimum value is 8 bytes.
**lbads**: The LBA size is 2^lbads, and the value of **lbads** is greater than or equal to 9. | + | uint8_t nlbaf | Number of LBA formats supported by the controller. | + | uint8_t pad2\[3] | Reserved parameter. | + | uint32_t cur_format : 4 | Current LBA format of the controller. | + | uint32_t cur_extended : 1 | Whether the controller supports LBA in extended mode. | + | uint32_t cur_pi : 3 | Current protection type of the controller. | + | uint32_t cur_pil : 1 | The current protection information (PI) of the controller is located in the first or last eight bytes of the metadata. | + | uint32_t cur_can_share : 1 | Whether the namespace supports multi-path transmission. | + | uint32_t mc_extented : 1 | Whether metadata is transmitted as part of the data buffer. | + | uint32_t mc_pointer : 1 | Whether metadata is separated from the data buffer. | + | uint32_t pi_type1 : 1 | Whether the controller supports protection type 1. | + | uint32_t pi_type2 : 1 | Whether the controller supports protection type 2. | + | uint32_t pi_type3 : 1 | Whether the controller supports protection type 3. | + | uint32_t md_start : 1 | Whether the controller supports protection information in the first eight bytes of metadata. | + | uint32_t md_end : 1 | Whether the controller supports protection information in the last eight bytes of metadata. | + | uint32_t ns_manage : 1 | Whether the controller supports namespace management. | + | uint32_t directives : 1 | Whether the Directives command set is supported. | + | uint32_t streams : 1 | Whether Streams Directives is supported. | + | uint32_t dsm : 1 | Whether Dataset Management commands are supported. | + | uint32_t reserved : 11 | Reserved parameter. | + +#### struct libstorage_dsm_range_desc + +1. Prototype + + ```c + struct libstorage_dsm_range_desc + { + /* RESERVED */ + uint32_t reserved; + + /* NUMBER OF LOGICAL BLOCKS */ + uint32_t block_count; + + /* UNMAP LOGICAL BLOCK ADDRESS */uint64_t lba;}; + ``` + +2. Description + + Definition of a single 16-byte set in the data management command set. + +3. Struct members + + | Member | Description | + | -------------------- | ------------------------ | + | uint32_t reserved | Reserved parameter. | + | uint32_t block_count | Number of LBAs per unit. | + | uint64_t lba | Start LBA. | + +#### struct libstorage_ctrl_streams_param + +1. Prototype + + ```c + struct libstorage_ctrl_streams_param + { + /* MAX Streams Limit */ + uint16_t msl; + + /* NVM Subsystem Streams Available */ + uint16_t nssa; + + /* NVM Subsystem Streams Open */uint16_t nsso; + + uint16_t pad; + }; + ``` + +2. Description + + Streams attribute value supported by NVMe drives. + +3. Struct members + + | Member | Description | + | ------------- | ------------------------------------------------------------ | + | uint16_t msl | Maximum number of Streams resources supported by a drive. | + | uint16_t nssa | Number of Streams resources that can be used by each NVM subsystem. | + | uint16_t nsso | Number of Streams resources used by each NVM subsystem. | + | uint16_t pad | Reserved parameter. | + +#### struct libstorage_bdev_streams_param + +1. Prototype + + ```c + struct libstorage_bdev_streams_param + { + /* Stream Write Size */ + uint32_t sws; + + /* Stream Granularity Size */ + uint16_t sgs; + + /* Namespace Streams Allocated */ + uint16_t nsa; + + /* Namespace Streams Open */ + uint16_t nso; + + uint16_t reserved[3]; + }; + ``` + +2. Description + + Streams attribute value of the namespace. + +3. Struct members + + | Member | Description | + | -------------------- | ------------------------------------------------------------ | + | uint32_t sws | Write granularity with the optimal performance, in sectors. | + | uint16_t sgs | Write granularity allocated to Streams, in sws. | + | uint16_t nsa | Number of private Streams resources that can be used by a namespace. | + | uint16_t nso | Number of private Streams resources used by a namespace. | + | uint16_t reserved\[3] | Reserved parameter. | + +#### struct libstorage_mgr_info + +1. Prototype + + ```c + struct libstorage_mgr_info + { + char pci[24]; + char ctrlName[MAX_CTRL_NAME_LEN]; + uint64_t sector_size; + uint64_t cap_size; + uint16_t device_id; + uint16_t subsystem_device_id; + uint16_t vendor_id; + uint16_t subsystem_vendor_id; + uint16_t controller_id; + int8_t serial_number[20]; + int8_t model_number[40]; + uint8_t firmware_revision[8]; + }; + ``` + +2. Description + + Drive management information (consistent with the drive information used by the management plane). + +3. Struct members + + | Member | Description | + | -------------------------------- | ---------------------------------------------- | + | char pci\[24] | Character string of the drive PCI address. | + | char ctrlName\[MAX_CTRL_NAME_LEN] | Character string of the drive controller name. | + | uint64_t sector_size | Drive sector size. | + | uint64_t cap_size | Drive capacity, in bytes. | + | uint16_t device_id | Drive device ID. | + | uint16_t subsystem_device_id | Drive subsystem device ID. | + | uint16\*t vendor\*id | Drive vendor ID. | + | uint16_t subsystem_vendor_id | Drive subsystem vendor ID. | + | uint16_t controller_id | Drive controller ID. | + | int8_t serial_number\[20] | Drive serial number. | + | int8_t model_number\[40] | Device model. | + | uint8_t firmware_revision\[8] | Firmware version. | + +#### struct **attribute**((packed)) libstorage_smart_info + +1. Prototype + + ```c + /* same with struct spdk_nvme_health_information_page in nvme_spec.h */ + struct __attribute__((packed)) libstorage_smart_info { + /* details of uint8_t critical_warning + * + * union spdk_nvme_critical_warning_state { + * uint8_t raw; + * struct { + * uint8_t available_spare : 1; + * uint8_t temperature : 1; + * uint8_t device_reliability : 1; + * uint8_t read_only : 1; + * uint8_t volatile_memory_backup : 1; + * uint8_t reserved : 3; + * } bits; + * }; + */ + uint8_t critical_warning; + uint16_t temperature; + uint8_t available_spare; + uint8_t available_spare_threshold; + uint8_t percentage_used; + uint8_t reserved[26]; + + /* + * Note that the following are 128-bit values, but are + * defined as an array of 2 64-bit values. + */ + /* Data Units Read is always in 512-byte units. */ + uint64_t data_units_read[2]; + /* Data Units Written is always in 512-byte units. */ + uint64_t data_units_written[2]; + /* For NVM command set, this includes Compare commands. */ + uint64_t host_read_commands[2]; + uint64_t host_write_commands[2]; + /* Controller Busy Time is reported in minutes. */ + uint64_t controller_busy_time[2]; + uint64_t power_cycles[2]; + uint64_t power_on_hours[2]; + uint64_t unsafe_shutdowns[2]; + uint64_t media_errors[2]; + uint64_t num_error_info_log_entries[2]; + + /* Controller temperature related. */ + uint32_t warning_temp_time; + uint32_t critical_temp_time; + uint16_t temp_sensor[8]; + uint8_t reserved2[296]; + }; + + ``` + +2. Description + + This data structure defines the S.M.A.R.T. information of a drive. + +3. Struct members + + | Member | **Description (For details, see the NVMe protocol.)** | + | -------------------------------------- | ------------------------------------------------------------ | + | uint8_t critical_warning | Critical alarm of the controller status. If a bit is set to 1, the bit is valid. You can set multiple bits to be valid. Critical alarms are returned to the host through asynchronous events.
Bit 0: When this bit is set to 1, the redundant space is less than the specified threshold.
Bit 1: When this bit is set to 1, the temperature is higher or lower than a major threshold.
Bit 2: When this bit is set to 1, component reliability is reduced due to major media errors or internal errors.
Bit 3: When this bit is set to 1, the medium has been set to the read-only mode.
Bit 4: When this bit is set to 1, the volatile component of the controller fails. This parameter is valid only when the volatile component exists in the controller.
Bits 5-7: reserved. | + | uint16_t temperature | Temperature of a component. The unit is Kelvin. | + | uint8_t available_spare | Percentage of the available redundant space (0 to 100%). | + | uint8_t available_spare_threshold | Threshold of the available redundant space. An asynchronous event is reported when the available redundant space is lower than the threshold. | + | uint8_t percentage_used | Percentage of the actual service life of a component to the service life of the component expected by the manufacturer. The value **100** indicates that the actual service life of the component has reached to the expected service life, but the component can still be used. The value can be greater than 100, but any value greater than 254 will be set to 255. | + | uint8_t reserved\[26] | Reserved. | + | uint64_t data_units_read\[2] | Number of 512 bytes read by the host from the controller. The value **1** indicates that 1000 x 512 bytes are read, which exclude metadata. If the LBA size is not 512 bytes, the controller converts it into 512 bytes for calculation. The value is expressed in hexadecimal notation. | + | uint64_t data_units_written\[2] | Number of 512 bytes written by the host to the controller. The value **1** indicates that 1000 x 512 bytes are written, which exclude metadata. If the LBA size is not 512 bytes, the controller converts it into 512 bytes for calculation. The value is expressed in hexadecimal notation. | + | uint64_t host_read_commands\[2] | Number of read commands delivered to the controller. | + | uint64_t host_write_commands\[2]; | Number of write commands delivered to the controller. | + | uint64_t controller_busy_time\[2] | Busy time for the controller to process I/O commands. The process from the time the commands are delivered to the time the results are returned to the CQ is busy. The time is expressed in minutes. | + | uint64_t power_cycles\[2] | Number of machine on/off cycles. | + | uint64_t power_on_hours\[2] | Power-on duration, in hours. | + | uint64_t unsafe_shutdowns\[2] | Number of abnormal power-off times. The value is incremented by 1 when CC.SHN is not received during power-off. | + | uint64_t media_errors\[2] | Number of times that the controller detects unrecoverable data integrity errors, including uncorrectable ECC errors, CRC errors, and LBA tag mismatch. | + | uint64_t num_error_info_log_entries\[2] | Number of entries in the error information log within the controller lifecycle. | + | uint32_t warning_temp_time | Accumulated time when the temperature exceeds the warning alarm threshold, in minutes. | + | uint32_t critical_temp_time | Accumulated time when the temperature exceeds the critical alarm threshold, in minutes. | + | uint16_t temp_sensor\[8] | Temperature of temperature sensors 1-8. The unit is Kelvin. | + | uint8_t reserved2\[296] | Reserved. | + +#### libstorage_dpdk_contig_mem + +1. Prototype + + ```c + struct libstorage_dpdk_contig_mem { + uint64_t virtAddr; + uint64_t memLen; + uint64_t allocLen; + }; + ``` + +2. Description + + Description about a contiguous virtual memory segment in the parameters of the callback function that notifies the service layer of initialization completion after the DPDK memory is initialized. + + Currently, 800 MB memory is reserved for HSAK. Other memory is returned to the service layer through **allocLen** in this struct for the service layer to allocate memory for self-management. + + The total memory to be reserved for HSAK is about 800 MB. The memory reserved for each memory segment is calculated based on the number of NUMA nodes in the environment. When there are too many NUMA nodes, the memory reserved on each memory segment is too small. As a result, HSAK initialization fails. Therefore, HSAK supports only the environment with a maximum of four NUMA nodes. + +3. Struct members + + | Member | Description | + | ----------------- | -------------------------------------------------------- | + | uint64_t virtAddr | Start address of the virtual memory. | + | uint64_t memLen | Length of the virtual memory, in bytes. | + | uint64_t allocLen | Available memory length in the memory segment, in bytes. | + +#### struct libstorage_dpdk_init_notify_arg + +1. Prototype + + ```c + struct libstorage_dpdk_init_notify_arg { + uint64_t baseAddr; + uint16_t memsegCount; + struct libstorage_dpdk_contig_mem *memseg; + }; + ``` + +2. Description + + Callback function parameter used to notify the service layer of initialization completion after DPDK memory initialization, indicating information about all virtual memory segments. + +3. Struct members + + | Member | Description | + | ----------------------------------------- | ------------------------------------------------------------ | + | uint64_t baseAddr | Start address of the virtual memory. | + | uint16_t memsegCount | Number of valid **memseg** array members, that is, the number of contiguous virtual memory segments. | + | struct libstorage_dpdk_contig_mem *memseg | Pointer to the memory segment array. Each array element is a contiguous virtual memory segment, and every two elements are discontiguous. | + +#### struct libstorage_dpdk_init_notify + +1. Prototype + + ```c + struct libstorage_dpdk_init_notify { + const char *name; + void (*notifyFunc)(const struct libstorage_dpdk_init_notify_arg *arg); + TAILQ_ENTRY(libstorage_dpdk_init_notify) tailq; + }; + ``` + +2. Description + + Struct used to notify the service layer of the callback function registration after the DPDK memory is initialized. + +3. Struct members + + | Member | Description | + | ------------------------------------------------------------ | ------------------------------------------------------------ | + | const char *name | Name of the service-layer module of the registered callback function. | + | void (*notifyFunc)(const struct libstorage_dpdk_init_notify_arg*arg) | Callback function parameter used to notify the service layer of initialization completion after the DPDK memory is initialized. | + | TAILQ_ENTRY(libstorage_dpdk_init_notify) tailq | Linked list that stores registered callback functions. | + +### ublock.h + +#### struct ublock_bdev_info + +1. Prototype + + ```c + struct ublock_bdev_info { + uint64_t sector_size; + uint64_t cap_size; // cap_size + uint16_t device_id; + uint16_t subsystem_device_id; // subsystem device id of nvme control + uint16_t vendor_id; + uint16_t subsystem_vendor_id; + uint16_t controller_id; + int8_t serial_number[20]; + int8_t model_number[40]; + int8_t firmware_revision[8]; + }; + ``` + +2. Description + + This data structure contains the device information of a drive. + +3. Struct members + + | Member | Description | + | ---------------------------- | ----------------------------------------------- | + | uint64_t sector_size | Sector size of a drive, for example, 512 bytes. | + | uint64_t cap_size | Total drive capacity, in bytes. | + | uint16_t device_id | Device ID. | + | uint16_t subsystem_device_id | Device ID of a subsystem. | + | uint16_t vendor_id | Main ID of the device vendor. | + | uint16_t subsystem_vendor_id | Sub-ID of the device vendor. | + | uint16_t controller_id | ID of the device controller. | + | int8_t serial_number\[20] | Device serial number. | + | int8_t model_number\[40] | Device model. | + | int8_t firmware_revision\[8] | Firmware version. | + +#### struct ublock_bdev + +1. Prototype + + ```c + struct ublock_bdev { + char pci[UBLOCK_PCI_ADDR_MAX_LEN]; + struct ublock_bdev_info info; + struct spdk_nvme_ctrlr *ctrlr; + TAILQ_ENTRY(ublock_bdev) link; + }; + ``` + +2. Description + + The data structure contains the drive information of the specified PCI address, and the structure itself is a node of the queue. + +3. Struct members + + | Member | Description | + | --------------------------------- | ------------------------------------------------------------ | + | char pci\[UBLOCK_PCI_ADDR_MAX_LEN] | PCI address. | + | struct ublock_bdev_info info | Drive information. | + | struct spdk_nvme_ctrlr *ctrlr | Data structure of the device controller. The members in this structure are not open to external systems. External services can obtain the corresponding member data through the SPDK open source interface. | + | TAILQ_ENTRY(ublock_bdev) link | Structure of the pointers before and after a queue. | + +#### struct ublock_bdev_mgr + +1. Prototype + + ```c + struct ublock_bdev_mgr { + TAILQ_HEAD(, ublock_bdev) bdevs; + }; + ``` + +2. Description + + This data structure defines the header structure of a ublock_bdev queue. + +3. Struct members + + | Member | Description | + | -------------------------------- | ----------------------- | + | TAILQ_HEAD(, ublock_bdev) bdevs; | Queue header structure. | + +#### struct **attribute**((packed)) ublock_SMART_info + +1. Prototype + + ```c + struct __attribute__((packed)) ublock_SMART_info { + uint8_t critical_warning; + uint16_t temperature; + uint8_t available_spare; + uint8_t available_spare_threshold; + uint8_t percentage_used; + uint8_t reserved[26]; + /* + + Note that the following are 128-bit values, but are + + defined as an array of 2 64-bit values. + */ + /* Data Units Read is always in 512-byte units. */ + uint64_t data_units_read[2]; + /* Data Units Written is always in 512-byte units. */ + uint64_t data_units_written[2]; + /* For NVM command set, this includes Compare commands. */ + uint64_t host_read_commands[2]; + uint64_t host_write_commands[2]; + /* Controller Busy Time is reported in minutes. */ + uint64_t controller_busy_time[2]; + uint64_t power_cycles[2]; + uint64_t power_on_hours[2]; + uint64_t unsafe_shutdowns[2]; + uint64_t media_errors[2]; + uint64_t num_error_info_log_entries[2]; + /* Controller temperature related. */ + uint32_t warning_temp_time; + uint32_t critical_temp_time; + uint16_t temp_sensor[8]; + uint8_t reserved2[296]; + }; + ``` + +2. Description + + This data structure defines the S.M.A.R.T. information of a drive. + +3. Struct members + + | Member | Description (For details, see the NVMe protocol.) | + | -------------------------------------- | ------------------------------------------------------------ | + | uint8_t critical_warning | Critical alarm of the controller status. If a bit is set to 1, the bit is valid. You can set multiple bits to be valid. Critical alarms are returned to the host through asynchronous events.
Bit 0: When this bit is set to 1, the redundant space is less than the specified threshold.
Bit 1: When this bit is set to 1, the temperature is higher or lower than a major threshold.
Bit 2: When this bit is set to 1, component reliability is reduced due to major media errors or internal errors.
Bit 3: When this bit is set to 1, the medium has been set to the read-only mode.
Bit 4: When this bit is set to 1, the volatile component of the controller fails. This parameter is valid only when the volatile component exists in the controller.
Bits 5-7: reserved. | + | uint16_t temperature | Temperature of a component. The unit is Kelvin. | + | uint8_t available_spare | Percentage of the available redundant space (0 to 100%). | + | uint8_t available_spare_threshold | Threshold of the available redundant space. An asynchronous event is reported when the available redundant space is lower than the threshold. | + | uint8_t percentage_used | Percentage of the actual service life of a component to the service life of the component expected by the manufacturer. The value **100** indicates that the actual service life of the component has reached to the expected service life, but the component can still be used. The value can be greater than 100, but any value greater than 254 will be set to 255. | + | uint8_t reserved\[26] | Reserved. | + | uint64_t data_units_read\[2] | Number of 512 bytes read by the host from the controller. The value **1** indicates that 1000 x 512 bytes are read, which exclude metadata. If the LBA size is not 512 bytes, the controller converts it into 512 bytes for calculation. The value is expressed in hexadecimal notation. | + | uint64_t data_units_written\[2] | Number of 512 bytes written by the host to the controller. The value **1** indicates that 1000 x 512 bytes are written, which exclude metadata. If the LBA size is not 512 bytes, the controller converts it into 512 bytes for calculation. The value is expressed in hexadecimal notation. | + | uint64_t host_read_commands\[2] | Number of read commands delivered to the controller. | + | uint64_t host_write_commands\[2]; | Number of write commands delivered to the controller. | + | uint64_t controller_busy_time\[2] | Busy time for the controller to process I/O commands. The process from the time the commands are delivered to the time the results are returned to the CQ is busy. The value is expressed in minutes. | + | uint64_t power_cycles\[2] | Number of machine on/off cycles. | + | uint64_t power_on_hours\[2] | Power-on duration, in hours. | + | uint64_t unsafe_shutdowns\[2] | Number of abnormal power-off times. The value is incremented by 1 when CC.SHN is not received during power-off. | + | uint64_t media_errors\[2] | Number of unrecoverable data integrity errors detected by the controller, including uncorrectable ECC errors, CRC errors, and LBA tag mismatch. | + | uint64_t num_error_info_log_entries\[2] | Number of entries in the error information log within the controller lifecycle. | + | uint32_t warning_temp_time | Accumulated time when the temperature exceeds the warning alarm threshold, in minutes. | + | uint32_t critical_temp_time | Accumulated time when the temperature exceeds the critical alarm threshold, in minutes. | + | uint16_t temp_sensor\[8] | Temperature of temperature sensors 1-8. The unit is Kelvin. | + | uint8_t reserved2\[296] | Reserved. | + +#### struct ublock_nvme_error_info + +1. Prototype + + ```c + struct ublock_nvme_error_info { + uint64_t error_count; + uint16_t sqid; + uint16_t cid; + uint16_t status; + uint16_t error_location; + uint64_t lba; + uint32_t nsid; + uint8_t vendor_specific; + uint8_t reserved[35]; + }; + ``` + +2. Description + + This data structure contains the content of a single error message in the device controller. The number of errors supported by different controllers may vary. + +3. Struct members + + | Member | Description (For details, see the NVMe protocol.) | + | ----------------------- | ------------------------------------------------------------ | + | uint64_t error_count | Error sequence number, which increases in ascending order. | + | uint16_t sqid | Submission queue identifier for the command associated with an error message. If an error cannot be associated with a specific command, this parameter should be set to **FFFFh**. | + | uint16_t cid | Command identifier associated with an error message. If an error cannot be associated with a specific command, this parameter should be set to **FFFFh**. | + | uint16_t status | Status of a completed command. | + | uint16_t error_location | Command parameter associated with an error message. | + | uint64_t lba | First LBA when an error occurs. | + | uint32_t nsid | Namespace where an error occurs. | + | uint8_t vendor_specific | Log page identifier associated with the page if other vendor-specific error messages are available. The value **00h** indicates that no additional information is available. The valid value ranges from 80h to FFh. | + | uint8_t reserved\[35] | Reserved. | + +#### struct ublock_uevent + +1. Prototype + + ```c + struct ublock_uevent { + enum ublock_nvme_uevent_action action; + int subsystem; + char traddr[UBLOCK_TRADDR_MAX_LEN + 1]; + }; + ``` + +2. Description + + This data structure contains parameters related to the uevent event. + +3. Struct members + + | Member | Description | + | -------------------------------------- | ------------------------------------------------------------ | + | enum ublock_nvme_uevent_action action | Whether the uevent event type is drive insertion or removal through enumeration. | + | int subsystem | Subsystem type of the uevent event. Currently, only **UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO** is supported. If the application receives other values, no processing is required. | + | char traddr\[UBLOCK_TRADDR_MAX_LEN + 1] | PCI address character string in the *Domain:Bus:Device.Function* (**%04x:%02x:%02x.%x**) format. | + +#### struct ublock_hook + +1. Prototype + + ```c + struct ublock_hook + { + ublock_callback_func ublock_callback; + void *user_data; + }; + ``` + +2. Description + + This data structure is used to register callback functions. + +3. Struct members + + | Member | Description | + | ------------------------------------ | ------------------------------------------------------------ | + | ublock_callback_func ublock_callback | Function executed during callback. The type is bool func(void *info, void*user_data). | + | void *user_data | User parameter transferred to the callback function. | + +#### struct ublock_ctrl_iostat_info + +1. Prototype + + ```c + struct ublock_ctrl_iostat_info + { + uint64_t num_read_ops; + uint64_t num_write_ops; + uint64_t read_latency_ms; + uint64_t write_latency_ms; + uint64_t io_outstanding; + uint64_t num_poll_timeout; + uint64_t io_ticks_ms; + }; + ``` + +2. Description + + This data structure is used to obtain the I/O statistics of a controller. + +3. Struct members + + | Member | Description | + | ------------------------- | ------------------------------------------------------------ | + | uint64_t num_read_ops | Accumulated number of read I/Os of the controller. | + | uint64_t num_write_ops | Accumulated number of write I/Os of the controller. | + | uint64_t read_latency_ms | Accumulated read latency of the controller, in ms. | + | uint64_t write_latency_ms | Accumulated write latency of the controller, in ms. | + | uint64_t io_outstanding | Queue depth of the controller. | + | uint64_t num_poll_timeout | Accumulated number of polling timeouts of the controller. | + | uint64_t io_ticks_ms | Accumulated I/O processing latency of the controller, in ms. | + +## API + +### bdev_rw.h + +#### libstorage_get_nvme_ctrlr_info + +1. Prototype + + uint32_t libstorage_get_nvme_ctrlr_info(struct libstorage_nvme_ctrlr_info** ppCtrlrInfo); + +2. Description + + Obtains information about all controllers. + +3. Parameters + + | Parameter | Description | + | ----------------------------------------------- | ------------------------------------------------------------ | + | struct libstorage_nvme_ctrlr_info** ppCtrlrInfo | Output parameter, which returns all obtained controller information.
Note:
Free the memory using the free API in a timely manner. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | Failed to obtain controller information or no controller information is obtained. | + | > 0 | Number of obtained controllers. | + +#### libstorage_get_mgr_info_by_esn + +1. Prototype + + ```c + int32_t libstorage_get_mgr_info_by_esn(const char *esn, struct libstorage_mgr_info *mgr_info); + ``` + +2. Description + + Obtains the management information about the NVMe drive corresponding to the ESN. + +3. Parameters + + | Parameter | Description | + | ------------------------------------ | ------------------------------------------------------------ | + | const char *esn | ESN of the target device.
Note:
An ESN is a string of a maximum of 20 characters (excluding the end character of the string), but the length may vary according to hardware vendors. For example, if the length is less than 20 characters, spaces are padded at the end of the character string.
| + | struct libstorage_mgr_info *mgr_info | Output parameter, which returns all obtained NVMe drive management information. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | Succeeded in querying the NVMe drive management information corresponding to an ESN. | + | -1 | Failed to query the NVMe drive management information corresponding to an ESN. | + | -2 | No NVMe drive matching an ESN is obtained. | + +#### libstorage_get_mgr_smart_by_esn + +1. Prototype + + ```c + int32_t libstorage_get_mgr_smart_by_esn(const char *esn, uint32_t nsid, struct libstorage_smart_info *mgr_smart_info); + ``` + +2. Description + + Obtains the S.M.A.R.T. information of the NVMe drive corresponding to an ESN. + +3. Parameters + + | Parameter | Description | + | ------------------------------------ | ------------------------------------------------------------ | + | const char *esn | ESN of the target device.
Note:
An ESN is a string of a maximum of 20 characters (excluding the end character of the string), but the length may vary according to hardware vendors. For example, if the length is less than 20 characters, spaces are padded at the end of the character string.
| + | uint32_t nsid | Specified namespace. | + | struct libstorage_mgr_info *mgr_info | Output parameter, which returns all obtained S.M.A.R.T. information of NVMe drives. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | Succeeded in querying the S.M.A.R.T. information of the NVMe drive corresponding to an ESN. | + | -1 | Failed to query the S.M.A.R.T. information of the NVMe drive corresponding to an ESN. | + | -2 | No NVMe drive matching an ESN is obtained. | + +#### libstorage_get_bdev_ns_info + +1. Prototype + + ```c + uint32_t libstorage_get_bdev_ns_info(const char* bdevName, struct libstorage_namespace_info** ppNsInfo); + ``` + +2. Description + + Obtains namespace information based on the device name. + +3. Parameters + + | Parameter | Description | + | ------------------------------------------- | ------------------------------------------------------------ | + | const char* bdevName | Device name. | + | struct libstorage_namespace_info** ppNsInfo | Output parameter, which returns namespace information.
Note:
Free the memory using the free API in a timely manner. | + +4. Return value + + | Return Value | Description | + | ------------ | ---------------------------- | + | 0 | The operation failed. | + | 1 | The operation is successful. | + +#### libstorage_get_ctrl_ns_info + +1. Prototype + + ```c + uint32_t libstorage_get_ctrl_ns_info(const char* ctrlName, struct libstorage_namespace_info** ppNsInfo); + ``` + +2. Description + + Obtains information about all namespaces based on the controller name. + +3. Parameters + + | Parameter | Description | + | ------------------------------------------- | ------------------------------------------------------------ | + | const char* ctrlName | Controller name. | + | struct libstorage_namespace_info** ppNsInfo | Output parameter, which returns information about all namespaces.
Note:
Free the memory using the free API in a timely manner. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | Failed to obtain the namespace information or no namespace information is obtained. | + | > 0 | Number of namespaces obtained. | + +#### libstorage_create_namespace + +1. Prototype + + ```c + int32_t libstorage_create_namespace(const char* ctrlName, uint64_t ns_size, char** outputName); + ``` + +2. Description + + Creates a namespace on a specified controller (the prerequisite is that the controller supports namespace management). + + Optane drives are based on the NVMe 1.0 protocol and do not support namespace management. Therefore, this API is not supported. + + ES3000 V3 and V5 support only one namespace by default. By default, a namespace exists on the controller. To create a namespace, delete the original namespace. + +3. Parameters + + | Parameter | Description | + | -------------------- | ------------------------------------------------------------ | + | const char* ctrlName | Controller name. | + | uint64_t ns_size | Size of the namespace to be created (unit: sector_size). | + | char** outputName | Output parameter, which indicates the name of the created namespace.
Note:
Free the memory using the free API in a timely manner. | + +4. Return value + + | Return Value | Description | + | ------------ | ---------------------------------------------- | + | ≤ 0 | Failed to create the namespace. | + | > 0 | ID of the created namespace (starting from 1). | + +#### libstorage_delete_namespace + +1. Prototype + + ```c + int32_t libstorage_delete_namespace(const char* ctrlName, uint32_t ns_id); + ``` + +2. Description + + Deletes a namespace from a specified controller. Optane drives are based on the NVMe 1.0 protocol and do not support namespace management. Therefore, this API is not supported. + +3. Parameters + + | Parameter | Description | + | -------------------- | ---------------- | + | const char* ctrlName | Controller name. | + | uint32_t ns_id | Namespace ID | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | Deletion succeeded. | + | Other values | Deletion failed.
Note:
Before deleting a namespace, stop I/O operations. Otherwise, the namespace fails to be deleted. | + +#### libstorage_delete_all_namespace + +1. Prototype + + ```c + int32_t libstorage_delete_all_namespace(const char* ctrlName); + ``` + +2. Description + + Deletes all namespaces from a specified controller. Optane drives are based on the NVMe 1.0 protocol and do not support namespace management. Therefore, this API is not supported. + +3. Parameters + + | Parameter | Description | + | -------------------- | ---------------- | + | const char* ctrlName | Controller name. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | Deletion succeeded. | + | Other values | Deletion failed.
Note:
Before deleting a namespace, stop I/O operations. Otherwise, the namespace fails to be deleted. | + +#### libstorage_nvme_create_ctrlr + +1. Prototype + + ```c + int32_t libstorage_nvme_create_ctrlr(const char *pci_addr, const char *ctrlr_name); + ``` + +2. Description + + Creates an NVMe controller based on the PCI address. + +3. Parameters + + | Parameter | Description | + | ---------------- | ---------------- | + | char *pci_addr | PCI address. | + | char *ctrlr_name | Controller name. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------- | + | < 0 | Creation failed. | + | 0 | Creation succeeded. | + +#### libstorage_nvme_delete_ctrlr + +1. Prototype + + ```c + int32_t libstorage_nvme_delete_ctrlr(const char *ctrlr_name); + ``` + +2. Description + + Destroys an NVMe controller based on the controller name. + +3. Parameters + + | Parameter | Description | + | ---------------------- | ---------------- | + | const char *ctrlr_name | Controller name. | + + This API can be called only after all delivered I/Os are returned. + +4. Return value + + | Return Value | Description | + | ------------ | ---------------------- | + | < 0 | Destruction failed. | + | 0 | Destruction succeeded. | + +#### libstorage_nvme_reload_ctrlr + +1. Prototype + + ```c + int32_t libstorage_nvme_reload_ctrlr(const char *cfgfile); + ``` + +2. Description + + Adds or deletes an NVMe controller based on the configuration file. + +3. Parameters + + | Parameter | Description | + | ------------------- | ------------------------------- | + | const char *cfgfile | Path of the configuration file. | + + Before using this API to delete a drive, ensure that all delivered I/Os have been returned. + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | < 0 | Failed to add or delete drives based on the configuration file. (Drives may be successfully added or deleted for some controllers.) | + | 0 | Drives are successfully added or deleted based on the configuration file. | + + > Constraints + + - Currently, a maximum of 36 controllers can be configured in the configuration file. + + - The reload API creates as many controllers as possible. If a controller fails to be created, the creation of other controllers is not affected. + + - In concurrency scenarios, the final drive initialization status may be inconsistent with the input configuration file. + + - If you delete a drive that is delivering I/Os by reloading the drive, I/Os fail. + + - After the controller name (for example, **nvme0**) corresponding to the PCI address in the configuration file is modified, the modification does not take effect after this interface is called. + + - The reload function is valid only when drives are added or deleted. Other configuration items in the configuration file cannot be reloaded. + +#### libstorage_low_level_format_nvm + +1. Prototype + + ```c + int8_t libstorage_low_level_format_nvm(const char* ctrlName, uint8_t lbaf, + enum libstorage_ns_pi_type piType, + bool pil_start, bool ms_extented, uint8_t ses); + ``` + +2. Description + + Low-level formats NVMe drives. + +3. Parameters + + | Parameter | Description | + | --------------------------------- | ------------------------------------------------------------ | + | const char* ctrlName | Controller name. | + | uint8_t lbaf | LBA format to be used. | + | enum libstorage_ns_pi_type piType | Protection type to be used. | + | bool pil_start | The protection information is stored in first eight bytes (1) or last eight bytes (0) of the metadata. | + | bool ms_extented | Whether to format to the extended type. | + | uint8_t ses | Whether to perform secure erase during formatting. Currently, only the value **0** (no-secure erase) is supported. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------- | + | < 0 | Formatting failed. | + | ≥ 0 | LBA format generated after successful formatting. | + + > Constraints + + - This low-level formatting API will clear the data and metadata of the drive namespace. Exercise caution when using this API. + + - It takes several seconds to format an ES3000 drive and several minutes to format an Intel Optane drive. Before using this API, wait until the formatting is complete. If the formatting process is forcibly stopped, the formatting fails. + + - Before formatting, stop the I/O operations on the data plane. If the drive is processing I/O requests, the formatting may fail occasionally. If the formatting is successful, the drive may discard the I/O requests that are being processed. Therefore, before formatting the drive, ensure that the I/O operations on the data plane are stopped. + + - During the formatting, the controller is reset. As a result, the initialized drive resources are unavailable. Therefore, after the formatting is complete, restart the I/O process on the data plane. + + - ES3000 V3 supports protection types 0 and 3, PI start and PI end, and mc extended. ES3000 V3 supports DIF in 512+8 format but does not support DIF in 4096+64 format. + + - ES3000 V5 supports protection types 0 and 3, PI start and PI end, mc extended, and mc pointer. ES3000 V5 supports DIF in both 512+8 and 4096+64 formats. + + - Optane drives support protection types 0 and 1, PI end, and mc extended. Optane drives support DIF in 512+8 format but does not support DIF in 4096+64 format. + + | **Drive Type** | **LBA Format** | **Drive Type** | **LBA Format** | + | ------------------ | ------------------------------------------------------------ | -------------- | ------------------------------------------------------------ | + | Intel Optane P4800 | lbaf0:512+0
lbaf1:512+8
lbaf2:512+16
lbaf3:4096+0
lbaf4:4096+8
lbaf5:4096+64
lbaf6:4096+128 | ES3000 V3, V5 | lbaf0:512+0
lbaf1:512+8
lbaf2:4096+64
lbaf3:4096+0
lbaf4:4096+8 | + +#### LIBSTORAGE_CALLBACK_FUNC + +1. Prototype + + ```c + typedef void (*LIBSTORAGE_CALLBACK_FUNC)(int32_t cb_status, int32_t sct_code, void* cb_arg); + ``` + +2. Description + + Registered HSAK I/O completion callback function. + +3. Parameters + + | Parameter | Description | + | ----------------- | ------------------------------------------------------------ | + | int32_t cb_status | I/O status code. The value **0** indicates success, a negative value indicates system error code, and a positive value indicates drive error code (for different error codes,
see [Appendixes](#Appendixes)). | + | int32_t sct_code | I/O status code type:
0: [GENERIC](#generic)
1: [COMMAND_SPECIFIC](#command_specific)
2: [MEDIA_DATA_INTERGRITY_ERROR](#media_data_intergrity_error)
7: VENDOR_SPECIFIC | + | void* cb_arg | Input parameter of the callback function. | + +4. Return value + + None. + +#### libstorage_deallocate_block + +1. Prototype + + ```c + int32_t libstorage_deallocate_block(int32_t fd, struct libstorage_dsm_range_desc *range, uint16_t range_count, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. Description + + Notifies NVMe drives of the blocks that can be released. + +3. Parameters + + | Parameter | Description | + | --------------------------------------- | ------------------------------------------------------------ | + | int32_t fd | Open drive file descriptor. | + | struct libstorage_dsm_range_desc *range | Description of blocks that can be released on NVMe drives.
Note:
This parameter requires **libstorage_mem_reserve** to allocate huge page memory. 4 KB alignment is required during memory allocation, that is, align is set to 4096.
The TRIM range of drives is restricted based on different drives. Exceeding the maximum TRIM range on the drives may cause data exceptions. | + | uint16_t range_count | Number of members in the array range. | + | LIBSTORAGE_CALLBACK_FUNC cb | Callback function. | + | void* cb_arg | Callback function parameter. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------- | + | < 0 | Failed to deliver the request. | + | 0 | Request submitted successfully. | + +#### libstorage_async_write + +1. Prototype + + ```c + int32_t libstorage_async_write(int32_t fd, void *buf, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. Description + + Delivers asynchronous I/O write requests (the write buffer is a contiguous buffer). + +3. Parameters + + | Parameter | Description | + | -------------------------------------- | ------------------------------------------------------------ | + | int32_t fd | File descriptor of the block device. | + | void *buf | Buffer for I/O write data (four-byte aligned and cannot cross the 4 KB page boundary).
Note:
The LBA in extended mode must contain the metadata memory size. | + | size_t nbytes | Size of a single write I/O, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | off64_t offset | Write offset of the LBA, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | void *md_buf | Metadata buffer. (Applicable only to LBAs in separated mode. Set this parameter to **NULL** for LBAs in extended mode.) | + | size_t md_len | Buffer length of metadata. (Applicable only to LBAs in separated mode. Set this parameter to **0** for LBAs in extended mode.) | + | enum libstorage_crc_and_prchk dif_flag | Whether to calculate DIF and whether to enable drive verification. | + | LIBSTORAGE_CALLBACK_FUNC cb | Registered callback function. | + | void* cb_arg | Parameters of the callback function. | + +4. Return value + + | Return Value | Description | + | ------------ | ---------------------------------------------- | + | 0 | I/O write requests are submitted successfully. | + | Other values | Failed to submit I/O write requests. | + +#### libstorage_async_read + +1. Prototype + + ```c + int32_t libstorage_async_read(int32_t fd, void *buf, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. Description + + Delivers asynchronous I/O read requests (the read buffer is a contiguous buffer). + +3. Parameters + + | Parameter | Description | + | -------------------------------------- | ------------------------------------------------------------ | + | int32_t fd | File descriptor of the block device. | + | void *buf | Buffer for I/O read data (four-byte aligned and cannot cross the 4 KB page boundary).
Note:
LBAs in extended mode must contain the metadata memory size. | + | size_t nbytes | Size of a single read I/O, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | off64_t offset | Read offset of the LBA, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. The LBA in extended mode does not include the metadata size. | + | void *md_buf | Metadata buffer. (Applicable only to LBAs in separated mode. Set this parameter to **NULL** for LBAs in extended mode.). | + | size_t md_len | Buffer length of metadata. (Applicable only to LBAs in separated mode. Set this parameter to **0** for LBAs in extended mode.). | + | enum libstorage_crc_and_prchk dif_flag | Whether to calculate DIF and whether to enable drive verification. | + | LIBSTORAGE_CALLBACK_FUNC cb | Registered callback function. | + | void* cb_arg | Parameters of the callback function. | + +4. Return value + + | Return Value | Description | + | ------------ | --------------------------------------------- | + | 0 | I/O read requests are submitted successfully. | + | Other values | Failed to submit I/O read requests. | + +#### libstorage_async_writev + +1. Prototype + + ```c + int32_t libstorage_async_writev(int32_t fd, struct iovec *iov, int iovcnt, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. Description + + Delivers asynchronous I/O write requests (the write buffer is a discrete buffer). + +3. Parameters + + | Parameter | Description | + | -------------------------------------- | ------------------------------------------------------------ | + | int32_t fd | File descriptor of the block device. | + | struct iovec *iov | Buffer for I/O write data.
Note:
LBAs in extended mode must contain the metadata size.
The address must be 4-byte-aligned and the length cannot exceed 4 GB. | + | int iovcnt | Number of buffers for I/O write data. | + | size_t nbytes | Size of a single write I/O, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | off64_t offset | Write offset of the LBA, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | void *md_buf | Metadata buffer. (Applicable only to LBAs in separated mode. Set this parameter to **NULL** for LBAs in extended mode.) | + | size_t md_len | Length of the metadata buffer. (Applicable only to LBAs in separated mode. Set this parameter to **0** for LBAs in extended mode.) | + | enum libstorage_crc_and_prchk dif_flag | Whether to calculate DIF and whether to enable drive verification. | + | LIBSTORAGE_CALLBACK_FUNC cb | Registered callback function. | + | void* cb_arg | Parameters of the callback function. | + +4. Return value + + | Return Value | Description | + | ------------ | ---------------------------------------------- | + | 0 | I/O write requests are submitted successfully. | + | Other values | Failed to submit I/O write requests. | + +#### libstorage_async_readv + +1. Prototype + + ```c + int32_t libstorage_async_readv(int32_t fd, struct iovec *iov, int iovcnt, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. Description + + Delivers asynchronous I/O read requests (the read buffer is a discrete buffer). + +3. Parameters + + | Parameter | Description | + | -------------------------------------- | ------------------------------------------------------------ | + | int32_t fd | File descriptor of the block device. | + | struct iovec *iov | Buffer for I/O read data.
Note:
LBAs in extended mode must contain the metadata size.
The address must be 4-byte-aligned and the length cannot exceed 4 GB. | + | int iovcnt | Number of buffers for I/O read data. | + | size_t nbytes | Size of a single read I/O, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | off64_t offset | Read offset of the LBA, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | void *md_buf | Metadata buffer. (Applicable only to LBAs in separated mode. Set this parameter to **NULL** for LBAs in extended mode.) | + | size_t md_len | Length of the metadata buffer. (Applicable only to LBAs in separated mode. Set this parameter to **0** for LBAs in extended mode.) | + | enum libstorage_crc_and_prchk dif_flag | Whether to calculate DIF and whether to enable drive verification. | + | LIBSTORAGE_CALLBACK_FUNC cb | Registered callback function. | + | void* cb_arg | Parameters of the callback function. | + +4. Return value + + | Return Value | Description | + | ------------ | --------------------------------------------- | + | 0 | I/O read requests are submitted successfully. | + | Other values | Failed to submit I/O read requests. | + +#### libstorage_sync_write + +1. Prototype + + ```c + int32_t libstorage_sync_write(int fd, const void *buf, size_t nbytes, off_t offset); + ``` + +2. Description + + Delivers synchronous I/O write requests (the write buffer is a contiguous buffer). + +3. Parameters + + | Parameter | Description | + | -------------- | ------------------------------------------------------------ | + | int32_t fd | File descriptor of the block device. | + | void *buf | Buffer for I/O write data (four-byte aligned and cannot cross the 4 KB page boundary).
Note:
LBAs in extended mode must contain the metadata memory size. | + | size_t nbytes | Size of a single write I/O, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | off64_t offset | Write offset of the LBA, in bytes. (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + +4. Return value + + | Return Value | Description | + | ------------ | ---------------------------------------------- | + | 0 | I/O write requests are submitted successfully. | + | Other values | Failed to submit I/O write requests. | + +#### libstorage_sync_read + +1. Prototype + + ```c + int32_t libstorage_sync_read(int fd, const void *buf, size_t nbytes, off_t offset); + ``` + +2. Description + + Delivers synchronous I/O read requests (the read buffer is a contiguous buffer). + +3. Parameters + + | Parameter | Description | + | -------------- | ------------------------------------------------------------ | + | int32_t fd | File descriptor of the block device. | + | void *buf | Buffer for I/O read data (four-byte aligned and cannot cross the 4 KB page boundary).
Note:
LBAs in extended mode must contain the metadata memory size. | + | size_t nbytes | Size of a single read I/O, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + | off64_t offset | Read offset of the LBA, in bytes (an integer multiple of **sector_size**).
Note:
Only the data size is included. LBAs in extended mode do not include the metadata size. | + +4. Return value + + | Return Value | Description | + | ------------ | --------------------------------------------- | + | 0 | I/O read requests are submitted successfully. | + | Other values | Failed to submit I/O read requests. | + +#### libstorage_open + +1. Prototype + + ```c + int32_t libstorage_open(const char* devfullname); + ``` + +2. Description + + Opens a block device. + +3. Parameters + + | Parameter | Description | + | ----------------------- | ---------------------------------------- | + | const char* devfullname | Block device name (format: **nvme0n1**). | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | -1 | Opening failed. For example, the device name is incorrect, or the number of opened FDs is greater than the number of available channels of the NVMe drive. | + | > 0 | File descriptor of the block device. | + + After the MultiQ function in **nvme.conf.in** is enabled, different FDs are returned if a thread opens the same device for multiple times. Otherwise, the same FD is returned. This attribute applies only to the NVMe device. + +#### libstorage_close + +1. Prototype + + ```c + int32_t libstorage_close(int32_t fd); + ``` + +2. Description + + Closes a block device. + +3. Parameters + + | Parameter | Description | + | ---------- | ------------------------------------------ | + | int32_t fd | File descriptor of an opened block device. | + +4. Return value + + | Return Value | Description | + | ------------ | ----------------------------------------------- | + | -1 | Invalid file descriptor. | + | -16 | The file descriptor is busy. Retry is required. | + | 0 | Close succeeded. | + +#### libstorage_mem_reserve + +1. Prototype + + ```c + void* libstorage_mem_reserve(size_t size, size_t align); + ``` + +2. Description + + Allocates memory space from the huge page memory reserved by the DPDK. + +3. Parameters + + | Parameter | Description | + | ------------ | ----------------------------------- | + | size_t size | Size of the memory to be allocated. | + | size_t align | Aligns allocated memory space. | + +4. Return value + + | Return Value | Description | + | ------------ | -------------------------------------- | + | NULL | Allocation failed. | + | Other values | Address of the allocated memory space. | + +#### libstorage_mem_free + +1. Prototype + + ```c + void libstorage_mem_free(void* ptr); + ``` + +2. Description + + Frees the memory space pointed to by **ptr**. + +3. Parameters + + | Parameter | Description | + | --------- | ---------------------------------------- | + | void* ptr | Address of the memory space to be freed. | + +4. Return value + + None. + +#### libstorage_alloc_io_buf + +1. Prototype + + ```c + void* libstorage_alloc_io_buf(size_t nbytes); + ``` + +2. Description + + Allocates memory from buf_small_pool or buf_large_pool of the SPDK. + +3. Parameters + + | Parameter | Description | + | ------------- | ----------------------------------- | + | size_t nbytes | Size of the buffer to be allocated. | + +4. Return value + + | Return Value | Description | + | ------------ | -------------------------------------- | + | Other values | Start address of the allocated buffer. | + +#### libstorage_free_io_buf + +1. Prototype + + ```c + int32_t libstorage_free_io_buf(void *buf, size_t nbytes); + ``` + +2. Description + + Frees the allocated memory to buf_small_pool or buf_large_pool of the SPDK. + +3. Parameters + + | Parameter | Description | + | ------------- | ---------------------------------------- | + | void *buf | Start address of the buffer to be freed. | + | size_t nbytes | Size of the buffer to be freed. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------ | + | -1 | Freeing failed. | + | 0 | Freeing succeeded. | + +#### libstorage_init_module + +1. Prototype + + ```c + int32_t libstorage_init_module(const char* cfgfile); + ``` + +2. Description + + Initializes the HSAK module. + +3. Parameters + + | Parameter | Description | + | ------------------- | ------------------------------------ | + | const char* cfgfile | Name of the HSAK configuration file. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------- | + | Other values | Initialization failed. | + | 0 | Initialization succeeded. | + +#### libstorage_exit_module + +1. Prototype + + ```c + int32_t libstorage_exit_module(void); + ``` + +2. Description + + Exits the HSAK module. + +3. Parameters + + None. + +4. Return value + + | Return Value | Description | + | ------------ | --------------------------------- | + | Other values | Failed to exit the cleanup. | + | 0 | Succeeded in exiting the cleanup. | + +#### LIBSTORAGE_REGISTER_DPDK_INIT_NOTIFY + +1. Prototype + + ```c + LIBSTORAGE_REGISTER_DPDK_INIT_NOTIFY(_name, _notify) + ``` + +2. Description + + Service layer registration function, which is used to register the callback function when the DPDK initialization is complete. + +3. Parameters + + | Parameter | Description | + | --------- | ------------------------------------------------------------ | + | _name | Name of a module at the service layer. | + | _notify | Prototype of the callback function registered at the service layer: **void (*notifyFunc)(const struct libstorage_dpdk_init_notify_arg *arg);** | + +4. Return value + + None + +### ublock.h + +#### init_ublock + +1. Prototype + + ```c + int init_ublock(const char *name, enum ublock_rpc_server_status flg); + ``` + +2. Description + + Initializes the Ublock module. This API must be called before other Ublock APIs. If the flag is set to **UBLOCK_RPC_SERVER_ENABLE**, that is, Ublock functions as the RPC server, the same process can be initialized only once. + + When Ublock is started as the RPC server, the monitor thread of a server is started at the same time. When the monitor thread detects that the RPC server thread is abnormal (for example, thread suspended), the monitor thread calls the exit function to trigger the process to exit. + + In this case, the product script is used to start the process again. + +3. Parameters + + | Parameter | Description | + | ------------------------------------ | ------------------------------------------------------------ | + | const char *name | Module name. The default value is **ublock**. You are advised to set this parameter to **NULL**. | + | enum ublock_rpc_server_status
flg | Whether to enable RPC. The value can be **UBLOCK_RPC_SERVER_DISABLE** or **UBLOCK_RPC_SERVER_ENABLE**.
If RPC is disabled and the drive is occupied by service processes, the Ublock module cannot obtain the drive information. | + +4. Return value + + | Return Value | Description | + | ------------- | ------------------------------------------------------------ | + | 0 | Initialization succeeded. | + | -1 | Initialization failed. Possible cause: The Ublock module has been initialized. | + | Process exits | Ublock considers that the following exceptions cannot be rectified and directly calls the exit API to exit the process:
- The RPC service needs to be created, but it fails to be created onsite.
- Failed to create a hot swap monitoring thread. | + +#### ublock_init + +1. Prototype + + ```c + #define ublock_init(name) init_ublock(name, UBLOCK_RPC_SERVER_ENABLE) + ``` + +2. Description + + It is the macro definition of the init_ublock API. It can be regarded as initializing Ublock into the required RPC service. + +3. Parameters + + | Parameter | Description | + | --------- | ------------------------------------------------------------ | + | name | Module name. The default value is **ublock**. You are advised to set this parameter to **NULL**. | + +4. Return value + + | Return Value | Description | + | ------------- | ------------------------------------------------------------ | + | 0 | Initialization succeeded. | + | -1 | Initialization failed. Possible cause: The Ublock RPC server module has been initialized. | + | Process exits | Ublock considers that the following exceptions cannot be rectified and directly calls the exit API to exit the process:
- The RPC service needs to be created, but it fails to be created onsite.
- Failed to create a hot swap monitoring thread. | + +#### ublock_init_norpc + +1. Prototype + + ```c + #define ublock_init_norpc(name) init_ublock(name, UBLOCK_RPC_SERVER_DISABLE) + ``` + +2. Description + + It is the macro definition of the init_ublock API and can be considered as initializing Ublock into a non-RPC service. + +3. Parameters + + | Parameter | Description | + | --------- | ------------------------------------------------------------ | + | name | Module name. The default value is **ublock**. You are advised to set this parameter to **NULL**. | + +4. Return value + + | Return Value | Description | + | ------------- | ------------------------------------------------------------ | + | 0 | Initialization succeeded. | + | -1 | Initialization failed. Possible cause: The Ublock client module has been initialized. | + | Process exits | Ublock considers that the following exceptions cannot be rectified and directly calls the exit API to exit the process:
- The RPC service needs to be created, but it fails to be created onsite.
- Failed to create a hot swap monitoring thread. | + +#### ublock_fini + +1. Prototype + + ```c + void ublock_fini(void); + ``` + +2. Description + + Destroys the Ublock module and internally created resources. This API must be used together with the Ublock initialization API. + +3. Parameters + + None. + +4. Return value + + None. + +#### ublock_get_bdevs + +1. Prototype + + ```c + int ublock_get_bdevs(struct ublock_bdev_mgr* bdev_list); + ``` + +2. Description + + Obtains the device list (all NVMe devices in the environment, including kernel-mode and user-mode drivers). The obtained NVMe device list contains only PCI addresses and does not contain specific device information. To obtain specific device information, call ublock_get_bdev. + +3. Parameters + + | Parameter | Description | + | --------------------------------- | ------------------------------------------------------------ | + | struct ublock_bdev_mgr* bdev_list | Output parameter, which returns the device queue. The **bdev_list** pointer must be allocated externally. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------ | + | 0 | The device queue is obtained successfully. | + | -2 | No NVMe device exists in the environment. | + | Other values | Failed to obtain the device list. | + +#### ublock_free_bdevs + +1. Prototype + + ```c + void ublock_free_bdevs(struct ublock_bdev_mgr* bdev_list); + ``` + +2. Description + + Releases a device list. + +3. Parameters + + | Parameter | Description | + | --------------------------------- | ------------------------------------------------------------ | + | struct ublock_bdev_mgr* bdev_list | Head pointer of the device queue. After the device queue is cleared, the **bdev_list** pointer is not released. | + +4. Return value + + None. + +#### ublock_get_bdev + +1. Prototype + + ```c + int ublock_get_bdev(const char *pci, struct ublock_bdev *bdev); + ``` + +2. Description + + Obtains information about a specific device. In the device information, the serial number, model, and firmware version of the NVMe device are saved as character arrays instead of character strings. (The return format varies depending on the drive controller, and the arrays may not end with 0.) + + After this API is called, the corresponding device is occupied by Ublock. Therefore, call ublock_free_bdev to free resources immediately after the required service operation is complete. + +3. Parameters + + | Parameter | Description | + | ------------------------ | ------------------------------------------------------------ | + | const char *pci | PCI address of the device whose information needs to be obtained. | + | struct ublock_bdev *bdev | Output parameter, which returns the device information. The **bdev** pointer must be allocated externally. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | The device information is obtained successfully. | + | -1 | Failed to obtain device information due to incorrect parameters. | + | -11(EAGAIN) | Failed to obtain device information due to the RPC query failure. A retry is required (3s sleep is recommended). | + +#### ublock_get_bdev_by_esn + +1. Prototype + + ```c + int ublock_get_bdev_by_esn(const char *esn, struct ublock_bdev *bdev); + ``` + +2. Description + + Obtains information about the device corresponding to an ESN. In the device information, the serial number, model, and firmware version of the NVMe device are saved as character arrays instead of character strings. (The return format varies depending on the drive controller, and the arrays may not end with 0.) + + After this API is called, the corresponding device is occupied by Ublock. Therefore, call ublock_free_bdev to free resources immediately after the required service operation is complete. + +3. Parameters + + | Parameter | Description | + | ------------------------ | ------------------------------------------------------------ | + | const char *esn | ESN of the device whose information is to be obtained.
Note:
An ESN is a string of a maximum of 20 characters (excluding the end character of the string), but the length may vary according to hardware vendors. For example, if the length is less than 20 characters, spaces are padded at the end of the character string. | + | struct ublock_bdev *bdev | Output parameter, which returns the device information. The **bdev** pointer must be allocated externally. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | The device information is obtained successfully. | + | -1 | Failed to obtain device information due to incorrect parameters. | + | -11(EAGAIN) | Failed to obtain device information due to the RPC query failure. A retry is required (3s sleep is recommended). | + +#### ublock_free_bdev + +1. Prototype + + ```c + void ublock_free_bdev(struct ublock_bdev *bdev); + ``` + +2. Description + + Frees device resources. + +3. Parameters + + | Parameter | Description | + | ------------------------ | ------------------------------------------------------------ | + | struct ublock_bdev *bdev | Pointer to the device information. After the data in the pointer is cleared, the **bdev** pointer is not freed. | + +4. Return value + + None. + +#### TAILQ_FOREACH_SAFE + +1. Prototype + + ```c + #define TAILQ_FOREACH_SAFE(var, head, field, tvar) + for ((var) = TAILQ_FIRST((head)); + (var) && ((tvar) = TAILQ_NEXT((var), field), 1); + (var) = (tvar)) + ``` + +2. Description + + Provides a macro definition for each member of the secure access queue. + +3. Parameters + + | Parameter | Description | + | --------- | ------------------------------------------------------------ | + | var | Queue node member on which you are performing operations. | + | head | Queue head pointer. Generally, it refers to the object address defined by **TAILQ_HEAD(xx, xx) obj**. | + | field | Name of the struct used to store the pointers before and after the queue in the queue node. Generally, it is the name defined by **TAILQ_ENTRY (xx) name**. | + | tvar | Next queue node member. | + +4. Return value + + None. + +#### ublock_get_SMART_info + +1. Prototype + + ```c + int ublock_get_SMART_info(const char *pci, uint32_t nsid, struct ublock_SMART_info *smart_info); + ``` + +2. Description + + Obtains the S.M.A.R.T. information of a specified device. + +3. Parameters + + | Parameter | Description | + | ------------------------------------ | ------------------------------------------------------------ | + | const char *pci | Device PCI address. | + | uint32_t nsid | Specified namespace. | + | struct ublock_SMART_info *smart_info | Output parameter, which returns the S.M.A.R.T. information of the device. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | The S.M.A.R.T. information is obtained successfully. | + | -1 | Failed to obtain S.M.A.R.T. information due to incorrect parameters. | + | -11(EAGAIN) | Failed to obtain S.M.A.R.T. information due to the RPC query failure. A retry is required (3s sleep is recommended). | + +#### ublock_get_SMART_info_by_esn + +1. Prototype + + ```c + int ublock_get_SMART_info_by_esn(const char *esn, uint32_t nsid, struct ublock_SMART_info *smart_info); + ``` + +2. Description + + Obtains the S.M.A.R.T. information of the device corresponding to an ESN. + +3. Parameters + + | Parameter | Description | + | --------------------------------------- | ------------------------------------------------------------ | + | const char *esn | Device ESN.
Note:
An ESN is a string of a maximum of 20 characters (excluding the end character of the string), but the length may vary according to hardware vendors. For example, if the length is less than 20 characters, spaces are padded at the end of the character string. | + | uint32_t nsid | Specified namespace. | + | struct ublock_SMART_info
*smart_info | Output parameter, which returns the S.M.A.R.T. information of the device. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | The S.M.A.R.T. information is obtained successfully. | + | -1 | Failed to obtain SMART information due to incorrect parameters. | + | -11(EAGAIN) | Failed to obtain S.M.A.R.T. information due to the RPC query failure. A retry is required (3s sleep is recommended). | + +#### ublock_get_error_log_info + +1. Prototype + + ```c + int ublock_get_error_log_info(const char *pci, uint32_t err_entries, struct ublock_nvme_error_info *errlog_info); + ``` + +2. Description + + Obtains the error log information of a specified device. + +3. Parameters + + | Parameter | Description | + | ------------------------------------------ | ------------------------------------------------------------ | + | const char *pci | Device PCI address. | + | uint32_t err_entries | Number of error logs to be obtained. A maximum of 256 error logs can be obtained. | + | struct ublock_nvme_error_info *errlog_info | Output parameter, which returns the error log information of the device. For the **errlog_info** pointer, the caller needs to apply for space and ensure that the obtained space is greater than or equal to err_entries x size of (struct ublock_nvme_error_info). | + +4. Return value + + | Return Value | Description | + | ------------------------------------------------------------ | ------------------------------------------------------------ | + | Number of obtained error logs. The value is greater than or equal to 0. | Error logs are obtained successfully. | + | -1 | Failed to obtain error logs due to incorrect parameters. | + | -11(EAGAIN) | Failed to obtain error logs due to the RPC query failure. A retry is required (3s sleep is recommended). | + +#### ublock_get_log_page + +1. Prototype + + ```c + int ublock_get_log_page(const char *pci, uint8_t log_page, uint32_t nsid, void *payload, uint32_t payload_size); + ``` + +2. Description + + Obtains information about a specified device and log page. + +3. Parameters + + | Parameter | Description | + | --------------------- | ------------------------------------------------------------ | + | const char *pci | Device PCI address. | + | uint8_t log_page | ID of the log page to be obtained. For example, **0xC0** and **0xCA** indicate the customized S.M.A.R.T. information of ES3000 V5 drives. | + | uint32_t nsid | Namespace ID. Some log pages support obtaining by namespace while some do not. If obtaining by namespace is not supported, the caller must transfer **0XFFFFFFFF**. | + | void *payload | Output parameter, which stores log page information. The caller is responsible for allocating memory. | + | uint32_t payload_size | Size of the applied payload, which cannot be greater than 4096 bytes. | + +4. Return value + + | Return Value | Description | + | ------------ | ---------------------------------------------------- | + | 0 | The log page is obtained successfully. | + | -1 | Failed to obtain error logs due to parameter errors. | + +#### ublock_info_get_pci_addr + +1. Prototype + + ```c + char *ublock_info_get_pci_addr(const void *info); + ``` + +2. Description + + Obtains the PCI address of the hot swap device. + + The memory occupied by info and the memory occupied by the returned PCI address do not need to be freed by the service process. + +3. Parameters + + | Parameter | Description | + | ---------------- | ------------------------------------------------------------ | + | const void *info | Hot swap event information transferred by the hot swap monitoring thread to the callback function. | + +4. Return value + + | Return Value | Description | + | ------------ | --------------------------------- | + | NULL | Failed to obtain the information. | + | Other values | Obtained PCI address. | + +#### ublock_info_get_action + +1. Prototype + + ```c + enum ublock_nvme_uevent_action ublock_info_get_action(const void *info); + ``` + +2. Description + + Obtains the type of the hot swap event. + + The memory occupied by info does not need to be freed by service process. + +3. Parameters + + | Parameter | Description | + | ---------------- | ------------------------------------------------------------ | + | const void *info | Hot swap event information transferred by the hot swap monitoring thread to the callback function. | + +4. Return value + + | Return Value | Description | + | -------------------------- | ------------------------------------------------------------ | + | Type of the hot swap event | Type of the event that triggers the callback function. For details, see the definition in **5.1.2.6 enum ublock_nvme_uevent_action**. | + +#### ublock_get_ctrl_iostat + +1. Prototype + + ```c + int ublock_get_ctrl_iostat(const char* pci, struct ublock_ctrl_iostat_info *ctrl_iostat); + ``` + +2. Description + + Obtains the I/O statistics of a controller. + +3. Parameters + + | Parameter | Description | + | ------------------------------------------- | ------------------------------------------------------------ | + | const char* pci | PCI address of the controller whose I/O statistics are to be obtained. | + | struct ublock_ctrl_iostat_info *ctrl_iostat | Output parameter, which returns I/O statistics. The **ctrl_iostat** pointer must be allocated externally. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------------------------ | + | 0 | Succeeded in obtaining I/O statistics. | + | -1 | Failed to obtain I/O statistics due to invalid parameters or RPC errors. | + | -2 | Failed to obtain I/O statistics because the NVMe drive is not taken over by the I/O process. | + | -3 | Failed to obtain I/O statistics because the I/O statistics function is disabled. | + +#### ublock_nvme_admin_passthru + +1. Prototype + + ```c + int32_t ublock_nvme_admin_passthru(const char *pci, void *cmd, void *buf, size_t nbytes); + ``` + +2. Description + + Transparently transmits the **nvme admin** command to the NVMe device. Currently, only the **nvme admin** command for obtaining the identify parameter is supported. + +3. Parameters + + | Parameter | Description | + | --------------- | ------------------------------------------------------------ | + | const char *pci | PCI address of the destination controller of the **nvme admin** command. | + | void *cmd | Pointer to the **nvme admin** command struct. The struct size is 64 bytes. For details, see the NVMe specifications. Currently, only the command for obtaining the identify parameter is supported. | + | void *buf | Saves the output of the **nvme admin** command. The space is allocated by users and the size is expressed in nbytes. | + | size_t nbytes | Size of the user buffer. The buffer for the identify parameter is 4096 bytes, and that for the command to obtain the identify parameter is 4096 nbytes. | + +4. Return value + + | Return Value | Description | + | ------------ | ------------------------------------------ | + | 0 | The user command is executed successfully. | + | -1 | Failed to execute the user command. | + +# Appendixes + +## GENERIC + +Generic Error Code Reference + +| sc | value | +| ------------------------------------------ | ----- | +| NVME_SC_SUCCESS | 0x00 | +| NVME_SC_INVALID_OPCODE | 0x01 | +| NVME_SC_INVALID_FIELD | 0x02 | +| NVME_SC_COMMAND_ID_CONFLICT | 0x03 | +| NVME_SC_DATA_TRANSFER_ERROR | 0x04 | +| NVME_SC_ABORTED_POWER_LOSS | 0x05 | +| NVME_SC_INTERNAL_DEVICE_ERROR | 0x06 | +| NVME_SC_ABORTED_BY_REQUEST | 0x07 | +| NVME_SC_ABORTED_SQ_DELETION | 0x08 | +| NVME_SC_ABORTED_FAILED_FUSED | 0x09 | +| NVME_SC_ABORTED_MISSING_FUSED | 0x0a | +| NVME_SC_INVALID_NAMESPACE_OR_FORMAT | 0x0b | +| NVME_SC_COMMAND_SEQUENCE_ERROR | 0x0c | +| NVME_SC_INVALID_SGL_SEG_DESCRIPTOR | 0x0d | +| NVME_SC_INVALID_NUM_SGL_DESCIRPTORS | 0x0e | +| NVME_SC_DATA_SGL_LENGTH_INVALID | 0x0f | +| NVME_SC_METADATA_SGL_LENGTH_INVALID | 0x10 | +| NVME_SC_SGL_DESCRIPTOR_TYPE_INVALID | 0x11 | +| NVME_SC_INVALID_CONTROLLER_MEM_BUF | 0x12 | +| NVME_SC_INVALID_PRP_OFFSET | 0x13 | +| NVME_SC_ATOMIC_WRITE_UNIT_EXCEEDED | 0x14 | +| NVME_SC_OPERATION_DENIED | 0x15 | +| NVME_SC_INVALID_SGL_OFFSET | 0x16 | +| NVME_SC_INVALID_SGL_SUBTYPE | 0x17 | +| NVME_SC_HOSTID_INCONSISTENT_FORMAT | 0x18 | +| NVME_SC_KEEP_ALIVE_EXPIRED | 0x19 | +| NVME_SC_KEEP_ALIVE_INVALID | 0x1a | +| NVME_SC_ABORTED_PREEMPT | 0x1b | +| NVME_SC_SANITIZE_FAILED | 0x1c | +| NVME_SC_SANITIZE_IN_PROGRESS | 0x1d | +| NVME_SC_SGL_DATA_BLOCK_GRANULARITY_INVALID | 0x1e | +| NVME_SC_COMMAND_INVALID_IN_CMB | 0x1f | +| NVME_SC_LBA_OUT_OF_RANGE | 0x80 | +| NVME_SC_CAPACITY_EXCEEDED | 0x81 | +| NVME_SC_NAMESPACE_NOT_READY | 0x82 | +| NVME_SC_RESERVATION_CONFLICT | 0x83 | +| NVME_SC_FORMAT_IN_PROGRESS | 0x84 | + +## COMMAND_SPECIFIC + +Error Code Reference for Specific Commands + +| sc | value | +| ------------------------------------------ | ----- | +| NVME_SC_COMPLETION_QUEUE_INVALID | 0x00 | +| NVME_SC_INVALID_QUEUE_IDENTIFIER | 0x01 | +| NVME_SC_MAXIMUM_QUEUE_SIZE_EXCEEDED | 0x02 | +| NVME_SC_ABORT_COMMAND_LIMIT_EXCEEDED | 0x03 | +| NVME_SC_ASYNC_EVENT_REQUEST_LIMIT_EXCEEDED | 0x05 | +| NVME_SC_INVALID_FIRMWARE_SLOT | 0x06 | +| NVME_SC_INVALID_FIRMWARE_IMAGE | 0x07 | +| NVME_SC_INVALID_INTERRUPT_VECTOR | 0x08 | +| NVME_SC_INVALID_LOG_PAGE | 0x09 | +| NVME_SC_INVALID_FORMAT | 0x0a | +| NVME_SC_FIRMWARE_REQ_CONVENTIONAL_RESET | 0x0b | +| NVME_SC_INVALID_QUEUE_DELETION | 0x0c | +| NVME_SC_FEATURE_ID_NOT_SAVEABLE | 0x0d | +| NVME_SC_FEATURE_NOT_CHANGEABLE | 0x0e | +| NVME_SC_FEATURE_NOT_NAMESPACE_SPECIFIC | 0x0f | +| NVME_SC_FIRMWARE_REQ_NVM_RESET | 0x10 | +| NVME_SC_FIRMWARE_REQ_RESET | 0x11 | +| NVME_SC_FIRMWARE_REQ_MAX_TIME_VIOLATION | 0x12 | +| NVME_SC_FIRMWARE_ACTIVATION_PROHIBITED | 0x13 | +| NVME_SC_OVERLAPPING_RANGE | 0x14 | +| NVME_SC_NAMESPACE_INSUFFICIENT_CAPACITY | 0x15 | +| NVME_SC_NAMESPACE_ID_UNAVAILABLE | 0x16 | +| NVME_SC_NAMESPACE_ALREADY_ATTACHED | 0x18 | +| NVME_SC_NAMESPACE_IS_PRIVATE | 0x19 | +| NVME_SC_NAMESPACE_NOT_ATTACHED | 0x1a | +| NVME_SC_THINPROVISIONING_NOT_SUPPORTED | 0x1b | +| NVME_SC_CONTROLLER_LIST_INVALID | 0x1c | +| NVME_SC_DEVICE_SELF_TEST_IN_PROGRESS | 0x1d | +| NVME_SC_BOOT_PARTITION_WRITE_PROHIBITED | 0x1e | +| NVME_SC_INVALID_CTRLR_ID | 0x1f | +| NVME_SC_INVALID_SECONDARY_CTRLR_STATE | 0x20 | +| NVME_SC_INVALID_NUM_CTRLR_RESOURCES | 0x21 | +| NVME_SC_INVALID_RESOURCE_ID | 0x22 | +| NVME_SC_CONFLICTING_ATTRIBUTES | 0x80 | +| NVME_SC_INVALID_PROTECTION_INFO | 0x81 | +| NVME_SC_ATTEMPTED_WRITE_TO_RO_PAGE | 0x82 | + +## MEDIA_DATA_INTERGRITY_ERROR + +Error Code Reference for Medium Exceptions + +| sc | value | +| -------------------------------------- | ----- | +| NVME_SC_WRITE_FAULTS | 0x80 | +| NVME_SC_UNRECOVERED_READ_ERROR | 0x81 | +| NVME_SC_GUARD_CHECK_ERROR | 0x82 | +| NVME_SC_APPLICATION_TAG_CHECK_ERROR | 0x83 | +| NVME_SC_REFERENCE_TAG_CHECK_ERROR | 0x84 | +| NVME_SC_COMPARE_FAILURE | 0x85 | +| NVME_SC_ACCESS_DENIED | 0x86 | +| NVME_SC_DEALLOCATED_OR_UNWRITTEN_BLOCK | 0x87 | diff --git a/docs/en/server/memory_storage/hsak/hsak_developer_guide.md b/docs/en/server/memory_storage/hsak/hsak_developer_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..3aa9395bc75c6e693f79546e17b4afb67da59159 --- /dev/null +++ b/docs/en/server/memory_storage/hsak/hsak_developer_guide.md @@ -0,0 +1,47 @@ +# HSAK Developer Guide + +## Overview + +As the performance of storage media such as NVMe SSDs and SCMs is continuously improved, the latency overhead of the media layer in the I/O stack continuously reduces, and the overhead of the software stack becomes a bottleneck. Therefore, the kernel I/O data plane needs to be reconstructed to reduce the overhead of the software stack. HSAK provides a high-bandwidth and low-latency I/O software stack for new storage media, which reduces the overhead by more than 50% compared with the traditional I/O software stack. +The HSAK user-mode I/O engine is developed based on the open-source SPDK. + +1. A unified interface is provided for external systems to shield the differences between open-source interfaces. +2. Enhanced I/O data plane features are added, such as DIF, drive formatting, batch I/O delivery, trim, and dynamic drive addition and deletion. +3. Features such as drive device management, drive I/O monitoring, and maintenance and test tools are provided. + +## Compilation Tutorial + +1. Download the HSAK source code. + + ```shell + git clone + ``` + +2. Install the compilation and running dependencies. + + The compilation and running of HSAK depend on components such as Storage Performance Development Kit (SPDK), Data Plane Development Kit (DPDK), and libboundscheck. + +3. Start the compilation. + + ```shell + cd hsak + mkdir build + cd build + cmake .. + make + ``` + +## Precautions + +### Constraints + +- A maximum of 512 NVMe devices can be used and managed on the same machine. +- When HSAK is enabled to execute I/O-related services, ensure that the system has at least 500 MB continuous idle huge page memory. +- Before enabling the user-mode I/O component to execute services, ensure that the drive management component (Ublock) has been enabled. +- When the drive management component (Ublock) is enabled to execute services, ensure that the system has sufficient continuous idle memory. Each time the Ublock component is initialized, 20 MB huge page memory is allocated. +- Before HSAK is run, **setup.sh** is called to configure huge page memory and unbind the kernel-mode driver of the NVMe device. +- Other interfaces provided by the HSAK module can be used only after libstorage_init_module is successfully executed. Each process can call libstorage_init_module only once. +- After the libstorage_exit_module function is executed, other interfaces provided by HSAK cannot be used. In multi-thread scenarios, exit HSAK after all threads end. +- Only one service can be started for the HSAK Ublock component on a server and supports concurrent access of a maximum of 64 Ublock clients. The Ublock server can process a maximum of 20 client requests per second. +- The HSAK Ublock component must be started earlier than the data plane I/O component and Ublock clients. The command line tool provided by HSAK can be executed only after the Ublock server is started. +- Do not register the function for processing the SIGBUS signal. SPDK has an independent processing function for the signal. If the processing function is overwritten, the registered signal processing function becomes invalid and a core dump occurs. diff --git a/docs/en/server/memory_storage/hsak/hsak_tools_usage.md b/docs/en/server/memory_storage/hsak/hsak_tools_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..342c01a55218a6290565e29f403e1249bb3120f6 --- /dev/null +++ b/docs/en/server/memory_storage/hsak/hsak_tools_usage.md @@ -0,0 +1,123 @@ +# Command-Line Interface + +## Command for Querying Drive Information + +### Format + +```shell +libstorage-list [] [] +``` + +### Parameters + +- *commands*: Only **help** is available. **libstorage-list help** is used to display the help information. + +- *device*: specifies the PCI address. The format is **0000:09:00.0**. Multiple PCI addresses are allowed and separated by spaces. If no specific PCI address is set, the command line lists all enumerated device information. + +### Precautions + +- The fault injection function applies only to development, debugging, and test scenarios. Do not use this function on live networks. Otherwise, service and security risks may occur. + +- Before running this command, ensure that the management component (Ublock) server has been started, and the user-mode I/O component (UIO) has not been started or has been correctly started. + +- Drives that are not occupied by the Ublock or UIO component will be occupied during the command execution. If the Ublock or UIO component attempts to obtain the drive control permission, a storage device access conflict may occur. As a result, the command execution fails. + +## Command for Switching Drivers for Drives + +### Format + +```shell +libstorage-shutdown reset [ ...] +``` + +### Parameters + +- **reset**: switches the UIO driver to the kernel-mode driver for a specific drive. + +- *device*: specifies the PCI address, for example, **0000:09:00.0**. Multiple PCI addresses are allowed and separated by spaces. + +### Precautions + +- The **libstorage-shutdown reset** command is used to switch a drive from the user-mode UIO driver to the kernel-mode NVMe driver. + +- Before running this command, ensure that the Ublock server has been started, and the UIO component has not been started or has been correctly started. + +- The **libstoage-shutdown reset** command is risky. Before switching to the NVMe driver, ensure that the user-mode instance has stopped delivering I/Os to the NVMe device, all FDs on the NVMe device have been disabled, and the instance that accesses the NVMe device has exited. + +## Command for Obtaining I/O Statistics + +### Format + +```shell +libstorage-iostat [-t ] [-i ] [-d ] +``` + +### Parameters + +- -**t**: interval, in seconds. The value ranges from 1 to 3600. This parameter is of the int type. If the input parameter value exceeds the upper limit of the int type, the value is truncated to a negative or positive number. + +- -**i**: number of collection times. The minimum value is **1** and the maximum value is *MAX_INT*. If this parameter is not set, information is collected at an interval by default. This parameter is of the int type. If the input parameter value exceeds the upper limit of the int type, the value is truncated to a negative or positive number. + +- -**d**: name of a block device (for example, **nvme0n1**, which depends on the controller name configured in **/etc/spdk/nvme.conf.in**). You can use this parameter to collect performance data of one or more specified devices. If this parameter is not set, performance data of all detected devices is collected. + +### Precautions + +- The I/O statistics configuration is enabled. + +- The process has delivered I/O operations to the drive whose performance information needs to be queried through the UIO component. + +- If no device in the current environment is occupied by service processes to deliver I/Os, the command exits after the message "You cannot get iostat info for nvme device no deliver io" is displayed. + +- When multiple queues are enabled on a drive, the I/O statistics tool summarizes the performance data of multiple queues on the drive and outputs the data in a unified manner. + +- The I/O statistics tool supports data records of a maximum of 8192 drive queues. + +- The I/O statistics are as follows: + + | Device | r/s | w/s | rKB/s | wKB/s | avgrq-sz | avgqu-sz | r_await | w_await | await | svctm | util% | poll-n | + | ----------- | ------------------------------ | ------------------------------- | ----------------------------------- | ------------------------------------ | -------------------------------------- | -------------------------- | --------------------- | ---------------------- | ------------------------------- | --------------------------------------- | ------------------ | -------------------------- | + | Device name | Number of read I/Os per second | Number of write I/Os per second | Number of read I/O bytes per second | Number of write I/O bytes per second | Average size of delivered I/Os (bytes) | I/O depth of a drive queue | I/O read latency (μs) | I/O write latency (μs) | Average read/write latency (μs) | Processing latency of a single I/O (μs) | Device utilization | Number of polling timeouts | + +## Commands for Drive Read/Write Operations + +### Format + +```shell +libstorage-rw [OPTIONS...] +``` + +### Parameters + +1. **COMMAND** parameters + + - **read**: reads a specified logical block from the device to the data buffer (standard output by default). + + - **write**: writes data in a data buffer (standard input by default) to a specified logical block of the NVMe device. + + - **help**: displays the help information about the command line. + +2. **device**: specifies the PCI address, for example, **0000:09:00.0**. + +3. **OPTIONS** parameters + + - **--start-block, -s**: indicates the 64-bit start address of the logical block to be read or written. The default value is **0**. + + - **--block-count, -c**: indicates the number of the logical blocks to be read or written (counted from 0). + + - **--data-size, -z**: indicates the number of bytes of the data to be read or written. + + - **--namespace-id, -n**: indicates the namespace ID of the device. The default value is **1**. + + - **--data, -d**: indicates the data file used for read and write operations (The read data is saved during read operations and the written data is provided during write operations.) + + - **--limited-retry, -l**: indicates that the device controller restarts for a limited number of times to complete device read and write operations. + + - **--force-unit-access, -f**: ensures that read and write operations are completed from the nonvolatile media before the instruction is completed. + + - **--show-command, -v**: displays instruction information before sending a read/write command. + + - **--dry-run, -w**: displays only information about read and write instructions but does not perform actual read and write operations. + + - **--latency. -t**: collects statistics on the end-to-end read and write latency of the CLI. + + - **--help, -h**: displays the help information about related commands. diff --git a/docs/en/server/memory_storage/lvm/_toc.yaml b/docs/en/server/memory_storage/lvm/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..485edd8b46df64bd312ff44f85b817b35b676552 --- /dev/null +++ b/docs/en/server/memory_storage/lvm/_toc.yaml @@ -0,0 +1,6 @@ +label: Logical Volume Configuration and Management +isManual: true +description: Use LVM to manage drives. +sections: + - label: Managing Drives Through LVM + href: ./managing_drives_through_lvm.md diff --git a/docs/en/server/memory_storage/lvm/managing_drives_through_lvm.md b/docs/en/server/memory_storage/lvm/managing_drives_through_lvm.md new file mode 100644 index 0000000000000000000000000000000000000000..47bcf594b27d2b71c806aa5269edc79c37eb2bf1 --- /dev/null +++ b/docs/en/server/memory_storage/lvm/managing_drives_through_lvm.md @@ -0,0 +1,543 @@ +# Managing Drives Through LVM + +## LVM Overview + +Logical Volume Manager \(LVM\) is a mechanism used for managing drive partitions in Linux. By adding a logical layer between drives and file systems, LVM shields the drive partition layout for file systems, thereby improving flexibility in managing drive partitions. + +The procedure of managing a drive through LVM is as follows: + +1. Create physical volumes for a drive. +2. Combine several physical volumes into a volume group. +3. Create logical volumes in the volume group. +4. Create file systems on logical volumes. + +When drives are managed using LVM, file systems are distributed on multiple drives and can be easily resized as needed. Therefore, file system space will no longer be limited by drive capacities. + +### Basic Terms + +- Physical media: refers to physical storage devices in the system, such as drives \(**/dev/hda** and **/dev/sda**\). It is the storage unit at the lowest layer of the storage system. + +- Physical volume \(PV\): refers to a drive partition or device \(such as a RAID\) that has the same logical functions as a drive partition. PVs are basic logical storage blocks of LVM. A PV contains a special label that is stored in the second 512-byte sector by default. It can also be stored in one of the first four sectors. A label contains the universal unique identifier \(UUID\) of the PV, size of the block device, and the storage location of LVM metadata in the device. + +- Volume group \(VG\): consists of PVs and shields the details of underlying PVs. You can create one or more logical volumes within a VG without considering detailed PV information. + +- Logical volume \(LV\): A VG cannot be used directly. It can be used only after being partitioned into LVs. LVs can be formatted into different file systems and can be directly used after being mounted. + +- Physical extent \(PE\): A PE is a small storage unit in a PV. The PE size is the same as the size of the logical extent in the VG. + +- Logical extent \(LE\): An LE is a small storage unit in an LV. In one VG, the LEs of all the LVs have the same size. + +## Installing the LVM + +> [!NOTE]NOTE +> The LVM has been installed on the openEuler OS by default. You can run the **rpm -qa | grep lvm2** command to check whether it is installed. If the command output contains "lvm2", the LVM has been installed. In this case, skip this section. If no information is output, the LVM is not installed. Install it by referring to this section. + +1. Configure the local yum source. For details, see [Configuring the Repo Server](../../administration/administrator/configuring_the_repo_server.md). +2. Clear the cache. + + ```bash + dnf clean all + ``` + +3. Create a cache. + + ```bash + dnf makecache + ``` + +4. Install the LVM as the **root** user. + + ```bash + dnf install lvm2 + ``` + +5. Check the installed RPM package. + + ```bash + rpm -qa | grep lvm2 + ``` + +## Managing PVs + +### Creating a PV + +Run the **pvcreate** command as the **root** user to create a PV. + +```bash +pvcreate [option] devname ... +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly creates a PV without user confirmation. + - **-u**: specifies the UUID of the device. + - **-y**: answers yes to all questions. + +- _devname_: specifies the name of the device corresponding to the PV to be created. If multiple PVs need to be created in batches, set this option to multiple device names and separate the names with spaces. + +Example 1: Create PVs based on **/dev/sdb** and **/dev/sdc**. + +```bash +pvcreate /dev/sdb /dev/sdc +``` + +Example 2: Create PVs based on **/dev/sdb1** and **/dev/sdb2**. + +```bash +pvcreate /dev/sdb1 /dev/sdb2 +``` + +### Viewing a PV + +Run the **pvdisplay** command as the **root** user to view PV information, including PV name, VG to which the PV belongs, PV size, PE size, total number of PEs, number of available PEs, number of allocated PEs, and UUID. + +```bash +pvdisplay [option] devname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-s**: outputs information in short format. + - **-m**: displays the mapping from PEs to LEs. + +- _devname_: indicates the device corresponding to the PV to be viewed. If no PVs are specified, information about all PVs is displayed. + +Example: Run the following command to display the basic information about the PV **/dev/sdb**: + +```bash +pvdisplay /dev/sdb +``` + +### Modifying PV Attributes + +Run the **pvchange** command as the **root** user to modify the attributes of a PV. + +```bash +pvchange [option] pvname ... +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-u**: generates a new UUID. + - **-x**: indicates whether PE allocation is allowed. + +- _pvname_: specifies the name of the device corresponding to the PV to be modified. If multiple PVs need to be modified in batches, set this option to multiple device names and separate the names with spaces. + +Example: Run the following command to prohibit PEs on the PV **/dev/sdb** from being allocated. Running `pvdisplay` for a PV that is not added to a VG will return the **Allocatable** attribute with the value **NO**. You need to add the PV to a VG before you can change the attribute. + +```bash +pvchange -x n /dev/sdb +``` + +### Deleting a PV + +Run the **pvremove** command as the **root** user to delete a PV. + +```bash +pvremove [option] pvname ... +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly deletes a PV without user confirmation. + - **-y**: answers yes to all questions. + +- _pvname_: specifies the name of the device corresponding to the PV to be deleted. If multiple PVs need to be deleted in batches, set this option to multiple device names and separate the names with spaces. + +Example: Run the following command to delete the PV **/dev/sdb**. If the PV has been added to a VG, you need to delete the VG or remove the PV from the VG in advance. + +```bash +pvremove /dev/sdb +``` + +## Managing VGs + +### Creating a VG + +Run the **vgcreate** command as the **root** user to create a VG. + +```bash +vgcreate [option] vgname pvname ... +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-l**: specifies the maximum number of LVs that can be created on the VG. + - **-p**: specifies the maximum number of PVs that can be added to the VG. + - **-s**: specifies the PE size of a PV in the VG. + +- _vgname_: name of the VG to be created. +- _pvname_: name of the PV to be added to the VG. + +Example: Run the following command to create VG **vg1** and add the PVs **/dev/sdb** and **/dev/sdc** to the VG. + +```bash +vgcreate vg1 /dev/sdb /dev/sdc +``` + +### Viewing a VG + +Run the **vgdisplay** command as the **root** user to view VG information. + +```bash +vgdisplay [option] [vgname] +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-s**: outputs information in short format. + - **-A**: displays only attributes of active VGs. + +- _vgname_: name of the VG to be viewed. If no VGs are specified, information about all VGs is displayed. + +Example: Run the following command to display the basic information about VG **vg1**: + +```bash +vgdisplay vg1 +``` + +### Modifying VG Attributes + +Run the **vgchange** command as the **root** user to modify the attributes of a VG. + +```bash +vgchange [option] vgname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-a**: sets the active status of the VG. + +- _vgname_: name of the VG whose attributes are to be modified. + +Example: Run the following command to change the status of **vg1** to active. + +```bash +vgchange -ay vg1 +``` + +### Extending a VG + +Run the **vgextend** command as the **root** user to dynamically extend a VG. In this way, the VG size is extended by adding PVs to the VG. + +```bash +vgextend [option] vgname pvname ... +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **dev**: debugging mode. + - **-t**: test only. + +- _vgname_: name of the VG whose size is to be extended. +- _pvname_: name of the PV to be added to the VG. + +Example: Run the following command to add PV **/dev/sdb** to VG **vg1**: + +```bash +vgextend vg1 /dev/sdb +``` + +### Shrinking a VG + +Run the **vgreduce** command as the **root** user to delete PVs from a VG to reduce the VG size. A VG must contain at least one PV. + +```bash +vgreduce [option] vgname pvname ... +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-a**: If no PVs are specified in the command, all empty PVs are deleted. + - **\-\-removemissing**: deletes lost PVs in the VG to restore the VG to the normal state. + +- _vgname_: name of the VG to be shrunk. +- _pvname_: name of the PV to be deleted from the VG. + +Example: Run the following command to remove PV **/dev/sdb2** from VG **vg1**: + +```bash +vgreduce vg1 /dev/sdb2 +``` + +### Deleting a VG + +Run the **vgremove** command as the **root** user to delete a VG. + +```bash +vgremove [option] vgname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly deletes a VG without user confirmation. + +- _vgname_: name of the VG to be deleted. + +Example: Run the following command to delete VG **vg1**. + +```bash +vgremove vg1 +``` + +## Managing LVs + +### Creating an LV + +Run the **lvcreate** command as the **root** user to create an LV. + +```bash +lvcreate [option] vgname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-n**: specifies the name of the LV to be created. + - **-s**: creates a snapshot. + +- _vgname_: name of the VG to be created. + +Example 1: Run the following command to create a 10 GB LV in VG **vg1**. The default LV name is **lvo10**. + +```bash +lvcreate -L 10G vg1 +``` + +Example 2: Run the following command to create a 200 MB LV in VG **vg1** and name the LV **lv1**. + +```bash +lvcreate -L 200M -n lv1 vg1 +``` + +### Viewing an LV + +Run the **lvdisplay** command as the **root** user to view the LV information, including the size of the LV, its read and write status, and snapshot information. + +```bash +lvdisplay [option] [lvname] +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-v**: displays the mapping from LEs to PEs. + +- _lvname_: device file corresponding to the LV whose attributes are to be displayed. If this option is not set, attributes of all LVs are displayed. + + > [!NOTE]NOTE + > Device files corresponding to LVs are stored in the VG directory. For example, if LV **lv1** is created in VG **vg1**, the device file corresponding to **lv1** is **/dev/vg1/lv1**. + +Example: Run the following command to display the basic information about LV **lv1**: + +```bash +lvdisplay /dev/vg1/lv1 +``` + +### Adjusting the LV Size + +Run the **lvresize** command as the **root** user to increase or reduce the size of an LVM LV. This may cause data loss. Therefore, exercise caution when running this command. + +```bash +lvresize [option] vgname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-f**: forcibly adjusts the size of the LV without user confirmation. + +- _lvname_: name of the LV to be adjusted. + +Example 1: Run the following command to increase the size of LV **/dev/vg1/lv1** by 200 MB. + +```bash +lvresize -L +200 /dev/vg1/lv1 +``` + +Example 2: Run the following command to reduce the size of LV **/dev/vg1/lv1** by 200 MB. + +```bash +lvresize -L -200 /dev/vg1/lv1 +``` + +### Extending an LV + +Run the **lvextend** command as the **root** user to dynamically extend the size of an LV online without interrupting the access of applications to the LV. + +```bash +lvextend [option] lvname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-f**: forcibly adjusts the size of the LV without user confirmation. + +- _lvname_: device file of the LV whose size is to be extended. + +Example: Run the following command to increase the size of LV **/dev/vg1/lv1** by 100 MB. + +```bash +lvextend -L +100M /dev/vg1/lv1 +``` + +### Shrinking an LV + +Run the **lvreduce** command as the **root** user to reduce the size of an LV. This may delete existing data on the LV. Therefore, confirm whether the data can be deleted before running the command. + +```bash +lvreduce [option] lvname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-f**: forcibly adjusts the size of the LV without user confirmation. + +- _lvname_: device file of the LV whose size is to be extended. + +Example: Run the following command to reduce the space of LV **/dev/vg1/lvl** by 100 MB: + +```bash +lvreduce -L -100M /dev/vg1/lv1 +``` + +### Deleting an LV + +Run the **lvremove** command as the **root** user to delete an LV. If the LV has been mounted by running the **mount** command, you need to run the **umount** command to unmount the LV before running the **lvremove** command. + +```bash +lvremove [option] lvname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly deletes an LV without user confirmation. + +- _lvname_: device name of the LV to be deleted. + +Example: Run the following command to delete LV **/dev/vg1/lv1**. + +```bash +lvremove /dev/vg1/lv1 +``` + +## Creating and Mounting a File System + +After creating an LV, you need to create a file system on the LV and mount the file system to the corresponding directory. + +### Creating a File System + +Run the **mkfs** command as the **root** user to create a file system. + +```bash +mkfs [option] lvname +``` + +In the preceding information: + +- _option_: command parameter options. Common parameter options are as follows: + - **-t**: specifies the type of the Linux file system to be created, such as **ext2**, **ext3**, and **ext4**. The default type is **ext2**. + +- _lvname_: name of the LV device file corresponding to the file system to be created. + +Example: Run the following command to create the **ext4** file system on LV **/dev/vg1/lv1**: + +```bash +mkfs -t ext4 /dev/vg1/lv1 +``` + +### Manually Mounting a File System + +The file system that is manually mounted is not valid permanently. It does not exist after the OS is restarted. + +Run the **mount** command as the **root** user to mount a file system. + +```bash +mount lvname mntpath +``` + +In the preceding information: + +- _lvname_: name of the LV device file corresponding to the file system to be mounted. +- _mntpath_: mount path. + +Example: Run the following command to mount LV **/dev/vg1/lv1** to the directory **/mnt/data**. + +```bash +mount /dev/vg1/lv1 /mnt/data +``` + +### Automatically Mounting a File System + +A file system that is automatically mounted does not exist after the OS is restarted. You need to manually mount the file system again. If you perform the following steps as the **root** user after manually mounting the file system, the file system can be automatically mounted after the OS is restarted. + +1. Run the **blkid** command to query the UUID of an LV. The following uses LV **/dev/vg1/lv1** as an example: + + ```bash + blkid /dev/vg1/lv1 + ``` + + Check the command output. It contains the following information in which _uuidnumber_ is a string of digits, indicating the UUID, and _fstype_ indicates the file system type. + + /dev/vg1/lv1: UUID=" _uuidnumber_ " TYPE=" _fstype_ " + +2. Run the **vi /etc/fstab** command to edit the **fstab** file and add the following content to the end of the file: + + ```vim + UUID=uuidnumber mntpath fstype defaults 0 0 + ``` + + In the preceding information: + + - Column 1: indicates the UUID. Enter _uuidnumber_ obtained in [1](#li65701520154311). + - Column 2: indicates the mount directory of the file system. Replace _mntpath_ with the actual value. + - Column 3: indicates the file system format. Enter _fstype_ obtained in [1](#li65701520154311). + - Column 4: indicates the mount option. In this example, **defaults** is used. + - Column 5: indicates the backup option. Enter either **1** \(the system automatically backs up the file system\) or **0** \(the system does not back up the file system\). In this example, **0** is used. + - Column 6: indicates the scanning option. Enter either **1** \(the system automatically scans the file system during startup\) or **0** \(the system does not scan the file system\). In this example, **0** is used. + +3. Verify the automatic mounting function. + 1. Run the **umount** command to unmount the file system. The following uses LV **/dev/vg1/lv1** as an example: + + ```bash + umount /dev/vg1/lv1 + ``` + + 2. Run the following command to reload all content in the **/etc/fstab** file: + + ```bash + mount -a + ``` + + 3. Run the following command to query the file system mounting information \(**/mnt/data** is used as an example\): + + ```bash + mount | grep /mnt/data + ``` + + Check the command output. If the command output contains the following information, the automatic mounting function takes effect: + + ```text + /dev/vg1/lv1 on /mnt/data + ``` diff --git a/docs/en/server/memory_storage/lvm/public_sys-resources/icon-caution.gif b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/memory_storage/lvm/public_sys-resources/icon-danger.gif b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/memory_storage/lvm/public_sys-resources/icon-note.gif b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/memory_storage/lvm/public_sys-resources/icon-notice.gif b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/memory_storage/lvm/public_sys-resources/icon-tip.gif b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/memory_storage/lvm/public_sys-resources/icon-warning.gif b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/memory_storage/lvm/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/network/gazelle/_toc.yaml b/docs/en/server/network/gazelle/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f0c1cd5f3f4d7f981d52a1b3d3b414673d474dd3 --- /dev/null +++ b/docs/en/server/network/gazelle/_toc.yaml @@ -0,0 +1,6 @@ +label: Gazelle User Guide +isManual: true +description: Improved network I/O throughput for applications +sections: + - label: Gazelle User Guide + href: ./gazelle_user_guide.md diff --git a/docs/en/server/network/gazelle/gazelle_user_guide.md b/docs/en/server/network/gazelle/gazelle_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..66d26ad648dad56512ad4de4d2e89059b06e5da8 --- /dev/null +++ b/docs/en/server/network/gazelle/gazelle_user_guide.md @@ -0,0 +1,285 @@ +# Gazelle User Guide + +## Overview + +Gazelle is a high-performance user-mode protocol stack. It directly reads and writes NIC packets in user mode based on DPDK and transmit the packets through shared hugepage memory, and uses the LwIP protocol stack. Gazelle greatly improves the network I/O throughput of applications and accelerates the network for the databases, such as MySQL and Redis. + +- High Performance + Zero-copy and lock-free packets that can be flexibly scaled out and scheduled adaptively. +- Universality + Compatible with POSIX without modification, and applicable to different types of applications. + +In the single-process scenario where the NIC supports multiple queues, use **liblstack.so** only to shorten the packet path. + +## Installation + +Configure the Yum source of openEuler and run the`yum` command to install Gazelle. + +```sh +yum install dpdk +yum install libconfig +yum install numactl +yum install libboundscheck +yum install libpcap +yum install gazelle +``` + +> NOTE: +> The version of dpdk must be 21.11-2 or later. + +## How to Use + +To configure the operating environment and use Gazelle to accelerate applications, perform the following steps: + +### 1. Installing the .ko File as the root User + +Install the .ko files based on the site requirements to bind NICs to the user-mode driver. + +Bind the NIC from the kernel driver to the user-mode driver. Choose one of the following .ko files based on the site requirements. + +```sh +#If the IOMMU is available +modprobe vfio-pci + +#If the IOMMU is not available and the VFIO supports the no-IOMMU mode +modprobe vfio enable_unsafe_noiommu_mode=1 +modprobe vfio-pci + +#Other cases +modprobe igb_uio +``` + +>NOTE: +You can check whether the IOMMU is enabled based on the BIOS configuration. + +### 2. Binding the NIC Using DPDK + +Bind the NIC to the driver selected in Step 1 to provide an interface for the user-mode NIC driver to access the NIC resources. + +```sh +#Using vfio-pci +dpdk-devbind -b vfio-pci enp3s0 + +#Using igb_uio +dpdk-devbind -b igb_uio enp3s0 +``` + +### 3. Configuring Memory Huge Pages + +Gazelle uses hugepage memory to improve efficiency. You can configure any size for the memory huge pages reserved by the system using the **root** permissions. Each memory huge page requires a file descriptor. If the memory is large, you are advised to use 1 GB huge pages to avoid occupying too many file descriptors. +Select a page size based on the site requirements and configure sufficient memory huge pages. Run the following commands to configure huge pages: + +```sh +#Configuring 1024 2 MB huge pages on node0. The total memory is 2 GB. +echo 1024 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages + +#Configuring 5 1 GB huge pages on node0. The total memory is 5 GB. +echo 5 > /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages +``` + +>NOTE: +Run the **cat** command to query the actual number of reserved pages. If the continuous memory is insufficient, the number may be less than expected. + +### 4. Mounting Memory Huge Pages + +Create a directory for the lstack process to access the memory huge pages. Run the following commands: + +```sh +mkdir -p /mnt/hugepages-lstack +chmod -R 700 /mnt/hugepages-lstack + +mount -t hugetlbfs nodev /mnt/hugepages-lstack -o pagesize=2M +``` + +### 5. Enabling Gazelle for an Application + +Enable Gazelle for an application using either of the following methods as required. + +- Recompile the application and replace the sockets interface. + +```sh +#Add the Makefile of Gazelle to the application makefile. +-include /etc/gazelle/lstack.Makefile + +#Add the LSTACK_LIBS variable when compiling the source code. +gcc test.c -o test ${LSTACK_LIBS} +``` + +- Use the **LD_PRELOAD** environment variable to load the Gazelle library. + Use the **GAZELLE_BIND_PROCNAME** environment variable to specify the process name, and **LD_PRELOAD** to specify the Gazelle library path. + + ```sh + GAZELLE_BIND_PROCNAME=test LD_PRELOAD=/usr/lib64/liblstack.so ./test + ``` + +- Use the **GAZELLE_THREAD_NAME** environment variable to specify the thread bound to Gazelle. + If only one thread of a multi-thread process meets the conditions for using Gazelle, use **GAZELLE_THREAD_NAME** to specify the thread for using Gazelle. Other threads use kernel-mode protocol stack. + + ```sh + GAZELLE_BIND_PROCNAME=test GAZELLE_THREAD_NAME=test_thread LD_PRELOAD=/usr/lib64/liblstack.so ./test + ``` + +### 6. Configuring Gazelle + +- The **lstack.conf** file is used to specify the startup parameters of lstack. The default path is **/etc/gazelle/lstack.conf**. The parameters in the configuration file are as follows: + +|Options|Value|Remarks| +|:---|:---|:---| +|dpdk_args|--socket-mem (mandatory)
--huge-dir (mandatory)
--proc-type (mandatory)
--legacy-mem
--map-perfect
-d|DPDK initialization parameter. For details, see the DPDK description.
**--map-perfect** is an extended feature. It is used to prevent the DPDK from occupying excessive address space and ensure that extra address space is available for lstack.
The **-d** option is used to load the specified .so library file.| +|listen_shadow| 0/1 | Whether to use the shadow file descriptor for listening. This function is enabled when there is a single listen thread and multiple protocol stack threads.| +|use_ltran| 0/1 | Whether to use ltran. This parameter is no longer supported.| +|num_cpus|"0,2,4 ..."|IDs of the CPUs bound to the lstack threads. The number of IDs is the number of lstack threads (less than or equal to the number of NIC queues). You can select CPUs by NUMA nodes.| +|low_power_mode|0/1|Whether to enable the low-power mode. This parameter is not supported currently.| +|kni_switch|0/1|Whether to enable the rte_kni module. The default value is **0**. This parameter is no longer supported.| +|unix_prefix|"string"|Prefix string of the Unix socket file used for communication between Gazelle processes. By default, this parameter is left blank. The value must be the same as the value of **unix_prefix** in **ltran.conf** of the ltran process that participates in communication, or the value of the **-u** option for `gazellectl`. The value cannot contain special characters and can contain a maximum of 128 characters.| +|host_addr|"192.168.xx.xx"|IP address of the protocol stack, which is also the IP address of the application.| +|mask_addr|"255.255.xx.xx"|Subnet mask.| +|gateway_addr|"192.168.xx.1"|Gateway address.| +|devices|"aa:bb:cc:dd:ee:ff"|MAC address for NIC communication. The NIC is used as the primary bond NIC in bond 1 mode. | +|app_bind_numa|0/1|Whether to bind the epoll and poll threads of an application to the NUMA node where the protocol stack is located. The default value is 1, indicating that the threads are bound.| +|send_connect_number|4|Number of connections for sending packets in each protocol stack loop. The value is a positive integer.| +|read_connect_number|4|Number of connections for receiving packets in each protocol stack loop. The value is a positive integer.| +|rpc_number|4|Number of RPC messages processed in each protocol stack loop. The value is a positive integer.| +|nic_read_num|128|Number of data packets read from the NIC in each protocol stack cycle. The value is a positive integer.| +|bond_mode|-1|Bond mode. Currently, two network ports can be bonded. The default value is -1, indicating that the bond mode is disabled. bond1/4/6 is supported.| +|bond_slave_mac|"aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF"|MAC addresses of the bond network ports. Separate the MAC addresses with semicolons (;).| +|bond_miimon|10|Listening interval in bond mode. The default value is 10. The value ranges from 0 to 1500.| +|udp_enable|0/1|Whether to enable the UDP function. The default value is 1.| +|nic_vlan_mode|-1|Whether to enable the VLAN mode. The default value is -1, indicating that the VLAN mode is disabled. The value ranges from -1 to 4095. IDs 0 and 4095 are commonly reserved in the industry and have no actual effect.| +|tcp_conn_count|1500|Maximum number of TCP connections. The value of this parameter multiplied by **mbuf_count_per_conn** is the size of the mbuf pool applied for during initialization. If the value is too small, the startup fails. The value of (**tcp_conn_count** x **mbuf_count_per_conn** x 2048) cannot be greater than the huge page size.| +|mbuf_count_per_conn|170|Number of mbuf required by each TCP connection. The value of this parameter multiplied by **tcp_conn_count** is the size of the mbuf address pool applied for during initialization. If the value is too small, the startup fails. The value of (**tcp_conn_count** x **mbuf_count_per_conn** x 2048) cannot be greater than the huge page size.| + +lstack.conf example: + +```sh +dpdk_args=["--socket-mem", "2048,0,0,0", "--huge-dir", "/mnt/hugepages-lstack", "--proc-type", "primary", "--legacy-mem", "--map-perfect"] + +use_ltran=1 +kni_switch=0 + +low_power_mode=0 + +num_cpus="2,22" +num_wakeup="3,23" + +host_addr="192.168.1.10" +mask_addr="255.255.255.0" +gateway_addr="192.168.1.1" +devices="aa:bb:cc:dd:ee:ff" + +send_connect_number=4 +read_connect_number=4 +rpc_number=4 +nic_read_num=128 +mbuf_pool_size=1024000 +bond_mode=1 +bond_slave_mac="aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF" +udp_enable=1 +nic_vlan_mode=-1 +``` + +- The ltran mode is deprecated. If multiple processes are required, try the virtual network mode using SR-IOV network hardware. + +### 7. Starting an Application + +- Start the application. + If the environment variable **LSTACK_CONF_PATH** is not used to specify the configuration file before the application is started, the default configuration file path **/etc/gazelle/lstack.conf** is used. + + ```sh + export LSTACK_CONF_PATH=./lstack.conf + LD_PRELOAD=/usr/lib64/liblstack.so GAZELLE_BIND_PROCNAME=redis-server redis-server redis.conf + ``` + +### 8. APIs + +Gazelle wraps the POSIX interfaces of the application. The code of the application does not need to be modified. + +### 9. Debugging Commands + +```sh +Usage: gazellectl [-h | help] + or: gazellectl lstack {show | set} {ip | pid} [LSTACK_OPTIONS] [time] [-u UNIX_PREFIX] + + where LSTACK_OPTIONS := + show lstack all statistics + -r, rate show lstack statistics per second + -s, snmp show lstack snmp + -c, connetct show lstack connect + -l, latency show lstack latency + -x, xstats show lstack xstats + -k, nic-features show state of protocol offload and other feature + -a, aggregatin [time] show lstack send/recv aggregation + set: + loglevel {error | info | debug} set lstack loglevel + lowpower {0 | 1} set lowpower enable + [time] measure latency time default 1S +``` + +The `-u` option specifies the prefix of the Unix socket for communication between Gazelle processes. The value of this parameter must be the same as that of **unix_prefix** in the **lstack.conf** file. + +**Packet Capturing Tool** +The NIC used by Gazelle is managed by DPDK. Therefore, tcpdump cannot capture Gazelle packets. As a substitute, Gazelle uses gazelle-pdump provided in the dpdk-tools software package as the packet capturing tool. gazelle-pdump uses the multi-process mode of DPDK to share memory with the lstack process. +[Usage](https://gitee.com/openeuler/gazelle/blob/master/doc/pdump.md) + +**Thread Binding** +When the starting a lstack process, you can specify a thread bound to lstack using the environment variable **GAZELLE_THREAD_NAME**. When there are multiple threads in the service process, you can use this variable to specify the thread whose network interface needs to be managed by lstack. Other threads will use the kernel-mode protocol stack. By default, this parameter is left blank, that is, all threads in the process are bound. + +### 10. Precautions + +### 1. Location of the DPDK Configuration File + +For the **root** user, the configuration file is stored in the **/var/run/dpdk** directory after the DPDK is started. +For a non-root user, the path of the DPDK configuration file is determined by the environment variable **XDG_RUNTIME_DIR**. + +- If **XDG_RUNTIME_DIR** is not set, the DPDK configuration file is stored in **/tmp/dpdk**. +- If **XDG_RUNTIME_DIR** is set, the DPDK configuration file is stored in the path specified by **XDG_RUNTIME_DIR**. +- Note that **XDG_RUNTIME_DIR** is set by default on some servers. + +## Restrictions + +Restrictions of Gazelle are as follows: + +### Function Restrictions + +- Blocking **accept()** or **connect()** is not supported. +- A maximum of 1500 TCP connections are supported. +- Currently, only TCP, ICMP, ARP, IPv4, and UDP are supported. +- When a peer end pings Gazelle, the specified packet length must be less than or equal to 14,000 bytes. +- Transparent huge pages are not supported. +- VM NICs do not support multiple queues. + +### Operation Restrictions + +- By default, the command lines and configuration files provided by Gazelle requires **root** permissions. Privilege escalation and changing of file owner are required for non-root users. +- To bind the NIC from user-mode driver back to the kernel driver, you must exit Gazelle first. +- Memory huge pages cannot be remounted to subdirectories created in the mount point. +- The minimum hugepage memory of each application instance protocol stack thread is 800 MB. +- Gazelle supports only 64-bit OSs. +- The `-march=native` option is used when building the x86 version of Gazelle to optimize Gazelle based on the CPU instruction set of the build environment (Intel® Xeon® Gold 5118 CPU @ 2.30GHz). Therefore, the CPU of the operating environment must support the SSE4.2, AVX, AVX2, and AVX-512 instruction set extensions. +- The maximum number of IP fragments is 10 (the maximum ping packet length is 14,790 bytes). TCP does not use IP fragments. +- You are advised to set the **rp_filter** parameter of the NIC to 1 using the `sysctl` command. Otherwise, the Gazelle protocol stack may not be used as expected. Instead, the kernel protocol stack is used. +- The hybrid bonding of multiple types of NICs is not supported. +- The active/standby mode (bond1 mode) supports active/standby switchover only when a fault occurs at the link layer (for example, the network cable is disconnected), but does not support active/standby switchover when a fault occurs at the physical layer (for example, the NIC is powered off or removed). +- If the length of UDP packets to be sent exceeds 45952 (32 x 1436) bytes, increase the value of **send_ring_size** to at least 64. + +## Precautions + +You need to evaluate the use of Gazelle based on application scenarios. + +The ltran mode and kni module is no longer supported due to changes in the dependencies and upstream community. + +**Shared Memory** + +- Current situation: + The memory huge pages are mounted to the **/mnt/hugepages-lstack** directory. During process initialization, files are created in the **/mnt/hugepages-lstack** directory. Each file corresponds to a huge page, and the mmap function is performed on the files. +- Current mitigation measures + The huge page file permission is **600**. Only the owner can access the files. The default owner is the **root** user. Other users can be configured. + Huge page files are locked by DPDK and cannot be directly written or mapped. +- Caution + Malicious processes belonging to the same user imitate the DPDK implementation logic to share huge page memory using huge page files and perform write operations to damage the huge page memory. As a result, the Gazelle program crashes. It is recommended that the processes of a user belong to the same trust domain. + +**Traffic Limit** +Gazelle does not limit the traffic. Users can send packets at the maximum NIC line rate to the network, which may congest the network. + +**Process Spoofing** +Ensure that all lstack processes are trusted. diff --git a/docs/en/server/network/network_config/_toc.yaml b/docs/en/server/network/network_config/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1aa0d4da258d4b504572aad33c72a0e14b8f112a --- /dev/null +++ b/docs/en/server/network/network_config/_toc.yaml @@ -0,0 +1,6 @@ +label: Network Configuration +isManual: true +description: Configuring the IP address, host name, and network binding +sections: + - label: Network Configuration + href: ./network_configuration.md diff --git a/docs/en/server/network/network_config/network_configuration.md b/docs/en/server/network/network_config/network_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..e0572cd04369ed7134d6a3bab418bfac34683579 --- /dev/null +++ b/docs/en/server/network/network_config/network_configuration.md @@ -0,0 +1,1331 @@ +# Configuring the Network + +## Configuring an IP Address + +### Using the nmcli Command + +> [!NOTE]NOTE +> The network configuration configured by running the **nmcli** command takes effect immediately and will not be lost after the system restarts. + +#### Introduction to nmcli + +**nmcli** \(NetworkManager Command Line Interface\) is the command-line utility to configure networking through NetworkManager. The basic format of using **nmcli** is as follows: + +```shell +nmcli [OPTIONS] OBJECT { COMMAND | help } +``` + +In the preceding command, **OBJECT** can be one of the following options: **general**, **networking**, **radio**, **connection**, and **device**. **OPTIONS** can be optional options, such as **-t**, **\-\-terse** \(for script processing\),**-p**, **\-\-pretty** \(for human-readable output\), **-h**, and **\-\-help**. For more information, run the **nmcli help** command. + +```shell +nmcli help +``` + +Common commands are listed as follows: + +- To display the general status of NetworkManager, run the following command: + + ```shell + nmcli general status + ``` + +- To display all connections, run the following command: + + ```shell + nmcli connection show + ``` + +- To display the current active connections only, add the **-a** or **\-\-active** option as follows: + + ```shell + nmcli connection show --active + ``` + +- To display the device identified by NetworkManager and its connection status, run the following command: + + ```shell + nmcli device status + ``` + +- To start or stop network interfaces, for example, run the nmcli commands as the **root** user: + + ```shell + nmcli connection up id enp3s0 + nmcli device disconnect enp3s0 + ``` + +#### Device Management + +##### Connecting to a Device + +Run the following command to connect NetworkManager to the corresponding network device. Try to find the proper connection configuration and activate it. + + ```shell + nmcli device connect "$IFNAME" + ``` + +> If the corresponding connection configuration does not exist, NetworkManager creates and activates a configuration file with default settings. + +##### Disconnecting to a Device + +Run the following command to disconnect NetworkManager with the network device and prevent the device from being automatically activated. + + ```shell + nmcli device disconnect "$IFNAME" + ``` + +#### Setting Network Connections + +Run the following command to display all the available network connections: + +```shell +$ nmcli con show + + +NAME UUID TYPE DEVICE +enp4s0 5afce939-400e-42fd-91ee-55ff5b65deab ethernet enp4s0 +enp3s0 c88d7b69-f529-35ca-81ab-aa729ac542fd ethernet enp3s0 +virbr0 ba552da6-f014-49e3-91fa-ec9c388864fa bridge virbr0 +``` + +> [!NOTE]NOTE +> In the command output, **NAME** indicates the connection ID \(name\). + +After a network connection is added, the corresponding configuration file is generated and associated with the corresponding device. To check for available devices, run the following command: + +```shell +$ nmcli dev status + +DEVICE TYPE STATE CONNECTION +enp3s0 ethernet connected enp3s0 +enp4s0 ethernet connected enp4s0 +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +##### Configuring Dynamic IP Connections + +###### Configuring IP Addresses + +When DHCP is used to allocate a network, run the following command to add a network configuration file: + +```shell +nmcli connection add type ethernet con-name connection-name ifname interface-name +``` + +For example, to create a dynamic connection configuration file named **net-test**, run the following command as the **root** user: + +```shell +$ nmcli connection add type ethernet con-name net-test ifname enp3s0 +Connection 'net-test' (a771baa0-5064-4296-ac40-5dc8973967ab) successfully added. +``` + +The NetworkManager sets **connection.autoconnect** to **yes** and saves the setting to the **/etc/sysconfig/network-scripts/ifcfg-net-test** file. In the **/etc/sysconfig/network-scripts/ifcfg-net-test** file, **ONBOOT** is set to **yes**. + +###### Activating a Connection and Checking Device Connection Status + +Run the following command as the **root** user to activate a network connection: + +```shell +$ nmcli con up net-test +Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/5) +``` + +Run the following command to check the connection status of devices: + +```shell +$ nmcli device status + +DEVICE TYPE STATE CONNECTION +enp4s0 ethernet connected enp4s0 +enp3s0 ethernet connected net-test +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +##### Configuring Static IP Connections + +###### Configuring IP Addresses + +To add a static IPv4 network connection, run the following command: + +```shell +nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address +``` + +> [!NOTE]NOTE +> To add an IPv6 address and related gateway information, use the **ip6** and **gw6** options. + +For example, to create a static connection configuration file named **net-static**, run the following command as the **root** user: + +```shell +nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 +``` + +You can also specify the IPv6 address and gateway for the device. The following is an example: + +```shell +$ nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::* +Connection 'net-static' (63aa2036-8665-f54d-9a92-c3035bad03f7) successfully added. +``` + +The NetworkManager sets the internal parameter **ipv4.method** to **manual**, **connection.autoconnect** to **yes**, and writes the setting to the **/etc/sysconfig/network-scripts/ifcfg-my-office** file. In the file, **BOOTPROTO** is set to **none**, and **ONBOOT** is set to **yes**. + +Run the following command as the **root** user to set IPv4 addresses of two DNS servers: + +```shell +nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*" +``` + +Run the following command as the **root** user to set IPv6 addresses of two DNS servers: + +```shell +nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****" +``` + +###### Activating a Connection and Checking Device Connection Status + +Run the following command as the **root** user to activate a network connection: + +```shell +$ nmcli con up net-static ifname enp3s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) +``` + +Run the following command to check the connection status of devices: + +```shell +$ nmcli device status + +DEVICE TYPE STATE CONNECTION +enp4s0 ethernet connected enp4s0 +enp3s0 ethernet connected net-static +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +Run the following command to view the connection details \(with the **-p** and **\-\-pretty** options to add the title and segment to the output\): + +```shell +$ nmcli -p con show net-static +=============================================================================== +Connection profile details (net-static ) +=============================================================================== +connection.id: net-static +connection.uuid: b9f18801-6084-4aee-af28-c8f0598ff5e1 +connection.stable-id: -- +connection.type: 802-3-ethernet +connection.interface-name: enp3s0 +connection.autoconnect: yes +connection.autoconnect-priority: 0 +connection.autoconnect-retries: -1 (default) +connection.multi-connect: 0 (default) +connection.auth-retries: -1 +connection.timestamp: 1578988781 +connection.read-only: no +connection.permissions: -- +connection.zone: -- +connection.master: -- +connection.slave-type: -- +connection.autoconnect-slaves: -1 (default) +connection.secondaries: -- +connection.gateway-ping-timeout: 0 +connection.metered: unknown +connection.lldp: default +connection.mdns: -1 (default) +connection.llmnr: -1 (default) +``` + +##### Adding a Wi-Fi Connection + +You can add the Wi-Fi connection using either of the following methods: + +**Method 1: Connect to the Wi-Fi network using a network port.** + +Connect to the Wi-Fi network specified by the SSID or BSSID. Run the following command to find a matching connection or create a connection, and then activate the connection on the device. + +```shell +nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME" +nmcli --ask device wifi connect "$SSID" +``` + +**Method 2: Connect to the Wi-Fi network using the configuration file.** + +1. Run the following command to check for available Wi-Fi access points: + + ```shell + nmcli dev wifi list + ``` + +2. Run the following command to generate a static IP address configuration that allows Wi-Fi connections automatically allocated by the DNS: + + ```shell + nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 + ``` + +3. Run the following command to set a WPA2 password, for example, **answer**: + + ```shell + nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk + nmcli con modify Wifi wifi-sec.psk answer + ``` + +4. Run the following command to change the Wi-Fi status: + + ```shell + nmcli radio wifi [ on | off ] + ``` + +##### Modifying Attributes + +Run the following command to check a specific attribute, for example, mtu: + +```shell +$ nmcli connection show id 'Wifi ' | grep mtu +802-11-wireless.mtu: auto +``` + +Run the following command to modify the attribute: + +```shell +nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 +``` + +Run the following command to confirm the modification: + +```shell +$ nmcli connection show id 'Wifi ' | grep mtu +802-11-wireless.mtu: 1350 +``` + +#### Configuring a Static Route + +- Run the nmcli command to configure a static route for a network connection: + + ```shell + nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" + ``` + +- Run the following command to configure the static route using the editor: + + ```shell + $ nmcli con edit type ethernet con-name enp3s0 + ===| nmcli interactive connection editor |=== + Adding a new '802-3-ethernet' connection + Type 'help' or '?' for available commands. + Type 'describe [.]' for detailed property description. + You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb + nmcli> set ipv4.routes 192.168.122.0/24 10.10.10.1 + nmcli> + nmcli> save persistent + Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection. + Do you still want to save? [yes] yes + Connection 'enp3s0' (1464ddb4-102a-4e79-874a-0a42e15cc3c0) successfully saved. + nmcli> quit + ``` + +### Using the ip Command + +> [!NOTE]NOTE +> The network configuration configured using the **ip** command takes effect immediately, but the configuration will be lost after the system restarts. + +#### Configuring IP Addresses + +Run the **ip** command to configure an IP address for the interface. The command format is as follows, where _interface-name_ indicates the NIC name. + +```shell +ip addr [ add | del ] address dev interface-name +``` + +##### Configuring a Static IP Address + +Run the following command as the **root** user to configure an IP address: + +```shell +ip address add 192.168.0.10/24 dev enp3s0 +``` + +Run the following command as the **root** user to view the configuration result: + +```shell +$ ip addr show dev enp3s0 +2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff + inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 + valid_lft 9547sec preferred_lft 9547sec + inet 192.168.0.10/24 scope global enp3s0 + valid_lft forever preferred_lft forever + inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute + valid_lft forever preferred_lft forever +``` + +##### Configuring Multiple IP Addresses + +The **ip** command can be used to assign multiple IP addresses to an interface. You can run the **ip** command multiple times as the **root** user to assign IP addresses to an interface. The following is an example: + +```shell +$ ip address add 192.168.2.223/24 dev enp4s0 +$ ip address add 192.168.4.223/24 dev enp4s0 +$ ip addr + +3: enp4s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff + inet 192.168.203.12/16 brd 192.168.255.255 scope global dynamic noprefixroute enp4s0 + valid_lft 8389sec preferred_lft 8389sec + inet 192.168.2.223/24 scope global enp4s0 + valid_lft forever preferred_lft forever + inet 192.168.4.223/24 scope global enp4s0 + valid_lft forever preferred_lft forever + inet6 fe80::1eef:5e24:4b67:f07f/64 scope link noprefixroute + valid_lft forever preferred_lft forever +``` + +#### Configuring a Static Route + +To add a static route to the routing table, run the **ip route add** command. To delete a route, run the **ip route del** command. The following shows the common format of the **ip route** command: + +```shell +ip route [ add | del | change | append | replace ] destination-address +``` + +To display the current IP routing table, run the **ip route** command as the **root** user. The following is an example: + +```shell +$ ip route + +default via 192.168.0.1 dev enp3s0 proto dhcp metric 100 +default via 192.168.0.1 dev enp4s0 proto dhcp metric 101 +192.168.0.0/16 dev enp3s0 proto kernel scope link src 192.168.202.248 metric 100 +192.168.0.0/16 dev enp4s0 proto kernel scope link src 192.168.203.12 metric 101 +192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown +``` + +To add a static route to the host address, run the following command as the **root** user: + +```shell +ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] +``` + +In the preceding command, **192.168.2.1** is the IP address in the dot-decimal notation, **10.0.0.1** is the next hop, and _interface-name_ is the exit interface for entering the next hop. + +To add a static route to the network, that is, an IP address that represents an IP address range, run the following command as the **root** user: + +```shell +ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] +``` + +In the preceding command, **192.168.2.1** is the IP address of the target network, _10.0.0.1_ is the network prefix, and _interface-name_ is the NIC name. + +### Configuring the Network Through the ifcfg File + +> [!NOTE]NOTE +> The network configured in the **ifcfg** file does not take effect immediately. After modifying the file (for example, **ifcfg-enp3s0**), you need to run the **nmcli con reload;nmcli con up enp3s0** command as the **root** user to reload the configuration file and activate the connection for the modification to take effect. + +#### Configuring a Static Network + +The following uses the **enp4s0** network interface as an example to describe how to configure a static network by modifying the **ifcfg** file as the **root** user. The **ifcfg-enp4s0** file is generated in the **/etc/sysconfig/network-scripts/** directory. Modify the following parameters in the file: + +```text +TYPE=Ethernet +PROXY_METHOD=none +BROWSER_ONLY=no +BOOTPROTO=none +IPADDR=192.168.0.10 +PREFIX=24 +DEFROUTE=yes +IPV4_FAILURE_FATAL=no +IPV6INIT=yes +IPV6_AUTOCONF=yes +IPV6_DEFROUTE=yes +IPV6_FAILURE_FATAL=no +IPV6_ADDR_GEN_MODE=stable-privacy +NAME=enp4s0static +UUID=08c3a30e-c5e2-4d7b-831f-26c3cdc29293 +DEVICE=enp4s0 +ONBOOT=yes +``` + +#### Configuring a Dynamic Network + +The following uses the **em1** network interface as an example to describe how to configure a dynamic network by modifying the **ifcfg** file. The **ifcfg-em1** file is generated in the **/etc/sysconfig/network-scripts/** directory. Modify the following parameters in the file: + +```text +DEVICE=em1 +BOOTPROTO=dhcp +ONBOOT=yes +``` + +To configure an interface to send different host names to the DHCP server, add the following content to the **ifcfg** file: + +```text +DHCP_HOSTNAME=hostname +``` + +To configure an interface to ignore the routes sent by the DHCP server to prevent network services from updating the /etc/resolv.conf file using the DNS server received from the DHCP server, add the following content to the **ifcfg** file: + +```text +PEERDNS=no +``` + +To configure an interface to use a specific DNS server, set the **PEERDNS** parameter to **no** and add the following content to the **ifcfg** file: + +```text +DNS1=ip-address +DNS2=ip-address +``` + +**ip-address** is the IP address of the DNS server. This allows the network service to update the **/etc/resolv.conf** file using the specified DNS server. + +#### Default Gateway Configuration + +When determining the default gateway, parse the **/etc/sysconfig/network** file and then the **ifcfg** file, and uses the value of **GATEWAY** that is read last as the default route in the routing table. + +In a dynamic network environment, when the NetworkManager is used to manage hosts, you are advised to set the default gateway to DHCP assignment. + +## Configuring a Host Name + +### Introduction + +There are three types of host names: **static**, **transient**, and **pretty**. + +- **static**: Static host name, which can be set by users and saved in the **/etc/hostname** file. +- **transient**: Dynamic host name, which is maintained by the kernel. The initial value is a static host name. The default value is **localhost**. The value can be changed when the DHCP or mDNS server is running. +- **pretty**: Flexible host name, which can be set in any form \(including special characters/blanks\). Static and transient host names are subject to the general domain name restrictions. + +> [!NOTE]NOTE +> Static and transient host names can contain only letters \(a to z and A to Z\), digits \(0 to 9\), hyphens \(-\), and periods \(.\). The host names cannot start or end with a period \(.\) or contain two consecutive periods \(.\). The host name can contain a maximum of 64 characters. + +### Configuring a Host Name by Running the hostnamectl Command + +#### Viewing All Host Names + +Run the following command to view the current host name: + +```shell +hostnamectl status +``` + +> [!NOTE]NOTE +> If no option is specified in the command, the **status** option is used by default. + +#### Setting All Host Names + +Run the following command as the **root** user to set all host names: + +```shell +hostnamectl set-hostname name +``` + +#### Setting a Specific Host Name + +Run the following command as the **root** user to set a specific host name: + +```shell +hostnamectl set-hostname name [option...] +``` + +The option may be one or more of **\-\-pretty**, **\-\-static**, and **\-\-transient**. + +If **\-\-static** or **\-\-transient** is used together with **\-\-pretty**, the host names of the **static** or **transient** type will be simplified to the host names of the **pretty** type with spaces replaced with hyphens \(-\) and special characters deleted. + +When setting a host name of the **pretty** type, use double quotation marks if the host name contains spaces or single quotation marks. An example is as follows: + +```shell +hostnamectl set-hostname "Stephen's notebook" --pretty +``` + +#### Clearing a Specific Host Name + +To clear a specific host name and restore it to the default format, run the following command as the **root** user: + +```shell +hostnamectl set-hostname "" [option...] +``` + +In the preceding command, **""** is a blank character string, and the _option_ may be one or more of **\-\-pretty**, **\-\-static**, and **\-\-transient**. + +#### Remotely Changing a Host Name + +To change the host name in a remote system, run the **hostnamectl** command as the **root** user with the **-H** or **\-\-host** option. + +```shell +hostnamectl set-hostname -H [username]@hostname new_hostname +``` + +In the preceding command, _hostname_ indicates the name of the remote host to be configured, _username_ indicates the user-defined name, and _new\_hostname_ indicates the new host name. **hostnamectl** is used to connect to the remote system through SSH. + +### Configuring a Host Name by Running the nmcli Command + +To query a static host name, run the following command: + +```shell +nmcli general hostname +``` + +To name a static host as **host-server**, run the following command as **root** user: + +```shell +nmcli general hostname host-server +``` + +To enable the system to detect the change of the static host name, run the following command as the **root** user to restart the hostnamed service: + +```shell +systemctl restart systemd-hostnamed +``` + +## Configuring Network Bonding + +### Running the nmcli Command + +- To create a bond named **mybond0**, run the following command: + + ```shell + nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup + ``` + +- To add a slave interface, run the following command: + + ```shell + nmcli con add type bond-slave ifname enp3s0 master mybond0 + ``` + + To add another slave interface, repeat the preceding command with the new interface name: + + ```shell + $ nmcli con add type bond-slave ifname enp4s0 master mybond0 + Connection 'bond-slave-enp4s0' (05e56afc-b953-41a9-b3f9-0791eb49f7d3) successfully added. + ``` + +- To enable a bond, run the following command to enable the slave interface first: + + ```shell + $ nmcli con up bond-slave-enp3s0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14) + ``` + + ```shell + $ nmcli con up bond-slave-enp4s0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) + ``` + + Then, run the following command to enable the bond: + + ```shell + $ nmcli con up mybond0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16) + ``` + +### Configuring Network Bonding by Using a Command Line + +#### Checking Whether the Bonding Kernel Module Is Installed + +By default, the bonding kernel module is loaded. To load this module, run the following command as the **root** user: + +```shell +modprobe --first-time bonding +``` + +Run the following command as the **root** user to display the information about the module: + +```shell +modinfo bonding +``` + +For more commands, run the modprobe \-\-help command as the **root** user. + +#### Creating a Channel Bonding Interface + +To create a channel bonding interface, you can create a file named **ifcfg-bondN** in the **/etc/sysconfig/network-scripts/** directory as the **root** user \(replacing N with the actual interface number, for example, 0\). + +Write the corresponding content to the configuration file according to the type of the interface to be bonded, for example, network interface. An example of the interface configuration file is as follows: + +```text +DEVICE=bond0 +NAME=bond0 +TYPE=Bond +BONDING_MASTER=yes +IPADDR=192.168.1.1 +PREFIX=24 +ONBOOT=yes +BOOTPROTO=none +BONDING_OPTS="bonding parameters separated by spaces" +``` + +#### Creating a Slave Interface + +After creating a channel bonding interface, you must add the **MASTER** and **SLAVE** instructions to the configuration file of the slave interface. + +For example, to bind the two network interfaces enp3s0 and enp4s0 in channel mode, the configuration files are as follows: + +```text +TYPE=Ethernet +NAME=bond-slave-enp3s0 +UUID=3b7601d1-b373-4fdf-a996-9d267d1cac40 +DEVICE=enp3s0 +ONBOOT=yes +MASTER=bond0 +SLAVE=yes +``` + +```text +TYPE=Ethernet +NAME=bond-slave-enp4s0 +UUID=00f0482c-824f-478f-9479-abf947f01c4a +DEVICE=enp4s0 +ONBOOT=yes +MASTER=bond0 +SLAVE=yes +``` + +#### Activating Channel Bonding + +To activate channel bonding, you need to enable all the slave interfaces. Run the following command as the **root** user: + +```shell +$ ifup enp3s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7) +``` + +```shell +$ ifup enp4s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) +``` + +> [!NOTE]NOTE +> If an interface is in **up** state, run the **ifdown** _enp3s0_ command to change the state to **down**. In the command, _enp3s0_ indicates the actual NIC name. + +After that, enable all the slave interfaces to enable the bonding \(do not set them to **Down**\). + +To enable the NetworkManager to detect the modifications made by the system, run the following command as the **root** user after each modification: + +```shell +nmcli con load /etc/sysconfig/network-scripts/ifcfg-device +``` + +Run the following command as the **root** user to check the status of the bonded interface: + +```shell +$ ip link show + +1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 +2: enp3s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 + link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff +3: enp4s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 + link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff +4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 + link/ether 86:a1:10:fb:ef:07 brd ff:ff:ff:ff:ff:ff +5: virbr0-nic: mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000 + link/ether 52:54:00:29:35:4c brd ff:ff:ff:ff:ff:ff +``` + +#### Creating Multiple Bondings + +The system creates a channel bonding interface for each bonding, including the **BONDING\_OPTS** instruction. This configuration method allows multiple bonded devices to use different configurations. Perform the following operations to create multiple channel bonding interfaces: + +- Create multiple **ifcfg-bondN** files that contain the **BONDING\_OPTS** instruction so that network scripts can create bonding interfaces as required. +- Create or edit the existing interface configuration file to be bonded, and add the **SLAVE** instruction. +- Use the MASTER instruction to assign the interface to be bonded, that is, the slave interface, to the channel bonding interface. + +The following is an example of the configuration file of a channel bonding interface: + +```text +DEVICE=bondN +NAME=bondN +TYPE=Bond +BONDING_MASTER=yes +IPADDR=192.168.1.1 +PREFIX=24 +ONBOOT=yes +BOOTPROTO=none +BONDING_OPTS="bonding parameters separated by spaces" +``` + +In this example, replace N with the number of the bonded interface. For example, to create two interfaces, you need to create two configuration files **ifcfg-bond0** and **ifcfg-bond1** with correct IP addresses. + +## IPv6 Differences \(vs IPv4\) + +### Restrictions + +- chrony supports global addresses but not link-local addresses. +- Firefox supports the access to the global address through HTTP or HTTPS, but does not support the access to the link-local address. + +### Configuration Description + +#### Setting the MTU of an Interface Device + +##### Overview + +In an IPv6 scenario, the minimum MTU value of the entire routing path is used as the PMTU value of the current link. The source end determines whether to fragment packets based on the PMTU value. Other devices on the entire path do not need to fragment packets. This reduces the load of intermediate routing devices. The minimum value of IPv6 PMTU is 1280. + +##### Setting the MTU of the Interface Device + +If the MTU of an interface configured with an IPv6 address is set to a value smaller than **1280** \(the minimum value of the IPv6 PMTU\), the IPv6 address of the interface will be deleted and cannot be added again. Therefore, in IPv6 scenarios, the MTU of the interface device must be greater than or equal to 1280. Run the following commands as the **root** user to view the details: + +```shell +$ ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38663sec preferred_lft 38663sec + inet6 2001:222::2/64 scope global + valid_lft forever preferred_lft forever +``` + +```shell +$ ip link set dev enp3s0 mtu 1200 +$ ip addr show enp3s0 +3: enp3s0: mtu 1200 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38642sec preferred_lft 38642sec +``` + +```shell +$ ip addr add 2001:222::2/64 dev enp3s0 +RTNETLINK answers: No buffer space available +``` + +```shell +$ ip link set dev enp3s0 mtu 1500 +$ ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38538sec preferred_lft 38538sec +``` + +```shell +$ ip addr add 2001:222::2/64 dev enp3s0 +$ ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38531sec preferred_lft 38531sec + inet6 2001:222::2/64 scope global + valid_lft forever preferred_lft forever +``` + +#### Stateful IPv6 Address Autoconfiguration + +##### Overview + +Both IPv6 and IPv4 addresses can be obtained through DHCP as the **root** user. There are configuration methods for IPv6 address: stateless autoconfiguration and stateful autoconfiguration. + +- Stateless autoconfiguration + + The DHCP server is not required for management. The device obtains the network prefix according to the router advertisement \(RA\), or the prefix of a link-local address is fixed to fe80::. The interface ID is automatically obtained based on the value of IPV6\_ADDR\_GEN\_MODE in the ifcfg file. + + 1. If the value of IPv6\_ADDR\_GEN\_MODE is stable-privacy, the device determines a random interface ID based on the device and network environment. + 2. If the value of IPv6\_ADDR\_GEN\_MODE is EUI64, the device determines the interface ID based on the device MAC address. + +- Stateful autoconfiguration: The DHCP server manages and leases IPv6 addresses from the DHCPv6 server base on the DHCPv6 protocol. + + In stateful autoconfiguration, the DHCPv6 server can classify clients based on the vendor class configured on the clients and assign IPv6 addresses in different address segments to different types of clients. In IPv4 scenarios, the client can use the -V option of the dhclient command to set the vendor-class-identifier field. The DHCP server classifies clients based on the vendor-class-identifier field in the configuration file. In IPv6 scenarios, if the same method is used to classify clients, the classification does not take effect. + + ```shell + dhclient -6 -V + ``` + + This is because DHCPv6 differs greatly from DHCP. The vendor-class-option in DHCPv6 replaces the vendor-class-identifier in DHCP. However, the -V option of dhclient cannot be set to vendor-class-option. + +##### Setting the vendor class for dhclient in Stateful IPv6 Address Autoconfiguration + +- On the client, add the setting of vendor class by using the configuration file. + + Client configuration file \(/etc/dhcp/dhclient6.conf\): The file location can be customized. You need to specify the configuration file using the dhclient -cf option. + + ```text + option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; + interface "enp3s0" { + send dhcp6.vendor-class ; + } + ``` + + > [!NOTE]NOTE + + - \: a 32-digit integer, indicating the enterprise ID. The enterprise is registered through the IANA. + - \: a 16-digit integer, indicating the length of the vendor class string. + - \: character string of the vendor class to be set, for example, HWHW. + + On the client: + + ```shell + dhclient -6 -cf /etc/dhcp/dhclient6.conf + ``` + +- The DHCPv6 server configuration file \(/etc/dhcp/dhcpd6.conf\) needs to be specified by the dhcpd -cf option. + + ```text + option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; + subnet6 fc00:4:12:ffff::/64 { + class "hw" { + match if substring ( option dhcp6.vendor-class, 6, 10 ) = "HWHW"; + } + pool6 { + allow members of "hw"; + range6 fc00:4:12:ffff::ff10 fc00:4:12:ffff::ff20; + } + pool6 { + allow unknown clients; + range6 fc00:4:12:ffff::100 fc00:4:12:ffff::120; + } + } + ``` + + > [!NOTE]NOTE + > In substring \(option dhcp6.vendor-class, 6, 10\), the start position of the substring is 6, because the substring contains four bytes of and two bytes of . The end position of the substring is 6+. In this example, the vendor class string is HWHW, and the length of the string is 4. Therefore, the end position of the substring is 6 + 4 = 10. You can specify and as required. + + On the server: + + ```shell + dhcpd -6 -cf /etc/dhcp/dhcpd6.conf + ``` + +#### Kernel Supporting Socket-Related System Calls + +##### Overview + +The length of an IPv6 address is extended to 128 bits, indicating that there are sufficient IPv6 addresses for allocation. Compared with the IPv4 header, the IPv6 header is simplified, and the IPv6 automatic configuration function is enhanced. IPv6 addresses are classified into unicast addresses, multicast addresses, and anycast addresses. Common unicast addresses include link-local addresses, unique local addresses, and global addresses. As there are sufficient global IPv6 addresses, unique local addresses are not used. \(formerly known as site-local addresses, which were discarded in 2004.\) Currently, the mainstream unicast addresses are link-local address and global address. The current kernel supports socket system invoking. The link-local address and global address using unicast addresses are different. + +##### Differences Between the link-local Address and global Address During Socket Invoking + +RFC 2553: Basic Socket Interface Extensions for IPv6 defines the sockaddr\_in6 data structure as follows: + +```c +struct sockaddr_in6 { + uint8_t sin6_len; /* length of this struct */ + sa_family_t sin6_family; /* AF_INET6 */ + in_port_t sin6_port; /* transport layer port # */ + uint32_t sin6_flowinfo; /* IPv6 flow information */ + struct in6_addr sin6_addr; /* IPv6 address */ + uint32_t sin6_scope_id; /* set of interfaces for a scope */ +}; +``` + +> [!NOTE]NOTE +> sin6\_scope\_id: a 32-bit integer. For the link-local address, it identifies the index of the specified interface. For the link-range sin6\_addr, it identifies the index of the specified interface. For the site-range sin6\_addr, it is used as the site identifier \(the site-local address has been discarded\). + +When the link-local address is used for socket communication, the interface index corresponding to the address needs to be specified when the destination address is constructed. Generally, you can use the if\_nametoindex function to convert an interface name into an interface index number. Details are as follows: + +```c +int port = 1234; +int sk_fd; +int iff_index = 0; +char iff_name[100] = "enp3s0"; +char * ll_addr[100] = "fe80::123:456:789"; +struct sockaddr_in6 server_addr; + +memset(&server_addr,0,sizeof(structsockaddr_in6)); +iff_index=if_nametoindex(iff_name); + +server_addr.sin6_family=AF_INET6; +server_addr.sin6_port=htons(port); +server_addr.sin6_scope_id=iff_index; +inet_pton(AF_INET6, ll_addr, &(server_addr.sin6_addr)); + +sk_fd=socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); +connect(sk_fd, (struct sockaddr *)&server_addr, sizeof(struct sockaddr_in6)); +``` + +#### Persistency Configuration of the IPv4 dhclient Daemon Process + +##### Overview + +When the NetworkManager service is used to manage network services, if the ifcfg- configuration file of an interface is configured to obtain an IP address in DHCP mode, the NetworkManager service starts the dhclient daemon process to obtain an IP address from the DHCP server. + +The dhclient provides the -1 option to determine whether the dhclient process persistently attempts to request an IP address or exits after the request times out before receiving a response from the DHCP server. For the IPv4 dhclient daemon process, you can set PERSISTENT\_DHCLIENT in the ifcfg- configuration file to determine whether to set the persistence of the IPv4 dhclient process. + +##### Restrictions + +1. If the ongoing dhclient process is killed, the network service cannot automatically start it. Therefore, you need to ensure the reliability. +2. If PERSISTENT\_DHCLIENT is configured, ensure that the corresponding DHCP server exists. If no DHCP server is available when the network service is started and the dhclient process continuously attempts to send request packets but does not receive any response, the network service is suspended until the network service times out. The network service starts the IPv4 dhclient processes of multiple NICs in serial mode. If persistency is configured for a NIC but the DHCP server is not ready, the network service will be suspended when obtaining an IPv4 address for the NIC. As a result, the NIC cannot obtain an IPv4 or IPv6 address. + +The preceding restrictions apply to special scenarios. You need to ensure reliability. + +##### Configuration Differences Between IPv4 DHCP and IPv6 DHCPv6 + +You can configure the ifcfg- parameter on an interface to enable IPv4 and IPv6 to dynamically obtain IP addresses using DHCP or DHCPv6. The configuration is as follows: + +```text +BOOTPROTO=none|bootp|dhcp +DHCPV6C=yes|no +PERSISTENT_DHCLIENT=yes|no|1|0 +``` + +- BOOTPROTO: **none** indicates that an IPv4 address is statically configured. **bootp\|dhcp** enables DHCP dhclient to dynamically obtain an IPv4 address. +- DHCPV6C: **no** indicates that an IPv6 address is statically configured, and **yes** indicates that the DHCPv6 dhclient is enabled to dynamically obtain the IPv6 address. +- PERSISTENT\_DHCLIENT: **no\|0** indicates that the IPv4 dhclient process is configured as nonpersistent. If the dhclient sends a request packet to the DHCP server but does not receive any response, the dhclient exits after a period of time and the exit value is 2. **yes\|1** indicates that the IPv4 dhclient process is configured to be persistent. The dhclient process repeatedly sends request packets to the DHCP server. **If PERSISTENT\_DHCLIENT is not configured, dhclient of IPv4 is set to yes\|1 by default.** + + > [!NOTE]NOTE + > The PERSISTENT\_DHCLIENT configuration takes effect only for IPv4 and does not take effect for IPv6-related dhclient -6 processes. By default, the persistence configuration is not performed for IPv6. + +#### Differences Between IPv4 and IPv6 Configuration Using the iproute Command + +##### Overview + +IPv4 and IPv6 are two different protocol standards. Therefore, the iproute commands are different in usage. This section describes the differences between IPv4 and IPv6 commands in the iproute package. + +To run the iproute commands, you must have the root permission. + +##### Lifecycle of an IPv6 Address + + + + + + + + + + + + + + + + + + + +

IPv6 status

+

Description

+

tentative

+

Temporary state: The newly added address is still in the DAD process.

+

preferred

+

Preferred state: The DAD process is complete, but no NA packet is received, indicating that the address does not conflict.

+

deprecated

+

Deprecated state: An address has a validity period (valid_lft or preferred_lft). After preferred_lft expires, the address changes to the deprecated state.

+

The address in this state cannot be used to create a new connection, but the original connection can still be used.

+

invalid

+

Invalid state: If the lease renewal fails after the preferred_lft time expires, the address status is set to invalid after the valid_lft time expires, indicating that the address cannot be used again.

+
+ +Remarks: + +- preferred\_lft: preferred lifetime. The preferred\_lft address has not expired and can be used for normal communication. If there are multiple preferred addresses, the address is selected based on the kernel mechanism. +- valid\_lft: valid lifetime. The address cannot be used for creating new connections within the period of \[preferred\_lft, valid\_lft\]. The existing connections are still valid. + +##### Command ip link + +The commands are as follows: + +```shell +ip link set IFNAME mtu MTU +``` + +The minimum PMTU of IPv6 is 1280. If the MTU is set to a value smaller than 1280, IPv6 addresses will be lost. Other devices cannot ping the IPv6 address. + +##### Command ip addr + +1. The commands are as follows: + + ```shell + ip [-6] addr add IFADDR dev IFNAME + ``` + + You can choose to add the -6 option or not to add the IPv6 address. The ip addr command determines whether the address is an IPv4 address or an IPv6 address based on the address type. + + If the -6 option is specified but IFADDR is an IPv4 address, an error message is returned. + +2. The commands are as follows: + + ```shell + ip [-6] addr add IFADDR dev IFNAME [home|nodad] + ``` + + \[home\|nodad\] is valid only for IPv6 addresses. + + - home: specifies the home address defined in RFC 6275. \(This address is obtained by the mobile node from the home link, and is a permanent address of the mobile node. If the mobile node remains in the same home link, communication between various entities is performed normally.\) + - nodad: indicates that DAD is not performed when this IPv6 address is added. \(RFC 4862\) If multiple interfaces on a device are configured with the same IPv6 address through nodad, the IPv6 address is used in the interface sequence. An IPv6 address with both nodad and non-nodad cannot be added the same interface because the two IP addresses are the same. Otherwise, the message "RTNETLINK answers: File exists" is displayed. + +3. The commands are as follows: + + ```shell + ip [-6] addr del IFADDR dev IFNAME + ``` + + You can choose to add the -6 option or not to delete an IPv6 address. The ip addr del command determines whether an IPv4 address or an IPv6 address is used based on the address type. + +4. The commands are as follows: + + ```shell + ip [-6] addr show dev IFNAME [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary] + ``` + + - If the -6 option is not specified, both IPv4 and IPv6 addresses are displayed. If the -6 option is specified, only IPv6 addresses are displayed. + - \[tentative\|-tentative\|deprecated\|-deprecated\|dadfailed\|-dadfailed\|temporary\]. These options are only for IPv6. You can filter and view addresses based on the IPv6 address status. + 1. tentative: \(only for IPv6\) lists only the addresses that have not passed duplicate address detection \(DAD\). + 2. -tentative: \(only for IPv6\) lists only the addresses that are not in the DAD process. + 3. deprecated: \(only for IPv6\) lists only the deprecated addresses. + 4. -deprecated: \(only for IPv6\) lists only the addresses that are not deprecated. + 5. dadfailed: \(only for IPv6\) lists only the addresses that fail the DAD. + 6. -dadfailed: \(only for IPv6\) lists only the addresses that do not encounter DAD failures. + 7. temporary: \(only for IPv6\) lists only the temporary addresses. + +##### Command ip route + +1. The commands are as follows: + + ```shell + ip [-6] route add ROUTE [mtu lock MTU] + ``` + + - -6 option: You can add the -6 option or not when adding an IPv6 route. The ip route command determines whether an IPv4 or IPv6 address is used based on the address type. + + - mtu lock MTU: specifies the MTU of the locked route. If the MTU is not locked, the MTU value may be changed by the kernel during the PMTUD process. If the MTU is locked, PMTUD is not attempted. All IPv4 packets are not set with the DF bit and IPv6 packets are segmented based on the MTU. + +2. The commands are as follows: + + ```shell + ip [-6] route del ROUTE + ``` + + You can choose whether to add the -6 option when deleting an IPv6 route. The ip route command determines whether an IPv4 address or an IPv6 address is used based on the address type. + +##### Command ip rule + +1. The commands are as follows: + + ```shell + ip [-6] rule list + ``` + + -6 option: If the -6 option is set, IPv6 policy-based routes are printed. If the -6 option is not set, IPv4 policy-based routes are printed. Therefore, you need to configure the -6 option according to the specific protocol type. + +2. The commands are as follows: + + ```shell + ip [-6] rule [add|del] [from|to] ADDR table TABLE pref PREF + ``` + + -6 option: IPv6-related policy routing entries need to be configured with the -6 option. Otherwise, the error message "Error: Invalid source address." is displayed. Accordingly, the -6 option cannot be set for IPv4-related policy routing entries. Otherwise, the error message "Error: Invalid source address." is displayed. + +#### Configuration Differences of the NetworkManager Service + +##### Overview + +The NetworkManager service uses the ifup/ifdown logical interface definition to perform advanced network settings. Most of the parameters are set in the /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg- configuration files. The former is a global setting, and the latter is a setting of a specified NIC. When the two settings conflict, the latter takes effect. + +##### Configuration Differences + +The configuration differences in /etc/sysconfig/network are as follows: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

IPv4

+

IPv6

+

Description

+

N/A

+

IPV6FORWARDING=yes|no

+

IPv6 forwarding. By default, IPv6 packets are not forwarded.

+

N/A

+

IPV6_AUTOCONF=yes|no

+

If IPv6 forwarding is enabled, the value is no. Otherwise, the value is yes.

+

N/A

+

IPV6_ROUTER=yes|no

+

If IPv6 forwarding is enabled, the value is yes. Otherwise, the value is no.

+

N/A

+

IPV6_AUTOTUNNEL=yes|no

+

Indicates the automatic tunnel mode. The default value is no.

+

GATEWAY

+

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

+

Indicates the default gateway in IPv6.

+

N/A

+

IPV6_DEFAULTDEV=<interface> (optional)

+

Specifies the default forwarding NIC.

+

N/A

+

IPV6_RADVD_PIDFILE=<pid-file> (optional)

+

The default path of ipv6_radvd_pid is /var/run/radvd/radvd.pid.

+

N/A

+

IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)

+

Default radvd trigger action.

+
+ +The differences in /etc/sysconfig/network-scripts/ifcfg- are as follows: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

IPv4

+

IPv6

+

Description

+

IPADDR

+

IPV6ADDR=<IPv6 address>[/<prefix length>]

+

indicates the IP address.

+

PREFIX

+

N/A

+

The network prefix, network alias, and PPP are invalid. The priority is higher than that of NETMASK.

+

NETMASK

+

N/A

+

Indicates the subnet mask. It is used only for the alias and PPP.

+

GATEWAY

+

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

+

Default gateway

+

MTU

+

IPV6_MTU=<MTU of link> (optional)

+

Default MTU

+

IPV4_FAILURE_FATAL=yes|no

+

IPV6_FAILURE_FATAL

+

The default value is no. If this parameter is set to yes, ifup-eth exits when dhclient fails.

+

N/A

+

IPV6_PRIVACY=rfc3041

+

Disabled by default.

+

N/A

+

IPV6INIT=yes|no

+

IPv6 is enabled by default.

+

N/A

+

IPV6FORWARDING=yes|no

+

This function is disabled by default and has been discarded.

+
+ +### FAQs + +#### The iscsi-initiator-utils Does Not Support the fe80 IPv6 Address + +##### Symptom + +When a client uses an IPv6 address to log in to the iSCSI server, run the iscsiadm -m node -p ipv6address -l command. If the global address is used, replace ipv6address in the command example with the global address. However, the link-local address \(IPv6 address starting with fe80\) cannot be used because the current mechanism of iscsi-initiator-utils does not support the link-local address to log in to the iSCSI server. + +##### Possible Cause + +If you log in to the system using the iscsiadm -m node -p fe80::xxxx -l format, a login timeout error is returned. This is because you must specify an interface when using the link-local address. Otherwise, the iscsi\_io\_tcp\_connect function fails to invoke the connect function, and the standard error code 22 is generated. + +If you use the iscsiadm -m node -p fe80::xxxx%enp3s0 -l format for login, the iscsi\_addr\_match function will compare the address fe80::xxxx%enp3s0 with the address fe80::xxxx in the node information returned by the server. The comparison result does not match, causing the login failure. + +Therefore, **the current mechanism of iscsi-initiator-utils does not support login to the iSCSI server using a link-local address.** + +#### The IPv6 Address Is Lost After the NIC Is Down + +##### Symptom + +Run the ip link down+up NIC or ifconfig down+up NIC command to disable the NIC and then enable it to go online. Check the IP address configured on the NIC. It is found that the IPv4 address is not lost but the configured IPv6 address is lost. + +##### Possible Cause + +According to the processing logic in the kernel, if the NIC is set to the down state, all IPv4 and IPv6 addresses will be cleared. After the NIC is set to the up state, the IPv4 address is automatically restored, and the automatically configured IPv6 link-local address on the NIC is also restored. However, other IPv6 addresses are lost by default. To retain these IPv6 addresses, run the **sysctl -w net.ipv6.conf.\< _NIC name_ \>.keep\_addr\_on\_down=1** command. + +#### Taking a Long Time to Add or Delete an IPv6 Address for a Bond Interface with Multiple IPv6 Addresses + +##### Symptom + +When users run the following command to add or delete \(including flush\) an IPv6 address, the waiting time increases linearly along with the number of IPv6 addresses configured on a bond interface. **X** is the least significant 16 bits that dynamically change. For example, it takes about five minutes to add 3000 IPv6 address to or delete them from a bond interface that already has four physical NICs using a single thread, while for a common physical NIC, it takes less than 10 seconds. + +```shell +ip a add/del 192:168::18:X/64 dev DEVICE +``` + +##### Possible Cause + +When an IPv6 address is added to a bond interface, the IPv6 multicast address is generated and synchronized to all physical NICs. The time required increases with the number of IPv6 addresses. As a result, it takes a too long time. + +##### Solution + +The IPv6 multicast address is generated by combining the least significant 24 bits of the IPv6 address and 33-33-ff. If there are too many multicast addresses, it takes a long time to add or delete the address. If there are a few multicast addresses, the time required is not affected. + +It is recommended that you set the least significant 24 bits of the IPv6 address to be the same as the most significant 24 bits of the IPv6 address. In this way, a single NIC can communicate with external devices using only one IP address in a network segment. + +#### Rsyslog Log Transmission Is Delayed in the Scenario Where Both IPv4 and IPv6 Are Used + +##### Symptom + +When both IPv4 and IPv6 addresses are configured in the configuration file of the rsyslog client and the port configurations are the same, there is a possibility that log output is delayed when the server collects logs. + +##### Possible Cause + +The delay is caused by the buffer queue mechanism of rsyslog. By default, rsyslog writes data to a file only when the number of buffer queues reaches a specified value. + +##### Solution + +You can disable the buffer queue mechanism by configuring the Direct mode as the **root** user. Add the following information at the beginning of the new remote transmission configuration file in the /etc/rsyslog.d directory on the rsyslog remote transmission server: + +```text +$ActionQueueType Direct +$MainMsgQueueType Direct +``` + +> [!NOTE]NOTE + +- In direct mode, the queue size is reduced by 1. Therefore, one log is reserved in the queue for the next log output. +- The direct mode degrades the rsyslog performance of the server. diff --git a/docs/en/server/network/network_config/public_sys-resources/icon-caution.gif b/docs/en/server/network/network_config/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/network/network_config/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/network/network_config/public_sys-resources/icon-danger.gif b/docs/en/server/network/network_config/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/network/network_config/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/network/network_config/public_sys-resources/icon-note.gif b/docs/en/server/network/network_config/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/network/network_config/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/network/network_config/public_sys-resources/icon-notice.gif b/docs/en/server/network/network_config/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/network/network_config/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/network/network_config/public_sys-resources/icon-tip.gif b/docs/en/server/network/network_config/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/network/network_config/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/network/network_config/public_sys-resources/icon-warning.gif b/docs/en/server/network/network_config/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/network/network_config/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/performance/cpu_optimization/kae/_toc.yaml b/docs/en/server/performance/cpu_optimization/kae/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d3081413b308bd7bb27b6afeb196cfc813998160 --- /dev/null +++ b/docs/en/server/performance/cpu_optimization/kae/_toc.yaml @@ -0,0 +1,6 @@ +label: Using the Kunpeng Accelerator Engine (KAE) +isManual: true +description: The KAE acceleration engine minimizes processor usage while enhancing its efficiency. +sections: + - label: Using the Kunpeng Accelerator Engine (KAE) + href: ./using_the_kae.md diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0229622729.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0229622729.png new file mode 100644 index 0000000000000000000000000000000000000000..47f2d1cac133379469ed88b2bcb7213d75cf881e Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0229622729.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0229622789.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0229622789.png new file mode 100644 index 0000000000000000000000000000000000000000..102d523ea5c2a1fedf4975556bf8b26f7599daaf Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0229622789.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0230050789.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0230050789.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143189.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143189.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143191.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143191.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143193.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143193.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143195.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143195.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143196.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143196.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143197.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143197.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143198.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231143198.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563132.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563132.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563134.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563134.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563135.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563135.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563136.png b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/kae/figures/en-us_image_0231563136.png differ diff --git a/docs/en/server/performance/cpu_optimization/kae/using_the_kae.md b/docs/en/server/performance/cpu_optimization/kae/using_the_kae.md new file mode 100644 index 0000000000000000000000000000000000000000..eeb067bd0588cba59d1b1ce81138e17f3a8e2c21 --- /dev/null +++ b/docs/en/server/performance/cpu_optimization/kae/using_the_kae.md @@ -0,0 +1,724 @@ +# Using the Kunpeng Accelerator Engine (KAE) + +## Overview + +Kunpeng Accelerator Engine \(KAE\) is a software acceleration library of openEuler, which provides hardware acceleration engine function on the Kunpeng 920 processor. It supports symmetric encryption, asymmetric encryption, and digital signature. It is ideal for accelerating SSL/TLS applications, reducing processor consumption and improving processor efficiency. In addition, users can quickly migrate existing services through the standard OpenSSL interface. + +The KAE supports the following algorithms: + +- Digest algorithm SM3, which supports asynchronous mode. +- Symmetric encryption algorithm SM4, which supports asynchronous, CTR, XTS, and CBC modes. +- Symmetric encryption algorithm AES, which supports asynchronous, ECB, CTR, XTS, and CBC modes. +- Asymmetric algorithm RSA, which supports asynchronous mode and key sizes 1024, 2048, 3072, and 4096. +- Key negotiation algorithm DH, which supports asynchronous mode and key sizes 768, 1024, 1536, 2048, 3072, and 4096. + +## Application Scenarios + +The KAE applies to the following scenarios, as shown in [Table 1](#table11915824163418). + +**Table 1** Application scenarios + + + + + + + + + + + + + + + + + + + +

Scenario

+

Data

+

Big data

+

Stream data

+

Data encryption

+

Block data

+

Intelligent security protection

+

Video stream data

+

Web service

+

Handshake connections

+
+ +## Installing, Running, and Uninstalling the KAE + +### Installing the Accelerator Software Packages + +#### Preparing for Installation + +##### Environment Requirements + +- The accelerator engine is enabled on TaiShan 200 servers. + +> [!NOTE]NOTE + +- You need to import the accelerator license. For details, see section "License Management" in the [TaiShan Rack Server iBMC \(V500 or Later\) User Guide](https://support.huawei.com/enterprise/en/doc/EDOC1100121685/426cffd9?idPath=7919749%257C9856522%257C21782478%257C8060757). +- If the accelerator is used in the physical machine scenario, the SMMU must be disabled. For details, see the [TaiShan 200 Server BIOS Parameter Reference](https://support.huawei.com/enterprise/en/doc/EDOC1100088647). + +- CPU: Kunpeng 920 +- OS: openEuler-21.09-aarch64-dvd.iso + +##### KAE Software Description + +**Table 2** RPM software packages of the KAE + + + + + + + + + + + + + + + + +

Software Package

+

Description

+

kae_driver-version_num-1.OS_type.aarch64.rpm

+

Accelerator driver, including the uacce.ko, hisi_qm.ko, hisi_sec2.ko, and hisi_hpre.ko kernel modules.

+

Algorithms supported: SM3, SM4, AES, RSA, and DH.

+

libwd-version_num-1.OS_type.aarch64.rpm

+

Coverage: libwd.so dynamic link library

+

It provides interfaces for the KAE.

+

libkae-version_num-1.OS_type.aarch64.rpm

+

Dependency: libwd RPM package

+

Coverage: libkae.so dynamic link library

+

Algorithms supported: SM3, SM4, AES, RSA, and DH.

+
+ +#### Installing the Accelerator Software Package + +##### Prerequisites + +- The remote SSH login tool has been installed on the local PC. +- The openEuler OS has been installed. +- The RPM tool is running properly. +- OpenSSL 1.1.1a or a later version has been installed. + + You can run the following commands to query the version number of OpenSSL: + + - openssl version + +##### Procedure + +1. Log in to the openEuler OS CLI as user **root**. +2. Create a directory for storing accelerator engine software packages. +3. Use SSH to copy all accelerator engine software packages to the created directory. +4. In the directory, run the **rpm -ivh** command to install the accelerator engine software packages. + + > [!NOTE]NOTE + > Install the **libwd** package first because the **libkae** package installation depends on the **libwd** package. + + ```shell + rpm -ivh uacce*.rpm hisi*.rpm libwd-*.rpm libkae*.rpm + ``` + + ```text + Verifying... ################################# [100%] + Preparing... ################################# [100%] + checking installed modules + uacce modules start to install + Updating / installing... + 1:uacce-1.2.10-4.oe1 ################################# [ 14%] + uacce modules installed + 2:libwd-1.2.10-3.oe1 ################################# [ 29%] + 3:libkae-1.2.10-3.oe1 ################################# [ 43%] + checking installed modules + hisi_hpre modules start to install + 4:hisi_hpre-1.2.10-4.oe1 ################################# [ 57%] + hisi_hpre modules installed + checking installed modules + hisi_rde modules start to install + 5:hisi_rde-1.2.10-4.oe1 ################################# [ 71%] + hisi_rde modules installed + checking installed modules + hisi_sec2 modules start to install + 6:hisi_sec2-1.2.10-4.oe1 ################################# [ 86%] + hisi_sec2 modules installed + checking installed modules + hisi_zip modules start to install + 7:hisi_zip-1.2.10-4.oe1 ################################# [100%] + hisi_zip modules installed + ``` + +5. Run the **rpm -qa** command to check whether the accelerator software packages have been installed successfully. Run the **rpm -ql** command to check whether files in the software packages are correct. The following is an example: + + ```shell + rpm -qa|grep -E "hisi|uacce|libwd|libkae" + ``` + + ```text + hisi_rde-1.2.10-4.oe1.aarch64 + hisi_sec2-1.2.10-4.oe1.aarch64 + libkae-1.2.10-3.oe1.aarch64 + hisi_hpre-1.2.10-4.oe1.aarch64 + uacce-1.2.10-4.oe1.aarch64 + libwd-1.2.10-3.oe1.aarch64 + hisi_zip-1.2.10-4.oe1.aarch64 + ``` + + ```shell + rpm -ql uacce hisi* libwd* libkae + ``` + + ```text + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_qm.ko + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/uacce.ko + /etc/modprobe.d/hisi_hpre.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_hpre.ko + /etc/modprobe.d/hisi_rde.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_rde.ko + /etc/modprobe.d/hisi_sec2.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_sec2.ko + /etc/modprobe.d/hisi_zip.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_zip.ko + /usr/include/warpdrive/config.h + /usr/include/warpdrive/include/uacce.h + /usr/include/warpdrive/smm.h + /usr/include/warpdrive/wd.h + /usr/include/warpdrive/wd_bmm.h + /usr/include/warpdrive/wd_cipher.h + /usr/include/warpdrive/wd_comp.h + /usr/include/warpdrive/wd_dh.h + /usr/include/warpdrive/wd_digest.h + /usr/include/warpdrive/wd_rsa.h + /usr/lib64/libwd.so.1.2.10 + /usr/local/lib/engines-1.1/libkae.so.1.2.10 + ``` + +6. Restart the system or run commands to manually load the accelerator engine drivers to the kernel in sequence, and check whether the drivers are successfully loaded. + + ```shell + modprobe uacce + lsmod | grep uacce + modprobe hisi_qm + lsmod | grep hisi_qm + modprobe hisi_sec2 # Loads the hisi_sec2 driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_sec2.conf. + modprobe hisi_hpre # Loads the hisi_hpre driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_hpre.conf. + ``` + +##### Environment Variables Setup + +Run the following command to export the environment variables \(If you have specified the installation directory, set **/usr/local** to the actual one\): + +```shell +export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 +``` + +##### Post-Installation Check + +Run the **rpm -qa** command to check whether the accelerator engine software packages are successfully installed. + +If the command output contains _software package name_**-**_version number_**-**, the software packages are successfully installed. The following is an example: + +```shell +rpm -qa|grep -E "hisi|uacce|libwd|libkae" +``` + +```text +hisi_rde-1.2.10-4.oe1.aarch64 +hisi_sec2-1.2.10-4.oe1.aarch64 +libkae-1.2.10-3.oe1.aarch64 +hisi_hpre-1.2.10-4.oe1.aarch64 +uacce-1.2.10-4.oe1.aarch64 +libwd-1.2.10-3.oe1.aarch64 +hisi_zip-1.2.10-4.oe1.aarch64 +``` + +#### Required Operations After Installation + +##### Testing the OpenSSL Accelerator Engine + +You can run the following commands to test some accelerator functions. + +- Use the OpenSSL software algorithm to test the RSA performance. + + ```shell + $ ./openssl speed -elapsed rsa2048 + ... + sign verify sign/s verify/s + rsa 2048 bits 0.001384s 0.000035s 724.1 28365.8. + ``` + +- Use the KAE to test the RSA performance. + + ```shell + $ ./openssl speed -elapsed -engine kae rsa2048 + .... + sign verify sign/s verify/s + rsa 2048 bits 0.000355s 0.000022s 2819.0 45478.4 + ``` + +> [!NOTE]NOTE +> After the KAE is used, the signature performance is improved from 724.1 sign/s to 2819 sign/s. + +- Use the OpenSSL software algorithm to test the asynchronous RSA performance. + + ```shell + $ ./openssl speed -elapsed -async_jobs 36 rsa2048 + .... + sign verify sign/s verify/s + rsa 2048 bits 0.001318s 0.000032s 735.7 28555 + ``` + +- Use the KAE to test the asynchronous RSA performance. + + ```shell + $ ./openssl speed -engine kae -elapsed -async_jobs 36 rsa2048 + .... + sign verify sign/s verify/s + rsa 2048 bits 0.000018s 0.000009s 54384.1 105317.0 + ``` + +> [!NOTE]NOTE +> After the KAE is used, the asynchronous RSA signature performance is improved from 735.7 sign/s to 54384.1 sign/s. + +- Use the OpenSSL software algorithm to test the performance of the SM4 CBC mode. + + ```shell + $ ./openssl speed -elapsed -evp sm4-cbc + You have chosen to measure elapsed time instead of user CPU time. + .... + Doing sm4-cbc for 3s on 10240 size blocks: 2196 sm4-cbc's in 3.00s .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + sm4-cbc 82312.53k 85196.80k 85284.18k 85000.85k 85284.18k 85261.26k + ``` + +- Use the KAE to test the SM4 CBC mode performance. + + ```shell + $ ./openssl speed -elapsed -engine kae -evp sm4-cbc + engine "kae" set. + You have chosen to measure elapsed time instead of user CPU time. + ... + Doing sm4-cbc for 3s on 1048576 size blocks: 11409 sm4-cbc's in 3.00s + ... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + sm4-cbc 383317.33k 389427.20k 395313.15k 392954.73k 394264.58k 394264.58k + ``` + +> [!NOTE]NOTE +> After the KAE is used, the SM4 CBC mode performance is improved from 82312.53 kbit/s to 383317.33 kbit/s when the input data block size is 8 MB. + +- Use the OpenSSL software algorithm to test the SM3 mode performance. + + ```shell + $ ./openssl speed -elapsed -evp sm3 + You have chosen to measure elapsed time instead of user CPU time. + Doing sm3 for 3s on 102400 size blocks: 1536 sm3's in 3.00s + .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + sm3 50568.53k 52428.80k 52428.80k 52428.80k 52428.80k 52428.80k + ``` + +- Use the KAE to test the SM3 mode performance. + + ```shell + $ ./openssl speed -elapsed -engine kae -evp sm3 + engine "kae" set. + You have chosen to measure elapsed time instead of user CPU time. + Doing sm3 for 3s on 102400 size blocks: 19540 sm3's in 3.00s + .... + type 51200 bytes 102400 bytes 1048576 bytes 2097152 bytes 4194304 bytes 8388608 bytes + sm3 648243.20k 666965.33k 677030.57k 678778.20k 676681.05k 668292.44k + ``` + +> [!NOTE]NOTE +> After the KAE is used, the SM3 algorithm performance is improved from 52428.80 kbit/s to 668292.44 kbit/s when the input data block size is 8 MB. + +- Use the OpenSSL software algorithm to test the asynchronous performance of the AES algorithm in CBC mode. + + ```shell + $ ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 + You have chosen to measure elapsed time instead of user CPU time. + Doing aes-128-cbc for 3s on 51200 size blocks: 65773 aes-128-cbc's in 3.00s + Doing aes-128-cbc for 3s on 102400 size blocks: 32910 aes-128-cbc's in 3.00s + .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + aes-128-cbc 1122525.87k 1123328.00k 1120578.22k 1121277.27k 1119879.17k 1115684.86k + ``` + +- Use the KEA engine to test the asynchronous performance of the AES algorithm in CBC mode. + + ```shell + $ ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 -engine kae + engine "kae" set. + You have chosen to measure elapsed time instead of user CPU time. + Doing aes-128-cbc for 3s on 51200 size blocks: 219553 aes-128-cbc's in 3.00s + Doing aes-128-cbc for 3s on 102400 size blocks: 117093 aes-128-cbc's in 3.00s + .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + aes-128-cbc 3747037.87k 3996774.40k 1189085.18k 1196774.74k 1196979.11k 1199570.94k + ``` + +> [!NOTE]NOTE + +- The AES algorithm supports only asynchronous mode when the data length is 256 KB or less. +- After the KAE is used, the AES algorithm performance is improved from 1123328.00 kbit/s to 3996774.40 kbit/s when the input data block size is 100 KB. + +### Upgrading the Accelerator Software Packages + +#### Scenario + +You can run the **rpm -Uvh** command to upgrade the accelerator software. + +#### Procedure + +1. Download the latest accelerator engine software packages from the openEuler community. +2. Use SSH to log in to the Linux CLI as user **root**. +3. Save the downloaded software packages to a directory. +4. In the directory, run the **rpm -Uvh** command to upgrade the accelerator driver package and engine library package. The following is an example: + + The command and output are as follows: + + ![](./figures/en-us_image_0231143189.png) + + ![](./figures/en-us_image_0231143191.png) + +5. Run the **rpm -qa** command to check whether the upgrade is successful. Ensure that the queried version is the latest version. + + ![](./figures/en-us_image_0231143193.png) + + ![](./figures/en-us_image_0231143195.png) + +6. Restart the system or run the following commands to manually uninstall the drivers of the earlier version, load the drivers of the latest version, and check whether the new drivers are successfully loaded. + + ```shell + # Uninstall the existing drivers. + $ lsmod | grep uacce + uacce 262144 3 hisi_hpre,hisi_sec2,hisi_qm + $ + $ rmmod hisi_hpre + $ rmmod hisi_sec2 + $ rmmod hisi_qm + $ rmmod uacce + $ lsmod | grep uacce + $ + # Load the new drivers. + $ modprobe uacce + $ modprobe hisi_qm + $ modprobe hisi_sec2 # Loads the hisi_sec2 driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_sec2.conf. + $ modprobe hisi_hpre # Loads the hisi_hpre driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_hpre.conf. + $ lsmod | grep uacce + uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre + ``` + +### Uninstalling the Accelerator Software Packages + +#### Scenario + +You do not need the accelerator engine software or you want to install a new one. + +#### Procedure + +1. Use SSH to log in to the Linux CLI as user **root**. +2. Restart the system or run commands to manually uninstall the accelerator drivers loaded to the kernel, and check whether the drivers are successfully uninstalled. + + ```shell + # lsmod | grep uacce + uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre + # rmmod hisi_hpre + # rmmod hisi_sec2 + # rmmod hisi_qm + # rmmod uacce + # lsmod | grep uacce + # + ``` + +3. Run the **rpm -e** command to uninstall the accelerator engine software packages. The following is an example: + + > [!NOTE]NOTE + > Due to the dependency relationships, the **libkae** package must be uninstalled before the **libwd** package. + + ![](./figures/en-us_image_0231143196.png) + + ![](./figures/en-us_image_0231143197.png) + +4. Run the **rpm -qa \|grep** command to check whether the uninstallation is successful. + + ![](./figures/en-us_image_0231143198.png) + +## Querying Logs + +[Table 3](#table52821836) lists log information related to the accelerator engine. + +**Table 3** Log information + + + + + + + + + + + + + + + + +

Directory

+

File

+

Description

+

/var/log/

+

kae.log

+

By default, the log level of the OpenSSL engine log is error. To set the log level, perform the following procedure:

+
  1. Run export KAE_CONF_ENV=/var/log/.
  2. Create the kae.cnf file in /var/log/.
  3. In the kae.cnf file, configure the content as follows:

    [LogSection]

    +

    debug_level=error #Value: none, error, info, warning or debug

    +
+
NOTE:

In normal cases, you are advised not to enable the info or debug log level. Otherwise, the accelerator performance will deteriorate.

+
+

/var/log/

+

messages/syslog

+
  • Kernel logs are stored in the /var/log/messages directory.
+
NOTE:

Alternatively, you can run the dmesg > /var/log/dmesg.log command to collect driver and kernel logs.

+
+
+ +## Acceleration Engine Application + +> [!NOTE]NOTE +> If you have not purchased the engine license, you are advised not to use the KAE to invoke the corresponding algorithms. Otherwise, the performance of the OpenSSL encryption algorithm may be affected. + +### Example Code for the KAE + +```c +#include + +#include + +/* OpenSSL headers */ + +#include + +#include + +#include + +#include + +int main(int argc, char **argv) + +{ + + /* Initializing OpenSSL */ + + SSL_load_error_strings(); + + ERR_load_BIO_strings(); + + OpenSSL_add_all_algorithms(); + + /*You can use ENGINE_by_id Function to get the handle of the Huawei Accelerator Engine*/ + + ENGINE *e = ENGINE_by_id("kae"); + + /* Enable the accelerator asynchronization function. This parameter is optional. The value 0 indicates disabled, and the value 1 indicates enabled. The asynchronous function is enabled by default. */ + + ENGINE_ctrl_cmd_string(e, "KAE_CMD_ENABLE_ASYNC", "1", 0) + + ENGINE_init(e); + + RSA*rsa=RSA_new_method(e);#Specify the engine for RSA encryption and decryption. + + /*The user code*/ + + ...... + +; + + ENGINE_free(e); + +; + +} +``` + +### Usage of the KAE in the OpenSSL Configuration File openssl.cnf + +Create the **openssl.cnf** file and add the following configuration information to the file: + +```text +openssl_conf=openssl_def +[openssl_def] +engines=engine_section +[engine_section] +kae=kae_section +[kae_section] +engine_id=kae +dynamic_path=/usr/local/lib/engines-1.1/kae.so +KAE_CMD_ENABLE_ASYNC=1 #The value 0 indicates that the asynchronous function is disabled. The value 1 indicates that the asynchronous function is enabled. The asynchronous function is enabled by default. +default_algorithms=ALL +init=1 +``` + +Export the environment variable **OPENSSL\_CONF**. + +```shell +export OPENSSL_CONF=/home/app/openssl.cnf #Path for storing the openssl.cnf file +``` + +The following is an example of the OpenSSL configuration file: + +```c +#include + +#include + +/* OpenSSL headers */ + +#include + +#include + +#include + +#include + +int main(int argc, char **argv) + +{ + + /* Initializing OpenSSL */ + + SSL_load_error_strings(); + + ERR_load_BIO_strings(); + +#Load openssl configure + +OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorithms(); + + /*You can use ENGINE_by_id Function to get the handle of the Huawei Accelerator Engine*/ + + ENGINE *e = ENGINE_by_id("kae"); + + /*The user code*/ + + ...... + +; + + ENGINE_free(e); + +; +} +``` + +## Troubleshooting + +### Failed to Initialize the Accelerator Engine + +#### Symptom + +The accelerator engine is not completely loaded. + +#### Solution + +1. Check whether the accelerator drivers are loaded successfully. Specifically, run the **lsmod** command to check whether uacce.ko, qm.ko, sgl.ko, hisi\_sec2.ko, hisi\_hpre.ko, hisi\_zip.ko, and hisi\_rde.ko exist. + + ```shell + $ lsmod | grep uacce + uacce 262144 2 hisi_hpre,hisi_qm,hisi_sec2,hisi_zip,hisi_rde + ``` + +2. Check whether the accelerator engine library exists in **/usr/lib64** \(directory for RPM installation\) or **/usr/local/lib** \(directory for source code installation\) and the OpenSSL installation directory, and check whether the correct soft link is established. + + ```shell + $ ll /usr/local/lib/engines-1.1/ |grep kae + # Check whether the KAE has been correctly installed and whether a soft link has been established. If yes, the displayed information is as follows: + lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so -> kae.so.1.0.1 + lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so.0 -> kae.so.1.0.1 + -rwxr-xr-x. 1 root root 112632 May 25 2019 kae.so.1.0.1 + $ + $ ll /usr/lib64/ | grep libwd + # Check whether libwd has been correctly installed and whether a soft link has been established. If yes, the displayed information is as follows: + lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so -> libwd.so.1.0.1 + lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so.0 -> libwd.so.1.0.1 + -rwxr-xr-x. 1 root root 137120 May 25 2019 libwd.so.1.0.1 + $ + ``` + +3. Check whether the path of the OpenSSL engine library can be exported by running the **export** command. + + ```shell + $ echo $OPENSSL_ENGINES + $ export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 + $ echo $OPENSSL_ENGINES + /usr/local/lib/engines-1.1 + ``` + +### Failed to Identify Accelerator Devices After the Acceleration Engine Is Installed + +#### Symptom + +After the acceleration engine is installed, the accelerator devices cannot be identified. + +#### Solution + +1. Check whether the device exists in the virtual file system. Normally, the following accelerator devices are displayed: + + ```shell + $ ls -al /sys/class/uacce/ + total 0 + lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2 + lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-3 -> ../../devices/pci0000:b8/0000:b8:00.0/0000:b9:00.0/uacce/hisi_hpre-3 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_rde-4 -> ../../devices/pci0000:78/0000:78:01.0/uacce/hisi_rde-4 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_rde-5 -> ../../devices/pci0000:b8/0000:b8:01.0/uacce/hisi_rde-5 + lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-0 -> ../../devices/pci0000:74/0000:74:01.0/0000:76:00.0/uacce/hisi_sec-0 + lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-1 -> ../../devices/pci0000:b4/0000:b4:01.0/0000:b6:00.0/uacce/hisi_sec-1 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-6 -> ../../devices/pci0000:74/0000:74:00.0/0000:75:00.0/uacce/hisi_zip-6 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-7 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-7 + ``` + +2. If you want to use the HPRE device but the device is not found in [1](#li1760055514614), check whether the accelerator software is correctly installed by referring to [Failed to Upgrade the Accelerator Drivers](#failed-to-upgrade-the-accelerator-drivers). +3. If the accelerator software is correctly installed, run the **lspci** command to check whether the physical device exists. + + ```shell + $ lspci | grep HPRE + 79:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) + b9:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) + $ lspci | grep SEC + 76:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon SEC Engine (rev 21) + b6:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon SEC Engine (rev 21) + $ lspci | grep RDE + 78:01.0 RAID bus controller: Huawei Technologies Co., Ltd. HiSilicon RDE Engine (rev 21) + b8:01.0 RAID bus controller: Huawei Technologies Co., Ltd. HiSilicon RDE Engine (rev 21) + $ lspci | grep ZIP + 75:00.0 Processing accelerators: Huawei Technologies Co., Ltd. HiSilicon ZIP Engine (rev 21) + b5:00.0 Processing accelerators: Huawei Technologies Co., Ltd. HiSilicon ZIP Engine (rev 21) + $ + ``` + +4. If no physical device is found in [3](#li1560012551369), perform the following operations: + - Check whether the accelerator license has been imported. If no, import the accelerator license. For details, see "License Management" in the [TaiShan Rack Server iBMC \(V500 or Later\) User Guide](https://support.huawei.com/enterprise/en/doc/EDOC1100121685/426cffd9?idPath=7919749%257C9856522%257C21782478%257C8060757). After the accelerator license is imported, power off and restart the iBMC to enable the license. + - Check whether the iBMC and BIOS versions support the accelerator feature. + +### Failed to Upgrade the Accelerator Drivers + +#### Symptom + +After the accelerator drivers are upgraded, the driver version is not changed after the system is restarted. + +#### Possible Cause + +Before the accelerator drivers are upgraded, the system upgrades other driver packages. These driver packages may update the boot file system initramfs, and update the accelerator drivers to initramfs before upgrade. For example, if the NIC driver is updated or initramfs is manually updated, the system loads the accelerator drivers from initramfs first during restart. + +#### Solution + +After the accelerator drivers are upgraded, run the **dracut \-\-force** command to update initramfs again. diff --git a/docs/en/server/performance/cpu_optimization/sysboost/_toc.yaml b/docs/en/server/performance/cpu_optimization/sysboost/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b690d38071e51b0c60ecc4a1116aabeacc8e646e --- /dev/null +++ b/docs/en/server/performance/cpu_optimization/sysboost/_toc.yaml @@ -0,0 +1,13 @@ +label: sysBoost User Guide +isManual: true +description: Enhance code compatibility with the CPU microarchitecture of the execution environment to boost program performance. +sections: + - label: sysBoost User Guide + href: ./sysboost.md + sections: + - label: Getting to Know sysBoost + href: ./getting_to_know_sysBoost.md + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage Instructions + href: ./usage_instructions.md diff --git a/docs/en/server/performance/cpu_optimization/sysboost/figures/architecture.png b/docs/en/server/performance/cpu_optimization/sysboost/figures/architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d805fe2caf7fe1f2ae38a37b22c39e1e002c6b Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/sysboost/figures/architecture.png differ diff --git a/docs/en/server/performance/cpu_optimization/sysboost/figures/icon-note.gif b/docs/en/server/performance/cpu_optimization/sysboost/figures/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/performance/cpu_optimization/sysboost/figures/icon-note.gif differ diff --git a/docs/en/server/performance/cpu_optimization/sysboost/getting_to_know_sysBoost.md b/docs/en/server/performance/cpu_optimization/sysboost/getting_to_know_sysBoost.md new file mode 100644 index 0000000000000000000000000000000000000000..6666c961d15ce0a5dfac833b6e6a61324db22799 --- /dev/null +++ b/docs/en/server/performance/cpu_optimization/sysboost/getting_to_know_sysBoost.md @@ -0,0 +1,61 @@ +# Getting to Know sysBoost + +## Introduction + +sysBoost reorders the code of executable files and dynamic libraries online to adapt the code for the CPU microarchitecture of the operating environment, boosting program performance. + +## Background + +- Large-scale applications use a large number of third-party or self-developed dynamic libraries. A large number of PLT jumps occur during function invoking. As a result, the instructions per cycle (IPC) decreases. + +- Assembly code is large in size and occupies a large amount of memory, resulting in a high iTLB miss rate. Hotspot code segments are scattered. As a result, the I-cache miss rate is high, affecting the CPU pipeline efficiency. + +- Application developers are unfamiliar with the OS and CPU microarchitecture, resulting in high IPC performance optimization costs. + +## sysBoost Design + +### Key technologies + +- Dynamic library merging: Scattered code segments and data segments are merged when the dynamic loader loads dynamic libraries. Huge page memory is used to improve the iTLB hit ratio. + +- PLT jump elimination: When the application code calls a dynamic library function, the execution is redirected to the PLT and then to the actual function. Eliminating PLT jump can improve the IPC. + +- Online reordering of hotspot code segments: By default, code is arranged by dynamic library. The online reordering technology can reorder hotspot code by segment. + +- exec native huge page mechanism: The user-mode huge page mechanism requires specific application configuration and recompilation. The exec native huge page mechanism directly uses huge page memory when the kernel loads the ELF file,without the need for modifying applications. + +### Architecture + +**Figure 1** sysBoost architecture + +![](./figures/architecture.png) + +## sysBoost Features + +- Full static merging: Applications and their dependent dynamic libraries are merged into one binary file, and segment-level reordering is performed. Multiple discrete code segments or data segments are merged into one to improve application performance. + +- Automatic binary file optimization: The sysBoost daemon reads the configuration file to obtain the binary files to be optimized and the corresponding optimization methods, optimizes the binary files based on user requirements, and stores the optimized binary files in RTO files. + +- Huge page preloading of binary code segments/data segments: When the user-mode page table is mapped to the physical memory, huge page (2 MB) mapping can improve performance. However, openEuler does not support huge page mapping of file pages. sysBoost provides the huge page pre-loading function. After binary optimization is complete, sysBoost immediately loads the content to the kernel as a huge page. When an application is started, sysBoost maps the pre-loaded content to the user-mode page table in batches to reduce page faults and memory access delay of the application, thereby improving the application startup speed and running efficiency. + +- Binary exception monitoring: If a bug occurs in the RTO binary file generated by sysBoost, the application may crash. To avoid repeated application starts and crashes and prevent the fault from spreading, sysBoost monitors the processes that load the RTO binary files. If such a process crashes, sysBoost rolls back the optimization by deleting the RTO file and the flag on the original application file. In addition, sysBoost renames the configuration file to prevent optimization from being applied again after the sysBoost service is restarted. + +## Benefits + +### Scenario 1 + +In the Bash test of UnixBench, some common commands and scripts are executed, such as `ls`, `grep`, and `awk`. These commands and scripts usually invoke some system libraries, such as **libc** and **libpthread**. These library files usually need to be dynamically linked, which increases the program startup time and delay. By using the binary file merging technology, these library files can be merged into an executable file, significantly improving the Bash performance and increasing the UnixBench score. + +### Scenario 2 + +The dynamic assembly design of some applications uses a large number of dynamic libraries, which brings the following problems: + +- Indirect function jump and scattered code segments affect CPU execution efficiency. +- The parsing of excessive dynamic library symbols slows down program startup. +- Profile-guided optimization based on a specific service model cannot adapt to different service models. + +Using sysBoost to start large processes during service deployment can effectively solve the preceding problems. + +- The exec huge page mechanism allows the loaded large processes to store code segments and data segments in memory huge pages, reducing the TLB miss rate. +- A large process contains all dynamic library code and application code, eliminating indirect function jumps. +- Service changes are intelligently identified online to regenerate large processes based on appropriate hotspot models. diff --git a/docs/en/server/performance/cpu_optimization/sysboost/installation_and_deployment.md b/docs/en/server/performance/cpu_optimization/sysboost/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..43979e5020e9f7ce2e36f4cecdcf87225c1fb6b5 --- /dev/null +++ b/docs/en/server/performance/cpu_optimization/sysboost/installation_and_deployment.md @@ -0,0 +1,68 @@ +# Installation and Deployment + +## Software and Hardware Requirements + +- Hardware: Kunpeng 920 server + +- Software: openEuler 23.09 + +## Environment Preparation + +- Install the openEuler OS. + +- Obtain root permissions. + +## sysBoost Installation + +To install the sysBoost, perform the following steps (**xxx** in the commands indicate version numbers): + +1. Mount an openEuler ISO image. + + ```sh + # Use the ISO file of the corresponding openEuler version. + mount openEuler-xxx-aarch64-dvd.iso /mnt + ``` + +2. Configure a local Yum source. + + ```sh + vim /etc/yum.repos.d/local.repo + ``` + + The configured contents are as follows: + + ```text + [localosrepo] + name=localosrepo + baseurl=file:///mnt + enabled=1 + gpgcheck=1 + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + ``` + +3. Install sysBoost. + + ```sh + yum install sysboost -y + ``` + +4. Check whether the installation is successful. + + ```text + # rpm -qa | grep sysboost + sysboost-xxx + # rpm -qa | grep native-turbo + native-turbo-xxx + ``` + + If the preceding information is displayed, the installation is successful. + +5. Install the relocation packages required for combining the ELF files. + + ```sh + yum install bash-relocation-xxx -y + yum install ncurses-relocation-xxx -y + ``` + + > ![](./figures/icon-note.gif) **Note:** + > If the ELF files and their dependency libraries contain the relocation segment, skip this step. diff --git a/docs/en/server/performance/cpu_optimization/sysboost/sysboost.md b/docs/en/server/performance/cpu_optimization/sysboost/sysboost.md new file mode 100644 index 0000000000000000000000000000000000000000..758405a32d143328fdc1a0b677a0a7c2f7194b30 --- /dev/null +++ b/docs/en/server/performance/cpu_optimization/sysboost/sysboost.md @@ -0,0 +1,5 @@ +# sysBoost User Guide + +This document describes how to install and use sysBoost, which is an online ELF reordering optimization software for openEuler. + +This document is intended for developers, open-source enthusiasts, and partners who use the openEuler system and want to know and use sysBoost. You need to have basic knowledge of the Linux OS. diff --git a/docs/en/server/performance/cpu_optimization/sysboost/usage_instructions.md b/docs/en/server/performance/cpu_optimization/sysboost/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..1f6ef3887f4167f7d6e5bd7adb5de29204523442 --- /dev/null +++ b/docs/en/server/performance/cpu_optimization/sysboost/usage_instructions.md @@ -0,0 +1,94 @@ +# Usage Instructions + +## Overview + +- Root permissions are required for using and configuring sysBoost. +- Only one sysBoost instance can exist. +- The system administrator must ensure the configuration file is correct. + +## Configuration + +### Configuration File Description + +Configuration file directory: **/etc/sysboost.d/** + +**Table 1** Client YAML configuration file + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Type

+

Value Range

+

elf_path

+

ELF file to be combined

+

String

+

ELF path supported by sysBoost

+

mode

+

sysBoost running mode

+

String

+

"static"

+

libs

+

Dependency library of the ELF file specified by elf_path. This is optional because sysBoost can automatically detects dependency libraries.

+

String

+

Path of the dependent library of the ELF file supported by sysBoost

+
+ +### Configuration Example + +sysBoost TOML configuration file example: + +```text +# /etc/sysboost.d/bash.toml +elf_path = "/usr/bin/bash" +mode = "static-nolibc" +libs = ["/usr/lib64/libtinfo.so.6"] +``` + +## Usage + +- Start sysBoost. + + ```text + systemctl start sysboost.service + ``` + +- Stop sysBoost. + + ```text + systemctl stop sysboost.service + ``` + +- Query sysBoost status. If there is no text in red, sysBoost is running normally. + + ```text + systemctl status sysboost.service + ``` + +- View logs. If sysBoost fails, see the system logs for details. + + ```text + cat /var/log/messages + ``` diff --git a/docs/en/server/performance/overall/system_resource/_toc.yaml b/docs/en/server/performance/overall/system_resource/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9dd23f13c1072cf9e88e15f455e89f3e09a9194b --- /dev/null +++ b/docs/en/server/performance/overall/system_resource/_toc.yaml @@ -0,0 +1,6 @@ +label: System Resources and Performance +isManual: true +description: CPU, memory, I/O, and commonly used performance analysis tools +sections: + - label: System Resources and Performance + href: ./system_resources_and_performance.md diff --git a/docs/en/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/en/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/en/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg b/docs/en/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/en/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/en/server/performance/overall/system_resource/system_resources_and_performance.md b/docs/en/server/performance/overall/system_resource/system_resources_and_performance.md new file mode 100644 index 0000000000000000000000000000000000000000..73d059a7dbd21a4d3cd9488e90ea3ab51d53fd46 --- /dev/null +++ b/docs/en/server/performance/overall/system_resource/system_resources_and_performance.md @@ -0,0 +1,313 @@ +# System Resources and Performance + +## CPU + +### Basic Concepts + +A central processing unit (CPU) is one of main devices of a computer, and a function of the CPU is to interpret computer instructions and process data in computer software. + +1. Physical core: an actual CPU core that can be seen. It has independent circuit components and L1 and L2 caches and can independently execute instructions. A CPU can have multiple physical cores. +2. Logical core: a core that exists at the logical layer in the same physical core. Generally, a physical core corresponds to a thread. However, if hyper-threading is enabled and the number of hyper-threads is *n*, a physical core can be divided into *n* logical cores. + +You can run the **lscpu** command to check the number of CPUs on the server, the number of physical cores in each CPU, and the number of logical cores in each CPU. + +### Common CPU Performance Analysis Tools + +1. **uptime**: prints the average system load. You can view the last three numbers to determine the change trend of the average load. + If the average load is greater than the number of CPUs, the CPUs are insufficient to serve threads and some threads are waiting. If the average load is less than the number of CPUs, there are remaining CPUs. + + ![zh-cn_image_0000001384808269](./images/zh-cn_image_0000001384808269.png) + +2. **vmstat**: dynamically monitors the usage of system resources and checks which phase occupies the most system resources. + You can run the **vmstat -h** command to view command parameters. + Example: + + ```shell + #Monitor the status and update the status every second. + vmstat 1 + ``` + + ![](./images/zh-cn_image_0000001385585749.png) + The fields in the command output are described as follows: + + | Field | Description | + | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | procs | Process information. | + | memory | Memory information. | + | swap | Swap partition information. | + | io | Drive read/write information. | + | system | System information. | + | cpu | CPU information.
**-us**: percentage of the CPU computing time consumed by non-kernel processes.
**-sy**: percentage of the CPU computing time consumed by kernel processes.
**-id**: idle.
**-wa**: percentage of CPU resources consumed by waiting for I/Os.
**-st**: percentage of CPUs stolen by VMs. | + +3. **sar**: analyzes system performance, observes current activities and configurations, and archives and reports historical statistics. + Example: + + ```shell + # Check the overall CPU load of the system. Collect the statistics every 3 seconds for five times. + sar -u 3 5 + ``` + + ![zh-cn_image_0000001336448570](./images/zh-cn_image_0000001336448570.png) + + The fields in the command output are described as follows: + + | Field | Description | + | ------- | ----------------------------------------------------------------------------------------------------------------------- | + | %user | Percentage of the CPU time consumed in user mode. | + | %nice | Percentage of the CPU time consumed by a process whose scheduling priority is changed through **nice** in user mode. | + | %system | Percentage of the CPU time consumed in system mode. | + | %iowait | Percentage of the time consumed by the CPU to wait for drive I/Os in idle state. | + | %steal | Percentage of the time used for waiting for other virtual CPU computing by using virtualization technologies of the OS. | + | %idle | Percentage of CPU idle time. | + +4. **ps**: displays running processes. + + ```shell + # View all processes in the system, and view the PIDs and priorities of the their parent processes. + ps -le + ``` + + ![zh-cn_image_0000001337039920](./images/zh-cn_image_0000001337039920.png) + + ```shell + # View the processes generated by the current shell. + ps -l + ``` + + ![zh-cn_image_0000001385611905](./images/zh-cn_image_0000001385611905.png) + +5. **top**: dynamically and continuously monitors the running status of processes and displays the processes that consume the most CPU resources. + +```shell +top +``` + +![zh-cn_image_0000001335457246](./images/zh-cn_image_0000001335457246.png) + +## Memory + +### Basic Concepts + +The memory is an important component of a computer, and is used to temporarily store operation data in the CPU and data exchanged with an external memory such as hardware. In particular, a non-uniform memory access architecture (NUMA) is a memory architecture designed for a multiprocessor computer. The memory access time depends on the location of the memory relative to the processor. In NUMA mode, a processor accesses the local memory faster than the non-local memory (the memory is located in another processor or shared between processors). + +### Common Memory Analysis Tools and Methods + +1. **free**: displays the system memory status. + Example: + + ```shell + # Display the system memory status in MB. + free -m + ``` + + The output is as follows: + + ```text + total used free shared buff/cache available + Mem: 2633 436 324 23 2072 2196 + Swap: 4043 0 4043 + ``` + + The fields in the command output are described as follows: + + | Field | Description | + | ---------- | ----------------------------------------------------------------------- | + | total | Total memory size. | + | used | Used memory. | + | free | Free memory. | + | shared | Total memory shared by multiple processes. | + | buff/cache | Total number of buffers and caches. | + | available | Estimated available memory to start a new application without swapping. | + +2. **vmstat**: dynamically monitors the system memory and views the system memory usage. + + Example: + + ```shell + # Monitor the system memory and display active and inactive memory. + vmstat -a + ``` + + The output is as follows: + + ```text + procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- + r b swpd free inact active si so bi bo in cs us sy id wa st + 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 + ``` + + In the command output, the field related to the memory is described as follows: + + | Field | Description | + | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | memory | Memory information.
**-swpd**: usage of the virtual memory, in KB.
**-free**: free memory capacity, in KB.
**-inact**: inactive memory capacity, in KB.
**-active**: active memory capacity, in KB. | + +3. **sar**: monitors the memory usage of the system. + + Example: + + ```shell + # Monitor the memory usage in the sampling period in the system. Collect the statistics every two seconds for three times. + sar -r 2 3 + ``` + + The output is as follows: + + ```text + 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb + dirty + 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + ``` + + The fields in the command output are described as follows: + + | Field | Description | + | --------- | ------------------------------------------------ | + | kbmemfree | Unused memory space. | + | kbmemused | Used memory space. | + | %memused | Percentage of the used space. | + | kbbuffers | Amount of data stored in the buffer. | + | kbcached | Data access volume in all domains of the system. | + +4. **numactl**: displays the NUMA node configuration and status. + + Example: + + ```shell + # Check the current NUMA configuration. + numactl -H + ``` + + The output is as follows: + + ```text + available: 1 nodes (0) + node 0 cpus: 0 1 2 3 + node 0 size: 2633 MB + node 0 free: 322 MB + node distances: + node 0 + 0: 10 + ``` + + The server contains one NUMA node, which consists of four CPU cores, each has about 6 GB memory. + The output also shows distances between nodes. The greater the distance, the larger the latency of corss-NUMA node memory accesses. Applications should not access memory across NUMA nodes frequently. + + **numastat**: displays the NUMA node status. + + ```shell + # Check the NUMA node status. + numastat + ``` + + ```text + node0 + numa_hit 5386186 + numa_miss 0 + numa_foreign 0 + interleave_hit 17483 + local_node 5386186 + other_node 0 + ``` + + The fields in the **numstat** command output are described as follows: + + | Field | Description | + | --------- | --------------------------------------------------------------------------- | + | numa_hit | Number of times that the CPU core accesses the local memory on a node. | + | numa_miss | Number of times that the core of a node accesses the memory of other nodes. | + +## I/O + +### Basic Concepts + +I/O indicates input/output. Input refers to the operation of receiving signals or data by the system, and output refers to the operation of sending signals or data from the system. For a combination of CPU and main memory, any information incoming to or outgoing from the CPU/memory combination is considered as I/Os. + +### Common I/O Performance Analysis Tools + +1. **iostat**: reports statistics about all online drives. + + Example: + + ```shell + # Display the drive information in KB. Collect the statistics every second and for 100 seconds. + iostat -d -k -x 100 + ``` + + ![zh-cn_image_0000001385905845](./images/zh-cn_image_0000001385905845.png) + + The fields in the command output are described as follows: + + | Field | Description | + | -------- | ---------------------------------------------------------------------------------- | + | Device | Name of the monitoring device. | + | r/s | Number of read requests completed by the device per second (after combination). | + | rKB/s | Number of KBs read from the drive per second. | + | rrqm/s | Number of read operations merged into the request queue per second. | + | %rrqm | Percentage of read requests merged before they are sent to the device. | + | r_await | Average time consumed by each read request. | + | rareq-sz | Average size of read requests sent to the device, in KB. | + | w/s | Number of write requests completed by the device per second (after combination). | + | wKB/s | Number of KBs written to the drive per second. | + | wrqm/s | Number of write operations merged into the request queue per second. | + | %wrqm | Percentage of write requests merged before they are sent to the device. | + | w_await | Average time consumed by each write request. | + | wareq-sz | Average size of write requests sent to the device, in KB. | + | d/s | Number of discard requests processed by the device per second. | + | dKB/s | Number of sectors (KB) discarded by the device per second. | + | drqm/s | Number of discard requests merged into the device queue per second. | + | %drqm | Percentage of discard requests merged before they are sent to the device. | + | d_await | Average time for sending discard requests to the device to be served. | + | dareq-sz | Average size of discard requests sent to the device, in KB. | + | f/s | Number of refresh requests completed by the device per second (after combination). | + | f_await | Average time for sending refresh requests to the device to be served. | + | aqu-sz | Average queue length of requests sent to the device. | + | %util | Percentage of the I/O operation time, that is, the usage. | + +2. **sar**: displays the read and write performance of the system drive. + + Example: + + ```shell + # Display the usage status of all hard drives in the system in the sampling period. Collect the statistics every 3 seconds for five times. + sar -d 3 5 + ``` + + ![zh-cn_image_0000001386149037](./images/zh-cn_image_0000001386149037.png) + + The fields in the command output are described as follows: + + | Field | Description | + | ------- | ----------------------------------------------------------------------------------------------- | + | tps | Total number of transfers sent to the physical device per second. | + | rKB/s | Number of KBs read from the device per second. | + | wKB/s | Number of KBs written to the device per second. | + | dKB/s | Number of KBs discarded by the device per second. | + | areq-sz | Average size (KB) of I/O requests sent to the device. | + | aqu-sz | Average queue length of requests sent to the device. | + | await | Average time for sending I/O requests to the device to be served. | + | %util | Percentage of the time used to send I/O requests to the device (bandwidth usage of the device). | + +3. vmstat + + ```shell + # Run the vmstat command to monitor and report drive statistics. + vmstat -d + ``` + + ![zh-cn_image_0000001389098425](./images/zh-cn_image_0000001389098425.png) + + The fields in the command output are described as follows: + + | Field | Description | + | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | reads | **-total**: total number of reads that have been successfully completed.
**-merged**: number of merged reads (resulting in one I/O).
**-sectors**: sectors from which data is successfully read.
**-ms**: number of milliseconds spent on reading data. | + | writes | **-total**: total number of writes that have been successfully completed.
**-merged**: merged writes (resulting in one I/O).
**-sectors**: sectors to which data is successfully written.
**-ms**: number of milliseconds spent on writing data. | + | IO | **-cur**: number of I/O operations in progress. **-sec**: total number of seconds spent on I/O. | diff --git a/docs/en/server/performance/system_optimzation/atune/_toc.yaml b/docs/en/server/performance/system_optimzation/atune/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..571a4d42a188db5071ab40f63511a0e5df89c59a --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/_toc.yaml @@ -0,0 +1,19 @@ +label: A-Tune User Guide +isManual: true +description: Optimized openEuler performance through AI-powered, automated tuning +sections: + - label: A-Tune User Guide + href: ./a_tune.md + sections: + - label: Getting to Know A-Tune + href: ./getting_to_know_a_tune.md + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage Instructions + href: ./usage_instructions.md + - label: Native-Turbo + href: ./native_turbo.md + - label: Appendix + href: ./appendix.md + - label: Common Issues and Solutions + href: ./faqs_and_solutions.md diff --git a/docs/en/server/performance/system_optimzation/atune/a_tune.md b/docs/en/server/performance/system_optimzation/atune/a_tune.md new file mode 100644 index 0000000000000000000000000000000000000000..b481797f5c97d2c5e477fe1a0c7a4b92f646d7b3 --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/a_tune.md @@ -0,0 +1,5 @@ +# A-Tune User Guide + +This document describes how to install and use A-Tune, which is a performance self-optimization software for openEuler. + +This document is intended for developers, open-source enthusiasts, and partners who use the openEuler system and want to know and use A-Tune. You need to have basic knowledge of the Linux OS. diff --git a/docs/en/server/performance/system_optimzation/atune/appendix.md b/docs/en/server/performance/system_optimzation/atune/appendix.md new file mode 100644 index 0000000000000000000000000000000000000000..2561f9c60de35954665977265d48718cdf802de4 --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/appendix.md @@ -0,0 +1,19 @@ +# Appendix + +## Acronyms and Abbreviations + +**Table 1** Terminology + + + + + + + + + +

Term

+

Description

+

profile

+

Set of optimization items and optimal parameter configuration.

+
diff --git a/docs/en/server/performance/system_optimzation/atune/faqs_and_solutions.md b/docs/en/server/performance/system_optimzation/atune/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..38a9d93493919182e8bcc05f45740b3f50aae64f --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/faqs_and_solutions.md @@ -0,0 +1,52 @@ +# Common Issues and Solutions + +## Issue 1: An error occurs when the **train** command is used to train a model, and the message "training data failed" is displayed + +Cause: Only one type of data is collected by using the **collection**command. + +Solution: Collect data of at least two data types for training. + +## Issue 2: atune-adm cannot connect to the atuned service + +Possible cause: + +1. Check whether the atuned service is started and check the atuned listening address. + + ```shell + systemctl status atuned + netstat -nap | grep atuned + ``` + +2. The firewall blocks the atuned listening port. +3. The HTTP proxy is configured in the system. As a result, the connection fails. + +Solution: + +1. If the atuned service is not started, run the following command to start the service: + + ```shell + systemctl start atuned + ``` + +2. Run the following command on the atuned and atune-adm servers to allow the listening port to receive network packets. In the command, **60001** is the listening port number of the atuned server. + + ```shell + iptables -I INPUT -p tcp --dport 60001 -j ACCEPT + iptables -I INPUT -p tcp --sport 60001 -j ACCEPT + ``` + +3. Run the following command to delete the HTTP proxy or disable the HTTP proxy for the listening IP address without affecting services: + + ```shell + no_proxy=$no_proxy, Listening_IP_address + ``` + +## Issue 3: The atuned service cannot be started, and the message "Job for atuned.service failed because a timeout was exceeded." is displayed + +Cause: The hosts file does not contain the localhost information. + +Solution: Add localhost to the line starting with **127.0.0.1** in the **/etc/hosts** file. + +```text +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +``` diff --git a/docs/en/server/performance/system_optimzation/atune/figures/picture1.png b/docs/en/server/performance/system_optimzation/atune/figures/picture1.png new file mode 100644 index 0000000000000000000000000000000000000000..52d496e95f06ef8636730dbbc1aa84d88aea6a34 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/picture1.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/picture4.png b/docs/en/server/performance/system_optimzation/atune/figures/picture4.png new file mode 100644 index 0000000000000000000000000000000000000000..85d57aa2024615a6f0fbff5a7d2a207941eb3085 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/picture4.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178479.png b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178479.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178479.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178480.png b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178480.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178480.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0214540398.png b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0214540398.png new file mode 100644 index 0000000000000000000000000000000000000000..cea2292307b57854aa629ec102a5bc1b16d244a0 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0214540398.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497000.png b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497000.png new file mode 100644 index 0000000000000000000000000000000000000000..db9b5ce8b6d211d54ea36930504cca415ddfb8ca Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497000.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497343.png b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497343.png new file mode 100644 index 0000000000000000000000000000000000000000..aecf293846ebd12f15b9a3fb5fdc2618d9d527dc Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497343.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0231122163.png b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0231122163.png new file mode 100644 index 0000000000000000000000000000000000000000..66bf082a6537ad70c84e4e8f07de745f973482b9 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0231122163.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0245342444.png b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0245342444.png new file mode 100644 index 0000000000000000000000000000000000000000..10f0fceb42c00c80ef49decdc0c480eb04c2ca6d Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/figures/zh-cn_image_0245342444.png differ diff --git a/docs/en/server/performance/system_optimzation/atune/getting_to_know_a_tune.md b/docs/en/server/performance/system_optimzation/atune/getting_to_know_a_tune.md new file mode 100644 index 0000000000000000000000000000000000000000..0fbc0788071300c8daa2e88da06d230ed32cfa18 --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/getting_to_know_a_tune.md @@ -0,0 +1,63 @@ +# Getting to Know A-Tune + +## Introduction + +An operating system \(OS\) is basic software that connects applications and hardware. It is critical for users to adjust OS and application configurations and make full use of software and hardware capabilities to achieve optimal service performance. However, numerous workload types and varied applications run on the OS, and the requirements on resources are different. Currently, the application environment composed of hardware and software involves more than 7000 configuration objects. As the service complexity and optimization objects increase, the time cost for optimization increases exponentially. As a result, optimization efficiency decreases sharply. Optimization becomes complex and brings great challenges to users. + +Second, as infrastructure software, the OS provides a large number of software and hardware management capabilities. The capability required varies in different scenarios. Therefore, capabilities need to be enabled or disabled depending on scenarios, and a combination of capabilities will maximize the optimal performance of applications. + +In addition, the actual business embraces hundreds and thousands of scenarios, and each scenario involves a wide variety of hardware configurations for computing, network, and storage. The lab cannot list all applications, business scenarios, and hardware combinations. + +To address the preceding challenges, openEuler launches A-Tune. + +A-Tune is an AI-based engine that optimizes system performance. It uses AI technologies to precisely profile business scenarios, discover and infer business characteristics, so as to make intelligent decisions, match with the optimal system parameter configuration combination, and give recommendations, ensuring the optimal business running status. + +![](figures/zh-cn_image_0227497000.png) + +## Architecture + +The following figure shows the A-Tune core technical architecture, which consists of intelligent decision-making, system profile, and interaction system. + +- Intelligent decision-making layer: consists of the awareness and decision-making subsystems, which implements intelligent awareness of applications and system optimization decision-making, respectively. +- System profile layer: consists of the feature engineering and two-layer classification model. The feature engineering is used to automatically select service features, and the two-layer classification model is used to learn and classify service models. +- Interaction system layer: monitors and configures various system resources and executes optimization policies. + +![](figures/zh-cn_image_0227497343.png) + +## Supported Features and Service Models + +### Supported Features + +[Table 1](#table1919220557576) describes the main features supported by A-Tune, feature maturity, and usage suggestions. + +**Table 1** Feature maturity + + + +| Feature | Maturity | Usage Suggestion | +| --------------------------------------------------------- | -------- | ---------------- | +| Auto optimization of 15 applications in 11 workload types | Tested | Pilot | +| User-defined profile and service models | Tested | Pilot | +| Automatic parameter optimization | Tested | Pilot | + +### Supported Service Models + +Based on the workload characteristics of applications, A-Tune classifies services into 11 types. For details about the bottleneck of each type and the applications supported by A-Tune, see [Table 2](#table2819164611311). + +**Table 2** Supported workload types and applications + + + +| Service category | Type | Bottleneck | Supported Application | +| ------------------ | -------------------- | ------------------------------------------------------------ | ----------------------------------- | +| default | Default type | Low resource usage in terms of cpu, memory, network, and I/O | N/A | +| webserver | Web application | Bottlenecks of cpu and network | Nginx, Apache Traffic Server | +| database | Database | Bottlenecks of cpu, memory, and I/O | Mongodb, Mysql, Postgresql, Mariadb | +| big_data | Big data | Bottlenecks of cpu and memory | Hadoop-hdfs, Hadoop-spark | +| middleware | Middleware framework | Bottlenecks of cpu and network | Dubbo | +| in-memory_database | Memory database | Bottlenecks of memory and I/O | Redis | +| basic-test-suite | Basic test suite | Bottlenecks of cpu and memory | SPECCPU2006, SPECjbb2015 | +| hpc | Human genome | Bottlenecks of cpu, memory, and I/O | Gatk4 | +| storage | Storage | Bottlenecks of network, and I/O | Ceph | +| virtualization | Virtualization | Bottlenecks of cpu, memory, and I/O | Consumer-cloud, Mariadb | +| docker | Docker | Bottlenecks of cpu, memory, and I/O | Mariadb | diff --git a/docs/en/server/performance/system_optimzation/atune/installation_and_deployment.md b/docs/en/server/performance/system_optimzation/atune/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..10730ff9e840d03a7e39c4d4e88259fe1a04b0e7 --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/installation_and_deployment.md @@ -0,0 +1,509 @@ +# Installation and Deployment + +This chapter describes how to install and deploy A-Tune. + +## Software and Hardware Requirements + +### Hardware Requirement + +- Huawei Kunpeng 920 processor + +### Software Requirement + +- OS: openEuler 22.03 + +## Environment Preparation + +For details about installing an openEuler OS, see the [_openEuler Installation Guide_](../../../installation_upgrade/installation/installation_on_servers.md). + +## A-Tune Installation + +This section describes the installation modes and methods of the A-Tune. + +### Installation Modes + +A-Tune can be installed in single-node, distributed, and cluster modes. + +- Single-node mode + + The client and server are installed on the same system. + +- Distributed mode + + The client and server are installed on different systems. + +- Cluster mode + A cluster consists of a client and more than one servers. + +The installation modes are as follows: + +![](./figures/zh-cn_image_0231122163.png) + +### Installation Procedure + +To install the A-Tune, perform the following steps: + +1. Mount an openEuler ISO image. + + ```shell + mount openEuler-22.03-LTS-everything-x86_64-dvd.iso /mnt + ``` + + > Use the **everything** ISO image. + +2. Configure the local Yum source. + + ```shell + vim /etc/yum.repos.d/local.repo + ``` + + The configured contents are as follows: + + ```conf + [local] + name=local + baseurl=file:///mnt + gpgcheck=1 + enabled=1 + ``` + +3. Import the GPG public key of the RPM digital signature to the system. + + ```shell + rpm --import /mnt/RPM-GPG-KEY-openEuler + ``` + +4. Install an A-Tune server. + + > [!NOTE]NOTE + > In this step, both the server and client software packages are installed. For the single-node deployment, skip **Step 5**. + + ```shell + yum install atune -y + yum install atune-engine -y + ``` + +5. For a distributed mode, install an A-Tune client on associated server. + + ```shell + yum install atune-client -y + ``` + +6. Check whether the installation is successful. + + ```shell + $ rpm -qa | grep atune + atune-client-xxx + atune-db-xxx + atune-xxx + atune-engine-xxx + ``` + + If the preceding information is displayed, the installation is successful. + +## A-Tune Deployment + +This section describes how to deploy A-Tune. + +### Overview + +The configuration items in the A-Tune configuration file **/etc/atuned/atuned.cnf** are described as follows: + +- A-Tune service startup configuration (modify the parameter values as required). + + - **protocol**: Protocol used by the gRPC service. The value can be **unix** or **tcp**. **unix** indicates the local socket communication mode, and **tcp** indicates the socket listening port mode. The default value is **unix**. + - **address**: Listening IP address of the gRPC service. The default value is **unix socket**. If the gRPC service is deployed in distributed mode, change the value to the listening IP address. + - **port**: Listening port of the gRPC server. The value ranges from 0 to 65535. If **protocol** is set to **unix**, you do not need to set this parameter. + - **connect**: IP address list of the nodes where the A-Tune is located when the A-Tune is deployed in a cluster. IP addresses are separated by commas (,). + - **rest_host**: Listening address of the REST service. The default value is localhost. + - **rest_port**: Listening port of the REST service. The value ranges from 0 to 65535. The default value is 8383. + - **engine_host**: IP address for connecting to the A-Tune engine service of the system. + - **engine_port**: Port for connecting to the A-Tune engine service of the system. + - **sample_num**: Number of samples collected when the system executes the analysis process. The default value is 20. + - **interval**: Interval for collecting samples when the system executes the analysis process. The default value is 5s. + - **grpc_tls**: Indicates whether to enable SSL/TLS certificate verification for the gRPC service. By default, this function is disabled. After grpc_tls is enabled, you need to set the following environment variables before running the **atune-adm** command to communicate with the server: + - export ATUNE_TLS=yes + - export ATUNED_CACERT=\ + - export ATUNED_CLIENTCERT=\ + - export ATUNED_CLIENTKEY=\ + - export ATUNED_SERVERCN=server + - **tlsservercafile**: Path of the gPRC server's CA certificate. + - **tlsservercertfile**: Path of the gPRC server certificate. + - **tlsserverkeyfile**: Path of the gPRC server key. + - **rest_tls**: Indicates whether to enable SSL/TLS certificate verification for the REST service. This function is enabled by default. + - **tlsrestcacertfile**: Path of the server's CA certificate of the REST service. + - **tlsrestservercertfile**: Path of the server certificate of the REST service. + - **tlsrestserverkeyfile**: Indicates the key path of the REST service. + - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default.. + - **tlsenginecacertfile**: Path of the client CA certificate of the A-Tune engine service. + - **tlsengineclientcertfile**: Client certificate path of the A-Tune engine service. + - **tlsengineclientkeyfile**: Client key path of the A-Tune engine service. + +- System information + + System is the parameter information required for system optimization. You must modify the parameter information according to the actual situation. + + - **disk**: Disk information to be collected during the analysis process or specified disk during disk optimization. + - **network**: NIC information to be collected during the analysis process or specified NIC during NIC optimization. + - **user**: User name used for ulimit optimization. Currently, only the user **root** is supported. + +- Log information + + Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file. + +- Monitor information + + Hardware information that is collected by default when the system is started. + +- Tuning information + + Tuning is the parameter information required for offline tuning. + + - **noise**: Evaluation value of Gaussian noise. + - **sel_feature**: Indicates whether to enable the function of generating the importance ranking of offline tuning parameters. By default, this function is disabled. + +#### Example + +```conf +#################################### server ############################### + # atuned config + [server] + # the protocol grpc server running on + # ranges: unix or tcp + protocol = unix + + # the address that the grpc server to bind to + # default is unix socket /var/run/atuned/atuned.sock + # ranges: /var/run/atuned/atuned.sock or ip address + address = /var/run/atuned/atuned.sock + + # the atune nodes in cluster mode, separated by commas + # it is valid when protocol is tcp + # connect = ip01,ip02,ip03 + + # the atuned grpc listening port + # the port can be set between 0 to 65535 which not be used + # port = 60001 + + # the rest service listening port, default is 8383 + # the port can be set between 0 to 65535 which not be used + rest_host = localhost + rest_port = 8383 + + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # when run analysis command, the numbers of collected data. + # default is 20 + sample_num = 20 + + # interval for collecting data, default is 5s + interval = 5 + + # enable gRPC authentication SSL/TLS + # default is false + # grpc_tls = false + # tlsservercafile = /etc/atuned/grpc_certs/ca.crt + # tlsservercertfile = /etc/atuned/grpc_certs/server.crt + # tlsserverkeyfile = /etc/atuned/grpc_certs/server.key + + # enable rest server authentication SSL/TLS + # default is true + rest_tls = true + tlsrestcacertfile = /etc/atuned/rest_certs/ca.crt + tlsrestservercertfile = /etc/atuned/rest_certs/server.crt + tlsrestserverkeyfile = /etc/atuned/rest_certs/server.key + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineclientcertfile = /etc/atuned/engine_certs/client.crt + tlsengineclientkeyfile = /etc/atuned/engine_certs/client.key + + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info + + #################################### monitor ############################### + [monitor] + # with the module and format of the MPI, the format is {module}_{purpose} + # the module is Either "mem", "net", "cpu", "storage" + # the purpose is "topo" + module = mem_topo, cpu_topo + + #################################### system ############################### + # you can add arbitrary key-value here, just like key = value + # you can use the key in the profile + [system] + # the disk to be analysis + disk = sda + + # the network to be analysis + network = enp189s0f0 + + user = root + + #################################### tuning ############################### + # tuning configs + [tuning] + noise = 0.000000001 + sel_feature = false +``` + +The configuration items in the configuration file **/etc/atuned/engine.cnf** of the A-Tune engine are described as follows: + +- Startup configuration of the A-Tune engine service (modify the parameter values as required). + + - **engine_host**: Listening address of the A-Tune engine service. The default value is localhost. + - **engine_port**: Listening port of the A-Tune engine service. The value ranges from 0 to 65535. The default value is 3838. + - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default. + - **tlsenginecacertfile**: Path of the server CA certificate of the A-Tune engine service. + - **tlsengineservercertfile**: Path of the server certificate of the A-Tune engine service. + - **tlsengineserverkeyfile**: Server key path of the A-Tune engine service. + +- Log information + + Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file. + +#### Example + +```conf +#################################### engine ############################### + [server] + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineservercertfile = /etc/atuned/engine_certs/server.crt + tlsengineserverkeyfile = /etc/atuned/engine_certs/server.key + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info +``` + +## Starting A-Tune + +After A-Tune is installed, you need to configure the A-Tune service before starting it. + +- Configure the A-Tune service. + Modify the network adapter and drive information in the **atuned.cnf** configuration file. + > Note: + > + > If atuned is installed through `make install`, the network adapter and drive information in the configuration file is automatically updated to the default devices on the machine. To collect data from other devices, perform the following steps to configure atuned. + + Run the following command to search for the network adapter that needs to be specified for optimization or data collection, and change the value of **network** in the **/etc/atuned/atuned.cnf** file to the specified network adapter: + + ```shell + ip addr + ``` + + Run the following command to search for the drive that need to be specified for optimization or data collection, and change the value of **disk** in the **/etc/atuned/atuned.cnf** file to the specified drive: + + ```shell + fdisk -l | grep dev + ``` + +- About the certificate: + The A-Tune engine and client use the gRPC communication protocol. Therefore, you need to configure a certificate to ensure system security. For information security purposes, A-Tune does not provide a certificate generation method. You need to configure a system certificate by yourself. + If security is not considered, set **rest_tls** and **engine_tls** in the **/etc/atuned/atuned.cnf** file to **false**, set **engine_tls** in the **/etc/atuned/engine.cnf** file to **false**. + A-Tune is not liable for any consequences incurred if no security certificate is configured. + +- Start the atuned service. + + ```shell + systemctl start atuned + ``` + +- Query the atuned service status. + + ```shell + systemctl status atuned + ``` + + If the following command output is displayed, the service is started successfully: + + ![](./figures/zh-cn_image_0214540398.png) + +## Starting A-Tune Engine + +To use AI functions, you need to start the A-Tune engine service. + +- Start the atune-engine service. + + ```shell + systemctl start atune-engine + ``` + +- Query the atune-engine service status. + + ```shell + systemctl status atune-engine + ``` + + If the following command output is displayed, the service is started successfully: + + ![](./figures/zh-cn_image_0245342444.png) + +## Distributed Deployment + +### Purpose of Distributed Deployment + +A-Tune supports distributed deployment to implement distributed architecture and on-demand deployment. The components of A-Tune can be deployed separately. Lightweight component deployment has little impact on services and avoids installing too many dependencies to reduce the system load. + +This document describes only a common deployment mode: deploying the client and server on the same node and deploying the engine module on another node. For details about other deployment modes, contact A-Tune developers. + +**Deployment relationship** +![](figures/picture1.png) + +### Configuration File + +In distributed deployment mode, you need to configure the write the IP address and port number of the engine in the configuration file so that other components can access the engine component through the IP address. + +1. Modify the **/etc/atuned/atuned.cnf** file on the server node. + + - Change the values of **engine_host** and **engine_port** in line 34 to the IP address and port number of the engine node. For the deployment in the preceding figure, the values are **engine_host = 192.168.0.1 engine_port = 3838**. + - Change the values of **rest_tls** and **engine_tls** in lines 49 and 55 to **false**. Otherwise, you need to apply for and configure certificates. You do not need to configure SSL certificates in the test environment. However, you need to configure SSL certificates in the production environment to prevent security risks. + +2. Modify the**/etc/atuned/engine.cnf** file on the engine node. + + - Change the values of **engine_host** and **engine_port** in lines 17 and 18 to the IP address and port number of the engine node. For the deployment in the preceding figure, the value are **engine_host = 192.168.0.1 engine_port = 3838**. + - Change the value of **engine_tls** in line 22 to **false**. + +3. After modifying the configuration file, restart the service for the modification to take effect. + + - Run the `systemctl restart atuned command` on the server node. + - Run the `systemctl restart atune-engine` command on the engine node. + +4. (Optional) Run the `tuning` command in the **A-Tune/examples/tuning/compress** folder. + + - For details, see **A-Tune/examples/tuning/compress/README**. + - Run the `atune-adm tuning --project compress --detail compress_client.yaml` command. + - This step is to check whether the distributed deployment is successful. + +### Precautions + +1. This document does not describe how to configure the authentication certificates. You can set **rest_tls** or **engine_tls** in the **atuned.cnf** and **engine.cnf** files to **false** if necessary. +2. After modifying the configuration file, restart the service. Otherwise, the modification does not take effect. +3. Do not enable the proxy when using A-Tune. +4. The **disk** and **network** items of the **\[system]** section in the **atuned.cnf** file need to be modified. For details about how to modify the items, see the [A-Tune User Guide](https://gitee.com/gaoruoshu/A-Tune/blob/master/Documentation/UserGuide/A-Tune%E7%94%A8%E6%88%B7%E6%8C%87%E5%8D%97.md). + +### Example + +#### atuned.cnf + +```conf +# ...... + +# the tuning optimizer host and port, start by engine.service +# if engine_host is same as rest_host, two ports cannot be same +# the port can be set between 0 to 65535 which not be used +engine_host = 192.168.0.1 +engine_port = 3838 + +# ...... +``` + +#### engine.cnf + +```bash +[server] +# the tuning optimizer host and port, start by engine.service +# if engine_host is same as rest_host, two ports cannot be same +# the port can be set between 0 to 65535 which not be used +engine_host = 192.168.0.1 +engine_port = 3838 +``` + +## Cluster Deployment + +### Purpose of Cluster Deployment + +To support fast tuning in multi-node scenarios, A-Tune supports dynamic tuning of parameter settings on multiple nodes at the same time. In this way, you do not need to tune each node separately, improving tuning efficiency. +Cluster deployment mode consists of one master node and several agent nodes. The client and server are deployed on the master node to receive commands and interact with the engine. Other nodes receive instructions from the master node and configure the parameters of the current node. + +**Deployment relationship** + ![](figures/picture4.png) + +In the preceding figure, the client and server are deployed on the node whose IP address is 192.168.0.0. Project files are stored on this node. Other nodes do not contain project files. +The master node communicates with the agent nodes through TCP. Therefore, you need to modify the configuration file. + +### Modifications to atuned.cnf + +1. Set the value of **protocol** to **tcp**. +2. Set the value of **address** to the IP address of the current node. +3. Set the value of **connect** to the IP addresses of all nodes. The first IP address is the IP address of the master node, and the subsequent IP addresses are the IP addresses of agent nodes. Use commas (,) to separate the IP addresses. +4. During debugging, you can set **rest_tls** and **engine_tls** to **false**. +5. Perform the same modification on the **atuned.cnf** files of all the master and agent nodes. + +### Precautions + +1. The values of **engine_host** and **engine_port** must be consistent in the **engine.cnf** file and the **atuned.cnf** file on the server. +2. This document does not describe how to configure the authentication certificates. You can set **rest_tls** or **engine_tls** in the **atuned.cnf** and **engine.cnf** files to **false** if necessary. +3. After modifying the configuration file, restart the service. Otherwise, the modification does not take effect. +4. Do not enable the proxy when using A-Tune. + +### Example + +#### atuned.cnf + +```conf +# ...... + +[server] +# the protocol grpc server running on +# ranges: unix or tcp +protocol = tcp + +# the address that the grpc server to bind to +# default is unix socket /var/run/atuned/atuned.sock +# ranges: /var/run/atuned/atuned.sock or ip address +address = 192.168.0.0 + +# the atune nodes in cluster mode, separated by commas +# it is valid when protocol is tcp +connect = 192.168.0.0,192.168.0.1,192.168.0.2,192.168.0.3 + +# the atuned grpc listening port +# the port can be set between 0 to 65535 which not be used +port = 60001 + +# the rest service listening port, default is 8383 +# the port can be set between 0 to 65535 which not be used +rest_host = localhost +rest_port = 8383 + +# the tuning optimizer host and port, start by engine.service +# if engine_host is same as rest_host, two ports cannot be same +# the port can be set between 0 to 65535 which not be used +engine_host = 192.168.1.1 +engine_port = 3838 + +# ...... +``` + +#### engine.cnf + +```bash +[server] +# the tuning optimizer host and port, start by engine.service +# if engine_host is same as rest_host, two ports cannot be same +# the port can be set between 0 to 65535 which not be used +engine_host = 192.168.1.1 +engine_port = 3838 +``` + +Note: For details about the **engine.cnf** file, see the configuration file for distributed deployment. diff --git a/docs/en/server/performance/system_optimzation/atune/native_turbo.md b/docs/en/server/performance/system_optimzation/atune/native_turbo.md new file mode 100644 index 0000000000000000000000000000000000000000..0abd1b3e503143f89e99faedd06cd0ac17a42110 --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/native_turbo.md @@ -0,0 +1,54 @@ +# Native-Turbo + +## Overview + +The code segment and data segment of a large program can reach hundreds of MB, and the TLB miss rate of key service processes is high. The size of the kernel page table affects the performance. + +To facilitate the use of huge pages, the Native-Turbo feature enables the system to automatically use huge pages when loading programs. Huge pages can be used for code segments and data segments. + +## How to Use + +1. Enable the feature. + + This feature has two levels of switches. `sysctl fs.exec-use-hugetlb` determines whether to enable this feature in the system. (This command can only be run by the **root** user. The value `0` indicates that this feature is disabled, and the value `1` indicates that this feature is enabled. Other values are invalid.) + + If not enabled, this feature will not be used even if users set environment variables because the kernel will ignore related processes. + + After this feature is enabled, common users can use the environment variable `HUGEPAGE_PROBE` to determine whether to use huge pages for running programs. If the value is `1`, huge pages are used. If the value is not set, huge pages are not used. + + ```shell + sysctl fs.exec-use-hugetlb=1 # The main program uses huge pages. + export HUGEPAGE_PROBE=1 # The dynamic library uses huge pages. + ``` + + You can also configure the environment variable `LD_HUGEPAGE_LIB=1` to force all segments to use huge pages. + +2. Mark the segments that need to use huge pages. By default, all segments are marked. `-x` only marks code segments. `-d` clears existing marks. + + ```shell + hugepageedit [-x] [-d] app + ``` + + This tool is provided by the glibc-devel package. + +3. Run the application. + + ./app + +## Restrictions + +1. The program and dynamic library must be compiled in 2 MB alignment mode by adding the following GCC compilation parameters: + + ```shell + -zcommon-page-size=0x200000 -zmax-page-size=0x200000 + ``` + +2. Sufficient huge pages must be reserved before use. Otherwise, the program will fail to be executed. + + If the cgroup is used, pay attention to the `hugetlb` limit. If the limit is less than the number of required huge pages, the system may break down during running. + +3. The size of the process page table is changed to 2 MB. Therefore, the parameters invoked by the system such as `mprotect` must be aligned by 2 MB. Otherwise, the execution will fail. + +4. The LibcarePlus hot patch mechanism is not supported. + +5. Huge pages cannot be shared among multiple processes because they will consume multiple times of memory. diff --git a/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-caution.gif b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-danger.gif b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-note.gif b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-notice.gif b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-tip.gif b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-warning.gif b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/performance/system_optimzation/atune/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/performance/system_optimzation/atune/usage_instructions.md b/docs/en/server/performance/system_optimzation/atune/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..96c30420a11002a5b6e4f78391944c697531118b --- /dev/null +++ b/docs/en/server/performance/system_optimzation/atune/usage_instructions.md @@ -0,0 +1,731 @@ +# Usage Instructions + +You can use functions provided by A-Tune through the CLI client atune-adm. This chapter describes the functions and usage of the A-Tune client. + +## Overview + +- You can run the **atune-adm help/--help/-h** command to query commands supported by atune-adm. +- The **define**, **update**, **undefine**, **collection**, **train**, and **upgrade**commands do not support remote execution. +- In the command format, brackets \(\[\]\) indicate that the parameter is optional, and angle brackets \(<\>\) indicate that the parameter is mandatory. The actual parameters prevail. + +## Querying Workload Types + +### list + +#### Function + +Query the supported profiles, and the values of Active. + +#### Format + +**atune-adm list** + +#### Example + +```shell +# atune-adm list + +Support profiles: ++------------------------------------------------+-----------+ +| ProfileName | Active | ++================================================+===========+ +| arm-native-android-container-robox | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-fio | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-lmbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-netperf | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-stream | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-unixbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-speccpu-speccpu2006 | false | ++------------------------------------------------+-----------+ +| basic-test-suite-specjbb-specjbb2015 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-hdd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-ssd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-bayesian | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-kmeans | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql1 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql10 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql2 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql3 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql4 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql5 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql6 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql7 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql8 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql9 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-tersort | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-wordcount | false | ++------------------------------------------------+-----------+ +| cloud-compute-kvm-host | false | ++------------------------------------------------+-----------+ +| database-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mongodb-2p-sysbench | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| default-default | false | ++------------------------------------------------+-----------+ +| docker-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| docker-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| hpc-gatk4-human-genome | false | ++------------------------------------------------+-----------+ +| in-memory-database-redis-redis-benchmark | false | ++------------------------------------------------+-----------+ +| middleware-dubbo-dubbo-benchmark | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-hdd | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-ssd | false | ++------------------------------------------------+-----------+ +| virtualization-consumer-cloud-olc | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| web-apache-traffic-server-spirent-pingpo | false | ++------------------------------------------------+-----------+ +| web-nginx-http-long-connection | true | ++------------------------------------------------+-----------+ +| web-nginx-https-short-connection | false | ++------------------------------------------------+-----------+ +``` + +> [!NOTE]NOTE +> If the value of Active is **true**, the profile is activated. In the example, the profile of web-nginx-http-long-connection is activated. + +## Workload Type Analysis and Auto Optimization + +### analysis + +#### Function + +Collect real-time statistics from the system to identify and automatically optimize workload types. + +#### Format + +**atune-adm analysis** \[OPTIONS\] + +#### Parameter Description + +- OPTIONS + +| Parameter | Description | +| ------------------------ | ---------------------------------------------------------------------------------------------- | +| --model, -m | New model generated after user self-training | +| --characterization, -c | Use the default model for application identification and do not perform automatic optimization | +| --times value, -t value | Time duration for data collection | +| --script value, -s value | File to be executed | + +#### Example + +- Use the default model for application identification. + + ```shell + # atune-adm analysis --characterization + ``` + +- Use the default model to identify applications and perform automatic tuning. + + ```shell + # atune-adm analysis + ``` + +- Use the user-defined training model for recognition. + + ```shell + # atune-adm analysis --model /usr/libexec/atuned/analysis/models/new-model.m + ``` + +## User-defined Model + +A-Tune allows users to define and learn new models. To define a new model, perform the following steps: + +1. Run the **define** command to define a new profile. +2. Run the **collection** command to collect the system data corresponding to the application. +3. Run the **train** command to train the model. + +### define + +#### Function + +Add a user-defined application scenarios and the corresponding profile tuning items. + +#### Format + +**atune-adm define** \ \ \ \ + +#### Example + +Add a profile whose service_type is **test_service**, application_name is **test_app**, scenario_name is **test_scenario**, and tuning item configuration file is **example.conf**. + +```shell +# atune-adm define test_service test_app test_scenario ./example.conf +``` + +The **example.conf** file can be written as follows (the following optimization items are optional and are for reference only). You can also run the **atune-adm info** command to view how the existing profile is written. + +```ini + [main] + # list its parent profile + [kernel_config] + # to change the kernel config + [bios] + # to change the bios config + [bootloader.grub2] + # to change the grub2 config + [sysfs] + # to change the /sys/* config + [systemctl] + # to change the system service status + [sysctl] + # to change the /proc/sys/* config + [script] + # the script extension of cpi + [ulimit] + # to change the resources limit of user + [schedule_policy] + # to change the schedule policy + [check] + # check the environment + [tip] + # the recommended optimization, which should be performed manunaly +``` + +### collection + +#### Function + +Collect the global resource usage and OS status information during service running, and save the collected information to a CSV output file as the input dataset for model training. + +> [!NOTE]NOTE +> +> - This command depends on the sampling tools such as perf, mpstat, vmstat, iostat, and sar. +> - Currently, only the Kunpeng 920 CPU is supported. You can run the **dmidecode -t processor** command to check the CPU model. + +#### Format + +**atune-adm collection** + +#### Parameter Description + +- OPTIONS + +| Parameter | Description | +| ----------------- | ----------------------------------------------------------------------------------------------------- | +| --filename, -f | Name of the generated CSV file used for training: *name*-*timestamp*.csv | +| --output_path, -o | Path for storing the generated CSV file. The absolute path is required. | +| --disk, -b | Disk used during service running, for example, /dev/sda. | +| --network, -n | Network port used during service running, for example, eth0. | +| --app_type, -t | Mark the application type of the service as a label for training. | +| --duration, -d | Data collection time during service running, in seconds. The default collection time is 1200 seconds. | +| --interval, -i | Interval for collecting data, in seconds. The default interval is 5 seconds. | + +#### Example + +```shell +# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --app_type test_service-test_app-test_scenario +``` + +> Note: +> +> In the example, data is collected every 5 seconds for a duration of 1200 seconds. The collected data is stored as the *name* file in the **/home/data** directory. The application type of the service is defined by the `atune-adm define` command, which is **test_service-test_app-test_scenario** in this example. +> The data collection interval and duration can be specified using the preceding command options. + +### train + +#### Function + +Use the collected data to train the model. Collect data of at least two application types during training. Otherwise, an error is reported. + +#### Format + +**atune-adm train** + +#### Parameter Description + +- OPTIONS + + | Parameter | Description | + | ----------------- | ------------------------------------------------------ | + | --data_path, -d | Path for storing CSV files required for model training | + | --output_file, -o | Model generated through training | + +#### Example + +Use the CSV file in the **data** directory as the training input. The generated model **new-model.m** is stored in the **model** directory. + +```shell +# atune-adm train --data_path /home/data --output_file /usr/libexec/atuned/analysis/models/new-model.m +``` + +### undefine + +#### Function + +Delete a user-defined profile. + +#### Format + +**atune-adm undefine** + +#### Example + +Delete the user-defined profile. + +```shell +# atune-adm undefine test_service-test_app-test_scenario +``` + +## Querying Profiles + +### info + +#### Function + +View the profile content. + +#### Format + +**atune-adm info** + +#### Example + +View the profile content of web-nginx-http-long-connection. + +```shell +# atune-adm info web-nginx-http-long-connection + +*** web-nginx-http-long-connection: + +# +# nginx http long connection A-Tune configuration +# +[main] +include = default-default + +[kernel_config] +#TODO CONFIG + +[bios] +#TODO CONFIG + +[bootloader.grub2] +iommu.passthrough = 1 + +[sysfs] +#TODO CONFIG + +[systemctl] +sysmonitor = stop +irqbalance = stop + +[sysctl] +fs.file-max = 6553600 +fs.suid_dumpable = 1 +fs.aio-max-nr = 1048576 +kernel.shmmax = 68719476736 +kernel.shmall = 4294967296 +kernel.shmmni = 4096 +kernel.sem = 250 32000 100 128 +net.ipv4.tcp_tw_reuse = 1 +net.ipv4.tcp_syncookies = 1 +net.ipv4.ip_local_port_range = 1024 65500 +net.ipv4.tcp_max_tw_buckets = 5000 +net.core.somaxconn = 65535 +net.core.netdev_max_backlog = 262144 +net.ipv4.tcp_max_orphans = 262144 +net.ipv4.tcp_max_syn_backlog = 262144 +net.ipv4.tcp_timestamps = 0 +net.ipv4.tcp_synack_retries = 1 +net.ipv4.tcp_syn_retries = 1 +net.ipv4.tcp_fin_timeout = 1 +net.ipv4.tcp_keepalive_time = 60 +net.ipv4.tcp_mem = 362619 483495 725238 +net.ipv4.tcp_rmem = 4096 87380 6291456 +net.ipv4.tcp_wmem = 4096 16384 4194304 +net.core.wmem_default = 8388608 +net.core.rmem_default = 8388608 +net.core.rmem_max = 16777216 +net.core.wmem_max = 16777216 + +[script] +prefetch = off +ethtool = -X {network} hfunc toeplitz + +[ulimit] +{user}.hard.nofile = 102400 +{user}.soft.nofile = 102400 + +[schedule_policy] +#TODO CONFIG + +[check] +#TODO CONFIG + +[tip] +SELinux provides extra control and security features to linux kernel. Disabling SELinux will improve the performance but may cause security risks. = kernel +disable the nginx log = application +``` + +## Updating a Profile + +You can update the existing profile as required. + +### update + +#### Function + +Update the original tuning items in the existing profile to the content in the **new.conf** file. + +#### Format + +**atune-adm update** + +#### Example + +Change the tuning item of the profile named **test_service-test_app-test_scenario** to **new.conf**. + +```shell +# atune-adm update test_service-test_app-test_scenario ./new.conf +``` + +## Activating a Profile + +### profile + +#### Function + +Manually activate the profile to make it in the active state. + +#### Format + +**atune-adm profile** + +#### Parameter Description + +For details about the profile name, see the query result of the list command. + +#### Example + +Activate the profile corresponding to the web-nginx-http-long-connection. + +```shell +# atune-adm profile web-nginx-http-long-connection +``` + +## Rolling Back Profiles + +### rollback + +#### Functions + +Roll back the current configuration to the initial configuration of the system. + +#### Format + +**atune-adm rollback** + +#### Example + +```shell +# atune-adm rollback +``` + +## Updating Database + +### upgrade + +#### Function + +Update the system database. + +#### Format + +**atune-adm upgrade** + +#### Parameter Description + +- DB\_FILE + + New database file path. + +#### Example + +The database is updated to **new\_sqlite.db**. + +```shell +# atune-adm upgrade ./new_sqlite.db +``` + +## Querying System Information + +### check + +#### Function + +Check the CPU, BIOS, OS, and NIC information. + +#### Format + +**atune-adm check** + +#### Example + +```shell +# atune-adm check + cpu information: + cpu:0 version: Kunpeng 920-6426 speed: 2600000000 HZ cores: 64 + cpu:1 version: Kunpeng 920-6426 speed: 2600000000 HZ cores: 64 + system information: + DMIBIOSVersion: 0.59 + OSRelease: 4.19.36-vhulk1906.3.0.h356.eulerosv2r8.aarch64 + network information: + name: eth0 product: HNS GE/10GE/25GE RDMA Network Controller + name: eth1 product: HNS GE/10GE/25GE Network Controller + name: eth2 product: HNS GE/10GE/25GE RDMA Network Controller + name: eth3 product: HNS GE/10GE/25GE Network Controller + name: eth4 product: HNS GE/10GE/25GE RDMA Network Controller + name: eth5 product: HNS GE/10GE/25GE Network Controller + name: eth6 product: HNS GE/10GE/25GE RDMA Network Controller + name: eth7 product: HNS GE/10GE/25GE Network Controller + name: docker0 product: +``` + +## Automatic Parameter Optimization + +A-Tune provides the automatic search capability with the optimal configuration, saving the trouble of manually configuring parameters and performance evaluation. This greatly improves the search efficiency of optimal configurations. + +### Tuning + +#### Function + +Use the specified project file to search the dynamic space for parameters and find the optimal solution under the current environment configuration. + +#### Format + +**atune-adm tuning** \[OPTIONS\] + +> [!NOTE]NOTE +Before running the command, ensure that the following conditions are met: + +1. The YAML configuration file on the server has been edited and stored in the **/etc/atuned/tuning/** directory of the atuned service. +2. The YAML configuration file of the client has been edited and stored on the atuned client. + +#### Parameter Description + +- OPTIONS + +| Parameter | Description | +| ------------- | ----------------------------------------------------------- | +| --restore, -r | Restores the initial configuration before tuning. | +| --project, -p | Specifies the project name in the YAML file to be restored. | +| --restart, -c | Perform tuning based on historical tuning results. | +| --detail, -d | Print detailed information about the tuning process. | + +> [!NOTE]NOTE +> If this parameter is used, the -p parameter must be followed by a specific project name and the YAML file of the project must be specified. + +- **PROJECT\_YAML**: YAML configuration file of the client. + +#### Configuration Description + +**Table 1** YAML file on the server + +| Name | Description | Type | Value Range | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ----------- | +| project | Project name. | Character string | - | +| startworkload | Script for starting the service to be optimized. | Character string | - | +| stopworkload | Script for stopping the service to be optimized. | Character string | - | +| maxiterations | Maximum number of optimization iterations, which is used to limit the number of iterations on the client. Generally, the more optimization iterations, the better the optimization effect, but the longer the time required. Set this parameter based on the site requirements. | Integer | >10 | +| object | Parameters to be optimized and related information.
For details about the object configuration items, see Table 2. | | | + +**Table 2** Description of object configuration items + +| Name | Description | Type | Value Range | +| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------------------------------------------------------- | +| name | Parameter to be optimized. | Character string | - | +| desc | Description of parameters to be optimized. | Character string | - | +| get | Script for querying parameter values. | - | - | +| set | Script for setting parameter values. | - | - | +| needrestart | Specifies whether to restart the service for the parameter to take effect. | Enumeration | **true** or **false** | +| type | Parameter type. Currently, the **discrete** and **continuous** types are supported. | Enumeration | **discrete** or **continuous** | +| dtype | This parameter is available only when type is set to **discrete**. Currently, **int**, **float** and **string** are supported. | Enumeration | int, float, string | +| scope | Parameter setting range. This parameter is valid only when type is set to discrete and **dtype** is set to **int** or **float**, or **type** is set to **continuous**. | Integer/Float | The value is user-defined and must be within the valid range of this parameter. | +| step | Parameter value step, which is used when **dtype** is set to **int** or **float**. | Integer/Float | This value is user-defined. | +| items | Enumerated value of which the parameter value is not within the scope. This is used when **dtype** is set to **int** or **float**. | Integer/Float | The value is user-defined and must be within the valid range of this parameter. | +| options | Enumerated value range of the parameter value, which is used when **dtype** is set to **string**. | Character string | The value is user-defined and must be within the valid range of this parameter. | + +**Table 3** Description of configuration items of a YAML file on the client + +| Name | Description | Type | Value Range | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------------------------- | +| project | Project name, which must be the same as that in the configuration file on the server. | Character string | - | +| engine | Tuning algorithm. | Character string | "random", "forest", "gbrt", "bayes", "extraTrees" | +| iterations | Number of optimization iterations. | Integer | ≥ 10 | +| random_starts | Number of random iterations. | Integer | < iterations | +| feature_filter_engine | Parameter search algorithm, which is used to select important parameters. This parameter is optional. | Character string | "lhs" | +| feature_filter_cycle | Parameter search cycles, which is used to select important parameters. This parameter is used together with feature_filter_engine. | Integer | - | +| feature_filter_iters | Number of iterations for each cycle of parameter search, which is used to select important parameters. This parameter is used together with feature_filter_engine. | Integer | - | +| split_count | Number of evenly selected parameters in the value range of tuning parameters, which is used to select important parameters. This parameter is used together with feature_filter_engine. | Integer | - | +| benchmark | Performance test script. | - | - | +| evaluations | Performance test evaluation index.
For details about the evaluations configuration items, see Table 4. | - | - | + +**Table 4** Description of evaluations configuration item + +| Name | Description | Type | Value Range | +| --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ---------------------------- | +| name | Evaluation index name. | Character string | - | +| get | Script for obtaining performance evaluation results. | - | - | +| type | Specifies a **positive** or **negative** type of the evaluation result. The value **positive** indicates that the performance value is minimized, and the value **negative** indicates that the performance value is maximized. | Enumeration | **positive** or **negative** | +| weight | Weight of the index. The value ranges from 0 to 100. | Integer | 0-100 | +| threshold | Minimum performance requirement of the index. | Integer | User-defined | + +#### Example + +The following is an example of the YAML file configuration on a server: + +```yaml +project: "compress" +maxiterations: 500 +startworkload: "" +stopworkload: "" +object : + - + name : "compressLevel" + info : + desc : "The compresslevel parameter is an integer from 1 to 9 controlling the level of compression" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressLevel=' | awk -F '=' '{print $2}'" + set : "sed -i 's/compressLevel=\\s*[0-9]*/compressLevel=$value/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" + type : "continuous" + scope : + - 1 + - 9 + dtype : "int" + - + name : "compressMethod" + info : + desc : "The compressMethod parameter is a string controlling the compression method" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressMethod=' | awk -F '=' '{print $2}' | sed 's/\"//g'" + set : "sed -i 's/compressMethod=\\s*[0-9,a-z,\"]*/compressMethod=\"$value\"/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" + type : "discrete" + options : + - "bz2" + - "zlib" + - "gzip" + dtype : "string" +``` + +The following is an example of the YAML file configuration on a client: + +```yaml +project: "compress" +engine : "gbrt" +iterations : 20 +random_starts : 10 + +benchmark : "python3 /root/A-Tune/examples/tuning/compress/compress.py" +evaluations : + - + name: "time" + info: + get: "echo '$out' | grep 'time' | awk '{print $3}'" + type: "positive" + weight: 20 + - + name: "compress_ratio" + info: + get: "echo '$out' | grep 'compress_ratio' | awk '{print $3}'" + type: "negative" + weight: 80 +``` + +#### Example + +- Download test data. + + ```shell + wget http://cs.fit.edu/~mmahoney/compression/enwik8.zip + ``` + +- Prepare the tuning environment. + + Example of **prepare.sh**: + + ```shell + #!/usr/bin/bash + if [ "$#" -ne 1 ]; then + echo "USAGE: $0 the path of enwik8.zip" + exit 1 + fi + + path=$( + cd "$(dirname "$0")" + pwd + ) + + echo "unzip enwik8.zip" + unzip "$path"/enwik8.zip + + echo "set FILE_PATH to the path of enwik8 in compress.py" + sed -i "s#compress/enwik8#$path/enwik8#g" "$path"/compress.py + + echo "update the client and server yaml files" + sed -i "s#python3 .*compress.py#python3 $path/compress.py#g" "$path"/compress_client.yaml + sed -i "s# compress/compress.py# $path/compress.py#g" "$path"/compress_server.yaml + + echo "copy the server yaml file to /etc/atuned/tuning/" + cp "$path"/compress_server.yaml /etc/atuned/tuning/ + ``` + + Run the script. + + ```shell + sh prepare.sh enwik8.zip + ``` + +- Run the `tuning` command to tune the parameters. + + ```shell + atune-adm tuning --project compress --detail compress_client.yaml + ``` + +- Restore the configuration before running `tuning`. **compress** indicates the project name in the YAML file. + + ```shell + atune-adm tuning --restore --project compress + ``` diff --git a/docs/en/server/quickstart/quickstart/_toc.yaml b/docs/en/server/quickstart/quickstart/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8a273517ddff9f78527a4db9efd2bc7c2e186a55 --- /dev/null +++ b/docs/en/server/quickstart/quickstart/_toc.yaml @@ -0,0 +1,6 @@ +label: Quick Start +isManual: true +description: Quickly install and use openEuler. +sections: + - label: Quick Start + href: ./quick_start.md diff --git a/docs/en/server/quickstart/quickstart/figures/Advanced_User_Configuration.png b/docs/en/server/quickstart/quickstart/figures/Advanced_User_Configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..59a188aece92ad19cc9b42f69e235d9a9d4f702a Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/Advanced_User_Configuration.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png b/docs/en/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..b41fcb09dfbf805da4863142855e7c2de4bf4c7b Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/Image_dialog_box.png b/docs/en/server/quickstart/quickstart/figures/Image_dialog_box.png new file mode 100644 index 0000000000000000000000000000000000000000..caeb56bb46f766dd39d66a65e308c591954d32cf Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/Image_dialog_box.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/Installation_Overview.png b/docs/en/server/quickstart/quickstart/figures/Installation_Overview.png new file mode 100644 index 0000000000000000000000000000000000000000..d5ca555a2b2291e139b67098a7c23d29b23b8b24 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/Installation_Overview.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/Installation_Procedure.png b/docs/en/server/quickstart/quickstart/figures/Installation_Procedure.png new file mode 100644 index 0000000000000000000000000000000000000000..2d219c7605ee75e73dffba1e2dd7c277968d4801 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/Installation_Procedure.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/Installation_wizard.png b/docs/en/server/quickstart/quickstart/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..fc3a96c0cd4b5a2ece94a0b3fc484720440adace Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/Installation_wizard.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png b/docs/en/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png new file mode 100644 index 0000000000000000000000000000000000000000..42455bcd651b98a08b012b275d5f170daf07ac59 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/Target_installation_position.png b/docs/en/server/quickstart/quickstart/figures/Target_installation_position.png new file mode 100644 index 0000000000000000000000000000000000000000..224f165b222598aa140187bdfa9b1e75af36c0c5 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/Target_installation_position.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/choosesoftware.png b/docs/en/server/quickstart/quickstart/figures/choosesoftware.png new file mode 100644 index 0000000000000000000000000000000000000000..c246e997d787d0d6a0439dcaf8780a09a9b72ca7 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/choosesoftware.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/createuser.png b/docs/en/server/quickstart/quickstart/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..0e2befb0832d1167f5ffdcafdf7d9952d9ccdfbe Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/createuser.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/restarticon.png b/docs/en/server/quickstart/quickstart/figures/restarticon.png new file mode 100644 index 0000000000000000000000000000000000000000..a1b02b2dff42c90845d2491192507ea6967352e3 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/restarticon.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/root_password.png b/docs/en/server/quickstart/quickstart/figures/root_password.png new file mode 100644 index 0000000000000000000000000000000000000000..fe65e73a81e25e5fa90a13af707165911e7fa459 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/root_password.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/selectlanguage.png b/docs/en/server/quickstart/quickstart/figures/selectlanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..eaeb26ca208778822bf591782a689569339c3552 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/selectlanguage.png differ diff --git a/docs/en/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png b/docs/en/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png new file mode 100644 index 0000000000000000000000000000000000000000..86c61a4b8e2a5795baff2fc74629924d01d7b97b Binary files /dev/null and b/docs/en/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png differ diff --git a/docs/en/server/quickstart/quickstart/public_sys-resources/icon-caution.gif b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/quickstart/quickstart/public_sys-resources/icon-danger.gif b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/quickstart/quickstart/public_sys-resources/icon-note.gif b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/quickstart/quickstart/public_sys-resources/icon-notice.gif b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/quickstart/quickstart/public_sys-resources/icon-tip.gif b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/quickstart/quickstart/public_sys-resources/icon-warning.gif b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/quickstart/quickstart/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/quickstart/quickstart/quick_start.md b/docs/en/server/quickstart/quickstart/quick_start.md new file mode 100644 index 0000000000000000000000000000000000000000..b1a7b0af2b0d2cd6b0d1d91148ccfc1379e67c8a --- /dev/null +++ b/docs/en/server/quickstart/quickstart/quick_start.md @@ -0,0 +1,329 @@ +# Quick Start + +This document uses openEuler installed on the TaiShan 200 server as an example to describe how to quickly install and use openEuler. For details about the installation requirements and methods, see the [Installation Guide](../../installation_upgrade/installation/installation_on_servers.md). + +## Making Preparations + +- Hardware Compatibility + + [Table 1](#table14948632047) describes the types of supported servers. + + **Table 1** Supported servers + + + + + + + + + + + + + + + + + +

Server Type

+

Server Name

+

Server Model

+

Rack server

+

TaiShan 200

+

2280 balanced model

+

Rack server

+

FusionServer Pro

+

FusionServer Pro 2288H V5

+
+ + > [!NOTE]NOTE + > 2280 balanced model, FusionServer Pro 2288H V5: The server must be configured with the Avago SAS3508 RAID controller card and the LOM-X722 NIC. + +- Minimum Hardware Specifications + + [Table 2](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications supported by openEuler. + + **Table 2** Minimum hardware specifications + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Component

Minimum Hardware Specifications

Description

Architecture

  • AArch64
  • x86_64
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture

CPU

  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor

-

Memory

≥ 4 GB (8 GB or higher recommended for better user experience)

-

Drive

≥ 120 GB (for better user experience)

  • IDE, SATA, and SAS drives are supported.
  • A driver software is required to use the NVMe drive with the DIF feature. Contact the drive manufacturer if the feature is not available.

+ +## Obtaining the Installation Source + +Perform the following operations to obtain the openEuler release package: + +1. Visit the [openEuler](https://www.openeuler.org/en/) website. +2. Click **Downloads**. +3. Click **Community Editions**. The version list is displayed. +4. Click **Download** on the right of **openEuler 23.09**. +5. Download the required openEuler release package and the corresponding verification file based on the architecture and scenario. + + - If the AArch64 architecture is used: + + 1. Click **AArch64**. + 2. For local installation, download the **Offline Standard ISO** or **Offline Everything ISO** release package **openEuler-22.03-LTS-SP2-aarch64-dvd.iso** to the local host. + 3. For network installation, download the **Network Install ISO** release package **openEuler-22.03-LTS-SP2-netinst-aarch64-dvd.iso** to the local host. + + - If the x86\_64 architecture is used: + + 1. Click **x86_64**. + 2. For local installation, download the **Offline Standard ISO** or **Offline Everything ISO** release package **openEuler-22.03-LTS-SP2-x86_64-dvd.iso** to the local host. + 3. For network installation, download the **Network Install ISO** release package **openEuler-22.03-LTS-SP2-netinst-x86_64-dvd.iso** to the local host. + +> [!NOTE]NOTE + +- When the network is available, install the environment on the network because the ISO release package is small. +- The release package of the AArch64 architecture supports the UEFI mode, while the release package of the x86\_64 architecture supports both the UEFI and Legacy modes. + +## Checking the Release Package Integrity + +> [!NOTE]NOTE +> This section describes how to verify the integrity of the release package in the AArch64 architecture. The procedure for verifying the integrity of the release package in the x86\_64 architecture is the same. + +### Overview + +To prevent incomplete download of the software package due to network or storage device problems during the transmission, verify the integrity of the software package after obtaining it. Only the software package that passes the verification can be deployed. + +Compare the verification value recorded in the verification file with the verification value of the ISO file calculated manually to determine whether the software package is complete. If the two values are the same, the ISO file is complete. Otherwise, the ISO file integrity is damaged. In this case, obtain the ISO release package again. + +### Prerequisites + +The following files need to be prepared: + +ISO file: openEuler-22.03-LTS-SP2-aarch64-dvd.iso + +Verification file: Copy and save the SHA256 value corresponding to the ISO file. + +1. Calculate the SHA256 verification value of the file. Run the following command: + + ```sh + # sha256sum openEuler-22.03-LTS-SP2-aarch64-dvd.iso + ``` + +2. Check whether the values calculated in step 1 and step 2 are the same. + + If the values are consistent, the ISO file is not damaged. Otherwise, the file is damaged and you need to obtain it again. + If the values are consistent, the ISO file is not damaged. Otherwise, the file is damaged and you need to obtain it again. + +## Starting Installation + +1. Log in to the iBMC WebUI. + + For details, see [TaiShan 200 Server User Guide (Model 2280)](https://support.huawei.com/enterprise/en/doc/EDOC1100093459). + +2. Choose **Configuration** from the main menu, and select **Boot Device** from the navigation tree. The **Boot Device** page is displayed. + + Set **Effective** and **Boot Medium** to **One-time** and **DVD-ROM**, respectively, and click **Save**, as shown in [Figure 1](#fig1011938131018). + + **Figure 1** Setting the boot device + ![fig](./figures/Setting_the_System_Boot_Option.png) + +3. Choose **Remote Console** from the main menu. The **Remote Console** page is displayed. + + Select an integrated remote console as required to access the remote virtual console, for example, **Java Integrated Remote Console (Shared)**. + +4. On the toolbar, click the icon shown in the following figure. + + **Figure 2** Drive icon + ![fig](./figures/CD-ROM_drive_icon.png) + + An image dialog box is displayed, as shown in the following figure. + + **Figure 3** Image dialog box + ![fig](./figures/Image_dialog_box.png) + +5. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. + +6. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. + +7. On the toolbar, click the restart icon shown in the following figure to restart the device. + + **Figure 4** Restart icon + ![fig](./figures/restarticon.png) + +8. A boot menu is displayed after the system restarts, as shown in [Figure 5](#fig1648754873314). + + > [!NOTE]NOTE + + - If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media \& install openEuler 22.03-LTS-SP2** and enters the installation page. + - During physical machine installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![fig](./figures/zh-cn_image_0229420473.png) on the BMC page and configure **Key \& Mouse Reset**. + + **Figure 5** Installation wizard + ![fig](./figures/Installation_wizard.png) + +9. On the installation wizard page, press **Enter** to select the default option **Test this media \& install openEuler 22.03-LTS-SP2** to enter the GUI installation page. + +## Performing Installation + +After entering the GUI installation page, perform the following operations to install the system: + +1. Set an installation language. The default language is English. You can change the language based on the site requirements, as shown in [Figure 6](#fig874344811484). + + **Figure 6** Selecting a language + ![fig](./figures/selectlanguage.png) + +2. On the **INSTALLATION SUMMARY** page, set configuration items based on the site requirements. + + - A configuration item with an alarm symbol must be configured. When the alarm symbol disappears, you can perform the next operation. + - A configuration item without an alarm symbol is configured by default. + - You can click **Begin Installation** to install the system only when all alarms are cleared. + + **Figure 7** Installation summary + ![fig](./figures/Installation_Overview.png) + + 1. Select **Software Selection** to set configuration items. + + Based on the site requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 8](#fig1133717611109). + + **Figure 8** Selecting installation software + ![fig](./figures/choosesoftware.png) + + > [!NOTE]NOTE + + - In **Minimal Install** mode, not all packages in the installation source are installed. If a required package is not installed, you can mount the installation source to the local host as a repo source, and use DNF to install the package. + - If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. + + After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + + 2. Select **Installation Destination** to set configuration items. + + On the **INSTALLATION DESTINATION** page, select a local storage device. + + > [!TIP]NOTICE + > The NVMe data protection feature is not supported because the NVMe drivers built in the BIOSs of many servers are of earlier versions. (Data protection: Format disk sectors to 512+N or 4096+N bytes.) Therefore, when selecting a proper storage medium, do not select an NVMe SSD with data protection enabled as the system disk. Otherwise, the OS may fail to boot. + > Users can consult the server vendor about whether the BIOS supports NVMe disks with data protection enabled as system disks. If you cannot confirm whether the BIOS supports NVMe disks with data protection enabled as system disks, you are not advised to use an NVMe disk to install the OS, or you can disable the data protection function of an NVMe disk to install the OS. + + You also need to configure the storage to partition the system. You can either manually configure partitions or select **Automatic** for automatic partitioning. Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required, as shown in [Figure 9](#fig153381468101). + + **Figure 9** Setting the installation destination + ![fig](./figures/Target_installation_position.png) + + > [!NOTE]NOTE + > + > - During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. + > - If the system is configured with the **swap** partition, the **swap** partition is used when the physical memory of the system is insufficient. Although the **swap** partition can be used to expand the physical memory, if the **swap** partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the **swap** partition in a system with sufficient physical memory or a performance-sensitive system. + > - If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. + + After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + + 3. Select **Root Password** and set the root password. + + On the **ROOT PASSWORD** page, enter a password that meets the [Password Complexity](#password-complexity) requirements and confirm the password, as shown in [Figure 10](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018). + + > [!NOTE]NOTE + + - The **root** account is used to perform key system management tasks. You are not advised to use the **root** account for daily work or system access. + - If you select **Lock root account** on the **Root Password** page, the **root** account will be disabled. + + **Password Complexity** + + The password of the **root** user or a new user must meet the password complexity requirements. Otherwise, the password setting or user creation will fail. The password must meet the following requirements: + + 1. Contains at least eight characters. + 2. Contains at least three of the following: uppercase letters, lowercase letters, digits, and special characters. + 3. Different from the user name. + 4. Not allowed to contain words in the dictionary. + + > [!NOTE]NOTE + > In the openEuler environment, you can run the `cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**. You can check whether the password is in this dictionary. + + **Figure 10** root password + ![fig](./figures/root_password.png) + + After the settings are completed, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + + 4. Select **Create a User** and set the parameters. + + [Figure 11](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter the user name and set the password. The password complexity requirements are the same as those of the root password. In addition, you can set the home directory and user group by clicking **Advanced**, as shown in [Figure 12](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319). + + **Figure 11** Creating a user + ![fig](./figures/createuser.png) + + **Figure 12** Advanced user configuration + ![fig](./figures/Advanced_User_Configuration.png) + + After the settings are completed, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + + 5. Set other configuration items. You can use the default values for other configuration items. + +3. Click **Start the Installation** to install the system, as shown in [Figure 13](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319). + + **Figure 13** Starting the installation + + ![fig](./figures/Installation_Procedure.png) + +4. After the installation is completed, restart the system. + + openEuler has been installed. Click **Reboot** to restart the system. + +## Viewing System Information + +After the system is installed and restarted, the system CLI login page is displayed. Enter the username and password set during the installation to log in to openEuler and view the following system information. For details about system management and configuration, see the [openEuler Administrator Guide](../../administration/administrator/viewing_system_information.md). + +- Run the following command to view the system information: + + ```sh + cat /etc/os-release + ``` + + ```sh + cat /etc/os-release + ``` + +- View system resource information. + + Run the following command to view the CPU information: + + ```sh + # lscpu + ``` + + Run the following command to view the memory information: + + ```sh + # free + ``` + + Run the following command to view the disk partition information: + + ```sh + # fdisk -l + ``` + +- Run the following command to view the IP address: + + ```sh + # ip addr + ``` diff --git a/docs/en/server/releasenotes/releasenotes/_toc.yaml b/docs/en/server/releasenotes/releasenotes/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8fa01cd55d3a7e0eadc0426160777449ad4842ae --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/_toc.yaml @@ -0,0 +1,28 @@ +label: Release Notes +isManual: true +description: Release notes for openEuler 24.03 LTS SP1 +sections: + - label: Introduction + href: ./introduction.md + - label: Terms of Use + href: ./terms_of_use.md + - label: User Notice + href: ./user_notice.md + - label: Account List + href: ./account_list.md + - label: OS Installation + href: ./os_installation.md + - label: Key Features + href: ./key_features.md + - label: Known Issues + href: ./known_issues.md + - label: Resolved Issues + href: ./resolved_issues.md + - label: Common Vulnerabilities and Exposures (CVEs) + href: ./cve.md + - label: Source Code + href: ./source_code.md + - label: Contribution + href: ./contribution.md + - label: Acknowledgment + href: ./acknowledgment.md diff --git a/docs/en/server/releasenotes/releasenotes/account_list.md b/docs/en/server/releasenotes/releasenotes/account_list.md new file mode 100644 index 0000000000000000000000000000000000000000..f31dceb5e3927466715cc79a2f425125d6858e0e --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/account_list.md @@ -0,0 +1,6 @@ +# Account List + +| User Name| Default Password | Function | User Status| Login Mode | Remarks | +| ------ | ------------- | ------------------ | -------- | ------------------ | ------------------------------------------------------------ | +| root | openEuler12#$ | Default user of the VM image| Enabled | Remote login | This account is used to log in to the VM installed using the openEuler VM image. | +| root | openEuler#12 | GRUB2 login | Enabled | Local login and remote login| GRand UnifiedBootloader (GRUB) is used to boot different systems, such as Windows and Linux.
GRUB2 is an upgraded version of GRUB. When the system is started, you can modify startup parameters on the GRUB2 GUI. To ensure that the system startup parameters are modified with authorization, you need to encrypt the GRUB2 GUI. The GRUB2 GUI can be modified only when you enter the correct GRUB2 password.| diff --git a/docs/en/server/releasenotes/releasenotes/acknowledgment.md b/docs/en/server/releasenotes/releasenotes/acknowledgment.md new file mode 100644 index 0000000000000000000000000000000000000000..b469785cbeda8f4b08b6f8c55988288913d45e56 --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/acknowledgment.md @@ -0,0 +1,3 @@ +# Acknowledgment + +We sincerely thank all the members who participated in and assisted in the openEuler project. It is your hard work to make the version released successfully and provide the possibility for the better development of openEuler. diff --git a/docs/en/server/releasenotes/releasenotes/contribution.md b/docs/en/server/releasenotes/releasenotes/contribution.md new file mode 100644 index 0000000000000000000000000000000000000000..c2fc7198ef09dbf8f55e476c9a4282cfe7c66ab5 --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/contribution.md @@ -0,0 +1,21 @@ +# Contribution + +As an openEuler user, you can contribute to the openEuler community in multiple ways. For details about how to contribute to the community, see [How to Contribute](https://www.openeuler.org/en/community/contribution/). Here, some methods are listed for reference. + +## Special Interest Groups \(SIGs\) + +openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://www.openeuler.org/en/sig/sig-list/). + +You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/en/technical-committee/governance/README.md). + +## Mail List and Tasks + +You are welcome to actively help users solve problems raised in the [mail list](https://www.openeuler.org/en/community/mailing-list/) and issues \(including [code repository issues](https://gitee.com/organizations/openeuler/issues) and [software package repository issues](https://gitee.com/organizations/src-openeuler/issues)\). In addition, you can submit an issue. All these will help the openEuler community to develop better. + +## Documents + +We invite you to contribute to the community by submitting code and feedback on problems and difficulties, or suggestions on improving the usability and integrity of documents. For example, problems in obtaining software or documents and difficulties in using the system. Welcome to pay attention to and improve the documentation module of the [openEuler community](https://www.openeuler.org/en/). + +## IRC + +openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://gitee.com/openeuler/community/blob/master/en/communication/IRCs.md). diff --git a/docs/en/server/releasenotes/releasenotes/cve.md b/docs/en/server/releasenotes/releasenotes/cve.md new file mode 100644 index 0000000000000000000000000000000000000000..482c72e54fb3d21b29bd010625c531ccc72efc4e --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/cve.md @@ -0,0 +1,3 @@ +# Common Vulnerabilities and Exposures (CVEs) + +For details about the CVEs involved in the version, see the [CVE list](https://www.openeuler.org/en/security/cve/). diff --git a/docs/en/server/releasenotes/releasenotes/introduction.md b/docs/en/server/releasenotes/releasenotes/introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..565577db870e6aaa1fe7df096667f8714c5cd4dd --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/introduction.md @@ -0,0 +1,3 @@ +# Introduction + +openEuler is an open source operating system. The current openEuler kernel is based on Linux and supports Kunpeng and other processors. It fully unleashes the potential of computing chips. As an efficient, stable, and secure open source OS built by global open source contributors, openEuler applies to database, big data, cloud computing, and artificial intelligence \(AI\) scenarios. In addition, openEuler community is an open source community for global OSs. Through community cooperation, openEuler builds an innovative platform, builds a unified and open OS that supports multiple processor architectures, and promotes the prosperity of the software and hardware application ecosystem. diff --git a/docs/en/server/releasenotes/releasenotes/key_features.md b/docs/en/server/releasenotes/releasenotes/key_features.md new file mode 100644 index 0000000000000000000000000000000000000000..015b9ea6fd6a93a22216b200e4530da3fcc5e700 --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/key_features.md @@ -0,0 +1,529 @@ +# Key Features + +## AI + +openEuler offers an efficient development and runtime environment that containerizes software stacks of AI platforms with out-of-the-box availability. It also provides various AI frameworks to facilitate AI development. + +- **OS for AI**: openEuler offers an efficient development and runtime environment that containerizes software stacks of AI platforms with out-of-the-box availability. It also provides various AI frameworks to facilitate AI development. + - openEuler supports TensorFlow, PyTorch, and MindSpore frameworks and software development kits (SDKs) of major computing architectures, such as Compute Architecture for Neural Networks (CANN) and Compute Unified Architecture (CUDA), to make it easy to develop and run AI applications. + - Environment setup is further simplified by containerizing software stacks. openEuler provides three types of container images: + - SDK images: Use openEuler as the base image and install the SDK of a computing architecture, for example, Ascend CANN and NVIDIA CUDA. + - AI framework images: Use an SDK image as the base and install AI framework software, such as PyTorch and TensorFlow. You can use an AI framework image to quickly build a distributed AI framework, such as Ray. + - Model application images: Provide a complete set of toolchains and model applications + + For details, see the [openEuler AI Container Image User Guide](https://gitee.com/openeuler/docs/blob/stable2-22.03_LTS_SP3/docs/en/docs/AI/ai_container_image_user_guide.md). + +- **AI for OS**: AI is making openEuler smarter. openEuler Copilot System is an intelligent Q&A platform developed on foundation models and openEuler data. It is designed to streamline code generation, troubleshooting, and O&M. + + - Intelligent Q&A: openEuler Copilot System is accessible via web or shell. + 1. Workflow scheduling: + - Atomic agent operations: Multiple agent operations can be combined into a multi-step workflow that is internally ordered and associated, and is executed as an inseparable atomic operation. + - Real-time data processing: Data generated in each step of the workflow can be processed immediately and then transferred to the next step. + - Intelligent interaction: When openEuler Copilot System receives a vague or complex user instruction, it proactively asks the user to clarify and provide more details. + 2. Task recommendation: + - Intelligent response: openEuler Copilot System can analyze the semantic information entered in text format, determining the user's intent and selecting the most matched workflow. + - Intelligent guidance: openEuler Copilot System comprehensively analyzes the execution status, function requirements, and associated tasks of the current workflow, and provides next-step operation suggestions based on users' personal preferences and historical patterns. + 3. Retrieval-augmented generation (RAG): + - RAG used in openEuler Copilot System efficiently handles diverse document formats and content scenarios, improving the Q&A service experience while minimizing additional system load. + 4. Corpus governance: + - Corpus governance is a core RAG capability. It imports corpuses into the knowledge base in a supported format using fragment relationship extraction, fragment derivative construction, and optical character recognition (OCR). This increases the retrieval hit rate. + + For details, see the [openEuler Copilot System Intelligent Q&A Service User Guide](https://gitee.com/openeuler/docs/blob/stable2-22.03_LTS_SP4/docs/en/docs/AI/EulerCopilot_user_guide.md). + + - Intelligent tuning: openEuler Copilot System supports the intelligent shell entry. Through this entry, you can interact with the openEuler Copilot System using a natural language and perform heuristic tuning operations such as performance data collection, system performance analysis, and system performance tuning. + - Intelligent diagnosis: + 1. Inspection: The Inspection Agent checks for abnormalities of designated IP addresses and provides an abnormality list that contains associated container IDs and abnormal metrics (such as CPU and memory). + 2. Demarcation: The Demarcation Agent analyzes and demarcates a specified abnormality contained in the inspection result and outputs the top 3 metrics of the root cause. + 3. Location: The Detection Agent performs profiling location analysis on the root cause, and provides useful hotspot information such as the stack, system time, and performance metrics related to the root cause. + - Intelligent container images: openEuler Copilot System can invoke environment resources through a natural language, assist in pulling container images for local physical resources, and establish a development environment suitable for debugging on existing compute devices. This system supports three types of containers, and container images have been released on Docker Hub. You can manually pull and run these container images. + 1. SDK layer: encapsulates only the component libraries that enable AI hardware resources, such as CUDA and CANN. + 2. SDKs + training/inference frameworks: accommodates TensorFlow, PyTorch, and other frameworks (for example, tensorflow2.15.0-cuda12.2.0 and pytorch2.1.0.a1-cann7.0.RC1) in addition to the SDK layer. + 3. SDKs + training/inference frameworks + LLMs: encapsulates several models (for example, llama2-7b and chatglm2-13b) based on the second type of containers + +## openEuler Embedded + +openEuler Embedded provides a closed loop framework often found in operational technology (OT) applications such as manufacturing and robotics, whereby innovations help optimize its embedded system software stack and ecosystem. openEuler 24.03 LTS SP1 Embedded is designed for embedded applications, offering significant progress in southbound and northbound ecosystems, technical features, infrastructure, and implementation over previous generations. openEuler Embedded will work alongside community partners, users, and developers to broaden its support for emerging chip architectures, including Loongson, and a wider range of hardware. The platform will strengthen offerings in industrial middleware, embedded AI, edge computing, and simulation systems, delivering a robust solution for embedded system software. + +- **Southbound ecosystem**: openEuler Embedded Linux supports mainstream processor architectures like AArch64, x86_64, AArch32, and RISC-V, and will extend support to LoongArch in the future. openEuler 24.03 and later versions have a rich southbound ecosystem and support chips from Raspberry Pi, HiSilicon, Rockchip, Renesas, TI, Phytium, StarFive, and Allwinner. In openEuler 24.03 LTS SP1 Embedded, Kunpeng 920 is also supported. +- **Embedded virtualization base**: openEuler Embedded uses an elastic virtualization base that enables multiple OSs to run on a system-on-a-chip (SoC). The base incorporates a series of technologies including bare metal, embedded virtualization, lightweight containers, LibOS, trusted execution environment (TEE), and heterogeneous deployment. +- **MICA deployment framework**: The MICA deployment framework is a unified environment that masks the differences between technologies that comprise the embedded elastic virtualization base. The multi-core capability of hardware combines the universal Linux OS and a dedicated real-time operating system (RTOS) to make full use of all OSs. +- **Northbound ecosystem**: + - Northbound software packages: Over 600 common embedded software packages can be built using openEuler. + - Soft real-time kernel: This capability helps respond to soft real-time interrupts within microseconds. + - DSoftBus: The distributed soft bus system (DSoftBus) of openEuler Embedded integrates the DSoftBus and point-to-point authentication module of OpenHarmony. It implements interconnection between openEuler-based embedded devices and OpenHarmony-based devices as well as between openEuler-based embedded devices. + - Embedded containers and edges: With iSula containers, openEuler and other OS containers can be deployed on embedded devices to simplify application porting and deployment. Embedded container images can be compressed to 5 MB, and can be easily deployed into the OS on another container. +- **UniProton**: UniProton is an RTOS that features ultra-low latency and flexible MICA deployments. It is suited for industrial control because it supports both microcontroller units and multi-core CPUs. UniProton provides the following capabilities: + - Compatible with processor architectures like Cortex-M, AArch64, x86_64, and riscv64, and supports M4, RK3568, RK3588, x86_64, Hi3093, Raspberry Pi 4B, Kunpeng 920, Ascend 310, and Allwinner D1s. + - Connects with openEuler Embedded Linux on Raspberry Pi 4B, Hi3093, RK3588, and x86_64 devices in bare metal mode. + - Can be debugged using GDB on openEuler Embedded Linux. + +## DevStation + +DevStation is the first openEuler developer workstation to come pre-installed with VS Code. Designed to streamline software coding, compilation, build, release, and deployment, DevStation integrates the oeDeploy tool to simplify the deployment of the AI and cloud-native software stacks and uses oeDevPlugin to pull code repositories and the AI4C-powered compiler for compilation. Later versions will include epkg, a new openEuler package manager that enables developers to seamlessly manage and switch betwe n multiple software versions across different environments. + +- **Developer-friendly integrated environment**: supports multiple programming languages and comes with pre-installed development tools and IDEs such as VS Code to streamline front-end, back-end, and full-stack development. +- **Package management and automated deployment**: features easy-to-use package management tools for one-click installation and updates. It integrates container technologies such as Docker and iSula, streamlining application containerization and deployment. epkg supports multi-version deployment, reducing the complexity of setting up development environments. +- **GUI-based programming**: realizes intuitive programming. +- **AI development support**: comes with pre-installed AI frameworks like TensorFlow and PyTorch, optimized for hardware accelerators such as GPUs and NPUs. It offers a complete environment for AI model development and training, along with openEuler Copilot System for AI-assisted OS troubleshooting. +- **Debugging and testing**: provides built-in debugging tools, such as GDB, CUnit, GTest, and perf, and test and tuning tools for fast debugging and automated testing. +- **Versioning and collaboration**: integrates the Git versioning tool and remote collaboration tools such as Slack, Mattermost, and GitLab, promoting team development and remote collaboration. +- **Security and compliance checks**: provides tools for security scanning and code compliance checks, enabling developers to address vulnerabilities and issues early in the development process. + +## epkg + +epkg is a new software package manager that supports the installation and use of non-service software packages. It solves version compatibility issues so that users can install and run software of different versions on the same OS by using simple commands to create, enable, and switch between environments. + +- **Version compatibility**: enables multiple versions of the same software package to run on the same node without version conflicts. +- **Environment management**: allows users to create, enable, and switch between environments. Users can use channels of different environments to use software packages of different versions. When an environment is switched to another, the software package version is also changed. +- **Installation by common users**: allows common users to install software packages, create environments, and manage their environment images, reducing security risks associated with software package installation. + +## openEuler GCC Toolset 14 + +To enable new compute features and make the most of hardware features, openEuler GCC Toolset 14 offers a minor GCC 14 toolchain that is later than the major GCC of openEuler 24.03 LTS SP1, enabling users to select the most appropriate compilation environment. By using openEuler GCC Toolset 14, users can easily switch between different GCC versions to use new hardware features. + +To decouple from the default major GCC and prevent conflicts between the dependency libraries of the minor and major GCC versions, the software package of the openEuler GCC Toolset 14 toolchain is named starting with gcc-toolset-14-, followed by the name of the original GCC software package. + +For version management, this solution introduces the SCL tool that provides an enable script in the /opt/openEuler/gcc-toolset-14 directory to register the environment variables of openEuler GCC Toolset 14 with SCL. Then, users can use the tool to start a new Bash shell that uses the environment variables of the minor version configured in the enable script. In this way, it is easy to switch between the major and minor GCC versions. + +## Kernel Innovations + +openEuler 24.03 LTS SP1 runs on Linux kernel 6.6 and inherits the competitive advantages of community versions and innovative features released in the openEuler community. + +- **Folio-based memory management**: Folio-based Linux memory management is used instead of page. A folio consists of one or more pages and is declared in struct folio. Folio- based memory management is performed on one or more complete pages, rather than on PAGE_SIZE bytes. This alleviates compound page conversion and tail page misoperations, while decreasing the number of least recently used (LRU) linked lists and optimizing memory reclamation. It allocates more continuous memory on a per-operation basis to reduce the number of page faults and mitigate memory fragmentation. Folio-based management accelerates large I/Os and improves throughput, and large folios consisting of anonymous pages or file pages are available. For AArch64 systems, a contiguous bit (16 contiguous page table entries are cached in a single entry within a translation lookaside buffer, or TLB) is provided to reduce system TLB misses and improve system performance. In openEuler 24.03 LTS SP1, multi-size transparent hugepage (mTHP) allocation by anonymous shmem and mTHP lazyfreeing are available. The memory subsystem supports large folios, with a new sysfs control interface for allocating mTHPs by page cache and a system-level switch for feature toggling. + +- **Multipath TCP (MPTCP)**: MPTCP is introduced to let applications use multiple network paths for parallel data transmission, compared with single-path transmission over TCP. This design improves network hardware resource utilization and intelligently allocates traffic to different transmission paths, thereby relieving network congestion and improving throughput. + MPTCP features the following performance highlights: + - Selects the optimal path after evaluating indicators such as latency and bandwidth. + - Ensures hitless network switchover and uninterrupted data transmission when switching between networks. + - Uses multiple channels where data packets are distributed to implement parallel transmission, increasing network bandwidth. + + In the lab environment, the Rsync file transfer tool that adopts MPTCP v1 shows good transmission efficiency improvement. Specifically, a 1.3 GB file can be transferred in just 14.35s (down from 114.83s), and the average transfer speed is increased from 11.08 MB/s to 88.25 MB/s. In simulations of path failure caused by unexpected faults during transmission, MPTCP seamlessly switches data to other available channels, ensuring transmission continuity and data integrity. + + In openEuler 24.03 LTS SP1, MPTCP-related features in Linux mainline kernel 6.9 have been fully transplanted and optimized. +- **Large folio for ext4 file systems**: The IOzone performance can be improved by 80%, and the writeback process of the iomap framework supports batch block mapping. Blocks can be requested in batches in default ext4, optimizing ext4 performance in various benchmarks. For ext4 buffer I/O and page cache writeback operations, the buffer_head framework is replaced with the iomap framework that adds large folio support for ext4. In version 24.03 LTS SP1, the performance of small buffered I/Os (≤ 4 KB) is optimized when the block size is smaller than the folio size, typically seeing a 20% performance increase. +- **xcall and xint**: The Linux kernel is becoming increasingly complex, and system calls, especially the simple ones, can be a performance bottleneck. System calls on the AArch64 platform share the same exception entry point, which includes redundant processes such as security checks. Common ways to reduce system call overhead include service offloading and batch processing, but both require service adaptation. xcall provides a solution that does not require service code modification. It streamlines system calls by optimizing their processing logic, trading off some maintenance and security capabilities to reduce overhead. + + To unify interrupt handling, the kernel integrates all interrupt handling processes into its general interrupt handling framework. As the kernel evolves, the general interrupt handling framework has gradually accumulated many security hardening and maintenance features that are not closely related to interrupt handling, increasing latency unpredictability. xint simplifies interrupt handling to reduce the latency and system overhead. +- **CacheFiles failover**: In on-demand mode of CacheFiles, if the daemon breaks down or is killed, subsequent read and mount requests return **-EIO**. The mount points can be used only after the daemon is restarted and the mount operations are performed again. For public cloud services, such I/O errors will be passed to cloud service users, which may impact job execution and endanger the overall system stability. The CacheFiles failover feature renders it unnecessary to remount the mount points upon daemon crashes. It requires only the daemon to restart, ensuring that these events are invisible to users. +- **Programmable scheduling**: Interfaces of programmable scheduling are available in the user space as an extension of the Completely Fair Scheduler (CFS) algorithm. Users can customize scheduling policies based on service scenarios to bypass the original CFS. This new feature allows programmable core selection, load balancing, task selection, and task preemption, and supports labelling and kfuncs. +- **SMC-D with loopback-ism**: Shared memory communication over DMA (SMC-D) is a kernel network protocol stack that is compatible with socket interfaces and accelerates TCP communication transparently over shared memory. Initially, SMC-D was exclusive to IBM S/390 architecture systems. The introduction of the loopback-ism virtual device enabled broader adoption by simulating Internal Shared Memory (ISM). This innovation transformed SMC-D into a universal kernel mechanism compatible with non-S/390 architectures as well. SMC-D with loopback-ism applies to scenarios where TCP is used for inter-process or inter- container communication in the OS. It accelerates communication by bypassing the kernel TCP/IP stack. Together with smc-tools, users can preload dynamic libraries through **LD_PRELOAD** to replace the TCP stack without adapting applications. Feedback from the community shows that, compared with the native TCP, SMC-D with loopback-ism can improve the network throughput by more than 40%. +- **IMA RoT framework**: The Linux Integrity Measurement Architecture (IMA) subsystem mainly uses the trusted platform module (TPM) as the root of trust (RoT) device to provide integrity proof for the measurement list, and code of the subsystem is tightly coupled with TPM operations. However, workloads like confidential computing require IMA to use new RoT devices, such as virtCCA supported by openEuler. This IMA RoT framework implements an abstraction layer between the IMA subsystem and RoT devices. It simplifies the adaptation of RoT devices to the IMA subsystem and facilitates the configuration and operation of various RoT devices by users and the IMA subsystem. +- **Protection against script viruses**: Typical ransomware variants are script files (such as JSP files), which can run through the interpreter and bypass security technologies in the kernel to launch attacks. However, the IMA technology used by the kernel to defend against intrusion mainly targets virus files of the Executable and Linkable Format (ELF). This new feature enables IMA to check script files that are indirectly executed in the system. It uses the **execveat()** system call with newly added flags to check the execution permission of scripts, and call the IMA interface during the check to measure script integrity. Test and verification results demonstrate how the script interpreter proactively invokes **execveat()** and transfers the **AT_CHECK** flag to check the execute permission (including the IMA check) of scripts, which are executed only after they pass the permission check. +- **Halt polling**: This feature enables guest vCPUs to poll at the idle state to avoid sending an inter-processor interrupt (IPI) when performing a wakeup. This optimization reduces the interrupt sending and handling overhead. In addition, the VM does not exit during polling, further reducing the VM entry/exit overhead. This feature also reduces the inter-process communication latency and improves VM performance. +- **CAQM for the kernel TCP/IP stack**: Constrained active queue management (CAQM) is an algorithm for network congestion control. It is mainly used on compute nodes in data centers that use TCP to transmit data and network switch nodes on transmission paths. The network switch nodes calculate idle bandwidth and optimal bandwidth allocation, and the compute node protocol stack works with the switches to achieve "zero-queue" congestion control effect and ultra-low transmission latency in high-concurrency scenarios. + + The CAQM algorithm adds congestion control flags to the Ethernet link layer to dynamically adjust the queue length and improve the utilization of network resources. In latency-sensitive general-computing scenarios in data centers, this feature greatly reduces latency and packet loss, improving user experience. + + In typical data center scenarios, this algorithm outperforms the classic Cubic algorithm in two key metrics: (1) 92.4% lower transmission latency, and (2) 99.97% TCP transmission bandwidth utilization with 90% lower switch queue buffer usage. + + The CAQM algorithm requires collaboration between compute node servers and switches. Therefore, intermediate switches must support the CAQM protocol (for protocol header identification, congestion control field adjustment, and so on). This algorithm is controlled through the kernel compilation macro (**CONFIG_ETH_CAQM**) and is disabled by default. To use this algorithm, users need to enable this macro and recompile the kernel. + +## NestOS + +NestOS is a community cloud OS that uses nestos-assembler for quick integration and build. It runs rpm-ostree and Ignition tools over a dual rootfs and atomic update design, and enables easy cluster setup in large-scale containerized environments. Compatible with Kubernetes and OpenStack, NestOS also reduces container overheads. + +- **Out-of-the-box availability**: integrates popular container engines such as iSulad, Docker, and Podman to provide lightweight and tailored OSs for the cloud. +- **Easy configuration**: uses the Ignition utility to install and configure a large number of cluster nodes with a single configuration. +- **Secure management**: runs rpm-ostree to manage software packages and works with the openEuler software package source to ensure secure and stable atomic updates. +- **Hitless node updating**: uses Zincati to provide automatic node updates and reboot without interrupting services. +- **Dual rootfs**: executes dual rootfs for active/standby switchovers, to ensure integrity and security during system running. + +## SysCare + +SysCare is a system-level hotfix software that provides security patches and hot fixing for OSs. It can fix system errors without restarting hosts. SysCare combines kernel-mode and user-mode hot patching to take over system repair, freeing up valuable time for users to focus on core services. Looking ahead, SysCare will introduce live OS update capabilities, further improving O&M efficiency. + +- **Hot patch creation:** Hot patch RPM packages can be generated by providing the paths of the source RPM package, debuginfo RPM package, and patches to be applied, eliminating the need to modify the software source code. +- **Patch lifecycle management**: SysCare simplifies patch lifecycle management, offering a complete and user-friendly solution. With a single command, users can efficiently manage hot patches, saving time and effort. SysCare leverages the RPM system to build hot patches with complete dependencies. This allows for easy integration into the software repository and simplifies distribution, installation, update, and uninstallation of hot patches. +- **Kernel-mode and user-mode hot patch integration**: By utilizing the upatch and kpatch technologies, SysCare delivers seamless hot fixing for the entire software stack from applications and dynamic libraries to the kernel, eliminating the need for disruptive downtime. +- **New features**: SysCare preserves and restores accepted hot patches after reboot, maintaining their original activation order. + +## NRI Plugin Support of iSula + +Node Resource Interface (NRI) is a public interface for controlling node resources and provides a generic framework for pluggable extensions for CRI-compatible container runtimes. It offers a fundamental mechanism for extensions to track container states and make limited modifications to their configurations. This allows users to insert custom logic into OCI-compatible runtimes, enabling controlled changes to containers or performing additional operations outside the scope of OCI at certain points in the container lifecycle. The newly added support for NRI plugins of iSulad reduces costs for container resource management and maintenance, eliminates scheduling delays, and ensures information consistency in Kubernetes environments. + +An NRI plugin establishes a connection with iSulad through the NRI runtime service started within the isula-rust-extension component. This connection enables the plugin to subscribe to both pod and container lifecycle events. + +- For pods, subscribable events include creation, stopping, and removal. +- For containers, subscribable events include creation, post-creation, starting, post-start, updating, post-update, stopping, and removal. + +Upon receiving a CRI request from Kubernetes, iSulad relays this request to all NRI plugins subscribed to the corresponding lifecycle events. The request received by an NRI plugin includes metadata and resource information for the relevant pod or container. The plugin can then adjust the resource configuration of the pod or container as required. Finally, the NRI plugin communicates the updated configuration to iSulad, which in turn relays it to the container runtime, making the updated configuration effective. + +## oeAware with Enhanced Information Collection and Tuning Plugins + +oeAware is a framework that provides low-load collection, sensing, and tuning upon detecting defined system behaviors on openEuler. The framework divides the tuning process into three layers: collection, sensing, and tuning. Each layer is associated through subscription and developed as plugins, overcoming the limitations of traditional tuning techniques that run independently and are statically enabled or disabled. + +Every oeAware plugin is a dynamic library that utilizes oeAware interfaces. The plugins comprise multiple instances that each contains several topics and deliver collection or sensing results to other plugins or external applications for tuning and analysis purposes. The framework consists of the following components: + +- The SDK enables subscription to plugin topics, with a callback function handling data from oeAware. This allows external applications to create tailored functionalities, such as cross- cluster information collection or local node analysis. +- The Performance monitoring unit (PMU) information collection plugin gathers performance records from the system PMU. +- The Docker information collection plugin retrieves specific parameter details about the Docker environment. +- The system information collection plugin captures kernel parameters, thread details, and resource information (CPU, memory, I/O, network) from the current environment. +- The thread sensing plugin monitors key information about threads. +- The evaluation plugin examines system NUMA and network information during service operations, suggesting optimal tuning methods. +- The system tuning plugins comprise stealtask for enhanced CPU tuning, smc_tune which leverages shared memory communication in the kernel space to boost network throughput and reduce latency, and xcall_tune which bypasses non-essential code paths to minimize system call processing overhead. +- The Docker tuning plugin addresses CPU performance issues during sudden load spikes by utilizing the CPU burst feature. + +## KubeOS + +KubeOS is a lightweight and secure OS designed for cloud-native environments. It simplifies O&M by providing unified tools for Kubernetes-based systems. KubeOS is specifically designed for running containers. It features a read-only root directory, includes only the essential components for the container runtime, and utilizes dm-verity security hardening. This minimizes vulnerabilities and attack surfaces while improving resource utilization and boot speed. KubeOS can leverage native Kubernetes declarative APIs to unify the upgrade, configuration, and maintenance of worker node OSs within a cluster. This approach simplifies cloud-native operations, addresses challenges associated with OS version fragmentation across cluster nodes, and provides a unified solution for OS management. + +KubeOS introduces enhanced configuration capabilities, image customization features, and root file system (rootfs) integrity protection using dm-verity, as shown in the figure. Through a centralized management platform, KubeOS enables unified configuration of cluster parameters in the **limits.conf** file and cluster components like containerd and kubelet. + +KubeOS provides comprehensive system image customization options, allowing users to configure systemd services, GRUB passwords, system drive partitions, users and user groups, files, scripts, and **persist** partition directories. + +For static integrity protection, KubeOS activates dm-verity during VM image creation to ensure rootfs integrity. It also supports upgrades and configuration when dm-verity is enabled. + +## IMA + +The IMA is an open source Linux technology widely used for file integrity protection in real-world applications. It performs integrity checks on system programs to prevent tampering and ensure only authenticated (signed or HMAC-verified) files are executed via an allowlist. + +Applications running on Linux can be categorized into two types: + +- **Binary executables**: Programs in the ELF format can be directly executed by **exec** or **mmap** system calls. Through hook functions in **exec** and **mmap** system calls, the IMA triggers measurement or verification processes, ensuring integrity protection. +- **Interpreter-based applications**: Programs indirectly executed via interpreters, such as scripts run by Bash, Python, and Lua interpreters and Java programs executed by the JVM. + +The current IMA fails to protect interpreter-based applications, as these applications are typically loaded and parsed by interpreters through **read** system calls. The IMA cannot differentiate them from other mutable files, such as configuration or temporary files. As a result, enabling the IMA for **read** system calls inadvertently includes these mutable files in the protection scope. Mutable files lack pre-generated measurement baselines or verification credentials, causing integrity check failures. + +To address this limitation, openEuler enhances the IMA feature to significantly improve integrity protection for interpreter-based applications. + +## Heterogeneous RoT Support + +Common attack methods often target the authenticity and integrity of information systems. Hardware RoTs have become a standard method for protecting critical system components, enabling the system to measure and verify integrity. When tampering or counterfeiting is detected, the system triggers alerts or blocks the activity. + +The prevailing protection approach uses the trusted platform module (TPM) as the RoT, combined with the integrity measurement software stack to establish a system trust chain that ensures system authenticity and integrity. openEuler supports integrity measurement features such as measured boot, IMA measurement for files, and dynamic integrity measurement (DIM) for memory. + +The RoT framework used by openEuler 24.03 LTS SP1 offers a unified measurement interface to the upper-layer integrity protection software stack. Deployed within the kernel integrity subsystem, the framework supports multiple RoT drivers and expands integrity measurement beyond the TPM to include heterogeneous RoTs. + +## Enhanced secGear + +The unified remote attestation framework of secGear addresses the key components related to remote attestation in confidential computing, abstracting away the differences between different Trusted Execution Environments (TEEs). It provides two components: attestation agent and attestation service. The agent is integrated by users to obtain attestation reports and connect to the attestation service. The service can be deployed independently and supports the verification of iTrustee and virtCCA remote attestation reports. + +The unified remote attestation framework focuses on confidential computing functionalities, while service deployment and operation capabilities are provided by third-party deployment services. The key features of the unified remote attestation framework are as follows: + +- **Report verification plugin framework**: Supports runtime compatibility with attestation report verification for different TEE platforms, such as iTrustee, virtCCA, and CCA. It also supports the extension of new TEE report verification plugins. +- **Certificate baseline management**: Supports the management of baseline values of Trusted Computing Bases (TCB) and Trusted Applications (TA) as well as public key certificates for different TEE types. Centralized deployment on the server ensures transparency for users. +- **Policy management**: Provides default policies for ease of use and customizable policies for flexibility. +- **Identity token**: Issues identity tokens for different TEEs, endorsed by a third party for mutual authentication between different TEE types. +- **Attestation agent**: Supports connection to attestation services/peer-to-peer attestation, compatible with TEE report retrieval and identity token verification. It is easy to integrate, allowing users to focus on their service logic. + +Two modes are supported depending on the usage scenario: peer-to-peer verification and attestation service verification. + +Attestation service verification process: + +1. The user (regular node or TEE) initiates a challenge to the TEE platform. +2. The TEE platform obtains the TEE attestation report through the attestation agent and returns it to the user. +3. The user-side attestation agent forwards the report to the remote attestation service. +4. The remote attestation service verifies the report and returns an identity token in a unified format endorsed by a third party. +5. The attestation agent verifies the identity token and parses the attestation report verification result. + +Peer-to-peer verification process (without the attestation service): + +1. The user initiates a challenge to the TEE platform, which then returns the attestation report to the user. +2. The user uses a local peer-to-peer TEE verification plugin to verify the report. + +## gala-anteater for Minute-Level Container Interference Detection + +gala-anteater is an AI-powered exception detection platform for gray faults in the OS. Integrating various exception detection algorithms, it achieves system-level fault detection and reporting through automated model pre-training, online incremental learning, and model updates. + +In high-density online container deployment scenarios, the presence of disorderly resource contention can lead to inter-container interference. gala-anteater enables minute-level identification of interference sources (CPU or I/O), aiding O&M personnel in swiftly tracing and resolving issues to ensure service QoS. + +gala-anteater leverages a combination of offline and online learning techniques to facilitate offline model training and online updates, ultimately enabling real-time online exception detection. + +- **Offline**: Initially, historical KPI datasets undergo preprocessing and feature selection to generate a training set. This set is then used to train and optimize an unsupervised neural network model (such as a variational autoencoder). Finally, a manually labeled test set aids in selecting the optimal model. + +- **Online**: The trained model is deployed online, where it undergoes further training and parameter tuning using real-time data. This continuously refined model then performs real-time exception detection within the online environment. + +## A-Ops Integration with authHub for Unified User Authentication + +authHub is a unified user authentication platform built on the OAuth 2.0 protocol. A-Ops can now utilize authHub to manage application registration, enabling seamless user authentication across multiple platforms. + +Core functionalities of authHub include: + +- **Application management**: Deployed applications can be registered with and configured on authHub to provide access to their features. + +- **User authentication**: Applications managed by authHub support single sign-on (SSO) and single sign-out processes. + +## Minute-level Demarcation and Location of Microservice Performance Problems (TCP, I/Os, and Scheduling) + +gala-gopher, gala-spider, and gala-anteater implement a topological root cause analysis approach to facilitate fault detection and root cause location in large-scale clusters. In openEuler 24.03 LTS SP1, fine-grained capabilities have been introduced for cloud-native environments based on Layer 7 protocols like HTTPS, PostgreSQL, and MySQL, enabling O&M teams to quickly locate the source of faults, thus enhancing system stability and reliability. The following features are available: + +- **Metric collection**: gala-gopher uses eBPF to collect and report network and I/O metrics. +- **Cluster topology**: gala-spider receives data reported by gala-gopher and constructs a container- and process-level call relationship topology. +- **Fault detection**: gala-anteater classifies the reported metrics based on the fault detection model to determine whether an exception has occurred in the system. +- **Root cause location**: gala-anteater locates the root cause node of the exception based on node exception and topology information. + +## utsudo + +**sudo** is one of the commonly used utilities for Unix-like and Linux OSs. It enables users to run specific commands with the privileges of the super user. utsudo is developed to address issues of security and reliability common in **sudo**. + +utsudo uses Rust to reconstruct **sudo** to deliver more efficient, secure, and flexible privilege escalation. It includes modules such as the common utility, overall framework, and function plugins. + +**Basic features** + +- **Access control**: Limits the commands that can be executed by users, and specifies the required authentication method. +- **Audit log**: Records and traces all commands and tasks executed by each user. +- **Temporary privilege escalation**: Allows common users to temporarily escalate to a super user for executing privileged commands or tasks. +- **Flexible configuration**: Allows users to set arguments such as command aliases, environment variables, and execution parameters to meet system requirements. + +**Enhanced features** + +utsudo 0.0.2 comes with openEuler 24.03 LTS SP1 to provide the following features: + +- **Privilege escalation**: Escalates the privilege of a process run by a common user to the root privilege. +- **Plugin loading**: Parses plugin configuration files and dynamically loads plugin libraries. + +## utshell + +utshell is a new shell that introduces new features and inherits the usability of Bash. It enables interaction through command lines, such as responding to user operations to execute commands and providing feedback, and can execute automated scripts to facilitate O&M. + +**Basic features** + +- **Command execution**: Runs and sends return values from commands executed on user machines. +- **Batch processing**: Automates task execution using scripts. +- **Job control**: Executes, manages, and controls multiple user commands as background jobs concurrently. +- **Historical records**: Records the commands entered by users. +- **Command aliases**: Allows users to create aliases for commands to customize their operations. + +**Enhanced features** + +utshell 0.5 runs on openEuler 24.03 LTS SP1 to perform the following operations: + +- Parses shell scripts. +- Runs third-party commands. + +## GCC for openEuler + +The baseline version of GCC for openEuler has been upgraded from open source GCC 10.3 to GCC 12.3, supporting features such as automatic feedback-directed optimization (AutoFDO), software and hardware collaboration, memory optimization, Scalable Vector Extension (SVE), and vectorized math libraries. + +- The default language of GCC for openEuler has been upgraded from C14/C++14 to C17/C++17, enabling GCC for openEuler to support more hardware features like Armv9-A and x86 AVX512-FP16. +- GCC for openEuler supports structure optimization and instruction selection optimization, leveraging Arm hardware features to improve system running efficiency. In the benchmark tests such as SPEC CPU 2017, GCC for openEuler has proven to deliver higher performance than GCC 10.3 of the upstream community. +- Further, it fuels AutoFDO to improve the performance of MySQL databases at the application layer. + +**Feature Description** + +- **SVE vectorization**: Significantly improves program running performance for Arm-based machines that support SVE instructions. +- **Memory layout**: Rearranges the structure members so that frequently accessed members are placed in continuous memory locations, boosting the cache hit ratio and enhancing program performance. +- **SLP transpose optimization**: Improves the analysis of loops with consecutive memory reads during loop splitting, and adds analysis to transpose grouped stores in the superword level parallelism (SLP) vectorization stage. +- **Redundant member elimination**: Eliminates structure members that are never read and deletes redundant write statements, which in turn reduces the memory footprint of the structure and alleviates subsequent bandwidth pressure, while improving performance. +- **Array comparison**: Implements parallel comparison of array elements to improve execution efficiency. +- **Arm instruction optimization**: Simplifies the pipeline of ccmp instructions for a wide range of deployments. +- **IF statement optimization**: Splits and optimizes the IF statement block to improve constant propagation within a program. +- **SLP vectorization**: Enhances SLP to cover more vectorization scenarios and improve performance. +- **AutoFDO**: Uses perf to collect and parse program information and optimizes feedback across the compilation and binary phases, boosting mainstream applications such as MySQL databases. + +## Gazelle + +Gazelle is a high-performance user-mode protocol stack. It directly reads and writes NIC packets in user mode based on the Data Plane Development Kit (DPDK), transmits the packets through shared hugepage memory, and uses the LwIP protocol stack, thereby greatly improving the network I/O throughput of applications and accelerating the network for databases. With Gazelle, high performance and universality can be achieved at the same time. In openEuler 24.03 LTS SP1, Gazelle introduces eXpress Data Path (XDP) deployment mode for container scenarios and TPC-C support for the openGauss database, further enhancing the user-mode protocol stack. + +- **High performance (ultra-lightweight)**: High-performance lightweight protocol stack capabilities are implemented based on DPDK and LwIP. +- **Ultimate performance**: A highly linearizable concurrent protocol stack is implemented based on technologies such as regional hugepage splitting, dynamic core binding, and full-path zero-copy. +- **Hardware acceleration**: TCP Segmentation Offload (TSO), checksum (CSUM) offload, Generic Receive Offload (GRO), and other offload technologies streamline the vertical acceleration of hardware and software. +- **Universality (POSIX compatibility)**: Full compatibility with POSIX APIs eliminates the need to modify applications. The recvfrom and sendto interfaces of UDP are supported. +- **General networking model**: Adaptive scheduling of the networking model is implemented based on mechanisms such as fd router and wake-up proxy. The UDP multi-node multicast model meets the requirements of any network application scenario. +- **Usability (plug-and-play)**: LD_PRELOAD enables zero-cost deployment by removing the requirement for service adaptation. +- **Easy O&M (O&M tool)**: Complete O&M methods, such as traffic statistics, metric logs, and CLI commands, are provided. + +**New Features** + +- Gazelle now supports XDP deployment on L2-mode NICs using IPVLAN. +- Interrupt mode is introduced, which reduces LStack CPU usage in no-traffic or low-traffic scenarios. +- Networks of the ping-pong scheme are optimized to improve packet transmission during ping-pong operations. +- Support for single-node and single-active/standby TPC-C testing is added for the openGauss database. + +## virtCCA + +virtCCA-based confidential VMs, built on the Secure EL2 (S-EL2) of Kunpeng 920, allow regular VM software stacks to run securely within TEEs. + +Based on the standard interface of the Arm Confidential Compute Architecture (CCA), openEuler builds a TEE virtualization management module upon the TrustZone firmware. This module supports memory isolation between confidential VMs, context and lifecycle management, and page table management, and enables seamless application migration to TEEs. + +- Device passthrough + +Device passthrough uses the PCIe protection controller (PCIPC) embedded in the PCIe root complex of Kunpeng 920. A selector is added to the PCIe bus to regulate communication between the processor and peripherals. Operating through the system memory management unit (SMMU), this selector controls both inbound and outbound traffic, safeguarding the entire data link. +Device passthrough boasts excellent security isolation and performance enhancements for PCIe devices: + +- Security isolation + + The TEE manages device access permissions, preventing host software from accessing TEE devices. + +- High performance + + Confidential device passthrough negates performance loss on the data plane compared to traditional encryption and decryption solutions. + +- Ease of use + + Compatibility with existing open source OSs ensures that the kernel driver does not need to be modified. + +- ShangMi (SM) algorithm acceleration + + Hardware-based acceleration for SM algorithms runs on the UADK user-mode accelerator framework to enhance SM algorithm performance and enable algorithm offloading within confidential VMs. It is powered by the Kunpeng processor and utilizes the Kunpeng Accelerator Engine (KAE) features in the TEE. + +## Hygon CSV3 + +CSV3 marks the third generation of Hygon's secure virtualization technology. With security features that far exceed its predecessors, CSV3 realizes multi-level data protection that implements VM data isolation within the CPU. This isolation prevents the host OS from accessing VM memory or modifying nested page tables, thereby ensuring strong data integrity and confidentiality. + +**Secure memory isolation unit** + +The secure memory isolation unit forms the hardware basis for VM data integrity. A specialized hardware component within the CPU, the unit is positioned on the system bus path between the CPU and the memory controller to retrieve secure memory information for CSV3 VMs, such as physical memory addresses, VM IDs, and associated permissions. It validates all memory access requests from the CPU before granting permission, ensuring only verified requests receive access clearance. + +When a CSV3 VM reads from or writes to memory, the page table translation unit converts the guest physical address (GPA) into a host physical address (HPA), and sends a memory access request (including read/write commands), the HPA, and the requester VM ID to the address bus. + +If the secure memory isolation unit detects an incorrect VM ID during memory reads, it returns data in a fixed pattern. During memory writes, such an invalid request is discarded. + +**Secure processor** + +The secure memory isolation unit is the central hardware component in CSV3, safeguarding the integrity of VM memory. Its configuration must remain entirely secure and immune to modification by the host OS. + +Hygon's secure processor is built into the SoC and independent from the CPU. It acts as the RoT of the SoC. Upon power-on, the processor verifies firmware integrity using an embedded signature verification key before the firmware is loaded and executed. Equipped with dedicated hardware resources within an isolated environment, the secure processor represents the highest level of security within the SoC, governing the overall security of the SoC. It maintains exclusive control over the secure memory isolation unit throughout the VM lifecycle, thus preventing the host OS from accessing or modifying unit configurations. + +During VM startup, the host OS sends a request to the secure processor, which initializes the secure memory isolation unit. The secure processor firmware updates the secure memory isolation unit, and when the VM terminates, the secure processor clears all configurations of the unit. The secure processor validates all configuration requests from the host and rejects any that are invalid. + +**Protection of the virtual machine control block (VMCB)** + +The VMCB contains crucial control data, including the VM ID, VM page table base address, and VM register page base address. Access to this sensitive data by a host OS can cause tampering to VM memory data. + +The secure processor creates the VMCB and places it under the protection scope of the secure memory isolation unit, which prevents the host OS from altering the contents of the VMCB. + +To improve compatibility with the host OS software, CSV3 uses real and shadow VMCB pages. The host OS constructs the shadow VMCB page, populates it with control data, and sends it to the secure processor. The secure processor then generates the real VMCB page, copying non- critical control data from the shadow VMCB page and adding essential control information independently. The VM launches and operates using the real VMCB page, thus blocking any host OS attempts to hack the VMCB. + +## openHiTLS + +openHiTLS provides a lightweight, customizable cryptographic solution designed for diverse industries including cloud computing, big data, AI, and finance. The platform combines advanced algorithms with exceptional performance while maintaining robust security and reliability. Its flexible architecture ensures seamless compatibility across multiple programming languages. Through community collaboration and ecosystem development, openHiTLS accelerates the adoption of cryptographic security standards across various industries, while fostering a security- focused open source ecosystem centered around openEuler in order to provide users with a safer and more reliable digital environment. + +**Support for mainstream cryptographic protocols and algorithms** + +Mainstream international and Chinese cryptographic algorithms and protocols are supported. You can select appropriate cryptographic algorithms and protocols based on scenario requirements. + +- Chinese cryptographic algorithms: SM2, SM3, and SM4 +- International mainstream algorithms: AES, RSA, (EC)DSA, (EC)DH, SHA-3 and HMAC +- GB/T 38636-2020 TLCP, that is, the dual-certificate protocol +- TLS 1.2, TLS 1.3, and DTLS 1.2 + +**Open architecture for cryptography applications in all scenarios** + +By leveraging an open architecture and implementing technological innovations in applications across the entire industry chain, a one-stop, full-scenario solution is provided for diverse industries. + +- Flexible southbound and northbound interfaces: Unified northbound interfaces enable quick access for industry applications. Southbound devices widely deployed in various service systems are abstracted to streamline device utilization. +- Multi-language compatibility: The foreign function interfaces (FFIs) ensure multi-language compatibility, enabling one cipher suite to be used across various programming languages. +- Wide applicability: Cryptographic technology applied across various scenarios in the entire industry chain ensures high performance, security, and reliability of openHiTLS in different scenarios. + +**Hierarchical decoupling and on-demand tailoring to create a lightweight cipher suite** + +Hierarchical decoupling enables cryptographic algorithm software to achieve ultimate cost efficiency. + +- Hierarchical decoupling: TLS, certificates, and algorithm functions are decoupled for on- demand combination, with layered optimization for algorithm abstraction, scheduling, and algorithm primitives. +- Advanced abstract interfaces: These interfaces prevent external interface changes caused by algorithm tailoring while reducing software footprint. +- Ultimate cost efficiency: Automatic management of feature dependencies and on-demand tailoring to trim down to the minimal implementation of PBKDF2 + AES (20 KB binary file size, 1 KB of heap memory, and 256 bytes of stack memory) are supported. + +**Agile architecture for cryptographic algorithms, addressing post-quantum migration** + +An innovative agile architecture for cryptographic algorithms enables rapid application migration and fast evolution of advanced algorithms. + +- Unified northbound interfaces: Standardized and extensible interfaces are available for algorithms, meaning that interface changes due to algorithm switching can be avoided, which in turn means that extensive adaptation of new interfaces for upper-layer applications is not required. +- Plugin-based management of algorithms: The algorithm provider layer supports dynamic algorithm runtime loading. +- Configurable algorithms: Algorithm information can be obtained from configuration files, avoiding hard coding of algorithm identifiers. + +## Fail-slow Detection for Rapid Identification of Slow Nodes in AI Cluster Training + +During the training process of AI clusters, performance degradation is inevitable, with numerous and complex causes. Existing solutions rely on log analysis after performance degradation occurs. However, it can take 3 to 4 days from log collection to root cause diagnosis and issue resolution on the live network. To address these pain points, an online slow node detection solution is offered. This solution allows for real-time monitoring of key system metrics and uses model- and data-driven algorithms to analyze the observed data and pinpoint the location of slow or degraded nodes. This facilitates system self-healing and fault rectification by O&M personnel. + +Grouped metric comparison helps detect slow nodes/cards in AI cluster training scenarios. This technology is implemented through gala-anteater and includes new components such as a configuration file, an algorithm library, and slow node comparison based on both time and space. The output includes the exception occurrence time, abnormal metrics, and IP addresses of slow nodes/cards. The technology improves system stability and reliability. The following features are provided: + +- Configuration file: Contains the types of metrics to be observed, configuration parameters for the metric algorithms, and data interfaces, which are used to initialize the slow node detection algorithms. +- Algorithm library: Includes common time series exception detection algorithms, such as Streaming Peaks-over-Threshold (SPOT), k-sigma, abnormal node clustering, and similarity measurement. +- Data: Includes metric data, job topology data, and communicator data. Metric data indicates the time series of metrics, job topology data indicates the node information used in training jobs, and communicator data indicates the node connection relationships (including data parallelism, tensor parallelism, and pipeline parallelism). +- Grouped metric comparison: Supports spatial filtering of abnormal nodes and temporal exception filtering of a single node. Spatial filtering identifies abnormal nodes based on the exception clustering algorithm, while temporal exception filtering determines whether a node is abnormal based on the historical data of the node. + +## Rubik with Enhanced Collaboration for Hybrid Deployments + +Cloud data centers face a widespread challenge of low resource utilization, typically below 20%. Improving this utilization has become a critical technical priority. Hybrid deployment—deploying workloads with different priorities together—offers an effective solution for increasing resource utilization. While hybrid deployment substantially improves cluster efficiency, it introduces resource contention that can impact the quality of service (QoS) of critical workloads. The key challenge lies in maintaining workload QoS while achieving higher resource utilization. + +Rubik, openEuler's container hybrid deployment engine, implements an adaptive system for single-node computing optimization and QoS assurance. The engine maximizes node resource utilization without compromising the performance of critical workloads. + +- Cache and memory bandwidth control: Limits the LLC and memory bandwidth of low- priority VMs. Currently, only static allocation is supported. +- **CPU interference control**: Supports CPU time slice preemption in microseconds, simultaneous multithreading (SMT) interference isolation, and anti-priority-inversion. +- **Memory resource preemption**: Terminates offline services first during node out-of memory (OOM) events to protect online service quality. +- **Memcg asynchronous memory reclamation**: Limits the total memory used by hybrid offline applications, and dynamically compresses the memory used by offline services when the online memory utilization increases. +- **quotaBurst traffic control**: When the CPU traffic of key online services is limited, the limit can be exceeded in a short period of time, ensuring the quality of online services. +- **Enhanced observation of PSI**: Collects pressure information at the cgroup v1 level, identifies and quantifies service interruption risks caused by resource contention, and improves hardware resource utilization. +- **iocost service I/O weight control**: Manages drive I/O rates for offline services to prevent bandwidth contention with online services. +- **Cycles per instruction (CPI) monitoring**: Tracks node pressure via CPI metrics to guide offline service eviction decisions. + +New features: + +- **Node CPU/memory management**: Monitors resource levels and evicts offline services. + +## Enhanced CFGO + +The continuous growth in code volume has made front-end bound execution a common issue in processors, which impacts program performance. Feedback-directed optimization techniques in compilers can effectively solve this issue. + +Continuous Feature Guided Optimization (CFGO) in GCC for openEuler and BiSheng Compiler refers to continuous feedback-directed optimization for multimodal files (source code and binaries) and the full lifecycle (compilation, linking, post-linking, runtime, OS, and libraries). The following techniques are included: + +- **Code layout optimization**: Techniques such as basic block reordering, function rearrangement, and hot/cold separation are used to optimize the binary layout of the target program, improving I-cache and I-TLB hit rates. +- **Advanced compiler optimization**: Techniques such as inlining, loop unrolling, vectorization, and indirect calls enable the compiler to make more accurate optimization decisions. + +CFGO comprises CFGO-PGO, CFGO-CSPGO, and CFGO-BOLT. Enabling these sub-features in sequence helps mitigate front-end bound execution and improve program runtime performance. To further enhance the optimization, you are advised to add the -flto=auto compilation option during CFGO-PGO and CFGO-CSPGO processes. + +- CFGO-PGO + + Unlike conventional profile-guided optimization (PGO), CFGO-PGO uses AI for Compiler (AI4C) to enhance certain optimizations, including inlining, constant propagation, and devirtualization, to further improve performance. + +- CFGO-CSPGO + + The profile in conventional PGO is context-insensitive, which may result in suboptimal optimization. By adding an additional CFGO-CSPGO instrumentation phase after PGO, runtime information from the inlined program is collected. This provides more accurate execution data for compiler optimizations such as code layout and register optimizations, leading to enhanced performance. + +- CFGO-BOLT + + CFGO-BOLT adds optimizations such as software instrumentation for the AArch64 architecture and inlining optimization on top of the baseline version, driving further performance gains. + +## AI4C + +AI4C is an AI-assisted compiler optimization suite. It is a software framework that leverages AI technologies to optimize compiler options and key decisions during optimization passes. It aims to address two major challenges in compilers: + +- **Difficult performance improvement**: Traditional compiler optimizations have long development cycles, and new optimization techniques are often incompatible with existing optimization processes, making it challenging to achieve the expected performance gains. +- **Low tuning efficiency**: When changes in hardware architecture or software application scenarios occur, significant human effort is required to adjust the cost model for compiler optimizations based on the new workloads, resulting in prolonged tuning times. + +The AI4C framework provides two main modules: Autotuner for automatic tuning of compiler options and AI-enabled compiler-driven program optimization (ACPO). + +The software follows a three-layer architecture, as shown in the following figure. The AI4C framework at the upper layer drives the optimization process of a compiler at the middle layer. The Adaptor module of the compiler invokes the AI model library and model inference engine at the lower layer, using optimization feature data and hardware architecture parameters as inputs to run model inference. This results in the optimal setting for key parameters during compilation, thereby achieving compiler optimization. + +- Autotuner + + The Autotuner of AI4C is developed based on OpenTuner (Ansel et al. 2015). It uses a plugin to drive the compiler to collect tuning parameters, adjusts key decision-making parameters (such as loop unrolling factors) using search algorithms, injects modifications into the compilation process via the plugin, and runs the compiled binary to gather feedback factors for iterative automatic tuning. + + - It integrates a series of search algorithms, with dynamic algorithm selection and shared search progress. + - It supports user-configured YAML for custom search spaces and the extension of underlying search algorithms. + - It enables fine-grained code block tuning and coarse-grained automatic tuning of compiler options. + - It achieved performance gains ranging from 3% to 5% on benchmarks such as Cormark, Dhrystone, and Cbench. + +- ACPO + + ACPO provides a comprehensive set of tools, libraries, and algorithms, which replace or enhance heuristic tuning decision-making algorithms in compilers and provide easy-to-use interfaces for compiler engineers to use AI models. During compiler optimization, plugins are used to extract structured input data from optimization passes as model input features. The getAdvice function runs the pre-trained model to obtain decision coefficients, and the compiler uses the model's decision results to replace specific heuristic decisions, thereby achieving better performance. + + - It decouples compilers from AI models and inference engines, helping algorithm developers focus on AI model development while reducing the costs of model application. It is compatible with multiple compilers, models, AI inference frameworks, and other mainstream products, offering hot update capabilities for AI models. + - The implementation of optimization phases and processes, such as function inlining based on interprocedural analysis (IPA) and loop unrolling for register transfer language (RTL) generation, has resulted in significant gains. + +## SM Digital Signatures for RPMs + +According to relevant security standards in China, certain application scenarios require the use of Chinese cryptographic algorithms to ensure the authenticity and integrity of critical executable program sources. openEuler currently uses RPM for software package management, with package signatures based on the openPGP standard. openEuler 24.03 LTS SP1 incorporates the SM2 signing algorithm and SM3 digest algorithm into the RPM mechanism. + +Based on the RPM component and the GnuPG2 signing tool the component invokes, this feature enables Chinese cryptographic algorithms within the existing openPGP signature system. In signature generation, you can run the **gpg** command to generate an SM2 signing private key and a certificate, and then run the rpmsign command to add a digital signature based on the SM2 and SM3 algorithms to a specified RPM package. In signature verification, you can run the **rpm** command to import the verification certificate and verify the digital signature of the RPM package to validate its authenticity and integrity. + +## oneAPI + +The Unified Acceleration (UXL) Foundation is promoting an open, unified standard accelerator software ecosystem. oneAPI, as the initial project, aims to provide a cross-industry, open, and unified standard programming model to deliver consistent development experience for heterogeneous accelerators, including those for CPUs, GPUs, FPGAs, and specialized accelerators. The oneAPI standard extends existing developer programming models to empower cross-architecture programming using a parallel programming language (Data Parallel C++), a group of accelerator software libraries, and a foundational hardware abstraction interface (Intel® oneAPI Level Zero). This approach supports a wide range of accelerator hardware and processor platforms. To ensure compatibility and improve development efficiency, the oneAPI standard provides various open, cross-platform, and easy-to-use developer software suites. + +To fully support oneAPI, the Intel® oneAPI Base Toolkit (Base Kit) and runtime container images are integrated into openEuler 24.03 LTS. Since openEuler 24.03 LTS SP1, openEuler natively supports the adaptation and integration of oneAPI foundational libraries, including the dependencies required for oneAPI runtimes, Intel's graphics acceleration compiler, OpenCL™ Runtimes, and oneAPI Level Zero API that is compatible with platforms like x86_64 and AArch64. To comprehensively support Data Parallel C++ and API-based programming on accelerator libraries, various oneAPI software packages have been adapted and validated on openEuler. You can add the official DNF/Yum repositories of oneAPI to openEuler to install and update all required runtime dependencies, developer tools, and debugging utilities. + +## OpenVINO + +OpenVINO is an open source AI toolkit and runtime library that enhances deep learning models from major frameworks. It streamlines the deployment and inference of AI workloads across processors and accelerators on Intel and other platforms including Arm. Beginning with openEuler 24.03 LTS SP1, native OpenVINO integration is provided, granting full access to OpenVINO computing capabilities on openEuler. + +OpenVINO converts and optimizes models trained in popular frameworks to run efficiently on diverse hardware in local, edge, or cloud environments. Popular frameworks include TensorFlow, PyTorch, ONNX, and PaddlePaddle. + +## KAE + +KAE is an acceleration solution based on the Kunpeng 920 processor. It contains the KAE encryption and decryption module and the KAEzip compression and decompression module, which accelerate SSL and TLS applications and data compression, reduce processor usage, and boost processor efficiency. In addition, the application layer of KAE masks the internal implementation details, thereby allowing users to quickly migrate services through the standard interfaces of OpenSSL and zlib. + +The KAE encryption and decryption module implements the RSA, SM3, SM4, DH, MD5, and AES algorithms. It provides high-performance symmetric and asymmetric encryption and decryption based on the lossless user-mode driver framework. It is compatible with OpenSSL 1.1.1x and supports both synchronous and asynchronous mechanisms. + +KAEzip is the compression and decompression module of KAE. It implements the Deflate algorithm and works with the lossless user-mode driver framework to provide high-performance gzip or zlib APIs. KAE can be used to improve application performance in different scenarios. For example, in distributed storage scenarios, the zlib library accelerates data compression and decompression. diff --git a/docs/en/server/releasenotes/releasenotes/known_issues.md b/docs/en/server/releasenotes/releasenotes/known_issues.md new file mode 100644 index 0000000000000000000000000000000000000000..6da4219dc5ee7e2d29fd4c67641c7f71fd8ac84c --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/known_issues.md @@ -0,0 +1,7 @@ +# Known Issues + +| Issue ID | Repository | Description | Link | +| -------- | -------------------- | --------------------------------------------------------------------------------------------- | -------------------------------------------------------- | +| IBA13Y | yocto-meta-openeuler | \[2403LTSSP1] Test case oe_test_nfs-utils_test_001 failed on raspberrypi4-64 image | | +| IBACHW | yocto-meta-openeuler | \[2403LTSSP1] Incorrect image name for qemu-aarch64-mcs-ros and micad service failed to start | | +| IBANAZ | yocto-meta-openeuler | \[2403LTSSP1] mica service failed to start on x86-64-hmi-mcs-ros-rt image | | diff --git a/docs/en/server/releasenotes/releasenotes/os_installation.md b/docs/en/server/releasenotes/releasenotes/os_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..acf5ebd73f0a639a6ae1293bc4619df563f3b2ae --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/os_installation.md @@ -0,0 +1,153 @@ +# OS Installation + +## Release Files + +The openEuler release files include [ISO release packages](https://www.openeuler.org/en/download/archive/), [VM images](http://repo.openeuler.org/openEuler-24.03-LTS/virtual_machine_img/), [container images](http://repo.openeuler.org/openEuler-24.03-LTS/docker_img/), [embedded images](http://repo.openeuler.org/openEuler-24.03-LTS/embedded_img/), and [repositories](http://repo.openeuler.org/openEuler-24.03-LTS/). + +**Table 1** ISO release packages + +| Name | Description | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | +| openEuler-24.03-LTS-SP1-aarch64-dvd.iso | Base installation ISO file of the AArch64 architecture, including the core components for running the minimum system. | +| openEuler-24.03-LTS-SP1-everything-aarch64-dvd.iso | Full installation ISO file of the AArch64 architecture, including all components for running the entire system. | +| openEuler-24.03-LTS-SP1-everything-debug-aarch64-dvd.iso | ISO file for openEuler debugging in the AArch64 architecture, including the symbol table information required for debugging. | +| openEuler-24.03-LTS-SP1-x86_64-dvd.iso | Base installation ISO file of the x86_64 architecture, including the core components for running the minimum system. | +| openEuler-24.03-LTS-SP1-everything-x86_64-dvd.iso | Full installation ISO file of the x86_64 architecture, including all components for running the entire system. | +| openEuler-24.03-LTS-SP1-everything-debuginfo-x86_64-dvd.iso | ISO file for openEuler debugging in the x86_64 architecture, including the symbol table information required for debugging. | +| openEuler-24.03-LTS-SP1-source-dvd.iso | ISO file of the openEuler source code. | +| openEuler-21.09-edge-aarch64-dvd.iso | Edge ISO file in the AArch64 architecture, including the core components for running the minimum system. | +| openEuler-21.09-edge-x86_64-dvd.iso | Edge ISO file in the x86_64 architecture, including the core components for running the minimum system. | +| openEuler-21.09-Desktop-aarch64-dvd.iso | Desktop ISO file in the AArch64 architecture, including the minimum software set for running the development desktop. | +| openEuler-21.09-Desktop-x86_64-dvd.iso | Desktop ISO file in the x86_64 architecture, including the minimum software set for running the development desktop. | + +**Table 2** VM images + +| Name | Description | +| ---------------------------------------- | -------------------------------------------------- | +| openEuler-24.03-LTS-SP1-aarch64.qcow2.xz | VM image of openEuler in the AArch64 architecture. | +| openEuler-24.03-LTS-SP1-x86_64.qcow2.xz | VM image of openEuler in the x86_64 architecture. | + +>![](./public_sys-resources/icon-note.gif) **NOTE** +>The default password of the **root** user of the VM image is **openEuler12#$**. Change the password upon the first login. + +**Table 3** Container images + +| Name | Description | +| ------------------------------- | ----------------------------------------------------------- | +| openEuler-docker.aarch64.tar.xz | A Container image of openEuler in the AArch64 architecture. | +| openEuler-docker.x86_64.tar.xz | Container image of openEuler in the x86_64 architecture. | + +**Table 4** Embedded images + +| Name | Description | +| ---------------------------------------------- | ------------------------------------------------------------------ | +| arm64/aarch64-std/zImage | Kernel image that supports QEMU in the AArch64 architecture. | +| arm64/aarch64-std/\*toolchain-24.03-LTS-SP1.sh | Development and compilation toolchain in the AArch64 architecture. | +| arm64/aarch64-std/\*rootfs.cpio.gz | File system that supports QEMU in the AArch64 architecture. | +| arm32/arm-std/zImage | Kernel image that supports QEMU in the ARM architecture. | +| arm32/arm-std/\*toolchain-24.03-LTS-SP1.sh | Development and compilation toolchain in the ARM architecture. | +| arm32/arm-std/\*rootfs.cpio.gz | File system that supports QEMU in the ARM architecture. | +| source-list/manifest.xml | Manifest of source code used for building. | + +**Table 5** Repo sources + +| Name | Description | +| ------------------- | ------------------------------------------ | +| ISO | Stores ISO images. | +| OS | Stores basic software package sources. | +| debuginfo | Stores debugging package sources. | +| docker_img | Stores container images. | +| virtual_machine_img | Stores VM images. | +| embedded_img | Stores embedded images. | +| everything | Stores full software package sources. | +| extras | Stores extended software package sources. | +| source | Stores source code software package. | +| update | Stores update software package sources. | +| EPOL | Stores extended openEuler package sources. | + +## Minimum Hardware Specifications + +Table 6 lists the minimum hardware specifications for installing openEuler 24.03-LTS-SP1. + +**Table 6** Minimum hardware requirements + +| Component | Minimum Hardware Specification | +| ---------- | ----------------------------------------------------------------------------------- | +| CPU | Kunpeng 920 (AArch64)/ x86_64 (later than Skylake)
x86-64 (later than Skylake) | +| Memory | ≥ 8 GB | +| Hard drive | ≥ 120 GB | + +## Hardware Compatibility + +[Table 7](#zh-cn_topic_0227922427_table39822012) describes the typical configurations of servers and components supported by openEuler. openEuler will support more servers in the future. Partners and developers are welcome to participate in the contribution and verification. For details about the servers supported by openEuler, see [Compatibility List](https://www.openeuler.org/en/compatibility/). + +**Table 7** Supported servers and configurations + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Vendor

+

Server Name

+

Server Model

+

Component

+

Configuration

+

Huawei

+

TaiShan 200

+

2280 (balanced model)

+

CPU

+

HiSilicon Kunpeng 920

+

Memory

+

4 x 32 GB 2933MHz

+

RAID card

+

LSI SAS3508

+

Network

+

TM210

+

Huawei

+

FusionServer Pro

+

2288H V5 (rack server)

+

CPU

+

Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz

+

Memory

+

4 x 32 GB 2400MHz

+

RAID card

+

LSI SAS3508

+

Network

+

X722

+
diff --git a/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/releasenotes/releasenotes/resolved_issues.md b/docs/en/server/releasenotes/releasenotes/resolved_issues.md new file mode 100644 index 0000000000000000000000000000000000000000..093848d11a0933ce3793814dc35bd787124d229a --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/resolved_issues.md @@ -0,0 +1,416 @@ +# Resolved Issues + +For the complete issue list, see [Issues](https://gitee.com/organizations/src-openeuler/issues). + +For details about resolved issues, see the following table. + +**Table 1** Resolved issues + +|Issue ID| Repository| Description|Link| +|-|-|-|-| +| IA4E07 | gtk-doc | \[x86/arm] gtk-doc package license information identification review | | +| IA4E50 | qt5-qtenginio | \[x86/arm] qt5-qtenginio-help package license information identification review | | +| IA4V4R | mathjax | \[x86/arm] MathJax various sub-package license information identification review | | +| IA4VRO | libcrystalhd | \[x86/arm] crystalhd-firmware package license information identification review | | +| IA4VRW | mecab-ipadic | \[x86/arm] mecab-ipadic, mecab-ipadic-EUCJP package license information identification review | | +| IA4VU8 | python-cssutils | \[x86/arm] python3-cssutils, python-cssutils-help package license information identification review | | +| IA4W5L | raspberrypi-eeprom | \[x86/arm] raspberrypi-eeprom package license information identification review | | +| IA4W60 | raspberrypi-firmware | \[x86/arm] raspberrypi-firmware package license information identification review | | +| IA4WCX | shared-desktop-ontologies | \[x86/arm] shared-desktop-ontologies, shared-desktop-ontologies-devel package license information identification review | | +| IAGS0Z | umdk | \[x86/arm] umdk-urma-bin, umdk-urma-compat-hns-libumdk-urma-devel, umdk-urma-lib, umdk-urma-tools package license information identification review | | +| IAGS5K | tidb | \[x86/arm] tidb, tidb-debuginfo, tidb-debugsource package license information identification review | | +| IAGS6O | tidb | \[x86/arm] tidb, tidb-debuginfo, tidb-debugsource package license information identification review | | +| IAGWFV | aisleriot | \[x86/arm] aisleriot, aisleriot-debuginfo, aisleriot-debugsource package license information identification review | | +| IAGX7M | libmd | \[x86/arm] Review of license information identification for libmd, libmd-devel packages | | +| IAGXT0 | plasma-workspace | \[x86/arm] plasma-workspace-doc package license information identification review | | +| IB2D21 | python-lxml | \[EulerMaker] python-lxml build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2DUG | libclc | \[EulerMaker] libclc build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2ET1 | gtk-doc | \[EulerMaker] gtk-doc build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2HEA | python-sybil | \[EulerMaker] python-sybil build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2HF9 | python-h5py | \[EulerMaker] python-h5py build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2HIR | spirv-llvm-translator | \[EulerMaker] spirv-llvm-translator build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2HNW | nodejs-commander | \[EulerMaker] nodejs-commander build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2HOQ | gcc-cross | \[EulerMaker] gcc-cross build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2HQ0 | phonon | \[EulerMaker] phonon build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2IHP | mold | \[EulerMaker] mold build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2IIT | intel-ipp-crypto-mb | \[EulerMaker] intel-ipp-crypto-mb build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2IKX | intel-ipsec-mb | \[EulerMaker] intel-ipsec-mb build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2IO5 | intel-qatzip | \[EulerMaker] intel-ipp-crypto-mb build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2IOK | intel-qatengine | \[EulerMaker] intel-ipp-crypto-mb build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2LOS | kata-containers | \[EulerMaker] kata-containers build failed in openEuler-24.03-LTS-SP1:everything | | +| IB2VQS | trace-cmd | \[24.03-LTS-SP1-alpha] \[arm] Uninstalling trace-cmd package results in error: Failed to disable unit: Unit file trace-cmd.service does not exist. | | +| IB2W03 | crash-trace-command | \[24.03-LTS-SP1-alpha] \[arm] Uninstalling crash-trace-command package results in error: Failed to disable unit: Unit file trace-cmd.service does not exist. | | +| IB3RFB | moby | \[24.03-LTS-SP1-alpha] \[arm/x86] After installing docker, executing dnf update results in dependency error | | +| IB3RUN | python-commonmark | \[openEuler-24.03-LTS-SP1-alpha] \[arm/x86] nodejs-commonmark and python3-commonmark have installation conflicts | | +| IB3S3F | mandoc | \[openEuler-24.03-LTS-SP1-alpha] \[arm/x86] mandoc conflicts with groff-help and man-pages-help during installation | | +| IB3SMV | native-turbo | \[24.03-SP1-alpha] \[autotest] native-turbo package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SMW | lxcfs-tools | \[24.03-SP1-alpha] \[autotest] lxcfs-tools package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SMY | python-zmq | \[24.03-SP1-alpha] \[autotest] python-zmq package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SMZ | gcc | \[24.03-SP1-alpha] \[autotest] gcc package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SN1 | python-inotify | \[24.03-SP1-alpha] \[autotest] python-inotify package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SN2 | python-memcached | \[24.03-SP1-alpha] \[autotest] python-memcached package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SN3 | i2c-tools | \[24.03-SP1-alpha] \[autotest] i2c-tools package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SN4 | pytorch | \[24.03-SP1-alpha] \[autotest] pytorch package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SN5 | secGear | \[24.03-SP1-alpha] \[autotest] secGear package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SN6 | ghostscript | \[24.03-SP1-alpha] \[autotest] ghostscript package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SN7 | qpdf | \[24.03-SP1-alpha] \[autotest] qpdf package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNA | check | \[24.03-SP1-alpha] \[autotest] check package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNB | enchant2 | \[24.03-SP1-alpha] \[autotest] enchant2 package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNC | python-XlsxWriter | \[24.03-SP1-alpha] \[autotest] python-XlsxWriter package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3SND | edk2 | \[24.03-SP1-alpha] \[autotest] edk2 package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNF | kata-containers | \[24.03-SP1-alpha] \[autotest] kata-containers package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNG | libstoragemgmt | \[24.03-SP1-alpha] \[autotest] libstoragemgmt package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNH | python-pythran | \[24.03-SP1-alpha] \[autotest] python-pythran package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNI | librdkafka | \[24.03-SP1-alpha] \[autotest] librdkafka package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNJ | oec-hardware | \[24.03-SP1-alpha] \[autotest] oec-hardware package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3SNL | python-hamcrest | \[24.03-SP1-alpha] \[autotest] python-hamcrest package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNM | kmod-kvdo | \[24.03-SP1-alpha] \[autotest] kmod-kvdo package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNO | sscg | \[24.03-SP1-alpha] \[autotest] sscg package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNP | python-pydantic | \[24.03-SP1-alpha] \[autotest] python-pydantic package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNQ | python-eventlet | \[24.03-SP1-alpha] \[autotest] python-eventlet package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNR | gstreamer1-plugins-bad-free | \[24.03-SP1-alpha] \[autotest] gstreamer1-plugins-bad-free package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNS | pybind11 | \[24.03-SP1-alpha] \[autotest] pybind11 package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNU | tftp | \[24.03-SP1-alpha] \[autotest] tftp package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNV | lwip | \[24.03-SP1-alpha] \[autotest] lwip package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNW | tpm2-tss | \[24.03-SP1-alpha] \[autotest] tpm2-tss package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SNX | python-certifi | \[24.03-SP1-alpha] \[autotest] python-certifi package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3SNZ | automake | \[24.03-SP1-alpha] \[autotest] automake package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SO1 | python-jedi | \[24.03-SP1-alpha] \[autotest] python-jedi package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3SO2 | lftp | \[24.03-SP1-alpha] \[autotest] lftp package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SO3 | autoconf | \[24.03-SP1-alpha] \[autotest] autoconf package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SO4 | memleax | \[24.03-SP1-alpha] \[autotest] memleax package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SO5 | grub2 | \[24.03-SP1-alpha] \[autotest] grub2 package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SO6 | jetty | \[24.03-SP1-alpha] \[autotest] jetty package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SO7 | gala-gopher | \[24.03-SP1-alpha] \[autotest] gala-gopher package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SO8 | kiwi | \[24.03-SP1-alpha] \[autotest] kiwi package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOA | inih | \[24.03-SP1-alpha] \[autotest] inih package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOB | containerd | \[24.03-SP1-alpha] \[autotest] containerd package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOC | openEuler-repos | \[24.03-SP1-alpha] \[autotest] openEuler-repos package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOD | criu | \[24.03-SP1-alpha] \[autotest] criu package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOE | python-filelock | \[24.03-SP1-alpha] \[autotest] python-filelock package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOF | uadk_engine | \[24.03-SP1-alpha] \[autotest] uadk_engine package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOG | autofdo | \[24.03-SP1-alpha] \[autotest] autofdo package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOJ | dhcp | \[24.03-SP1-alpha] \[autotest] dhcp package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOL | python-iniparse | \[24.03-SP1-alpha] \[autotest] python-iniparse package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOM | gazelle | \[24.03-SP1-alpha] \[autotest] gazelle package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SON | bcc | \[24.03-SP1-alpha] \[autotest] bcc package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOO | ethtool | \[24.03-SP1-alpha] \[autotest] ethtool package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOP | rootsh | \[24.03-SP1-alpha] \[autotest] rootsh package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOQ | python-moto | \[24.03-SP1-alpha] \[autotest] python-moto package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOR | kylin-usb-creator | \[24.03-SP1-alpha] \[autotest] kylin-usb-creator package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOS | dtkgui | \[24.03-SP1-alpha] \[autotest] dtkgui package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3SOT | kylin-burner | \[24.03-SP1-alpha] \[autotest] kylin-burner package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOU | ukui-session-manager | \[24.03-SP1-alpha] \[autotest] ukui-session-manager package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOV | ukui-menu | \[24.03-SP1-alpha] \[autotest] ukui-menu package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOW | k3s-containerd | \[24.03-SP1-alpha] \[autotest] k3s-containerd package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOX | ukui-greeter | \[24.03-SP1-alpha] \[autotest] ukui-greeter package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SOY | python-faust | \[24.03-SP1-alpha] \[autotest] python-faust package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SP0 | cri-tools | \[24.03-SP1-alpha] \[autotest] cri-tools package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SP2 | ukui-bluetooth | \[24.03-SP1-alpha] \[autotest] ukui-bluetooth package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SP3 | ukui-panel | \[24.03-SP1-alpha] \[autotest] ukui-panel package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SP5 | distributed-build | \[24.03-SP1-alpha] \[autotest] distributed-build package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SP6 | apptainer | \[24.03-SP1-alpha] \[autotest] apptainer package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SP7 | ukui-system-monitor | \[24.03-SP1-alpha] \[autotest] ukui-system-monitor package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SP8 | ukui-screensaver | \[24.03-SP1-alpha] \[autotest] ukui-screensaver package is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | + +| IB3SP8 | ukui-screensaver | \[24.03-SP1-alpha]\[autotest] ukui-screensaver package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPA | indicator-china-weather | \[24.03-SP1-alpha]\[autotest] indicator-china-weather package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPC | peony-extensions | \[24.03-SP1-alpha]\[autotest] peony-extensions package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPE | dde | \[24.03-SP1-alpha]\[autotest] dde package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPF | kylin-recorder | \[24.03-SP1-alpha]\[autotest] kylin-recorder package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPG | kiran-icon-theme | \[24.03-SP1-alpha]\[autotest] kiran-icon-theme package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPH | python-blurb | \[24.03-SP1-alpha]\[autotest] python-blurb package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPI | cri-o | \[24.03-SP1-alpha]\[autotest] cri-o package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPK | distributed-build_lite | \[24.03-SP1-alpha]\[autotest] distributed-build_lite package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPL | migration-tools | \[24.03-SP1-alpha]\[autotest] migration-tools package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3SPM | ukui-search | \[24.03-SP1-alpha]\[autotest] ukui-search package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPN | ukui-control-center | \[24.03-SP1-alpha]\[autotest] ukui-control-center package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPO | kylin-nm | \[24.03-SP1-alpha]\[autotest] kylin-nm package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPP | kylin-calculator | \[24.03-SP1-alpha]\[autotest] kylin-calculator package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPQ | python-pytimeparse | \[24.03-SP1-alpha]\[autotest] python-pytimeparse package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPR | peony | \[24.03-SP1-alpha]\[autotest] peony package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPS | ukui-clock | \[24.03-SP1-alpha]\[autotest] ukui-clock package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPT | python-jose | \[24.03-SP1-alpha]\[autotest] python-jose package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPU | python-pytest-metadata | \[24.03-SP1-alpha]\[autotest] python-pytest-metadata package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPV | python-asgiref | \[24.03-SP1-alpha]\[autotest] python-asgiref package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3SPW | kylin-scanner | \[24.03-SP1-alpha]\[autotest] kylin-scanner package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SPY | libkysdk-applications | \[24.03-SP1-alpha]\[autotest] libkysdk-applications package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SQ0 | kylin-music | \[24.03-SP1-alpha]\[autotest] kylin-music package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SQ1 | ukui-notification-daemon | \[24.03-SP1-alpha]\[autotest] ukui-notification-daemon package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3SQ2 | k3s-selinux | \[24.03-SP1-alpha]\[autotest] k3s-selinux package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3TSL | python-parse-type | \[openEuler-24.03-LTS-SP1-alpha]\[arm/x86] python3-parse_type and python3-parse-type have installation conflicts | | +| IB3U4K | python-fonttools | \[24.03-SP1-alpha]\[autotest] fonttools package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3U5L | openjfx11 | \[24.03-SP1-alpha]\[autotest] openjfx package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3U5Z | etcd | \[24.03-SP1-alpha]\[autotest] etcd package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3U66 | KubeOS | \[24.03-SP1-alpha]\[autotest] KubeOS package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB3U6G | xdp-tools | \[24.03-SP1-alpha]\[autotest] xdp-tools package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3U6O | perl-Text-BibTeX | \[24.03-SP1-alpha]\[autotest] perl-Text-BibTeX package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3U6X | jboss-servlet-2.5-api | \[24.03-SP1-alpha]\[autotest] jboss-servlet-2.5-api package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB3U77 | openapi-schema-validator | \[24.03-SP1-alpha]\[autotest] openapi-schema-validator package version is lower in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB44JW | moby | \[openEuler-24.03-LTS-SP1-alpha]\[arm/x86] libnetwork and docker-engine-25.0.3-17.oe2403sp1 have installation conflicts | | +| IB47CH | netavark | \[EulerMaker] netavark build failed in openEuler-24.03-LTS-SP1:everything | | +| IB47EL | tomcatjss | \[EulerMaker] tomcatjss build failed in openEuler-24.03-LTS-SP1:everything | | +| IB47GD | firefox | \[EulerMaker] firefox build failed in openEuler-24.03-LTS-SP1:everything | | +| IB47IK | osinfo-db-tools | \[EulerMaker] osinfo-db-tools build failed in openEuler-24.03-LTS-SP1:everything | | +| IB4DCG | fwupd | \[24.03_LTS_SP1_alpha]\[x86/arm] fwupd has insecure build option RPATH | | +| IB4VTI | commonlibrary_c_utils | \[EulerMaker] commonlibrary_c_utils build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYF | communication_ipc | \[EulerMaker] communication_ipc build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYG | distributedhardware_device_manager | \[EulerMaker] distributedhardware_device_manager build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYH | nautilus-python | \[EulerMaker] nautilus-python build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYI | oceanbase-ce | \[EulerMaker] oceanbase-ce build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYJ | notification_eventhandler | \[EulerMaker] notification_eventhandler build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYK | security_dataclassification | \[EulerMaker] security_dataclassification build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYL | security_device_auth | \[EulerMaker] security_device_auth build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYM | security_device_security_level | \[EulerMaker] security_device_security_level build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYN | security_huks | \[EulerMaker] security_huks build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYO | systemabilitymgr_safwk | \[EulerMaker] systemabilitymgr_safwk build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4VYP | systemabilitymgr_samgr | \[EulerMaker] systemabilitymgr_samgr build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1O | butane | \[EulerMaker] butane build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1P | cinnamon | \[EulerMaker] cinnamon build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1Q | dde-launcher | \[EulerMaker] dde-launcher build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1R | dde-session-shell | \[EulerMaker] dde-session-shell build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1S | dpu-utilities | \[EulerMaker] dpu-utilities build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1U | dsoftbus | \[EulerMaker] dsoftbus build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1V | ffmpegthumbnailer | \[EulerMaker] ffmpegthumbnailer build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1W | kde-connect | \[EulerMaker] kde-connect build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1X | kf5-akonadi-mime | \[EulerMaker] kf5-akonadi-mime build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1Y | kf5-akonadi-server | \[EulerMaker] kf5-akonadi-server build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W1Z | kf5-bluez-qt | \[EulerMaker] kf5-bluez-qt build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W20 | kf5-kactivities | \[EulerMaker] kf5-kactivities build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W21 | kf5-kauth | \[EulerMaker] kf5-kauth build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W22 | kf5-kconfig | \[EulerMaker] kf5-kconfig build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W23 | kf5-khtml | \[EulerMaker] kf5-khtml build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W24 | kf5-kimap | \[EulerMaker] kf5-kimap build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W25 | kf5-kirigami2 | \[EulerMaker] kf5-kirigami2 build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W26 | kf5-kjs | \[EulerMaker] kf5-kjs build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W27 | kf5-knotifications | \[EulerMaker] kf5-knotifications build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W28 | kf5-knotifyconfig | \[EulerMaker] kf5-knotifyconfig build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W29 | kf5-mailcommon | \[EulerMaker] kf5-mailcommon build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2A | kf5-solid | \[EulerMaker] kf5-solid build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2B | kf5-syndication | \[EulerMaker] kf5-syndication build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2C | Kmesh | \[EulerMaker] Kmesh build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2D | kuserfeedback | \[EulerMaker] kuserfeedback build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2E | kwin | \[EulerMaker] kwin build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2F | kylin-screenshot | \[EulerMaker] kylin-screenshot build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2G | libksysguard | \[EulerMaker] libksysguard build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2H | mate-power-manager | \[EulerMaker] mate-power-manager build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2I | octave | \[EulerMaker] octave build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2J | okular | \[EulerMaker] okular build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2K | ovirt-engine-ui-extensions | \[EulerMaker] ovirt-engine-ui-extensions build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2M | plasma-workspace | \[EulerMaker] plasma-workspace build failed in openEuler-24.03-LTS-SP1:epol | | +| IB4W2N | polkit-kde | \[EulerMaker] polkit-kde failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB4W2O | python-plum-py | \[EulerMaker] python-plum-py failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB4W2P | python-typeguard | \[EulerMaker] python-typeguard failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB4W2Q | qtav | \[EulerMaker] qtav failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB4W2R | zram-generator | \[EulerMaker] zram-generator failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB4W2S | ukui-kwin | \[EulerMaker] ukui-kwin failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB4YJK | stratovirt | \[openEuler-24.03-LTS-SP1-RC1]\[arm] Failed to start virtual machine using image that comes with the source | | +| IB519M | CBS | \[2024-1230] Simplify k8s deployment, modify documentation | | +| IB54RM | hiviewdfx_hilog | \[EulerMaker] hiviewdfx_hilog failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB5662 | epkg_manager | \[2024-1230] Failed to install epkg package in main environment | | +| IB57E7 | epkg_manager | \[2024-1230] In EPKG global mode, user should not retain common environment | | +| IB57N7 | epkg_manager | \[2024-1230] Usability issues during epkg installation and usage | | +| IB5NFO | sysmaster | \[24.03 SP1] In virtual machine scenario, yum install sysmaster, reboot cannot be used, reboot is normal after uninstalling | | +| IB5OPE | epkg_manager | \[2024-1230] Installation in user mode under root user, switching to normal user to execute init exits abnormally | | +| IB5R1U | kae_driver | \[24.03-SP1-rc1]\[autotest] kae_driver package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R1W | selinux-policy | \[24.03-SP1-rc1]\[autotest] selinux-policy package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R1X | python-mypy | \[24.03-SP1-rc1]\[autotest] python-mypy package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB5R1Y | shadow | \[24.03-SP1-rc1]\[autotest] shadow package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R21 | hadoop | \[24.03-SP1-rc1]\[autotest] hadoop package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R22 | intel-sgx-ssl | \[24.03-SP1-rc1]\[autotest] intel-sgx-ssl package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R24 | xorg-x11-drv-nouveau | \[24.03-SP1-rc1]\[autotest] xorg-x11-drv-nouveau package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R25 | libnetfilter_queue | \[24.03-SP1-rc1]\[autotest] libnetfilter_queue package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R26 | xorg-x11-xauth | \[24.03-SP1-rc1]\[autotest] xorg-x11-xauth package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R27 | lsscsi | \[24.03-SP1-rc1]\[autotest] lsscsi package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R28 | xorg-x11-drv-fbdev | \[24.03-SP1-rc1]\[autotest] xorg-x11-drv-fbdev package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R29 | mock | \[24.03-SP1-rc1]\[autotest] mock package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2A | qt6-qtquick3dphysics | \[24.03-SP1-rc1]\[autotest] qt6-qtquick3dphysics package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2C | kata_integration | \[24.03-SP1-rc1]\[autotest] kata_integration package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2D | lldpad | \[24.03-SP1-rc1]\[autotest] lldpad package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2E | protobuf | \[24.03-SP1-rc1]\[autotest] protobuf package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2F | spice-vdagent | \[24.03-SP1-rc1]\[autotest] spice-vdagent package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2G | containernetworking-plugins | \[24.03-SP1-rc1]\[autotest] containernetworking-plugins package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2I | libepoxy | \[24.03-SP1-rc1]\[autotest] libepoxy package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2K | crash | \[24.03-SP1-rc1]\[autotest] crash package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2N | libXtst | \[24.03-SP1-rc1]\[autotest] libXtst package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2O | libteam | \[24.03-SP1-rc1]\[autotest] libteam package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2P | ipmitool | \[24.03-SP1-rc1]\[autotest] ipmitool package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2Q | musl | \[24.03-SP1-rc1]\[autotest] musl package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2R | xorg-x11-drv-evdev | \[24.03-SP1-rc1]\[autotest] xorg-x11-drv-evdev package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2S | kexec-tools | \[24.03-SP1-rc1]\[autotest] kexec-tools package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2W | supermin | \[24.03-SP1-rc1]\[autotest] supermin package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2X | openjdk-1.8.0 | \[24.03-SP1-rc1]\[autotest] openjdk-1.8.0 package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB5R2Y | openjfx8 | \[24.03-SP1-rc1]\[autotest] openjfx8 package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R2Z | curl | \[24.03-SP1-rc1]\[autotest] curl package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R31 | kpatch | \[24.03-SP1-rc1]\[autotest] kpatch package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R32 | rpmrebuild | \[24.03-SP1-rc1]\[autotest] rpmrebuild package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R33 | golang | \[24.03-SP1-rc1]\[autotest] golang package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R35 | open-isns | \[24.03-SP1-rc1]\[autotest] open-isns package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R36 | thai-scalable-fonts | \[24.03-SP1-rc1]\[autotest] thai-scalable-fonts package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R37 | keybinder3 | \[24.03-SP1-rc1]\[autotest] keybinder3 package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R38 | coreutils | \[24.03-SP1-rc1]\[autotest] coreutils package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3B | lxc | \[24.03-SP1-rc1]\[autotest] lxc package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3C | secpaver | \[24.03-SP1-rc1]\[autotest] secpaver package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3F | dmidecode | \[24.03-SP1-rc1]\[autotest] dmidecode package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3L | openssl | \[24.03-SP1-rc1]\[autotest] openssl package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3O | iotop | \[24.03-SP1-rc1]\[autotest] iotop package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3R | sssd | \[24.03-SP1-rc1]\[autotest] sssd package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3T | xorg-x11-drv-v4l | \[24.03-SP1-rc1]\[autotest] xorg-x11-drv-v4l package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3U | efivar | \[24.03-SP1-rc1]\[autotest] efivar package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3V | lua | \[24.03-SP1-rc1]\[autotest] lua package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3W | libXxf86vm | \[24.03-SP1-rc1]\[autotest] libXxf86vm package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3X | cryfs | \[24.03-SP1-rc1]\[autotest] cryfs package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3Y | libchardet | \[24.03-SP1-rc1]\[autotest] libchardet package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R3Z | gnome-settings-daemon | \[24.03-SP1-rc1]\[autotest] gnome-settings-daemon package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R40 | mate-control-center | \[24.03-SP1-rc1]\[autotest] mate-control-center package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R43 | dtkcommon | \[24.03-SP1-rc1]\[autotest] dtkcommon package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R44 | python-pyeclib | \[24.03-SP1-rc1]\[autotest] python-pyeclib package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R46 | deepin-clone | \[24.03-SP1-rc1]\[autotest] deepin-clone package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R48 | kubekey | \[24.03-SP1-rc1]\[autotest] kubekey package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R49 | cppzmq | \[24.03-SP1-rc1]\[autotest] cppzmq package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS version | | +| IB5R4A | pushgateway | \[24.03-SP1-rc1]\[autotest] pushgateway package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4B | deepin-log-viewer | \[24.03-SP1-rc1]\[autotest] deepin-log-viewer package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4C | qt5integration | \[24.03-SP1-rc1]\[autotest] qt5integration package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4D | pigpio | \[24.03-SP1-rc1]\[autotest] pigpio package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4E | dde-calendar | \[24.03-SP1-rc1]\[autotest] dde-calendar package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4G | tidb | \[24.03-SP1-rc1]\[autotest] tidb package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4I | python-jaeger-client | \[24.03-SP1-rc1]\[autotest] python-jaeger-client package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4K | mate-menus | \[24.03-SP1-rc1]\[autotest] mate-menus package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5R4M | deepin-compressor | \[24.03-SP1-rc1]\[autotest] deepin-compressor package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5RII | A-Tune | \[24.03-SP1-rc1]\[autotest] A-Tune package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5RJK | cscope | \[24.03-SP1-rc1]\[autotest] cscope package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5RKT | rubygem-actionpack | \[24.03-SP1-rc1]\[autotest] rubygem-actionpack package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB5SQT | scap-security-guide | \[openEuler-24.03-LTS-SP1] Issue with content_rule_configure_dump_journald_log rule | | +| IB5T8Q | bash | \[openEuler-24.03-LTS-SP1] Building ISO image with 5.2.15-11 version fails to boot normally | | +| IB5XUK | rubik | \[openEuler-24.03-LTS-SP1-round1] During rubik cpuevict function verification, rubik continuously outputs error logs | | +| IB5Z0F | hplip | \[24.03-SP1-rc1]\[arm/x86] hplip source package self-compilation fails locally | | +| IB60DF | gcc | \[EulerMaker] gcc-12.3.1-37 version is missing header files, causing multiple packages to fail compilation | | +| IB66JT | systemtap | \[openEuler-24.03-LTS-SP1 rc1 ]\[autotest ]\[arm] stap-exporter.service service starts with error messages | | +| IB6709 | kylin-video | \[EulerMaker] kylin-video failed to build in openEuler-24.03-LTS-SP1:epol | | +| IB6DM2 | oeAware-manager | sar and other commands are missing sysstat require | | +| IB6Q5P | scap-security-guide | \[openEuler-24.03-LTS-SP1] Rule "Build and Test AIDE Database" check fails | | +| IB6R4K | xorg-x11-server | \[openEuler-24.03-sp1-rc2]\[x86] UEFI mode installation does not enter graphical installation page, but enters text mode | | +| IB6UPE | dde-control-center | \[24.03-SP1-rc2]\[autotest] dde-control-center package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB6UQ2 | kylin-video | \[24.03-SP1-rc2]\[autotest] kylin-video package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB6USO | kylin-screenshot | \[24.03-SP1-rc2]\[autotest] kylin-screenshot package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB6UU1 | dde-dock | \[24.03-SP1-rc2]\[autotest] dde-dock package version is downgraded in 24.03-LTS-SP1 compared to 24.03-LTS release version | | +| IB6UV0 | three-eight-nine-ds-base | \[24.03-LTS-SP1-RC2] dsctl localhost cockpit open-firewall execution error | | +| IB6WYQ | python-commonmark | \[openEuler-24.03-LTS-SP1-round2]\[arm/x86] nodejs-commonmark and python3-commonmark have common file /usr/bin/commonmark, causing installation conflict | | +| IB6XNG | spdk | \[EulerMaker] spdk failed to build in openEuler-24.03-LTS-SP1:everything | | +| IB6XSB | libxcvt | \[openEuler-24.03-LTS-SP1-round2]\[arm/x86] xorg-x11-server-help and cvt have conflicting files /usr/share/man/man1/cvt.1.gz causing installation conflict | | +| IB6XT5 | scap-security-guide | \[openEuler-24.03-LTS-SP1] Scanning with the rule for correctly configuring hard drive space threshold has issues | | +| IB6XVI | mandoc | \[openEuler-24.03-LTS-SP1-round2]\[arm/x86] mandoc and groff-help, mandoc and man-pages-help have installation conflicts | | +| IB6ZHB | gcc-cross | \[24.03-SP1-rc2]\[arm/x86] gcc-cross source package local self-compilation failed, error in build stage, build.sh does not exist | | +| IB6ZKC | python-dns | \[24.03-SP1-rc2]\[arm/x86] python-dns source package local self-compilation failed, error in check stage | | +| IB71JF | kata-containers | \[24.03-SP1-rc2]\[autotest] The binary package versions of kata-containers package for arm and x86 architectures are inconsistent | | +| IB71L7 | three-eight-nine-ds-base | \[24.03-LTS-SP1-RC2] Executing dsidm -b "dc=example,dc=com" localhost role subtree-status dc=example,dc=com reports an error | | +| IB73JZ | clevis | \[24.03-LTS-SP1] Tang command issue | | +| IB746P | powerapi | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm] Calling SetSmartGridLevel interface, printed information is SetSmartGridState succeed | | +| IB74HE | autofdo | \[24.03-LTS-SP1 RC2] dump_gcov reports an error when using --gcov_version=2 | | +| IB76HT | ods | \[2024-1230] Offline login /api/modify-auth-code interface allows changing password successfully with the same old and new password | | +| IB77RL | aops-hermes | \[24.03-LTS-SP1-RC2]\[arm/x86] Creating host group, host group name validation is incorrect | | +| IB7C0A | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing oeAware-manager, executing oeawarectl -e smc_tune shows enable successful, but the actual instance status is still smc_tune (available, close) | | +| IB7E17 | oeAware-manager | SDK permission and service stuck issue | | +| IB7FDZ | aops-hermes | \[24.03-LTS-SP1-RC2]\[arm/x86] Script management, after editing a script, clicking "New Script" shows "Modify Script" page | | +| IB7FSL | aops-zeus | \[24.03-LTS-SP1-RC2]\[arm/x86] Operation name can be modified to an existing value | | +| IB7GCE | eagle | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing eagle, there is a spelling error in the log file, should be service | | +| IB7HS0 | nototools | \[24.03-LTS-SP1 RC2]\[autotest] Some commands are not usable | | +| IB7JLG | intel-compute-runtime | \[EulerMaker] intel-compute-runtime build failed in openEuler-24.03-LTS-SP1:everything | | +| IB7JNQ | mailman | \[EulerMaker] mailman build failed in openEuler-24.03-LTS-SP1:everything | | +| IB7JPP | pipewire | \[EulerMaker] pipewire build failed in openEuler-24.03-LTS-SP1:everything | | +| IB7KB5 | secpaver | \[openEuler-24.03-LTS-SP1] Using the tool to configure dim function, national cryptographic algorithms were not considered when creating the baseline | | +| IB7KEB | iSulad | \[EulerMaker] iSulad build failed in openEuler-24.03-LTS-SP1:everything | | +| IB7KXY | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing oeAware-manager, executing oeawarectl -l libsystem_tune.so print result is missing newline | | +| IB7LC7 | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing oeAware-manager, executing oeawarectl -e xcall_tune; oeawarectl -r libsystem_tune.so result is abnormal | | +| IB7LDI | k3s-selinux | \[openEuler-24.03-LTS-SP1-round2]\[arm/x86] k3s-selinux package installation process has errors | | +| IB7LDQ | secpaver | \[openEuler-24.03-LTS-SP1] Using the tool to configure dim function, the maximum value of module parameter log_cap was not considered | | +| IB7MRU | setroubleshoot | \[EulerMaker] setroubleshoot build failed in openEuler-24.03-LTS-SP1:everything | | +| IB7NRV | secpaver | \[openEuler-24.03-LTS-SP1] Using the tool to check dim function, missing check for kernel static baseline | | +| IB7P1W | oeAware-manager | command_collector is missing parameter validation | | +| IB7PCT | aops-hermes | \[24.03-LTS-SP1-RC2]\[arm/x86] Uploading security bulletin reports 400 error | | +| IB7PIH | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm] After installing oeAware-manager, executing oeawarectl -i numafast shows: /sbin/ldconfig: /usr/lib64/libkperf.so is not a symbolic link | | +| IB7PNH | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing oeAware-manager, executing oeawarectl -r libdocker_collector.so then executing oeawarectl -e docker_cpu_burst (depends on libdocker_collector.so) shows success | | +| IB7PXL | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing oeAware-manager, executing oeawarectl --query-dep xcall_tune shows dependency graph generation successful, but the actual dependency graph is abnormal | | +| IB7Q47 | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing oeAware-manager, executing oeawarectl -e xcall_tune; oeawarectl --query-dep xcall_tune shows dependency graph generation successful, but the actual dependency graph is missing dependencies | | +| IB7RMQ | secpaver | \[openEuler-24.03-LTS-SP1] Using the tool to configure ima function, need to manually import the digest list, missing prompt information | | +| IB7SUK | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm/x86] After installing oeAware-manager, configuring /etc/oeAware/config.yaml with incorrect format, restarting the service does not show error messages in the log | | +| IB7SYE | oeAware-manager | \[openEuler-24.03-LTS-SP1-rc2]\[autotest]\[arm] On a virtual machine, installing oeAware-manager and executing oeawarectl -e pmu_spe_collector (an instance only supported on physical machines) shows enable successful, status is running | | +| IB7VUC | secpaver | \[openEuler-24.03-LTS-SP1] After enabling ima function using the tool, then disabling ima, the selinux labels of measured files are not restored | | +| IB7YD4 | aops-apollo | \[24.03-LTS-SP1-RC2]\[arm/x86] On the task details page, some content of the task description is difficult to read | | +| IB810U | secpaver | \[openEuler-24.03-LTS-SP1] In sec_conf tool, when selecting whether to install a package, if "not installed" is selected and the corresponding package is not present in the environment, the execution should exit | | +| IB81LE | gazelle | When releasing the latest gazelle package for 22.03SP4, the corresponding dpdk package was not updated | | +| IB82Z3 | gazelle | \[openGauss] User-space standby executing gs_ctl switchover causes abnormal database interruption | | +| IB83OJ | gazelle | \[openGauss] After starting gaussdb in user-space, testing with tpcc reports an error | | +| IB89HL | gcc | \[24.03-LTS-SP1 RC3]\[Angha] -O3 -fif-split compilation reports ICE: during GIMPLE pass: profile_estimate (at cfganal.cc:1587) | | +| IB89PH | gcc | \[24.03-LTS-SP1 RC3]\[Angha] -O3 -fif-split compilation reports Segmentation fault: during GIMPLE pass: local-pure-const | | +| IB8HD7 | prometheus | \[24.03-LTS-SP1-RC3] promtool check metrics execution reports an error | | +| IB8JZ2 | AI4C | \[24.03-LTS-SP1 RC3] Compilation reports ICE: in get_attr_type | | +| IB8KDT | scap-security-guide | \[openEuler-24.03-LTS-SP1] Checking and fixing the rule to ensure correct weak password dictionary settings has issues | | +| IB8KYZ | gcc | \[24.03-LTS-SP1 RC3] -O3 -fwhole-program -flto-partition=one -fipa-struct-reorg=2 compilation and execution reports core dump | | +| IB8P6E | trafficserver | \[openEuler -24.03-LTS-SP1 rc3 ]\[autotest ] trafficserver.service service startup has error messages | | +|IB8PD4|python-blivet|\[24.03-LTS-SP1] Incorrect prompt when adding a partition exceeding available space in the installation interface|| +|IB8Q55|ncbi-blast|\[openEuler-24.03-LTS-SP1-round3]\[arm/x86] Installation file conflicts exist between ncbi-blast and bzip2-devel, and ncbi-blast and proj-devel|| +|IB8QB5|oeAware-manager|Missing the function to execute multiple commands|| +|IB8RF9|scap-security-guide|\[openEuler-24.03-LTS-SP1] Fix the rule to ensure ordinary users cannot escalate to root privileges via pkexec configuration, should be consistent with specifications|| +|IB8TGJ|gcc|\[24.03-LTS-SP1 RC3] Compilation reports ICE: Segmentation fault when -fcfgo-profile-generate is used without specifying a path|| +|IB8TSE|KubeOS|\[24.03-lts-sp1] When using the image creation script to create an image, the return value is still 0 after an error occurs|| +|IB8U1L|scap-security-guide|\[openEuler-24.03-LTS-SP1] Fix the rule to ensure correct SSH service MACs algorithm configuration, sshd service fails to start afterwards|| +|IB8U5R|secpaver|\[openEuler-24.03-LTS-SP1] When using the tool to check dim configuration, it did not default to checking if dim_core and dim_monitor modules are loaded, which is unexpected|| +|IB8UDV|KubeOS|\[24.03-lts-sp1] When issuing sysctl parameters, configuration fails if there are quotes in the configuration format|| +|IB8UQO|scap-security-guide|\[openEuler-24.03-LTS-SP1] Fix the rule to ensure passwords do not contain the account string, result is error|| +|IB8W9N|criu|\[EulerMaker] criu build fails in openEuler-24.03-LTS-SP1:everything|| +|IB8X9N|dde|\[openEuler 24.03 LTS SP1 rc3] Sound input interface in Control Center freezes or crashes|| +|IB8XDM|dde|\[openEuler 24.03 LTS SP1 rc3] Drawing application interface disappears after selecting to add text|| +|IB8XSC|dde|\[openEuler 24.03 LTS SP1 rc3] The 'X' close application button in the "Rygel Preferences" application cannot be clicked and does not close the application|| +|IB8YID|secpaver|\[openEuler-24.03-LTS-SP1] When using the tool to configure and check secure_boot function, limit the number of retries and timeout when wget downloads external certificates|| +|IB8ZOX|stratovirt|\[openEuler-24.03-LTS-SP1-RC3]\[arm/x86] Failed to restore virtual machine using snapshot|| +|IB90VA|secpaver|\[openEuler-24.03-LTS-SP1] When using the tool to check the ima function, it only checked if the current environment supports ima, which is not as expected|| +|IB91QR|oeAware-manager|Evaluation mode client cannot output report|| +|IB91ZE|oeAware-manager|pmu related data interval field calculation is inaccurate|| +|IB96L3|scap-security-guide|\[openEuler-24.03-LTS-SP1] Fix the rule to ensure correct at and cron configuration, some file permissions do not meet requirements afterwards|| +|IB9EDA|dde|\[openEuler 24.03 LTS SP1 rc3] Administrator user created by DDE cannot log in to the system under special circumstances|| +|IB9EM9|KubeOS|\[24.03-lts-sp1] There are issues with kubelte/containerd and other configuration delivery: 1. Format conversion and other issues can cause node configuration to get stuck, 2. After configuring only the value and then modifying to the correct value, the value remains unchanged, 3. No setting logs are printed when pam.limits is delivered|| +|IB9FF8|oeAware-manager|steal task has different enabling methods under different kernels, under 6.6, sched_steal_node_limit=\[numa number] needs to be configured|| +|IB9K6P|CBS|\[2024-1230] eulermaker supports one-click import of build projects for corresponding update versions generated by EulerMaker, the default yaml file provided has an incorrect build_tag field|| +|IB9K7F|pesign|\[24.03-LTS-SP1-RC3] Some pesign -i commands fail to execute|| +|IB9M1F||\[openEuler-24.03-LTS-SP1-round3]\[block] kubeedge image needs to be replaced with k3s|| +|IB9NT0|autoconf|\[EulerMaker] autoconf update causes multiple packages to fail to build in openEuler-24.03-LTS-SP1:everything|| +|IB9RFD|gazelle|\[openGauss] A lot of "fail" logs are printed during the warm-up test using tpcc|| +|IB9RGW|gazelle|\[openGauss] The first test using tpcc will always result in "The connection attempt failed"|| +|IB9RUF|KubeOS|\[24.03-lts-sp1] When the operation configuration is incorrect, there is an extra layer of quotes in the prompt message; when imagetype and opstype configurations are incorrect, delivery fails directly, which is inconsistent with previous behavior|| +|IB9WSS|ao.space|\[EulerMaker] ao.space build fails in openEuler-24.03-LTS-SP1:everything|| +|IB9XFN|secpaver|\[openEuler-24.03-LTS-SP1] When configuring and checking the modsign function, the part modifying grub parameters needs optimization|| +|IBA5E4|gazelle|\[openGauss] When starting gauss with gazelle (one primary, two standby), repeated manual primary/standby switching for about three hours leads to "Cannot reserve memory" and the gauss process exits|| +|IBA7CU|aops-hermes|\[24.03-LTS-SP1-RC4]\[arm/x86] Partial display on the CVE details page is incorrect|| +|IBA897|CBS|\[2024-1230] Project creation using yaml import method, if git_tag/commit_id/spec_branch are not passed in the yaml package configuration and build_tag is passed, the package configuration shows spec_branch after the project is created, and shows the commit_id of spec_branch after one build|| +|IBA8N5|utshell|\[24.03-LTS-SP1-RC4] utshell -c "echo {a..z}" execution reports Segmentation fault (core dumped)|| +|IBA918|utshell|\[24.03-LTS-SP1-RC4] utshell -c 'type -p pwd' returns code 255|| +|IBAAW2|oeAware-manager|spe sampling period only increases, cannot revert|| +|IBADES|euler-copilot-rag|The script to generate question-answer pairs only works for a single file or the entire directory|| +|IBADFM|ods|\[2024-1230] Version test running in EulerPipeline: Running a job with x86 virtual machine os_version specified as 20.03-LTS-SP4, task times out|| +|IBAEW1|gnome-settings-daemon|\[openEuler-24.03-LTS-SP1-round4]\[x86] gnome-settings-daemon uninstall has Failed message|| +|IBAFG5|scap-security-guide|\[openEuler-24.03-LTS-SP1] Fix the rule to ensure correct UMASK configuration, does not comply with specifications|| +|IBAGYK|ods|\[2024-1230] Version test running in EulerPipeline: Running a job with arm virtual machine os_version specified as 20.03-LTS-SP4, task times out|| +|IBALNI|KubeOS|\[24.03-lts-sp1] When the drive name is incorrect in the pxe image configuration, the installation prompt is insufficient drive space|| +|IBALTA|KubeOS|\[24.03-lts-sp1][chroot_script] Configure rm = true, the chroot script in the created image is not deleted|| +|IBALZL|KubeOS|\[24.03-lts-sp1] When creating an admin image, a / needs to be added after COPY ./set-ssh-pub-key.sh ./hostshell /usr/local/bin in the dockerfile|| +|IBAPM3|gazelle|\[SDV] After starting the server, the client TCP V6 cannot establish a connection immediately|| +|IBAPNP|gazelle|\[SDV] After enabling a single network card and starting with gazelle, using sysbench for traffic occasionally causes coredump|| +|IBARLD|gcc|\[24.03-LTS-SP1 RC4]\[csmith] Compilation with -O3 -fif-split reports Segmentation fault: during GIMPLE pass:if-split|| +|IBAU9O|hadoop|\[EulerMaker] hadoop build fails in openEuler-24.03-LTS-SP1:everything|| +|IBAWUP|sysSentry|rasdaemon plugin lacks configuration file|| +|IBAYOV|sysSentry|rasdaemon plugin functionality abnormal when type=period, onstart=no|| +|IBAYW8|KubeOS|\[24.03-lts-sp1] Image creation parameters have some empty values that are not validated|| +|IBB1PX|gcc|\[24.03-LTS-SP1 RC4]-flto -fipa-reorder-fields inconsistent results|| +|IBB1UK|gcc|\[24.03-LTS-SP1 RC4]-flto -fipa-struct-reorg inconsistent results|| +|IBB67T|oncn-bwm|\[EulerMaker]oncn-bwm build fails in openEuler-24.03-LTS-SP1:everything|| +|IBBP4Y|multipath-tools|Construct network failure twice, multipath does not enter degraded state|| +|IBBPDD|rpcbind|pwck check reports error: user 'rpc': directory '/var/lib/rpcbind' does not exist|| +|IBBQ1S|secDetector|openEuler 24.03-LTS-SP1 version, file probe fails|| +|IBBWT2|gcc|\[24.03-LTS-SP1 RC5]-O3 -fif-split compilation reports ICE:during GIMPLE pass: profile_estimate(at cfganal.cc:1587)|| +|IBBWT3|mariadb|\[24.03 LTS SP1 auto-test]mysqladmin command execution reports error|| +|IBBWTS|yocto-meta-openeuler|\[24.03-LTS-SP1]kp920 network card does not show up when configuring machine network card due to missing driver|| +|IBBWXI|openGemini|\[EulerMaker]openGemini build fails in openEuler-24.03-LTS-SP1:epol|| +|IBC1X0|opengauss-server|\[openEuler-24.03-LTS-SP1-round5]\[arm/x86] opengauss upgrade from 24.03-LTS to 24.03-LTS-SP1 version fails|| +|IBC3CT|oeAware-manager|\[openEuler-24.03-LTS-SP1-rc5]\[arm] Installing oeAware-manager, executing oeawarectl -e tune_numa_mem_access reports error: can't connect to server!|| +|IB5R2L|python-selenium|\[24.03-SP1-rc1]\[autotest]python-selenium package in 24.03-LTS-SP1 is downgraded compared to 24.03-LTS release version|| diff --git a/docs/en/server/releasenotes/releasenotes/source_code.md b/docs/en/server/releasenotes/releasenotes/source_code.md new file mode 100644 index 0000000000000000000000000000000000000000..c3759644ca9280aa62efd2f211c9351bb7d508ca --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/source_code.md @@ -0,0 +1,8 @@ +# Source Code + +openEuler contains two code repositories: + +- Code repository: [https://gitee.com/openeuler](https://gitee.com/openeuler) +- Software package repository: [https://gitee.com/src-openeuler](https://gitee.com/src-openeuler) + +The openEuler release packages also provide the source ISO files. For details, see [OS Installation](./os_installation.md). diff --git a/docs/en/server/releasenotes/releasenotes/terms_of_use.md b/docs/en/server/releasenotes/releasenotes/terms_of_use.md new file mode 100644 index 0000000000000000000000000000000000000000..18c764b3446b4a5d8c9c68ad18e22d15d2f8dd7e --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/terms_of_use.md @@ -0,0 +1,13 @@ +# Terms of Use + +**Copyright © 2024 openEuler Community** + +Your replication, use, modification, and distribution of this document are governed by the Creative Commons License Attribution-ShareAlike 4.0 International Public License \(CC BY-SA 4.0\). You can visit [https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/) to view a human-readable summary of \(and not a substitute for\) CC BY-SA 4.0. For the complete CC BY-SA 4.0, visit [https://creativecommons.org/licenses/by-sa/4.0/legalcode](https://creativecommons.org/licenses/by-sa/4.0/legalcode). + +**Trademarks and Permissions** + +All trademarks and registered trademarks mentioned in the documents are the property of their respective holders. The use of the openEuler trademark must comply with the [Use Specifications of the openEuler Trademark](https://www.openeuler.org/en/other/brand/). + +**Disclaimer** + +This document is used only as a guide. Unless otherwise specified by applicable laws or agreed by both parties in written form, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, including but not limited to non-infringement, timeliness, and specific purposes. diff --git a/docs/en/server/releasenotes/releasenotes/user_notice.md b/docs/en/server/releasenotes/releasenotes/user_notice.md new file mode 100644 index 0000000000000000000000000000000000000000..0047a4e9f26b66d36431bfc7311afd03351a882a --- /dev/null +++ b/docs/en/server/releasenotes/releasenotes/user_notice.md @@ -0,0 +1,5 @@ +# User Notice + +- The version number counting rule of openEuler is changed from openEuler _x.x_ to openEuler _year_._month_. For example, openEuler 21.03 indicates that the version is released in March 2021. +- The [Python core team](https://www.python.org/dev/peps/pep-0373/#update) has stopped maintaining Python 2 in January 2020. Python 2 reached end of maintenance (EOM) on December 31, 2020. In 2021, openEuler 21.03 fixed only the critical CVEs related to Python 2. +- From openEuler 22.03 LTS, only Python 3 is supported. Please switch to Python 3 to use the OS. diff --git a/docs/en/server/security/cert_signature/_toc.yaml b/docs/en/server/security/cert_signature/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4787f555fa5c17ad48a3590f6f2cf56686d8de0e --- /dev/null +++ b/docs/en/server/security/cert_signature/_toc.yaml @@ -0,0 +1,10 @@ +label: Certificate Signatures +isManual: true +description: The openEuler signature platform provides signing services to ensure the integrity of system files. +sections: + - label: Overview of Certificates and Signatures + href: ./overview_of_certificates_and_signatures.md + - label: Introduction to Signature Certificates + href: ./introduction_to_signature_certificates.md + - label: Secure Boot + href: ./secure_boot.md diff --git a/docs/en/server/security/cert_signature/figures/cert-tree.png b/docs/en/server/security/cert_signature/figures/cert-tree.png new file mode 100644 index 0000000000000000000000000000000000000000..cfbea157cb7b7308d668196ca5b0b0386067fd9e Binary files /dev/null and b/docs/en/server/security/cert_signature/figures/cert-tree.png differ diff --git a/docs/en/server/security/cert_signature/figures/mokutil-db.png b/docs/en/server/security/cert_signature/figures/mokutil-db.png new file mode 100644 index 0000000000000000000000000000000000000000..82dbe6e04cafe3e9ac039ba19acd5996d4cf2259 Binary files /dev/null and b/docs/en/server/security/cert_signature/figures/mokutil-db.png differ diff --git a/docs/en/server/security/cert_signature/figures/mokutil-sb-off.png b/docs/en/server/security/cert_signature/figures/mokutil-sb-off.png new file mode 100644 index 0000000000000000000000000000000000000000..f3018c9fd0236e9c2cf560f0da3827ed2a877f6d Binary files /dev/null and b/docs/en/server/security/cert_signature/figures/mokutil-sb-off.png differ diff --git a/docs/en/server/security/cert_signature/figures/mokutil-sb-on.png b/docs/en/server/security/cert_signature/figures/mokutil-sb-on.png new file mode 100644 index 0000000000000000000000000000000000000000..449b6774dc61a601cf884845fbd0be5d314108e1 Binary files /dev/null and b/docs/en/server/security/cert_signature/figures/mokutil-sb-on.png differ diff --git a/docs/en/server/security/cert_signature/figures/mokutil-sb-unsupport.png b/docs/en/server/security/cert_signature/figures/mokutil-sb-unsupport.png new file mode 100644 index 0000000000000000000000000000000000000000..525c72f78b897ffaba0d356406ab9d9e64024d91 Binary files /dev/null and b/docs/en/server/security/cert_signature/figures/mokutil-sb-unsupport.png differ diff --git a/docs/en/server/security/cert_signature/introduction_to_signature_certificates.md b/docs/en/server/security/cert_signature/introduction_to_signature_certificates.md new file mode 100644 index 0000000000000000000000000000000000000000..3720dea42fdad92c6b1cae08087d1e6713307d60 --- /dev/null +++ b/docs/en/server/security/cert_signature/introduction_to_signature_certificates.md @@ -0,0 +1,46 @@ +# Introduction to Signature Certificates + +openEuler supports two signature mechanisms: openPGP and CMS, which are used for different file types. + +| File Type | Signature Type | Signature Format| +| --------------- | ------------ | -------- | +| EFI files | authenticode | CMS | +| Kernel module files | modsig | CMS | +| IMA digest lists| modsig | CMS | +| RPM software packages | RPM | openPGP | + +## openPGP Certificate Signing + +openEuler uses openPGP certificates to sign RPM software packages. The signature certificates are released with the OS image. You can obtain certificates used by openEuler in either of the following ways: + +Method 1: Download the certificate from the repository. For example, download the certificate of openEuler 24.03 LTS from the following address: + +```text +https://repo.openeuler.org/openEuler-24.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler +``` + +Method 2: Log in to the system and obtain the file from the specified path. + +```shell +cat /etc/pki/rpm-gpg/RPM-GPG-KEY-openEuler +``` + +## CMS Certificate Signing + +The openEuler signature platform uses a three-level certificate chain to manage signature private keys and certificates. + +![](./figures/cert-tree.png) + +Certificates of different levels have different validity periods. The current plan is as follows: + +| Type| Validity Period| +| -------- | ------ | +| Root certificate | 30 years | +| Level-2 certificate| 10 years | +| Level-3 certificate| 3 years | + +The openEuler root certificate can be downloaded from the community certificate center. + +```text +https://www.openeuler.org/en/security/certificate-center/ +``` diff --git a/docs/en/server/security/cert_signature/overview_of_certificates_and_signatures.md b/docs/en/server/security/cert_signature/overview_of_certificates_and_signatures.md new file mode 100644 index 0000000000000000000000000000000000000000..4624626a326f83e0901dae6fd699b1fd08e60f6c --- /dev/null +++ b/docs/en/server/security/cert_signature/overview_of_certificates_and_signatures.md @@ -0,0 +1,29 @@ +# Overview of Certificates and Signatures + +## Overview + +Digital signature is an important technology for protecting the integrity of OSs. By adding signatures to key system components and verifying the signatures in subsequent processes such as component loading and running, you can effectively check component integrity and prevent security problems caused by component tampering. Multiple system integrity protection mechanisms are supported in the industry to protect the integrity of different types of components in each phase of system running. Typical technical mechanisms include: + +- Secure boot +- Kernel module signing +- Integrity measurement architecture (IMA) +- RPM signature verification + +The preceding integrity protection security mechanisms depend on signatures (usually integrated in the component release phase). However, open source communities generally lack signature private keys and certificate management mechanisms. Therefore, Linux distributions released by open source communities generally do not provide default signatures or use only private keys temporarily generated in the build phase for signatures. Usually, these integrity protection security mechanisms can be enabled only after users or downstream OSVs perform secondary signing, which increases the cost of security functions and reduces usability. + +## Solution + +The openEuler community infrastructure supports the signature service. The signature platform manages signature private keys and certificates in a unified manner and works with the EulerMaker build platform to automatically sign key files during the software package build process of the community edition. Currently, the following file types are supported: + +- EFI files +- Kernel module files +- IMA digest lists +- RPM software packages + +## Constraints + +The signature service of the openEuler community has the following constraints: + +- Currently, only official releases of the openEuler community can be signed. Private builds cannot be signed. +- Currently, only EFI files related to OS secure boot can be signed, including shim, GRUB, and kernel files. +- Currently, only the kernel module files provided by the kernel software package can be signed. diff --git a/docs/en/server/security/cert_signature/secure_boot.md b/docs/en/server/security/cert_signature/secure_boot.md new file mode 100644 index 0000000000000000000000000000000000000000..9c80d0ef0dc6ea20d59d71584576539aef9cd81a --- /dev/null +++ b/docs/en/server/security/cert_signature/secure_boot.md @@ -0,0 +1,80 @@ +# Secure Boot + +## Overview + +Secure Boot relies on public and private key pairs to sign and verify components in the booting process. During booting, the previous component authenticates the digital signature of the next component. If the authentication is successful, the next component runs. If the authentication fails, the booting stops. Secure Boot ensures the integrity of each component during system booting and prevents unauthenticated components from being loaded and running, preventing security threats to the system and user data. + +Components to be authenticated and loaded in sequence in Secure Boot are BIOS, shim, GRUB, and vmlinuz (kernel image). + +Related EFI startup components are signed by the openEuler signature platform using signcode. The public key certificate is integrated into the signature database by the BIOS. During the boot, the BIOS verifies the shim. The shim and GRUB components obtain the public key certificate from the signature database of the BIOS and verify the next-level components. + +## Background and Solutions + +In earlier openEuler versions, secure boot components are not signed. Therefore, the secure boot function cannot be directly used to ensure the integrity of system components. + +In openEuler 22.03 LTS SP3 and later versions, openEuler uses the community signature platform to sign OS components, including the GRUB and vmlinuz components, and integrates the community signature root certificate in the shim component. + +For the shim component, to facilitate end-to-end secure boot, the signature platform of the openEuler community is used for signature. After external CAs officially operate the secure boot component signature service, the signatures of these CAs will be integrated into the shim module of openEuler. + +## Enabling Secure Boot + +### Prerequisites + +- openEuler 22.03 LTS SP3 or later version is installed (openEuler 24.03 LTS or later is required if CFCA secure boot is used). +- The openEuler everything repository is configured. +- The UEFI boot mode is enabled. + +### Implementation Steps + +**Step 1:** Obtain the secure boot certificate. + +For openEuler certificates: Download from under **Certificate Center**. The root certificate is labeled **openEuler Shim Default CA** (**default-x509ca.cert**). + +For CFCA certificates: Download from (currently unavailable; contact openEuler Security Committee at for access). + +**Step 2:** Move the certificate to the **/boot/efi/EFI** directory. + +```shell +mv /boot/efi/EFI/ +``` + +**Step 3:** Install the shim-signed package (skip if not using CFCA-signed components). + +```shell +yum install -y shim-signed +``` + +**Step 4:** For CFCA shim, perform the following backup and replacement steps (skip if using openEuler-signed shim): + +```shell +mv /boot/efi/EFI/openEuler/shimx64.efi /boot/efi/EFI/openEuler/shimx64_bck.efi +mv /boot/efi/EFI/BOOT/BOOTX64.EFI /boot/efi/EFI/BOOT/BOOTX64_bck.EFI +cp /boot/efi/EFI/BOOT/BOOTX64_CFCA.EFI /boot/efi/EFI/BOOT/BOOTX64.EFI +cp /boot/efi/EFI/BOOT/BOOTX64_CFCA.EFI /boot/efi/EFI/openEuler/shimx64.efi +``` + +**Step 5:** Import the root certificate into the BIOS db certificate store and enable secure boot in BIOS settings. Consult the BIOS manufacturer's documentation for specific instructions. + +**Step 6:** After rebooting, verify the secure boot status. + +```shell +mokutil --sb +``` + +- **SecureBoot disabled**: Secure boot is disabled. + +![](./figures/mokutil-sb-off.png) + +- **SecureBoot enabled**: Secure boot is enabled. + +![](./figures/mokutil-sb-on.png) + +- **not supported**: The system does not support secure boot. + +![](./figures/mokutil-sb-unsupport.png) + +## Constraints + +- **Software**: The OS must be booted in UEFI mode. +- **Architecture**: Arm or x86 +- **Hardware**: The BIOS must support the verification function related to secure boot. diff --git a/docs/en/server/security/cve_ease/_toc.yaml b/docs/en/server/security/cve_ease/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..78bdd341f00dc7ede78b3dc1a6d3a3e7027b5d37 --- /dev/null +++ b/docs/en/server/security/cve_ease/_toc.yaml @@ -0,0 +1,8 @@ +label: CVE-ease Design Overview +isManual: true +description: Quickly respond to system vulnerabilities. +sections: + - label: CVE-ease Design Overview + href: ./cve_ease_design_introduction.md + - label: CVE-ease Introduction and Installation + href: ./cve_ease_introduction_and_installation_instructions.md diff --git a/docs/en/server/security/cve_ease/cve_ease_design_introduction.md b/docs/en/server/security/cve_ease/cve_ease_design_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..52bc28b7403ec053dbb9f2b6b776913fdd70af13 --- /dev/null +++ b/docs/en/server/security/cve_ease/cve_ease_design_introduction.md @@ -0,0 +1,33 @@ +# CVE-ease Design Overview + +## 1. Overview + +Common Vulnerabilities and Exposures (CVEs) plays a vital role in ensuring system security and stability, making effective handling and management of CVE data essential. To address this, the CVE-ease vulnerability management system was developed, enabling real-time acquisition, management, and reporting of vulnerability information. + +## 2. Key Features + +CVE-ease provides the following core functionalities: + +- Acquisition and analysis of CVE information +- Organization and storage of CVE data +- Access to historical and real-time CVE details +- Real-time tracking of CVE status +- Immediate broadcasting of CVE updates + +## 3. Module Functions + +![](./figures/CVE-ease_desigin_table.png) + +### 3.1 CVE Acquisition + +During operation, CVE-ease periodically scrapes CVE information from disclosure websites. Before scraping, the system scans the CVE database to create an index of existing CVE IDs and verify connectivity with CVE platforms. The process begins by retrieving the IDs of the latest disclosed CVEs, followed by fetching detailed descriptions based on these IDs. If the data is successfully retrieved, the process concludes. Otherwise, the system retries until successful. + +### 3.2 CVE Information Organization and Storage + +Scraped CVE data is structured and stored in a database according to predefined formats, with feature values calculated. If a scraped CVE ID is not present in the database, it is added directly. If the ID exists, the system compares feature values and updates the entry if discrepancies are found. + +### 3.3 Viewing Historical and Real-Time CVE Information + +Users can query specific CVE details through the interactive interface. By default, the system displays the 10 most recent CVEs. Users can customize queries to retrieve historical CVE data based on criteria such as CVE score or year. + +![](./figures/CVE-ease_function.png) diff --git a/docs/en/server/security/cve_ease/cve_ease_introduction_and_installation_instructions.md b/docs/en/server/security/cve_ease/cve_ease_introduction_and_installation_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..672af6be5adb416f086e88b6de17e1041f454cd4 --- /dev/null +++ b/docs/en/server/security/cve_ease/cve_ease_introduction_and_installation_instructions.md @@ -0,0 +1,566 @@ +# CVE-ease + +## Project Overview + +CVE-ease is a dedicated platform for CVE information, aggregating data from community releases and delivering timely notifications via email, WeChat, DingTalk, and other channels. Users can access detailed CVE information on the platform, such as vulnerability descriptions, affected scopes, and remediation recommendations. This enables them to choose appropriate fixes tailored to their systems. + +The platform is designed to help users swiftly identify and address vulnerabilities, thereby improving system security and stability. + +CVE-ease is an **independent innovation initiative by CTYun**. Open sourced in the openEuler community, it strictly adheres to the **Mulan PSL2** license. We welcome community contributions to the project, working together to create a secure, stable, and reliable ecosystem for domestic operating systems. + +Open source details: + +- This repository **strictly** complies with the [Mulan Permissive Software License, Version 2](http://license.coscl.org.cn/MulanPSL2). +- **This repository meets the open source guidelines of China Telecom Cloud Technology Co., Ltd, having undergone thorough review and preparation to present a high-quality open source project with complete documentation and resources**. +- The repository is managed by designated personnel from the company, ensuring **long-term maintenance for LTS versions** and ongoing development support. + +## Software Architecture + +CVE-ease is a platform dedicated to CVE information, structured around four core modules: CVE crawler, CVE analyzer, CVE notifier, and CVE frontend. Below is an overview of functionality and design of each module. + +- **CVE crawler** + +This module collects CVE information from multiple data sources provided by the openEuler community and stores it in relational databases like MySQL. These data sources are primarily managed by the cve-manager project, which supports fetching CVE details from NVD, CNNVD, CNVD, RedHat, Ubuntu, and Debian. CVE-ease employs Python-based crawler scripts, each tailored to a specific data source. These scripts can be executed on a schedule or manually, formatting the scraped raw CVE data and storing it for further analysis. + +- **CVE analyzer** + +This module processes CVE information by parsing, categorizing, and scoring it. Written in Python, the analyzer script periodically retrieves raw CVE data from the relational database and performs tasks such as extracting basic attributes (such as ID, title, description), categorizing the impact scope (such as OS, software packages), scoring severity (such as CVSS scores), and matching remediation suggestions (such as patch links). The processed structured data is then stored in SQL format for future queries and presentation. + +- **CVE notifier** + +This module sends CVE notifications to users via email, WeChat, DingTalk, and other channels based on their subscription preferences. The Python-based notifier script periodically retrieves structured CVE data from the MySQL database, filters it according to user-configured impact scopes, generates appropriate notification content for different channels, and invokes APIs to deliver notifications. The script also logs sending results and feedback, updating subscription statuses in the database. + +- **CVE frontend** + +This module offers a user-friendly CLI terminal command, enabling users to view, search, and subscribe to CVE information. + +The architecture of CVE-ease is designed to create an efficient, flexible, and scalable platform, providing users with timely and accurate security vulnerability intelligence. + +## Development Roadmap + +1. Adapt repodata to support multiple OSVs. +2. Add MOTD login broadcast functionality. +3. Enhance the DNF plugin to include patching capabilities. +4. Implement automatic patching for specific packages. +5. Introduce specific package awareness features. +6. ... + +**We highly value your feedback on the development direction of CVE-ease. If you have any suggestions or ideas, feel free to share them with us. Your input is greatly appreciated!** + +## Installation Guide + +CVE-ease is in fast-paced development, offering installation methods such as direct installation, container installation, and RPM package installation. + +### Direct Installation + +```shell +git clone https://gitee.com/openeuler/cve-ease cve-ease.git +cd cve-ease.git/cve-ease +make install +``` + +### Container Installation + +```shell +git clone https://gitee.com/openeuler/cve-ease cve-ease.git +cd cve-ease.git/cve-ease +make run-in-docker +``` + +### RPM Package Installation + +```shell +git clone https://gitee.com/openeuler/cve-ease cve-ease.git +cd cve-ease.git/cve-ease +make gensrpm +cd .. +rpm -ivh *.src.rpm +cd ~/rpmbuild +rpmbuild -ba SPECS/cve-ease.spec +cd RPMS/noarch +rpm -ivh *.rpm +``` + +## Usage Guide + +### Help Information + +- Running the `cve-ease` command without options displays the help menu. +- The `cve-ease` command includes multiple subcommands, organized into `basic`, `info`, and `notifier` categories. +- Use the `help` subcommand to view detailed information for each command category. + +```shell +# cve-ease + +Available commands: + +basic commands: + config Print cve-ease config + daemon Run as daemon without interactive + motd Motd info manager + service Service manager + +info commands: + cve OpenEuler CVE info + cvrf OpenEuler CVRF info + db Database manager + help List available commands + logger Logger config + repodata Repodata info + rpm Rpm info + sa OpenEuler security notice info + +notifier commands: + dingding Notifier of dingding + feishu Notifier of feishu + mail163 Notifier of mail163 + mailqq Notifier of mailqq + wecom Notifier of wecom + +Try "cve-ease --help" for help about global gconfig +Try "cve-ease help" to get all available commands +Try "cve-ease --help" for help about the gconfig of a particular command +Try "cve-ease help " to get commands under a particular category +Available commands are: basic, info, notifier + +# cve-ease help info +Available commands: + +info commands: + cve OpenEuler CVE info + cvrf OpenEuler CVRF info + db Database manager + help List available commands + logger Logger config + repodata Repodata info + rpm Rpm info + sa OpenEuler security notice info + +Try "cve-ease --help" for help about global gconfig +Try "cve-ease help" to get all available commands +Try "cve-ease --help" for help about the gconfig of a particular command +Try "cve-ease help " to get commands under a particular category +Available commands are: basic, info, notifier +``` + +### Configuration File + +The configuration file is located at `/etc/cve-ease/cve-ease.cfg`. + +```ini +[main] +pid_file_path = /var/log/cve-ease/cve-ease.pid +lock_file_path = /var/log/cve-ease/cve-ease.lock + +# log configuration + +# debug/ error(default) / warn +log_level = debug +log_file_path = /var/log/cve-ease/cve-ease.log +log_maxbytes = 10240 +log_backup_num = 30 + +# sql configuration +db_type = sqlite +db_file_path = /usr/share/cve-ease/cve-ease.db +db_user = +db_password = +db_host = +db_port = +product = openEuler-23.09 +expiration_days = 14 + +# notifier +notifier_record_num = 9 + +# filter +focus_on = kernel,systemd,openssh,openssl + +[wecom] +enabled = 1 +# https://developer.work.weixin.qq.com/document/path/91770?version=4.0.19.6020&platform=win +# https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=fe9eae1f-xxxx-4ae3-xxxx-ecf9f77abba6 + +update_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3 +status_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3 + + +[dingding] +enabled = 1 +# just for test +update_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb +status_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb + + +[feishu] +enabled = 1 +# just for test +update_key = 5575739b-f59d-48db-b737-63672b2c32ab +status_key = 5575739b-f59d-48db-b737-63672b2c32ab + + +[mail163] +enabled = 0 +mail_sender = xxxxxxx@163.com +mail_recver = xxxxxxx@163.com +mail_smtp_token = xxxxxx + + +[mailqq] +enabled = 0 +mail_sender = xxxxxxx@qq.com +mail_recver = xxxxxxx@qq.com +mail_smtp_token = xxxxxxxx +``` + +### CVE-ease + +The CVE-ease service consists of two files, **cve-ease.service** and **cve-ease.timer**, utilizing the systemd timer functionality for scheduled execution. + +```ini +# /usr/lib/systemd/system/cve-ease.timer +# CTyunOS cve-ease: MulanPSL2 +# +# This file is part of cve-ease. +# + +[Unit] +Description=CTyunOS cve-ease Project +Documentation=https://gitee.com/openeuler/cve-ease + +[Timer] +OnBootSec=1m +OnUnitActiveSec=10m +RandomizedDelaySec=10 + +[Install] +WantedBy=timers.target +``` + +```shell +# systemctl enable --now cve-ease.timer +Created symlink /etc/systemd/system/timers.target.wants/cve-ease.timer → /usr/lib/systemd/system/cve-ease.timer. +# systemctl status cve-ease.timer +● cve-ease.timer - CTyunOS cve-ease Project + Loaded: loaded (/usr/lib/systemd/system/cve-ease.timer; enabled; vendor preset: disabled) + Active: active (waiting) since Sat 2023-03-18 17:55:53 CST; 5s ago + Trigger: Sat 2023-03-18 18:05:55 CST; 9min left + Docs: https://gitee.com/openeuler/cve-ease + +Mar 18 17:55:53 56d941221b41 systemd[1]: Started CTyunOS cve-ease Project. +# systemctl status cve-ease.service +● cve-ease.service - CTyunOS cve-ease project + Loaded: loaded (/usr/lib/systemd/system/cve-ease.service; disabled; vendor preset: disabled) + Active: inactive (dead) since Sat 2023-03-18 17:55:56 CST; 5s ago + Docs: https://gitee.com/openeuler/cve-ease + Process: 196 ExecStart=/usr/bin/cve-ease daemon (code=exited, status=0/SUCCESS) + Main PID: 196 (code=exited, status=0/SUCCESS) + +Mar 18 17:55:53 56d941221b41 systemd[1]: Starting CTyunOS cve-ease project... +Mar 18 17:55:56 56d941221b41 systemd[1]: cve-ease.service: Succeeded. +Mar 18 17:55:56 56d941221b41 systemd[1]: Started CTyunOS cve-ease project. +``` + +### basic Commands + +#### config + +```shell +Usage: cve-ease config +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -r, --rawdata print raw config file content +``` + +```shell +cve-ease config # Display the configuration file path and active settings. +cve-ease config -r # Display the configuration file path and raw data. +``` + +#### daemon + +- The `daemon` command acts as the entry point for the systemd service and is typically not run manually. +- The service is executed periodically by the systemd timer associated with cve-ease. + +```ini +# /usr/lib/systemd/system/cve-ease.service +# CTyunOS cve-ease: MulanPSL2 +# +# This file is part of cve-ease. +# + +[Unit] +Description=CTyunOS cve-ease project +Documentation=https://gitee.com/openeuler/cve-ease + +[Service] +Type=oneshot +ExecStart=/usr/bin/cve-ease daemon + +[Install] +WantedBy=multi-user.target +``` + +#### motd + +- TODO. + +#### service + +`service` command options for controlling the cve-ease service: + +```shell +Usage: cve-ease service +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -k, --kill kill cve-ease service + -r, --restart restart cve-ease service + -s, --status get cve-ease service status + -v, --verbose show verbose output +``` + +```shell +cve-ease service -k # Pause the cve-ease service +cve-ease service -r # Restart the cve-ease service +cve-ease service -s # Query the cve-ease service status +``` + +### info Commands + +#### cve + +Retrieve CVE data from the openEuler community in the [openEuler Security Center](https://www.openeuler.org/en/security/cve/). + +```shell +Usage: cve-ease cve +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -r, --rawdata get cve cache and print raw data without write db + -m, --makecache get cve cache + -l, --list list all cve info + -t, --total get cve info statistics + -v, --verbose show verbose output +``` + +```shell +cve-ease cve -m # Collect CVE data and store it in the database. +cve-ease cve -l # Fetch CVE data from the database and format it for display. +cve-ease cve -t # Retrieve and show CVE statistics from the database. +cve-ease cve -r # Gather CVE data and display it in raw form (without saving to the database). +``` + +#### sa + +Retrieve security advisory (SA) data from the openEuler community in the [openEuler Security Center](https://www.openeuler.org/en/security/cve/). + +```shell +Usage: cve-ease sa +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -r, --rawdata get sa cache and print raw data without write db + -m, --makecache get sa cache + -l, --list list all sa info + -t, --total get sa info statistics + -v, --verbose show verbose output +``` + +```shell +cve-ease sa -m # Collect SA data and store it in the database. +cve-ease sa -l # Fetch SA data from the database and format it for display. +cve-ease sa -t # Retrieve and show SA statistics from the database. +cve-ease sa -r # Gather SA data and display it in raw form (without saving to the database). +``` + +#### cvrf + +Common Vulnerability Reporting Framework (CVRF)-related commands: + +```shell +cve-ease cvrf -m # Collect CVRF data and store it in the database. +cve-ease cvrf -l # Fetch CVRF data from the database and format it for display. +cve-ease cvrf -t # Retrieve and show CVRF statistics from the database. +``` + +#### rpm + +```shell +Usage: cve-ease rpm +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -l, --list list all rpm info + -v, --verbose show verbose output +``` + +```shell +cve-ease rpm -l # Use the RPM interface to retrieve and display details of installed RPM packages in the system. +``` + +#### repodata + +```shell +Usage: cve-ease repodata +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -m, --makecache cache repodata to database + -p PRODUCT, --product=PRODUCT + specific product (work with --check) + --osv=OSV specific osv rpm release + -t, --total get total rpm statistics + -l, --list list all rpm + -c, --check check repo cve + -v, --verbose show verbose output +``` + +```bash +cve-ease repodata -p ctyunos2 -m # Set ctyunos2 as the OSV version, cache its repository metadata, and store it in the database. +cve-ease repodata --osv ctyunos2 -p openEuler-23.09 -c # Compare the ctyunos2 repository with the openEuler 23.09 repository. +cve-ease repodata -l # Display the package details available in the database. +cve-ease repodata -t # Fetch and show statistics for the repository data in the database. +``` + +#### logger + +```shell +Usage: cve-ease logger +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -l, --list list all logger info + -t, --total get logger statistics + -v, --verbose show verbose output +``` + +#### db + +```shell +Usage: cve-ease db +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -p, --purge purge db and recreate it (Danger Operation) + -s, --stats get database statistics + -v, --verbose show verbose output +``` + +### notifier Commands + +#### wecom + +```shell +Usage: cve-ease wecom +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +```shell +cve-ease wecom -t # Send a test message to a WeCom group. +cve-ease wecom -t -c 'helloworld' # Send a custom test message to a WeCom group. +``` + +#### dingding + +```shell +Usage: cve-ease dingding +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +```shell +cve-ease dingding -t # Send a test message to a DingTalk group. +cve-ease dingding -t -c 'helloworld' # Send a custom test message to a DingTalk group. +``` + +#### feishu + +```shell +Usage: cve-ease feishu +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +```shell +cve-ease feishu -t # Send a test message to a Lark group. +cve-ease feishu -t -c 'helloworld' # Send a custom test message to a Lark group. +``` + +#### mail163 + +```shell +Usage: cve-ease mail163 +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +```shell +cve-ease mail163 -t # Send a test message to a 163 mail address. +cve-ease mail163 -t -c 'helloworld' # Send a custom test message to a 163 mail address. +``` + +#### mailqq + +```shell +Usage: cve-ease mailqq +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +```shell +cve-ease mailqq -t # Send a test message to a QQ mail address. +cve-ease mailqq -t -c 'helloworld' # Send a custom test message to a QQ mail address. +``` + +## How to Contribute + +1. Fork the repository. +2. Since the project is in fast-paced development with only the master branch active, make your changes on the master branch and submit them. +3. Create a pull request (PR) with a clear description of its functionality and purpose, along with relevant test cases. +4. Notify the repository maintainer to review your PR. + +## Core Developers and Contact Details + +- You Yifeng - [Gitee Private Message](https://gitee.com/youyifeng) +- Wu Kaishun - [Gitee Private Message](https://gitee.com/wuzimo) diff --git a/docs/en/server/security/cve_ease/figures/CVE-ease_desigin_table.png b/docs/en/server/security/cve_ease/figures/CVE-ease_desigin_table.png new file mode 100644 index 0000000000000000000000000000000000000000..c02a3569bca30fd225c048360e66a2cf052bc84e Binary files /dev/null and b/docs/en/server/security/cve_ease/figures/CVE-ease_desigin_table.png differ diff --git a/docs/en/server/security/cve_ease/figures/CVE-ease_function.png b/docs/en/server/security/cve_ease/figures/CVE-ease_function.png new file mode 100644 index 0000000000000000000000000000000000000000..3f4119eddcfd5eef088123895c5b39a040f0526e Binary files /dev/null and b/docs/en/server/security/cve_ease/figures/CVE-ease_function.png differ diff --git a/docs/en/server/security/secharden/_toc.yaml b/docs/en/server/security/secharden/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5c6c8e51864a0791314637d46529d5c31b4a137b --- /dev/null +++ b/docs/en/server/security/secharden/_toc.yaml @@ -0,0 +1,29 @@ +label: Security Hardening Guide +isManual: true +description: Security hardening techniques and tools +sections: + - label: OS Hardening Overview + href: ./os_hardening_overview.md + - label: Security Configuration Description + href: ./security_configuration_benchmark.md + - label: Security Hardening Guide + href: ./secharden.md + sections: + - label: Account Passwords + href: ./account_passwords.md + - label: Authentication and Authorization + href: ./authentication_and_authorization.md + - label: System Services + href: ./system_services.md + - label: File Permissions + href: ./file_permissions.md + - label: Kernel Parameters + href: ./kernel_parameters.md + - label: SELinux Configuration + href: ./selinux_configuration.md + - label: Security Hardening Tools + href: ./security_hardening_tools.md + - label: Appendix + href: ./appendix.md + - label: Security Configuration Hardening Tool + href: ./security_configuration_hardening_tool.md diff --git a/docs/en/server/security/secharden/account_passwords.md b/docs/en/server/security/secharden/account_passwords.md new file mode 100644 index 0000000000000000000000000000000000000000..5169ad387891e6582a8116051deb94d3d7a9e187 --- /dev/null +++ b/docs/en/server/security/secharden/account_passwords.md @@ -0,0 +1,320 @@ +# Account Passwords + +## Shielding System Accounts + +### Description + +Accounts excluding user accounts are system accounts. System accounts cannot be used for logins or performing other operations. Therefore, system accounts must be shielded. + +### Implementation + +Modify the shell of a system account to **/sbin/nologin**. + +```shell +usermod -L -s /sbin/nologin $systemaccount +``` + +> [!NOTE]NOTE +> _$systemaccount_ indicates the system account. + +## Restricting Account Permissions on the su Command + +### Description + +The **su** command is used to switch user accounts. To improve system security, only the user **root** and users in the **wheel** group can use the **su** command. + +### Implementation + +Modify the **/etc/pam.d/su** file as follows: + +```text +auth required pam_wheel.so use_uid +``` + +**Table 1** Configuration item in pam\_wheel.so + + + + + + + + + + +

Item

+

Description

+

use_uid

+

UID of the current account.

+
+ +## Setting Password Complexity + +### Description + +You can set the password complexity requirements by modifying the corresponding configuration file. You are advised to set the password complexity based on the site requirements. + +### Implementation + +The password complexity is implemented by the **pam\_pwquality.so** and **pam\_pwhistory.so** modules in the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files. You can modify the configuration items of the two modules to change the password complexity requirements. + +### Example + +This section provides an example for configuring password complexity. + +**Password Complexity Requirements** + +1. Contains at least eight characters. +2. Contains at least three types of the following characters: + + - At least one lowercase letter + + - At least one uppercase letter + + - At least one digit + + - At least one space or one of the following special characters: \` \~ ! @ \# $ % ^ & \* \( \) - \_ = + \\ \| \[ \{ \} \] ; : ' " , < . \> / ? + +3. Cannot be the same as an account name or the account name in reverse order. +4. Cannot be the last five passwords used. + +**Implementation** + +Add the following content to the first two lines of the **password** configuration item in the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files: + +```text +password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root try_first_pass local_users_only retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0 +password required pam_pwhistory.so use_authtok remember=5 enforce_for_root +``` + +**Configuration Item Description** + +For details about the configuration items of **pam\_pwquality.so** and **pam\_pwhistory.so**, see [Table 1](#table201221044172117) and [Table 2](#table1212544452120), respectively. + +**Table 1** Configuration items in pam\_pwquality.so + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

minlen=8

+

A password must contain at least eight characters.

+

minclass=3

+

A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters.

+

ucredit=0

+

A password contains any number of uppercase letters.

+

lcredit=0

+

A password contains any number of lowercase letters.

+

dcredit=0

+

A password contains any number of digits.

+

ocredit=0

+

A password contains any number of special characters.

+

retry=3

+

Each time a maximum of three password changes is allowed.

+

enforce_for_root

+

This configuration is also effective for user root.

+
+ +**Table 2** Configuration items in pam\_pwhistory.so + + + + + + + + + + + + + +

Item

+

Description

+

remember=5

+

A password must be different from the last five passwords used.

+

enforce_for_root

+

This configuration is also effective for user root.

+
+ +## Setting the Password Validity Period + +### Description + +To ensure system security, you are advised to set the password validity period and notify users to change passwords before the passwords expire. + +### Implementation + +The password validity period is set by modifying the **/etc/login.defs** file. [Table 1](#en-us_topic_0152100281_t77b5d0753721450c81911c18b74e82eb) describes the hardening items. All hardening items in the table are in the **/etc/login.defs** file. You can directly modify the items in the configuration file. + +**Table 1** Configuration items in login.defs + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

PASS_MAX_DAYS

+

Maximum validity period of a password.

+

90

+

No

+

PASS_MIN_DAYS

+

Minimum interval between password changes.

+

0

+

No

+

PASS_WARN_AGE

+

Number of days before the password expires.

+

7

+

No

+
+ +> [!NOTE]NOTE +> The **login.defs** file is used to set restrictions on user accounts, such as setting the maximum password validity period and maximum length. The configuration in this file is invalid for the user **root**. If the **/etc/shadow** file contains the same items, the **/etc/shadow** configuration takes precedence over the **/etc/login.defs** configuration. When a user attempts to log in after the password expires, the user will be informed of the password expiry and is required to change the password. If the user does not change the password, the user cannot access the system. + +## Setting Password Encryption Algorithms + +### Description + +For system security, passwords cannot be stored in plaintext in the system and must be encrypted. The passwords that do not need to be restored must be encrypted using irreversible algorithms. Set the password encryption algorithm to SHA-512. This item has been set by default in openEuler. The preceding settings can effectively prevent password disclosure and ensure password security. + +### Implementation + +To set the password encryption algorithm, add the following configuration to the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files: + +```text +password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok +``` + +**Table 1** Configuration items in pam\_unix.so + + + + + + + + + + +

Item

+

Description

+

sha512

+

The SHA-512 algorithm is used for password encryption.

+
+ +## Locking an Account After Three Login Failures + +### Description + +To ensure user system security, you are advised to set the maximum number of failed login attempts \(three attempts are recommended\) and the automatic unlocking time \(300 seconds are recommended\) for a locked account. + +If an account is locked, any input is invalid but does not reset the locking countdown timer. Records of the user's invalid inputs are cleared once unlocked. The preceding settings protect passwords from being forcibly cracked and improve system security. + +> [!NOTE]NOTE +> By default, the maximum number of failed login attempts is 3 in openEuler. After an account is locked, the automatic unlock time is 60 seconds. + +### Implementation + +The password complexity is set by modifying the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files. The maximum number of failed login attempts is set to **3**, and the unlocking time after an account is locked is set to **300** seconds. The configuration is as follows: + +```text +auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=300 +auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=300 +auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=300 +``` + +**Table 1** Configuration items in pam\_faillock.so + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

authfail

+

Captures account login failure events.

+

deny=3

+

A user account will be locked after three failed login attempts.

+

unlock_time=300

+

A locked common user account is automatically unlocked after 300 seconds.

+

even_deny_root

+

This configuration is also effective for user root.

+
+ +## Hardening the su Command + +### Description + +To enhance system security and prevent the environment variables of the current user from being brought into other environments when you run the **su** command to switch to another user, this item has been configured by default in openEuler. The **PATH** variable is always initialized when the **su** command is used to switch users. + +### Implementation + +Modify the **/etc/login.defs** file. The configuration is as follows: + +```text +ALWAYS_SET_PATH=yes +``` diff --git a/docs/en/server/security/secharden/appendix.md b/docs/en/server/security/secharden/appendix.md new file mode 100644 index 0000000000000000000000000000000000000000..3a166ad1dbb108e86c53123005e6a93aff29079b --- /dev/null +++ b/docs/en/server/security/secharden/appendix.md @@ -0,0 +1,27 @@ +# Appendix + +This chapter describes the file permissions and **umask** values. + +## Permissions on Files and Directories + +Permission on files and directories in Linux specifies the users who can access and perform operations on files and directories and the access and operation modes. Permissions on files and directories include read only, write only, and execute. + +The following types of users can access files and directories: + +- File creator +- Users in the same group as a file creator +- Users not in the same group as a file creator + +An example of permission on files and directories is described as follows: + +If the permission on **/usr/src** is set to **755** which is 111101101 in binary mode, permissions for each type of users are described as follows: + +- The left-most **111** indicates that the file owner can read, write, and execute the file. +- The middle **101** indicates the group users can read and execute but cannot write the file. +- The right-most **101** indicates that other users can read and execute but cannot write the file. + +## umask Values + +When a user creates a file or directory, the file or directory has a default permission. The default permission is specified by the **umask** value. + +The **umask** value is the complement of the permission value. The actual permission value is obtained by subtracting the **umask** value from the default maximum permission value. The default maximum permission of a file is readable and writable. The default maximum permission of a directory is readable, writable, and executable. The default permission of a file is 666 minus the **umask** value. The default permission of a directory is 777 minus the **umask** value. diff --git a/docs/en/server/security/secharden/authentication_and_authorization.md b/docs/en/server/security/secharden/authentication_and_authorization.md new file mode 100644 index 0000000000000000000000000000000000000000..9baa3855c4f11c0bec78420214cc0c592c43fd45 --- /dev/null +++ b/docs/en/server/security/secharden/authentication_and_authorization.md @@ -0,0 +1,145 @@ +# Authentication and Authorization + +## Setting a Warning for Remote Network Access + +### Description + +A warning for remote network access is configured and displayed for users who attempt to remotely log in to the system. The warning indicates the penalty for authorized access and is used to threaten potential attackers. When the warning is displayed, system architecture and other system information are hidden to protect the system from being attacked. + +### Implementation + +This setting can be implemented by modifying the **/etc/issue.net** file. Replace the original content in the **/etc/issue.net** file with the following information \(which has been set by default in openEuler\): + +```text +Authorized users only. All activities may be monitored and reported. +``` + +## Forestalling Unauthorized System Restart by Pressing Ctrl+Alt+Delete + +### Description + +By default, you can restart the system by pressing **Ctrl**+**Alt**+**Delete**. You are advised to disable this function to prevent data loss due to misoperations. + +### Implementation + +To disable the feature of restarting the system by pressing **Ctrl**+**Alt**+**Delete**, perform the following steps: + +1. Run the following commands to delete the two **ctrl-alt-del.target** files: + + ```shell + rm -f /etc/systemd/system/ctrl-alt-del.target + rm -f /usr/lib/systemd/system/ctrl-alt-del.target + ``` + +2. Change **\#CtrlAltDelBurstAction=reboot-force** to **CtrlAltDelBurstAction=none** in the **/etc/systemd/system.conf** file. +3. Run the following command to restart systemd for the modification to take effect. Note that running the command may cause system services to be unavailable or restarted temporarily. In addition, you must be the **root** user or a user with the sudo permission to perform this operation. + + ```shell + systemctl daemon-reexec + ``` + +## Setting an Automatic Exit Interval for Shell + +### Description + +An unattended shell is prone to listening or attacks. Therefore, it is advised that a mechanism be configured to ensure that a shell can automatically exit when it does not run for a period. + +### Implementation + +At the end of file **/etc/profile**, set the **TMOUT** field \(unit: second\) that specifies the interval for automatic exit as follows: + +```shell +export TMOUT=300 +``` + +## Setting the Default umask Value for Users to 0077 + +### Description + +The **umask** value is used to set default permission on files and directories. A smaller **umask** value indicates that group users or other users have incorrect permission, which brings system security risks. Therefore, the default **umask** value must be set to **0077** for all users, that is, the default permission on user directories is **700** and the permission on user files is **600**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](./appendix.md#umask-values). + +> [!NOTE]NOTE +> By default, the **umask** value of the openEuler user is set to **0022**. + +### Implementation + +1. Add **umask 0077** to the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory. + + ```shell + echo "umask 0077" >> $FILE + ``` + + > [!NOTE]NOTE + > _$FILE_ indicates the file name, for example, echo "umask 0077" \>\> /etc/bashrc. + +2. Set the ownership and group of the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory to **root**. + + ```shell + chown root.root $FILE + ``` + + > [!NOTE]NOTE + > _$FILE_ indicates the file name, for example, **chown root.root /etc/bashrc**. + +## Setting the GRUB2 Encryption Password + +### Description + +GRand Unified Bootloader \(GRUB\) is an operating system boot manager used to boot different systems \(such as Windows and Linux\). GRUB2 is an upgraded version of GRUB. + +When starting the system, you can modify the startup parameters of the system on the GRUB2 screen. To ensure that the system startup parameters are not modified randomly, you need to encrypt the GRUB2 screen. The startup parameters can be modified only when the correct GRUB2 password is entered. + +> [!NOTE]NOTE +> The default password of GRUB2 is **openEuler\#12**. You are advised to change the default password upon the first login and periodically update the password. If the password is leaked, startup item configurations may be modified, causing the system startup failure. + +### Implementation + +1. Run the **grub2-mkpasswd-pbkdf2** command to generate an encrypted password. + + > [!NOTE]NOTE + > SHA-512 is used as the GRUB2 encryption algorithm. + + ```shell + $ grub2-mkpasswd-pbkdf2 + Enter password: + Reenter password: + PBKDF2 hash of your password is + grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + > [!NOTE]NOTE + > Enter the same password in the **Enter password** and **Reenter password** lines. + > After **openEuler\#12** is encrypted by **grub2-mkpasswd-pbkdf2**, the output is **grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08**. The ciphertext is different each time. + +2. Open **/boot/efi/EFI/openEuler/grub.cfg** in a vi editor. In different modes, the paths of the **grub.cfg** file are different. See the note below. Append the following fields to the beginning of **/boot/efi/EFI/openEuler/grub.cfg**. + + ```text + set superusers="root" + password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + > [!NOTE]NOTE + + - In different modes, the paths of the **grub.cfg** file are different: In the UEFI mode of the x86 architecture, the path is **/boot/efi/EFI/openEuler/grub.cfg**. In the Legacy BIOS mode of the x86 architecture, the path is **/boot/grub2/grub.cfg**. In the aarch64 architecture, the path is **/boot/efi/EFI/openEuler/grub.cfg**. + - The **superusers** field is used to set the account name of the super GRUB2 administrator. + - The first parameter following the **password\_pbkdf2** field is the GRUB2 account name, and the second parameter is the encrypted password of the account. + +## Setting the Secure Single-user Mode + +### Description + +When you log in to the system as user **root** in single-user mode, if the **root** password is not set, high security risks exist. + +### Implementation + +This setting can be implemented by modifying the **/etc/sysconfig/init** file. Set **SINGLE** to **SINGLE=/sbin/sulogin**. + +## Disabling Interactive Startup + +### Description + +With interactive guidance, console users can disable audit, firewall, or other services, which compromises system security. Users can disable interactive startup to improve security. This item is disabled by default in openEuler. + +### Implementation + +This setting can be implemented by modifying the **/etc/sysconfig/init** file. Set **PROMPT** to **no**. diff --git a/docs/en/server/security/secharden/figures/zh-cn_image_0221925211.png b/docs/en/server/security/secharden/figures/zh-cn_image_0221925211.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/en/server/security/secharden/figures/zh-cn_image_0221925211.png differ diff --git a/docs/en/server/security/secharden/figures/zh-cn_image_0221925212.png b/docs/en/server/security/secharden/figures/zh-cn_image_0221925212.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/en/server/security/secharden/figures/zh-cn_image_0221925212.png differ diff --git a/docs/en/server/security/secharden/file_permissions.md b/docs/en/server/security/secharden/file_permissions.md new file mode 100644 index 0000000000000000000000000000000000000000..5df32f2dd6d32024863791a87b8a76b4c26bb702 --- /dev/null +++ b/docs/en/server/security/secharden/file_permissions.md @@ -0,0 +1,222 @@ +# File Permissions + +## Setting the Permissions on and Ownership of Files + +### Description + +In Linux, all objects are processed as files. Even a directory will be processed as a large file containing many files. Therefore, the most important thing in Linux is the security of files and directories. Their security is ensured by permissions and owners. + +By default, the permissions and ownership of common directories, executable files, and configuration files in the system are set in openEuler. + +### Implementation + +The following uses the **/bin** directory as an example to describe how to change the permission and ownership of a file: + +- Modify the file permission. For example, set the permission on the **/bin** directory to **755**. + + ```shell + chmod 755 /bin + ``` + +- Change the ownership of the file. For example, set the ownership and group of the **/bin** directory to **root:root**. + + ```shell + chown root:root /bin + ``` + +## Deleting Unowned Files + +### Description + +When deleting a user or group, the system administrator may forget to delete the files of the user or group. If the name of a new user or group is the same as that of the deleted user or group, the new user or group will own files on which it has no permission. You are advised to delete these files. + +### Implementation + +Delete the file whose user ID does not exist. + +1. Search for the file whose user ID does not exist. + + ```shell + find / -nouser + ``` + +2. Delete the found file. In the preceding command, _filename_ indicates the name of the file whose user ID does not exist. + + ```shell + rm -f filename + ``` + +Delete the file whose group ID does not exist. + +1. Search for the file whose user ID does not exist. + + ```shell + find / -nogroup + ``` + +2. Delete the found file. In the preceding command, _filename_ indicates the name of the file whose group ID does not exist. + + ```shell + rm -f filename + ``` + +## Removing a Symbolic Link to /dev/null + +### Description + +A symbolic link to **/dev/null** may be used by malicious users. This affects system security. You are advised to delete these symbolic links to improve system security. + +### Special Scenario + +After openEuler is installed, symbolic links to **/dev/null** may exist. These links may have corresponding functions. \(Some of them are preconfigured and may be depended by other components.\) Rectify the fault based on the site requirements. For details, see [Implementation](#en-us_topic_0152100319_s1b24647cdd834a8eaca3032611baf072). + +For example, openEuler supports UEFI and legacy BIOS installation modes. The GRUB packages supported in the two boot scenarios are installed by default. If you select the legacy BIOS installation mode, a symbolic link **/etc/grub2-efi.cfg** is generated. If you select the UEFI installation mode, a symbolic link **/etc/grub2.cfg** is generated. You need to process these symbolic links based on the site requirements. + +### Implementation + +1. Run the following command to search for symbolic links to **/dev/null**: + + ```shell + find dirname -type l -follow 2>/dev/null + ``` + + > [!NOTE]NOTE + > _dir__name_ indicates the directory to be searched. Normally, key system directories, such as **/bin**, **/boot**, **/usr**, **/lib64**, **/lib**, and **/var**, need to be searched. + +2. If these symbolic links are useless, run the following command to delete them: + + ```shell + rm -f filename + ``` + + > [!NOTE]NOTE + > _filename_ indicates the file name obtained in [Step 1](#en-us_topic_0152100319_l4dc74664c4fb400aaf91fb314c4f9da6). + +## Setting the umask Value for a Daemon + +### Description + +The **umask** value is used to set default permission on files and directories. If the **umask** value is not specified, the file has the globally writable permission. This brings risks. A daemon provides a service for the system to receive user requests or network customer requests. To improve the security of files and directories created by the daemon, you are advised to set **umask** to **0027**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](./appendix.md#umask-values). + +> [!NOTE]NOTE +> By default, the **umask** value of the daemon is set to **0022** in openEuler. + +### Implementation + +In configuration file **/etc/sysconfig/init**, add **umask 0027** as a new row. + +## Adding a Sticky Bit Attribute to Globally Writable Directories + +### Description + +Any user can delete or modify a file or directory in a globally writable directory, which leads to unauthorized file or directory deletion. Therefore, the sticky bit attribute is required for globally writable directories. + +### Implementation + +1. Search for globally writable directories. + + ```shell + find / -type d -perm -0002 ! -perm -1000 -ls | grep -v proc + ``` + +2. Add the sticky bit attribute to globally writable directories. _dirname_ indicates the name of the directory that is found. + + ```shell + chmod +t dirname + ``` + +## Disabling the Globally Writable Permission on Unauthorized Files + +### Description + +Any user can modify globally writable files, which affects system integrity. + +### Implementation + +1. Search for all globally writable files. + + ```shell + find / -type d ( -perm -o+w ) | grep -v proc + find / -type f ( -perm -o+w ) | grep -v proc + ``` + +2. View the settings of files \(excluding files and directories with sticky bits\) listed in step 1, and delete the files or disable the globally writable permission on them. Run the following command to remove the permission. In the command, _filename_ indicates the file name. + + ```shell + chmod o-w filename + ``` + + > [!NOTE]NOTE + > You can run the following command to check whether the sticky bit is set for the file or directory. If the command output contains the **T** flag, the file or directory is with a sticky bit. In the command, _filename_ indicates the name of the file or directory to be queried. + + ```shell + ls -l filename + ``` + +## Restricting Permissions on the at Command + +### Description + +The **at** command is used to create a scheduled task. Users who can run the **at** command must be specified to protect the system from being attacked. + +### Implementation + +1. Delete the **/etc/at.deny** file. + + ```shell + rm -f /etc/at.deny + ``` + +2. Run the following commands to create the **/etc/at.allow** file and change its ownership to **root:root**. + + ```shell + touch /etc/at.allow + chown root:root /etc/at.allow + ``` + +3. Set that only user **root** can operate file **/etc/at.allow**. + + ```shell + chmod og-rwx /etc/at.allow + ``` + +## Restricting Permissions on the cron Command + +### Description + +The **cron** command is used to create a routine task. Users who can run the **cron** command must be specified to protect the system from being attacked. + +### Implementation + +1. Delete the **/etc/cron.deny** file. + + ```shell + rm -f /etc/at.deny + ``` + +2. Run the following commands to create the **/etc/cron.allow** file and change its ownership to **root:root**: + + ```shell + touch /etc/cron.allow + chown root:root /etc/cron.allow + ``` + +3. Set that only user **root** can operate file **/etc/cron.allow**. + + ```shell + chmod og-rwx /etc/cron.allow + ``` + +## Restricting Permissions on the sudo Command + +### Description + +A common user can use the **sudo** command to run commands as the user **root**. To harden system security, it is necessary to restrict permissions on the **sudo** command. Only user **root** can use the **sudo** command. By default, openEuler does not restrict the permission of non-root users to run the sudo command. + +### Implementation + +Modify the **/etc/sudoers** file to restrict permissions on the **sudo** command. Comment out the following configuration line: + +```text +#%wheel ALL=(ALL) ALL +``` diff --git a/docs/en/server/security/secharden/kernel_parameters.md b/docs/en/server/security/secharden/kernel_parameters.md new file mode 100644 index 0000000000000000000000000000000000000000..ccc15e4e55dd29c2fb4c6ac2bb903467b690cd05 --- /dev/null +++ b/docs/en/server/security/secharden/kernel_parameters.md @@ -0,0 +1,225 @@ +# Kernel Parameters + +## Hardening the Security of Kernel Parameters + +### Description + +Kernel parameters specify the status of network configurations and application privileges. The kernel provides system control which can be fine-tuned or configured by users. This function can improve the security of the OS by controlling configurable kernel parameters. For example, you can fine-tune or configure network options to improve system security. + +### Implementation + +1. Write the hardening items in [Table 1](#en-us_topic_0152100187_t69b5423c26644b26abe94d88d38878eb) to the **/etc/sysctl.conf** file. + + > [!NOTE]NOTE + > Record security hardening items as follows: + + ```ini + net.ipv4.icmp_echo_ignore_broadcasts = 1 + net.ipv4.conf.all.rp_filter = 1 + net.ipv4.conf.default.rp_filter = 1 + ``` + + **Table 1** Policies for hardening the security of kernel parameters + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

net.ipv4.icmp_echo_ignore_broadcasts

+

Specifies whether ICMP broadcast packets are accepted. They are not accepted according to the hardening policy.

+

1

+

Yes

+

net.ipv4.conf.all.rp_filter

+

Specifies whether the actual source IP address used by a data packet is related to a routing table and whether the data packet receives responses through interfaces. The item is enabled according to the hardening policy.

+

1

+

Yes

+

net.ipv4.conf.default.rp_filter

+

1

+

Yes

+

net.ipv4.ip_forward

+

The IP forwarding function prevents unauthorized IP address packets from being transferred to a network. The item is disabled according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.all.accept_source_route

+

accept_source_route indicates that a packet sender can specify a path for sending the packet and a path for receiving a response. The item is disabled according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.accept_source_route

+

0

+

Yes

+

net.ipv4.conf.all.accept_redirects

+

Specifies whether a redirected ICMP packet is sent. The packet is not sent according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.accept_redirects

+

0

+

Yes

+

net.ipv6.conf.all.accept_redirects

+

0

+

Yes

+

net.ipv6.conf.default.accept_redirects

+

0

+

Yes

+

net.ipv4.conf.all.send_redirects

+

Specifies whether a redirected ICMP packet is sent to another server. This item is enabled only when the host functions as a route. The item is disabled according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.send_redirects

+

0

+

Yes

+

net.ipv4.icmp_ignore_bogus_error_responses

+

Fake ICMP packets are not recorded to logs, which saves disk space. The item is enabled according to the hardening policy.

+

1

+

Yes

+

net.ipv4.tcp_syncookies

+

SYN attack is a DoS attack that forces system restart by occupying system resources. TCP-SYN cookie protection is enabled according to the hardening policy.

+

1

+

Yes

+

kernel.dmesg_restrict

+

Hardens dmesg messages. Only the administrator is allowed to view the messages.

+

1

+

Yes

+

kernel.sched_autogroup_enabled

+

Determines whether the kernel automatically groups and schedules threads. After this item is enabled, scheduling groups compete for time slices, and threads in a scheduling group compete for the time slices allocated to the scheduling group. The item is disabled according to the hardening policy.

+

0

+

No

+

kernel.sysrq

+

Disables the magic key.

+
NOTE:

You are advised to disable the magic key so that commands cannot be directly passed to the kernel.

+
+

0

+

Yes

+

net.ipv4.conf.all.secure_redirects

+

Specifies whether redirected ICMP messages sent from any servers or from gateways listed in the default gateway list are accepted. Redirected ICMP messages are received from any servers according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.secure_redirects

+

0

+

Yes

+
+ +2. Run the following command to load the kernel parameters set in the **sysctl.conf** file: + + ``` + sysctl -p /etc/sysctl.conf + ``` + +### Other Security Suggestions + +- **net.ipv4.icmp\_echo\_ignore\_all**: ignores ICMP requests. + + For security purposes, you are advised to enable this item. The default value is **0**. Set the value to **1** to enable this item. + + After this item is enabled, all incoming ICMP Echo request packets will be ignored, which will cause failure to ping the target host. Determine whether to enable this item based on your actual networking condition. + +- **net.ipv4.conf.all.log\_martians/net.ipv4.conf.default.log\_martians**: logs spoofed, source routed, and redirect packets. + + For security purposes, you are advised to enable this item. The default value is **0**. Set the value to **1** to enable this item. + + After this item is enabled, data from forbidden IP addresses will be logged. Too many new logs will overwrite old logs because the total number of logs allowed is fixed. Determine whether to enable this item based on your actual usage scenario. + +- **net.ipv4.tcp\_timestamps**: disables tcp\_timestamps. + + For security purposes, you are advised to disable tcp\_timestamps. The default value is **1**. Set the value to **0** to disable tcp\_timestamps. + + After this item is disabled, TCP retransmission timeout will be affected. Determine whether to disable this item based on the actual usage scenario. + +- **net.ipv4.tcp\_max\_syn\_backlog**: determines the number of queues that is in SYN\_RECV state. + + This parameter determines the number of queues that is in SYN\_RECV state. When this number is exceeded, new TCP connection requests will not be accepted. This to some extent prevents system resource exhaustion. Configure this parameter based on your actual usage scenario. diff --git a/docs/en/server/security/secharden/os_hardening_overview.md b/docs/en/server/security/secharden/os_hardening_overview.md new file mode 100644 index 0000000000000000000000000000000000000000..6253e0eabb5fcca8f97506a587c74ab2f30ddd70 --- /dev/null +++ b/docs/en/server/security/secharden/os_hardening_overview.md @@ -0,0 +1,123 @@ +# OS Hardening Overview + +This chapter describes the purpose and solution of openEuler system hardening. + +## Security Hardening Purpose + +The OS, as the core of the information system, manages hardware and software resources and is the basis of information system security. Applications must depend on the OS to ensure the integrity, confidentiality, availability, and controllability of information. Without the OS security protection, protective methods against hackers and virus attacks at other layers cannot meet the security requirements. + +Therefore, security hardening is essential for an OS. Security hardening helps build a dynamic and complete security system, enhance product security, and improve product competitiveness. + +## Security Hardening Solution + +This section describes the openEuler security hardening solution, including the hardening method and items. + +### Security Hardening Method + +You can manually modify security hardening configurations or run commands to harden the system, or use the security hardening tool to modify security hardening items in batches. The openEuler security hardening tool runs as openEuler-security.service. When the system is started for the first time, the system automatically runs the service to execute the default hardening policy, and automatically set the service not to start as the system starts. + +You can modify the **security.conf** file and use the security hardening tool to implement user-defined security hardening. + +### Security Hardening Targets + +openEuler security hardening targets include: + +- System services +- File permissions +- Kernel parameters +- Authorization and authentication +- Account passwords + +## Security Hardening Impacts + +Security hardening on file permissions and account passwords may change user habits, affecting system usability. For details about common hardening items that affect system usability, see [Table 1](#en-us_topic_0152100325_ta4a48f54ff2849ada7845e2380209917). + +**Table 1** Security hardening impacts + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Suggestion

+

Impact

+

Configured By Default

+

Timeout setting on the text-based user interface (TUI)

+

When the TUI is idle for a long period of time, it automatically exits.

+
NOTE:

When a user logs in to the system using SSH, the timeout period is determined by the smaller value of the TMOUT field in the /etc/profile file and the ClientAliveInterval field in the /etc/ssh/sshd_config file. You are advised to set this parameter to 300 seconds.

+
+

If you do not perform any operation on the TUI for a long time, TUI automatically exits.

+

No

+

Password complexity

+

The password is a string containing at least eight characters chosen from three or four of the following types: uppercase letters, lowercase letters, digits, and special characters.

+

All passwords must comply with the complexity requirements.

+

No

+

Password retry limits

+

If a user fails to enter the correct password for three consecutive times when logging in to the OS, the user account will be locked for 60 seconds.

+

After the account is locked, the user can log in to the system only after 60 seconds.

+

Yes

+

Default umask value

+

The default umask value of all users is set to 077 so that the default permission on files created by users is 600 and the default permission on directories is 700.

+

Users must modify the permission on specified files or directories as required.

+

No

+

Password validity period

+

The password validity period can be modified in the /etc/login.defs file and is set to 90 days by default. It can be modified in any time. An expiration notification will be displayed seven days before a password is to expire.

+

When a user attempts to log in after the password expires, the user will be informed of the password expiry and is required to change the password. If the user does not change the password, the user cannot access the system.

+

No

+

su permission control

+

The su command is used to switch user accounts. To improve system security, only the user root and users in the wheel group can use the su command.

+

Common users can successfully run the su command only after joining in the wheel group.

+

Yes

+

Disabling user root from logging in using SSH

+

Set the value of the PermitRootLogin field in the /etc/ssh/sshd_config file to no. In this way, user root cannot directly log in to the system using SSH.

+

You need to log in to the system as a common user in SSH mode and then switch to user root.

+

No

+

Strong SSH encryption algorithm

+

The MACs and Ciphers configurations of SSH services support the CTR and SHA2 algorithms and do not support the CBC, MD5, and SHA1 algorithms.

+

Some early Xshell and PuTTY versions on Windows do not support aes128-ctr, aes192-ctr, aes256-ctr, hmac-sha2-256, and hmac-sha2-512 algorithms. Ensure that the latest PuTTY (0.63 or later) and Xshell (5.0 or later) are used.

+

Yes

+
diff --git a/docs/en/server/security/secharden/public_sys-resources/icon-caution.gif b/docs/en/server/security/secharden/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/security/secharden/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/security/secharden/public_sys-resources/icon-danger.gif b/docs/en/server/security/secharden/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/security/secharden/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/security/secharden/public_sys-resources/icon-note.gif b/docs/en/server/security/secharden/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/security/secharden/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/security/secharden/public_sys-resources/icon-notice.gif b/docs/en/server/security/secharden/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/security/secharden/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/security/secharden/public_sys-resources/icon-tip.gif b/docs/en/server/security/secharden/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/security/secharden/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/security/secharden/public_sys-resources/icon-warning.gif b/docs/en/server/security/secharden/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/security/secharden/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/security/secharden/secharden.md b/docs/en/server/security/secharden/secharden.md new file mode 100644 index 0000000000000000000000000000000000000000..6539f6bd1eb52da6f2076345facd9c4759538a79 --- /dev/null +++ b/docs/en/server/security/secharden/secharden.md @@ -0,0 +1,5 @@ +# Security Hardening Guide + +This document describes how to perform security hardening for openEuler. + +This document is intended for administrators who need to perform security hardening for openEuler. You must be familiar with the OS security architecture and technologies. diff --git a/docs/en/server/security/secharden/security_configuration_benchmark.md b/docs/en/server/security/secharden/security_configuration_benchmark.md new file mode 100644 index 0000000000000000000000000000000000000000..3d11a99607f7df7c1ce1002b45884307ef6fdfea --- /dev/null +++ b/docs/en/server/security/secharden/security_configuration_benchmark.md @@ -0,0 +1,3 @@ +# openEuler Security Configuration Description + +For details, see the [openEuler security configuration description](https://gitee.com/openeuler/security-committee/tree/master/secure-configuration-benchmark). diff --git a/docs/en/server/security/secharden/security_configuration_hardening_tool.md b/docs/en/server/security/secharden/security_configuration_hardening_tool.md new file mode 100644 index 0000000000000000000000000000000000000000..00c0f140a3067d5bbe04be699a0de88346ff1816 --- /dev/null +++ b/docs/en/server/security/secharden/security_configuration_hardening_tool.md @@ -0,0 +1,167 @@ +# Security Configuration Hardening Tool + +## Overview + +This document provides a basic introduction and usage instructions for the security configuration hardening tool sec_conf. + +## Introduction to sec_conf + +### Background + +openEuler supports various security features, including native Linux security features and community-developed security features. However, these features are scattered, difficult to configure, and have a steep learning curve for users. Additionally, for some security features with interception capabilities (such as IMA appraisal, secure boot, and access control), incorrect user configuration can lead to system boot failure or abnormal operation. Therefore, sec_conf aims to achieve an automated security configuration mechanism, allowing users to perform system security checks and hardening based on the tool, thereby better facilitating the implementation of openEuler security features in various application scenarios. + +### Function Introduction + +sec_conf is a security hardening tool that helps administrators configure openEuler security features (such as IMA, DIM, and secure boot). You can input configuration information, which represents the desired security hardening goals, and generate corresponding security feature configuration scripts. + +Currently, sec_conf supports configurable security mechanisms for IMA, DIM, secure boot, and modsign. + +## Installation and Deployment + +### Installing Dependencies + +The software required to compile secPaver includes: + +- make +- golang 1.11+ + +### Downloading Source Code + +```shell +git clone https://gitee.com/openeuler/secpaver.git -b sec_conf +``` + +### Compiling and Installing Software + +```shell +cd secpaver +make +``` + +Install the software: + +```shell +make install +``` + +## Project File Format + +The sec_conf project files consist of policy configuration files, check script template files, and configuration script template files. + +### Policy Configuration File + +The policy configuration file protects configurations related to DIM, IMA, secure boot, and kernel module verification features. It uses the YAML format, and the description of each field is as follows: + + + + + + + + + + + + + + + + + + + + + +
Primary Configuration ItemSecondary Configuration ItemTypeAttributeDescription
nameN/AstringoptionalConfiguration file naming.
versionN/AstringoptionalConfiguration policy version number.
dimenablebooloptionalEnable/disable DIM function.
measure_liststring arrayoptionalFiles that DIM needs to measure. For user-space files, an absolute path needs to be specified. For kernel modules, a valid kernel module name needs to be specified. For the kernel, it needs to be specified as "kernel".
log_capintoptionalMaximum number of measurement logs. When the number of recorded measurement logs reaches the parameter setting, logging stops. The default value is 100,000.
scheduleintoptionalTime to schedule after measuring a process/module, in milliseconds. Setting to 0 means no scheduling. The default value is 0.
intervalintoptionalAutomatic measurement cycle, in minutes. Setting to 0 means no automatic measurement is set. The default value is 0.
hashstringoptionalMeasurement hash algorithm. The default value is sha256.
core_pcrintoptionalExtend the dim_core measurement result to the PCR register of the TPM chip. Setting to 0 means no extension (note that it needs to be consistent with the actual PCR number of the chip). The default value is 0.
monitor_pcrintoptionalExtend the dim_monitor measurement result to the PCR register of the TPM chip. Setting to 0 means no extension (note that it needs to be consistent with the actual PCR number of the chip). The default value is 0.
signaturebooloptionalWhether to enable the policy file and signature mechanism.
auto_baselinebooloptionalWhether to establish a DIM baseline. If false, the administrator needs to manually generate the baseline.
secure_bootenablebooloptionalWhether to enable secure boot.
anti_rollbackbooloptionalEnable/disable secure boot anti-rollback policy.
verbosebooloptionalEnable/disable secure boot related logs.
modsignenablebooloptionalWhether to enable the kernel module verification feature.
imameasure_liststring arrayoptionalIMA protected file list (absolute path needs to be specified).
appraise_liststring arrayoptionalIMA appraised file list (absolute path needs to be specified).
+ +> ![](./public_sys-resources/icon-note.gif) **Note:** +> +> - The **sec_conf.yaml** file must be placed at **/usr/share/secpaver/scripts/sec_conf/sec_conf.yaml** and cannot be renamed. +> - Parameter types must comply with the requirements in the table above. +> - If related configurations do not exist, default values are used. + +### Check Script Template and Configuration Script Template Files + +Template files are implemented using the go-template engine to combine script files with data and generate the final text output. + +Check script templates are unified under the **/usr/share/secpaver/scripts/sec_conf/check/** directory. This directory contains script templates for features like DIM and IMA. These script templates cannot be executed independently. They can only be used by sec_conf to generate the latest scripts for performing openEuler feature checks. + +Configuration script templates are unified under the **/usr/share/secpaver/scripts/sec_conf/gen/** directory. This directory contains script templates for features like DIM and IMA. These script templates cannot be executed independently. They can only be used by sec_conf to generate the latest scripts for configuring openEuler features. + +> ![](./public_sys-resources/icon-note.gif) **Note:** +> +> - The configuration and check script template files cannot be modified. They are only used by sec_conf to parse and generate scripts. + +## Security Configuration CLI Interface + +| Parameter | Function Description | Command Format | +| :---------: | :-----------------------------------------------------------------------------------: | :------------------------------: | +| --help,-h | Print sec_conf command line help information | sec_conf -h | +| gen_check | Generate security configuration check script and output to the command line interface | sec_conf gen_check | +| gen_config | Generate security configuration script and output to the command line interface | sec_conf gen_config | +| --output,-o | Output the generated configuration script to the specified file | sec_conf gen_config -o config.sh | + +## Usage Instructions + +Configure the yaml file, for example: + +```yaml +# cat /usr/share/secpaver/scripts/sec_conf/sec_conf.yaml +--- +name: "openEuler security configuration" +version: "1" +dim: + enable: true + measure_list: + - "/usr/bin/bash" + - "nf_nat" + - "kernel" + log_cap: 100000 + schedule: 0 + interval: 0 + hash: "sha256" + core_pcr: 11 + monitor_pcr: 12 + signature: true + auto_baseline: true +secure_boot: + enable: true + anti_rollback: true + verbose: true +modsign: + enable: true +ima: + measure_list: + - "/usr/bin/ls" + - "/usr/bin/cat" + - "/usr/bin/base64" + - "/usr/bin/base32" + appraise_list: + - "/usr/bin/base64" + - "/usr/bin/base32" + - "/usr/bin/sleep" + - "/usr/bin/date" +... +``` + +Generate feature configuration scripts and check scripts. + +```shell +sec_conf gen_config -o ./config.sh +sec_conf gen_check -o ./check.sh +``` + +Execute the configuration script and check if the configuration is correct. If the configuration is correct, restart the system for the configuration to take effect. + +```shell +sh ./config.sh -s +sh ./check.sh -s +reboot +``` + +After restarting, execute the configuration script again and check if the configuration is correct. At this point, all function checks are expected to pass. + +```shell +sh ./config.sh -s +sh ./check.sh -s +``` diff --git a/docs/en/server/security/secharden/security_hardening_tools.md b/docs/en/server/security/secharden/security_hardening_tools.md new file mode 100644 index 0000000000000000000000000000000000000000..e07c7d618ebb0a947f585e123b565d7555138476 --- /dev/null +++ b/docs/en/server/security/secharden/security_hardening_tools.md @@ -0,0 +1,122 @@ +# Security Hardening Tools + +## Security Hardening Procedure + +### Overview + +You need to modify the **usr-security.conf** file so that the security hardening tool can set hardening policies based on the **usr-security.conf** file. This section describes rules for modifying the **usr-security.conf** file. For details about the configurable security hardening items, see [Security Hardening Guide](secharden.md). + +### Precautions + +- After modifying the items, restart the security hardening service for the modification to take effect. For details about how to restart the service, see [Hardening Items Taking Effect](#hardening-items-taking-effect). +- When modifying security hardening items, you only need to modify the **/etc/openEuler\_security/usr-security.conf** file. You are not advised to modify the **/etc/openEuler\_security/security.conf** file. The **security.conf** file contains basic hardening items which are executed only once. +- After the security hardening service is restarted for the configuration to take effect, the configuration in effect cannot be deleted by deleting the corresponding hardening items from the **usr-security.conf** file and restarting the security hardening service. +- Security hardening operations are recorded in the **/var/log/openEuler-security.log** file. + +### Configuration Format + +Each line in the **usr-security.conf** file indicates a configuration item. The configuration format varies according to the configuration content. The following describes the format of each configuration item. + +> [!NOTE]NOTE + +- All configuration items start with an execution ID. The execution ID is a positive integer and can be customized. +- Contents of a configuration item are separated by an at sign \(@\). +- If the actual configuration content contains an at sign \(@\), use two at signs \(@@\) to distinguish the content from the separator. For example, if the actual content is **xxx@yyy**, set this item to **xxx@@yyy**. Currently, an at sign \(@\) cannot be placed at the beginning or end of the configuration content. + +- **d**: comment + + Format: _Execution ID_**@d@**_Object file_**@**_Match item_ + + Function: Comment out lines starting with the match item \(the line can start with a space\) in an object file by adding a number sign \(\#\) at the beginning of the line. + + Example: If the execution ID is **401**, comment out lines starting with **%wheel** in the **/etc/sudoers** file. + + ```sh + 401@d@/etc/sudoers@%wheel + ``` + +- **m**: replacement + + Format: _Execution ID_**@m@**_Object file_**@**_Match item_**@**_Target value_ + + Function: Replace lines starting with the match item \(the line can start with a space\) in an object file with _match item_ and _target value_. If the match line starts with spaces, the spaces will be deleted after the replacement. + + Example: If the execution ID is **101**, replace lines starting with **Protocol** in the **/etc/ssh/sshd\_config** file with **Protocol 2**. The spaces after **Protocol** are matched and replaced. + + ```sh + 101@m@/etc/ssh/sshd_config@Protocol @2 + ``` + +- **sm**: accurate modification + + Format: _Execution ID_**@sm@**_Object file_**@**_Match item_**@**_Target value_ + + Function: Replace lines starting with the match item \(the line can start with a space\) in an object file with _match item_ and _target value_. If the match line starts with spaces, the spaces are retained after the replacement. This is the difference between **sm** and **m**. + + Example: If the execution ID is **201**, replace lines starting with **size** in the **/etc/audit/hzqtest** file with **size 2048**. + + ```sh + 201@sm@/etc/audit/hzqtest@size@ 2048 + ``` + +- **M**: subitem modification + + Format: _Execution ID_**@M@**_Object file_**@**_Match item_**@**_Match subitem__\[@Value of the match subitem\]_ + + Function: Match lines starting with the match item \(the line can start with a space\) in an object file and replace the content starting with the match subitem in these lines with the _match subitem_ and _value of the match subitem_. The value of the match subitem is optional. + + Example: If the execution ID is **101**, find lines starting with **key** in the file and replace the content starting with **key2** in these lines with **key2value2**. + + ```sh + 101@M@file@key@key2@value2 + ``` + +- **systemctl**: service management + + Format: _Execution ID_**@systemctl@**_Object service_**@**_Operation_ + + Function: Use **systemctl** to manage object services. The value of **Operation** can be **start**, **stop**, **restart**, or **disable**. + + Example: If the execution ID is **218**, stop the **cups.service**. This provides the same function as running the **systemctl stop cups.service** command. + + ```sh + 218@systemctl@cups.service@stop + ``` + +- Other commands + + Format: _Execution ID_**@**_Command_**@**_Object file_ + + Function: Run the corresponding command, that is, run the command line _Command_ _Object file_. + + Example 1: If the execution ID is **402**, run the **rm -f** command to delete the **/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem** file. + + ```sh + 402@rm -f @/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem + ``` + + Example 2: If the execution ID is **215**, run the **touch** command to create the **/etc/cron.allow** file. + + ```sh + 215@touch @/etc/cron.allow + ``` + + Example 3: If the execution ID is **214**, run the **chown** command to change the owner of the **/etc/at.allow** file to **root:root**. + + ```sh + 214@chown root:root @/etc/at.allow + ``` + + Example 4: If the execution ID is **214**, run the **chmod** command to remove the **rwx** permission of the group to which the owner of the**/etc/at.allow** file belongs and other non-owner users. + + ```sh + 214@chmod og-rwx @/etc/at.allow + ``` + +## Hardening Items Taking Effect + +After modifying the **usr-security.conf** file, run the following command for the new configuration items to take effect: + +```sh +systemctl restart openEuler-security.service +``` diff --git a/docs/en/server/security/secharden/selinux_configuration.md b/docs/en/server/security/secharden/selinux_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..edc2ef688ec0dfe60452611d45c11273f2d3b9ac --- /dev/null +++ b/docs/en/server/security/secharden/selinux_configuration.md @@ -0,0 +1,273 @@ +# SELinux Configuration + +## Overview + +Discretionary access control \(DAC\) determines whether a resource can be accessed based on users, groups, and other permissions. It does not allow the system administrator to create comprehensive and fine-grained security policies. SELinux \(Security-Enhanced Linux\) is a module of the Linux kernel and a security subsystem of Linux. SELinux implements mandatory access control \(MAC\). Each process and system resource has a special security label. In addition to the principles specified by the DAC, the SELinux needs to determine whether each type of process has the permission to access a type of resource. + +By default, openEuler uses SELinux to improve system security. SELinux has three modes: + +- **permissive**: The SELinux outputs alarms but does not forcibly execute the security policies. +- **enforcing**: The SELinux security policies are forcibly executed. +- **disabled**: The SELinux security policies are not loaded. + +## Configuration Description + +- Obtain the SELinux running status: + + ```shell + $ getenforce + Enforcing + ``` + +- Set the enforcing mode when SELinux is enabled: + + ```shell + $ setenforce 1 + $ getenforce + Enforcing + ``` + +- Set the permissive mode when SELinux is enabled: + + ```shell + $ setenforce 0 + $ getenforce + Permissive + ``` + +- Disable SELinux when SELinux is enabled. (A reboot is required.) + 1. Modify the SELinux configuration file **/etc/selinux/config** and set **SELINUX=disabled**. + + ```shell + $ cat /etc/selinux/config | grep "SELINUX=" + SELINUX=disabled + ``` + + 2. Reboot the system. + + ```shell + reboot + ``` + + 3. The status is changed successfully. + + ```shell + $ getenforce + Disabled + ``` + +- Set the permissive mode when SELinux is disabled: + 1. Modify the SELinux configuration file **/etc/selinux/config** and set **SELINUX=permissive**. + + ```shell + $ cat /etc/selinux/config | grep "SELINUX=" + SELINUX=permissive + ``` + + 2. Create the **.autorelabel** file in the root directory. + + ```shell + touch /.autorelabel + ``` + + 3. Reboot the system. The system will restart twice. + + ```shell + reboot + ``` + + 4. The status is changed successfully. + + ```shell + $ getenforce + Permissive + ``` + +- Set the enforcing mode when SELinux is disabled: + 1. Set SELinux to the permissive mode. + 2. Modify the SELinux configuration file **/etc/selinux/config** and set **SELINUX=enforcing**. + + ```shell + $ cat /etc/selinux/config | grep "SELINUX=" + SELINUX=enforcing + ``` + + 3. Reboot the system. + + ```shell + reboot + ``` + + 4. The status is changed successfully. + + ```shell + $ getenforce + Enforcing + ``` + +## SELinux Commands + +- Query the SELinux status. **SELinux status** indicates the SELinux status. **enabled** indicates that SELinux is enabled, and **disabled** indicates that SELinux is disabled. **Current mode** indicates the current mode of the SELinux. + + ```shell + $ sestatus + SELinux status: enabled + SELinuxfs mount: /sys/fs/selinux + SELinux root directory: /etc/selinux + Loaded policy name: targeted + Current mode: enforcing + Mode from config file: enforcing + Policy MLS status: enabled + Policy deny_unknown status: allowed + Memory protection checking: actual (secure) + Max kernel policy version: 31 + ``` + +## Adding Policies + +- Obtain and add missing policies based on the audit logs. (The audit service must be enabled and SELinux access denial logs must exist in audit logs.) + 1. Check whether the audit logs contain SELinux access denial logs. Use the actual audit log path. + + ```shell + grep avc /var/log/audit/audit.log* + ``` + + 2. Query missing rules. + + ```shell + audit2allow -a /var/log/audit/audit.log* + ``` + + 3. Generate a policy module based on the missing rule and name it **demo**. + + ```shell + $ audit2allow -a /var/log/audit/audit.log* -M demo + ******************** IMPORTANT *********************** + To make this policy package active, execute: + semodule -i demo.pp + ``` + + 4. Load the **demo** policy module. + + ```shell + semodule -i demo.pp + ``` + +- Compose and add the SELinux policy module. + 1. Compose the FC file (if the security context of file creation is involved). + + ```shell + $ cat demo.fc + /usr/bin/example -- system_u:object_r:example_exec_t:s0 + /resource -- system_u:object_r:resource_file_t:s0 + ``` + + 2. Compose the TE file (example). + + ```shell + $ cat demo.te + module demo 1.0; + require + { + role unconfined_r; + role system_r; + type user_devpts_t; + type root_t; + attribute file_type; + attribute domain; + class dir { getattr search add_name create open remove_name rmdir setattr write }; + class file { entrypoint execute getattr open read map setattr write create }; + class process { sigchld rlimitinh siginh transition setcap getcap }; + class unix_stream_socket { accept bind connect listen recvfrom sendto listen create lock read write getattr setattr getopt setopt append shutdown ioctl connectto }; + class capability { chown dac_override dac_read_search }; + class chr_file { append getattr ioctl read write }; + }; + role unconfined_r types example_t; + role system_r types example_t; + type example_exec_t, file_type; + type resource_file_t, file_type; + type example_t, domain; + allow example_t user_devpts_t : chr_file { append getattr ioctl read write }; + allow example_t file_type : dir { getattr search }; + allow example_t example_exec_t : file { entrypoint execute getattr map open read }; + allow domain example_exec_t : file { execute getattr map open read }; + allow example_t example_exec_t : process { sigchld }; + allow domain example_t : process { rlimitinh siginh transition }; + allow example_t resource_file_t : file { create getattr open read setattr write }; + allow example_t root_t : dir { add_name create getattr open remove_name rmdir search setattr write }; + allow example_t example_t : unix_stream_socket { accept append bind connect create getattr getopt ioctl listen listen lock read recvfrom sendto setattr setopt shutdown write }; + allow example_t domain : unix_stream_socket { connectto }; + allow example_t example_t : capability { chown dac_override dac_read_search }; + allow example_t example_t : process { getcap setcap }; + type_transition domain example_exec_t : process example_t; + type_transition example_t root_t : file resource_file_t "resource"; + ``` + + 3. Compile **demo.te** as **demo.mod**. + + ```shell + checkmodule -Mmo demo.mod demo.te + ``` + + 4. Package **demo.mod** and **demo.fc** as a policy module file. + + ```shell + semodule_package -m demo.mod -f demo.fc -o demo.pp + ``` + + 5. Load the policy module. + + ```shell + semodule -i demo.pp + ``` + + 6. Delete the loaded policy module file. + + ```shell + $ semodule -r demo + libsemanage.semanage_direct_remove_key: Removing last demo module (no other demo module exists at another priority). + ``` + +## Function Verification + +- SELinux adopts an whitelist mechanism. Modules that are not configured with proper policies may fail to run properly due to lack of permissions. It is necessary to verify the functions of the modules and configure reasonable rules. + 1. Check whether the audit service is enabled: + + ```shell + systemctl status auditd + ``` + + 2. Set the SELinux mode to permissive. (Alarms are printed, but SELinux polices are not enforced. For details, see [Configuration Description](#configuration-description).) + + ```shell + $ getenforce + Permissive + ``` + + 3. Execute all function cases of the test module and check the SELinux access denial logs in the audit logs. + + ```shell + grep avc /var/log/audit/audit.log* + ``` + + 4. Analyze access denial logs and filter out missing rules. + + ```text + type=AVC msg=audit(1596161643.271:1304): avc: denied { read } for pid=1782603 comm="smbd" name=".viminfo" dev="dm-0" ino=2488208 scontext=system_u:system_r:smbd_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file permissive=1 + Indicates that the smbd process (security context: system_u:system_r:smbd_t:s0) is denied the permission to read the .viminfo file (security context: staff_u:object_r:user_home_t:s0). + permissive=1 indicates that the permissive mode is running. This log records only the operations that are not forbidden. + ``` + + 5. Supplement the missing rules by referring to [Adding Policies](#adding-policies). + +## Precautions + +- Before enabling SELinux, you are advised to upgrade selinux-policy to the latest version using DNF. Otherwise, applications may fail to run properly. For example: + + ```shell + dnf update selinux-policy -y + ``` + +- If the system cannot be started due to improper SELinux configuration (for example, a policy is deleted by mistake or no proper rule or security context is configured), you can add **selinux=0** to the startup parameters to disable SELinux. + +- After SELinux is enabled, permission check is performed on access behaviors, which affects the operating system performance to some extent (related to the frequency of access operations in the running environment). diff --git a/docs/en/server/security/secharden/system_services.md b/docs/en/server/security/secharden/system_services.md new file mode 100644 index 0000000000000000000000000000000000000000..add32d8c991faba2cc8c5a0ecad4da3b65da086e --- /dev/null +++ b/docs/en/server/security/secharden/system_services.md @@ -0,0 +1,455 @@ +# System Services + +## Hardening the SSH Service + +### Description + +The Secure Shell \(SSH\) is a reliable security protocol for remote logins and other network services. SSH prevents information disclosure during remote management. SSH encrypts transferred data to prevent domain name server \(DNS\) spoofing and IP spoofing. OpenSSH was created as an open source alternative to the proprietary SSH protocol. + +Hardening the SSH service is to modify configurations of the SSH service to set the algorithm and authentication parameters when the system uses the OpenSSH protocol, improving the system security. [Table 1](#en-us_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95) describes the hardening items, recommended hardening values, and default policies. + +### Implementation + +To harden a server, perform the following steps: + +1. Open the configuration file **/etc/ssh/sshd\_config** of the SSH service on the server, and modify or add hardening items and values in the file. +2. Save the **/etc/ssh/sshd\_config** file. +3. Run the following command to restart the SSH service: + + ```shell + systemctl restart sshd + ``` + +To harden a client, perform the following steps: + +1. Open the configuration file **/etc/ssh/ssh\_config** of the SSH service on the client, and modify or add hardening items and values in the file. +2. Save the **/etc/ssh/ssh\_config** file. +3. Run the following command to restart the SSH service: + + ```shell + systemctl restart sshd + ``` + +### Hardening Items + +- Server hardening policies + + All SSH service hardening items are stored in the **/etc/ssh/sshd\_config** configuration file. For details about the server hardening items, hardening suggestions, and whether the hardening items are configured as suggested, see [Table 1](#en-us_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95). + + **Table 1** SSH hardening items on a server + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

Protocol

+

SSH protocol version.

+

2

+

Yes

+

SyslogFacility

+

Log type of the SSH service. The item is set to AUTH, indicating authentication logs.

+

AUTH

+

Yes

+

LogLevel

+

Level for recording SSHD logs.

+

VERBOSE

+

Yes

+

X11Forwarding

+

Specifies whether a GUI can be used after login using SSH.

+

no

+

Yes

+

MaxAuthTries

+

Maximum number of authentication attempts.

+

3

+

No

+

PubkeyAuthentication

+

Specifies whether public key authentication is allowed.

+

yes

+

Yes

+

RSAAuthentication

+

Specifies whether only RSA security authentication is allowed.

+

yes

+

Yes

+

IgnoreRhosts

+

Specifies whether the rhosts and shosts files are used for authentication. The rhosts and shosts files record the names of the servers that support remote access and related login names.

+

yes

+

Yes

+

RhostsRSAAuthentication

+

Specifies whether the RSA algorithm security authentication based on the rhosts file is used. The rhosts file records the names of the servers that support remote access and related login names.

+

no

+

Yes

+

HostbasedAuthentication

+

Specifies whether host-based authentication is used. Host-based authentication indicates that any user of a trusted client can use the SSH service.

+

no

+

Yes

+

PermitRootLogin

+

Specifies whether to allow user root to log in to the system using SSH.

+
NOTE:

If you want to log in to the system using SSH as user root, set the value of the PermitRootLogin field in the /etc/ssh/sshd_config file to yes.

+
+

no

+

No

+

PermitEmptyPasswords

+

Specifies whether accounts with empty passwords can log in.

+

no

+

Yes

+

PermitUserEnvironment

+

Specifies whether to resolve the environment variables set in ~/.ssh/environment and ~/.ssh/authorized_keys.

+

no

+

Yes

+

Ciphers

+

Encryption algorithm of SSH data transmission.

+

aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com

+

Yes

+

ClientAliveCountMax

+

Timeout count. After the server sends a request, if the number of times that the client does not respond reaches a specified value, the server automatically disconnects from the client.

+

0

+

No

+

Banner

+

File of the prompt information displayed before and after SSH login.

+

/etc/issue.net

+

Yes

+

MACs

+

Hash algorithm for SSH data verification.

+

hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

+

Yes

+

StrictModes

+

Specifies whether to check the permission on and ownership of the home directory and rhosts file before SSH receives login requests.

+

yes

+

Yes

+

UsePAM

+

Specifies whether to use PAM for login authentication.

+

yes

+

Yes

+

AllowTcpForwarding

+

Specifies whether to allow TCP forwarding.

+

no

+

Yes

+

Subsystem sftp /usr/libexec/openssh/sftp-server

+

SFTP log record level, which records the INFO level and authentication logs.

+

-l INFO -f AUTH

+

Yes

+

AllowAgentForwarding

+

Specifies whether to allow SSH Agent forwarding.

+

no

+

Yes

+

GatewayPorts

+

Specifies whether SSH can connect to ports on the forwarding client.

+

no

+

Yes

+

PermitTunnel

+

Specifies whether Tunnel devices are allowed.

+

no

+

Yes

+

KexAlgorithms

+

SSH key exchange algorithms.

+

curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

+

Yes

+

LoginGraceTime

+

Time limit for users passing the authentication. 0 indicates no limit. The default value is 60 seconds.

+

60

+

No

+
+ + > [!NOTE]NOTE + > By default, the messages displayed before and after SSH login are saved in the **/etc/issue.net** file. The default information in the **/etc/issue.net** file is **Authorized users only.** **All activities may be monitored and reported.** + +- Client hardening policies + + All SSH service hardening items are stored in the **/etc/ssh/ssh\_config** configuration file. For details about the client hardening items, hardening suggestions, and whether the hardening items are configured as suggested, see [Table 2](#en-us_topic_0152100390_tb289c5a6f1c7420ab4339187f9018ea4). + + **Table 2** SSH hardening items on a client + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

KexAlgorithms

+

SSH key exchange algorithms.

+

ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256

+

No

+

VerifyHostKeyDNS

+

Specifies whether to verify HostKey files by using DNS or SSHFP.

+

ask

+

No

+
+ + > [!NOTE]NOTE + > Third-party clients and servers that use the Diffie-Hellman algorithm are required to allow at least 2048-bit connection. + +### Other Security Suggestions + +- The SSH service only listens on specified IP addresses. + + For security purposes, you are advised to only listen on required IP addresses rather than listen on 0.0.0.0 when using the SSH service. You can specify the IP addresses that SSH needs to listen on in the ListenAddress configuration item in the **/etc/ssh/sshd\_config** file. + + 1. Open and modify the **/etc/ssh/sshd\_config** file. + + ```shell + vi /etc/ssh/sshd_config + ``` + + The following information indicates that the bound listening IP address is **192.168.1.100**. You can change the listening IP address based on the site requirements. + + ```text + ... + ListenAddress 192.168.1.100 + ... + ``` + + 2. Restart the SSH service. + + ```shell + systemctl restart sshd.service + ``` + +- SFTP users are restricted from access to upper-level directories. + + SFTP is a secure FTP designed to provide secure file transfer over SSH. Users can only use dedicated accounts to access SFTP for file upload and download, instead of SSH login. In addition, directories that can be accessed over SFTP are limited to prevent directory traversal attacks. The configuration process is as follows: + + > [!NOTE]NOTE + > In the following configurations, **sftpgroup** is an example user group name, and **sftpuser** is an example username. + + 1. Create an SFTP user group. + + ```shell + groupadd sftpgroup + ``` + + 2. Create an SFTP root directory. + + ```shell + mkdir /sftp + ``` + + 3. Modify the ownership of and permission on the SFTP root directory. + + ```shell + chown root:root /sftp + chmod 755 /sftp + ``` + + 4. Create an SFTP user. + + ```shell + useradd -g sftpgroup -s /sbin/nologin sftpuser + ``` + + 5. Set the password of the SFTP user. + + ```shell + passwd sftpuser + ``` + + 6. Create a directory used to store files uploaded by the SFTP user. + + ```shell + mkdir /sftp/sftpuser + ``` + + 7. Modify the ownership of and permission on the upload directory of the SFTP user. + + ```shell + chown root:root /sftp/sftpuser + chmod 777 /sftp/sftpuser + ``` + + 8. Modify the **/etc/ssh/sshd\_config** file. + + ```shell + vi /etc/ssh/sshd_config + ``` + + Modify the following information: + + ```text + #Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH + Subsystem sftp internal-sftp -l INFO -f AUTH + ... + + Match Group sftpgroup + ChrootDirectory /sftp/%u + ForceCommand internal-sftp + ``` + + > [!NOTE]NOTE + > - **%u** is a wildcard character. Enter **%u** to represent the username of the current SFTP user. + > - The following content must be added to the end of the **/etc/ssh/sshd\_config** file: + + ```text + Match Group sftpgroup + ChrootDirectory /sftp/%u + ForceCommand internal-sftp + ``` + + 9. Restart the SSH service. + + ```shell + systemctl restart sshd.service + ``` + +- Remotely execute commands using SSH. + + When a command is executed remotely through OpenSSH, TTY is disabled by default. If a password is required during command execution, the password is displayed in plain text. To ensure password input security, you are advised to add the **-t** option to the command. Example: + + ```shell + ssh -t testuser@192.168.1.100 su + ``` + + > [!NOTE]NOTE + > **192.168.1.100** is an example IP address, and **testuser** is an example username. diff --git a/docs/en/server/security/shangmi/_toc.yaml b/docs/en/server/security/shangmi/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d47433a612c90b11b96a3ec1fd923bd3f9fa334f --- /dev/null +++ b/docs/en/server/security/shangmi/_toc.yaml @@ -0,0 +1,26 @@ +label: ShangMi +isManual: true +description: Enable SM algorithms for key OS security features. +sections: + - label: Overview + href: ./overview.md + - label: Drive Encryption + href: ./drive_encryption.md + - label: Kernel Module Signing + href: ./kernel_module_signing.md + - label: Algorithm Library + href: ./algorithm_library.md + - label: File Integrity Protection + href: ./file_integrity_protection.md + - label: User Identity Authentication + href: ./user_identity_authentication.md + - label: Certificates + href: ./certificates.md + - label: Secure Boot + href: ./secure_boot.md + - label: SSH Stack + href: ./ssh_stack.md + - label: TLCP Stack + href: ./tlcp_stack.md + - label: RPM Signature Verification + href: ./rpm_signature_verification.md diff --git a/docs/en/server/security/shangmi/algorithm_library.md b/docs/en/server/security/shangmi/algorithm_library.md new file mode 100644 index 0000000000000000000000000000000000000000..ca377c053521b70466745a8961caedfe461ff54f --- /dev/null +++ b/docs/en/server/security/shangmi/algorithm_library.md @@ -0,0 +1,194 @@ +# Algorithm Library + +## OpenSSL Cryptographic Interface + +OpenSSL is a common cryptographic algorithm library software that supports SM2, SM3, and SM4 algorithms. You can invoke the encryption and decryption functions of SM series cryptographic algorithms through command lines or APIs. + +### Prerequisites + +OpenSSL 1.1.1m-6 or later + +```shell +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` + +### How to Use + +#### Scenario 1: Using the CLI to Call Cryptographic Algorithms + +1. SM2 public key algorithm + + Generate an SM2 private key. + + ```shell + openssl ecparam -genkey -name SM2 -out priv.key + ``` + + Generate a public key based on the private key. + + ```shell + $ openssl ec -in priv.key -pubout -out pub.key + read EC key + writing EC key + ``` + + Use the SM2 algorithm to sign the file and set the message digest algorithm to SM3. + + ```shell + openssl dgst -sm3 -sign priv.key -out data.sig data + ``` + + Use the public key to verify the signature. + + ```shell + $ openssl dgst -sm3 -verify pub.key -signature data.sig data + Verified OK + ``` + +2. SM3 message digest algorithm + + Use the SM3 algorithm for data digest. + + ```shell + $ openssl dgst -sm3 data + SM3(data)= a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 + ``` + +3. SM4 symmetric cipher algorithm + + Use the SM4 algorithm to encrypt data. **-K** and **-iv** specify the key value and IV value used for encryption, respectively. Generally, the key value and IV value need to be randomly generated. + + ```shell + openssl enc -sm4 -in data -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.enc + ``` + + Use the SM4 algorithm to decrypt data. + + ```shell + openssl enc -d -sm4 -in data.enc -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.raw + ``` + + Compare the encrypted and decrypted data. The results are consistent. + + ```shell + diff data data.raw + ``` + +#### Scenario 2: Using APIs to Call Cryptographic Algorithms + +You can directly install openssl-help and query the **man** manual. + +```shell +yum install openssl-help +man sm2 +man EVP_sm3 +man EVP_sm4_cbc +``` + +## Kernel Cryptographic Interface + +### Overview + +The cryptographic algorithms of the Linux kernel is managed by the crypto framework. Different algorithm implementations can be registered and invoked in the crypto framework. Kernel 5.10 provided by openEuler supports ShangMi (SM) series cryptographic algorithms (SM2, SM3, and SM4). The SM2 and SM3 algorithms are compiled in the kernel by default, and the SM4 algorithm is provided as a kernel module. + +### Prerequisites + +Kernel 5.10.0-106 or later + +```shell +# rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +### How to Use + +#### Scenario 1: Querying the Cryptographic Algorithms Supported by the Kernel + +Use **/proc/crypto** to query the registered SM series cryptographic algorithms. By default, the SM2 and SM3 algorithms are loaded. + +```shell +$ cat /proc/crypto | grep sm3 -A8 +name : sm3 +driver : sm3-generic +module : kernel +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : shash +blocksize : 64 +digestsize : 32 + +$ cat /proc/crypto | grep sm2 -A6 +name : sm2 +driver : sm2-generic +module : kernel +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : akcipher +``` + +By default, the SM4 algorithm is not loaded. You need to insert the corresponding module first. + +```shell +$ modprobe sm4-generic +$ cat /proc/crypto | grep sm4 -A8 +name : sm4 +driver : sm4-generic +module : sm4_generic +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : cipher +blocksize : 16 +min keysize : 16 +max keysize : 16 +``` + +#### Scenario 2: Calling Algorithm APIs + +The method of calling SM series cryptographic algorithms is the same as that of calling other algorithms of the same type. For details, see the Linux kernel document. + +```text +https://www.kernel.org/doc/html/v5.10/crypto/userspace-if.html +``` + +#### Scenario 3: Optimizing Algorithm Performance Through Instruction Sets + +The crypto framework allows registration of algorithm implementations related to the architecture. The algorithm performance can be optimized through a specific instruction set. Currently, the kernel 5.10 of openEuler supports algorithm performance optimization using the following instruction sets. + +| Driver | Instruction Set | Priority| +| -------------------------------- | ---------------------- | ------ | +| sm4-neon(ecb/cbc/cfb/ctr) | ARM64-NEON | 200 | +| sm3-avx | x86-AVX | 300 | +| sm4-aesni-avx (ecb/cbc/cfb/ctr) | x86-AVX | 400 | +| sm4-aesni-avx 2(ecb/cbc/cfb/ctr) | x86-AVX2 | 500 | + +When multiple instances of the same algorithm are registered, the default algorithm is selected based on the registered priority of each algorithm instance. A larger **priority** value indicates a higher priority. The priority of a pure software algorithm (with the suffix **-generic**) is fixed to **100**. By default, the performance optimization through instruction sets is disabled for the SM series cryptographic algorithms and is provided for users in the form of a kernel module. For example, to enable the AVX instruction set optimization of the SM3 algorithm, do as follows: + +```shell +$ modprobe sm3-avx +$ cat /proc/crypto | grep sm3 -A8 +name : sm3 +driver : sm3-avx +module : sm3_avx_x86_64 +priority : 300 +refcnt : 1 +selftest : passed +internal : no +type : shash +blocksize : 64 +digestsize : 32 + +...... +``` + +#### Notes + +1. The prerequisite for enabling algorithm instruction set optimization is that the CPU supports the corresponding instruction set. You can query the instruction set supported by the CPU by calling **/proc/cpuinfo**. +2. Calling a specific instruction set has certain overhead. Therefore, it cannot be ensured that the performance optimized by the instruction set is higher than that of software implementation in all scenarios. +3. The optimization through some instruction sets has certain restrictions. For example, the NEON instruction set has optimization effect only in the encryption mode that supports parallel computing. diff --git a/docs/en/server/security/shangmi/certificates.md b/docs/en/server/security/shangmi/certificates.md new file mode 100644 index 0000000000000000000000000000000000000000..6755aae9fc9ee0095840e1481a01f94256b7a482 --- /dev/null +++ b/docs/en/server/security/shangmi/certificates.md @@ -0,0 +1,90 @@ +# Certificates + +## Overview + +A ShangMi (SM) certificate is a digital certificate that complies with standards such as *Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves* and *Digital Certificate Format Based on SM2 Algorithm*. The OpenSSL software released by openEuler supports SM certificates. + +## Prerequisites + +OpenSSL 1.1.1m-6 or later + +```shell +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` + +## How to Use + +### Scenario 1: Generating an SM Certificate + +1. Generate a private key for SM2 signing. + + ```shell + openssl ecparam -genkey -name SM2 -out sm2.key + ``` + +2. Generate a signing request. + + ```shell + openssl req -new -sm3 -key sm2.key -out sm2.csr + ``` + +3. Generate an SM certificate. You can use **-extfile** to specify the certificate configuration file. + + ```shell + openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt + ``` + +4. View the certificate information. + + ```shell + openssl x509 -text -in sm2.crt + ``` + +### Scenario 2: Building a Certificate Chain + +#### Using the x509 Command (Generally Used for Function Tests) + +1. Generate the CA private key and certificate. + + ```shell + openssl ecparam -genkey -name SM2 -out ca.key + openssl req -new -sm3 -key ca.key -out ca.csr + openssl x509 -req -days 3650 -signkey ca.key -in ca.csr -out ca.crt + ``` + +2. Generate the level-2 signing private key and signing request. + + ```shell + openssl ecparam -genkey -name SM2 -out sm2.key + openssl req -new -sm3 -key sm2.key -out sm2.csr + ``` + +3. Generate a level-2 certificate based on the level-1 certificate. You can use **-extfile** to specify the certificate configuration file. + + ```shell + openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -in sm2.csr -out sm2.crt + ``` + +#### Using the CA Configuration File (Generally Used in Formal Scenarios) + +1. Prepare the configuration file for generating the certificate. You can use **apps/openssl.cnf** in the OpenSSL source code directory. + +2. Generate a self-signed CA certificate. (The following commands use OpenSSL 1.1.1 as an example. In OpenSSL 3.0.0 and later, change the value of the `-newkey` option to **sm2:SM2.pem**.) + + ```shell + openssl ecparam -name SM2 -out SM2.pem + openssl req -config ./openssl.cnf -nodes -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr + openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt + ``` + +3. Generate a level-2 certificate. (The following commands use OpenSSL 1.1.1 as an example. In OpenSSL 3.0.9 and later, change the value of the `-newkey` option to **sm2:SM2.pem**.) + + ```shell + openssl req -config ./openssl.cnf -nodes -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr + openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial + ``` + +### Scenario 3: Generating a TLCP Communication Certificate + +For details, see chapter "TLCP Stack." diff --git a/docs/en/server/security/shangmi/drive_encryption.md b/docs/en/server/security/shangmi/drive_encryption.md new file mode 100644 index 0000000000000000000000000000000000000000..4e260107885b0559064c3c6f6bf823110e3b26a8 --- /dev/null +++ b/docs/en/server/security/shangmi/drive_encryption.md @@ -0,0 +1,90 @@ +# Drive Encryption + +## Overview + +Drive encryption protects the storage confidentiality of important data. Data is encrypted based on a specified encryption algorithm and then written to drives. This feature mainly involves the user-mode tool cryptsetup and the kernel-mode module dm-crypt. Currently, the drive encryption feature provided by the openEuler OS supports ShangMi (SM) series cryptographic algorithms. Parameters are as follows: + +- Encryption modes: luks2 and plain; +- Key length: 256 bits; +- Message digest algorithm: SM3; +- Encryption algorithm: sm4-xts-plain64. + +## Prerequisites + +1. Kernel 5.10.0-106 or later + + ```shell + $ rpm -qa kernel + kernel-5.10.0-106.1.0.55.oe2209.x86_64 + ``` + +2. cryptsetup 2.4.1-1 or later + + ```shell + $ rpm -qa cryptsetup + cryptsetup-2.4.1-1.oe2209.x86_64 + ``` + +## How to Use + +A drive is formatted in a specified encryption mode and mapped to **/dev/mapper** as a dm device. Subsequent drive read and write operations are performed through the dm device. Data encryption and decryption are performed in kernel mode and are not perceived by users. The procedure is as follows: + +1. Format the drive and map the drive as a dm device. + + a. luks2 mode + + Set the encryption mode to luks2, encryption algorithm to sm4-xts-plain64, key length to 256 bits, and message digest algorithm to SM3. + + ```shell + # cryptsetup luksFormat /dev/sdd -c sm4-xts-plain64 --key-size 256 --hash sm3 + # cryptsetup luksOpen /dev/sdd crypt1 + ``` + + b. plain mode + + Set the encryption mode to plain, encryption algorithm to sm4-xts-plain64, key length to 256 bits, and message digest algorithm to SM3. + + ```shell + # cryptsetup plainOpen /dev/sdd crypt1 -c sm4-xts-plain64 --key-size 256 --hash sm3 + ``` + +2. After the mapping is successful, run the **lsblk** command to view the device information. + + ```shell + # lsblk + NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS + ...... + sdd 8:48 0 50G 0 disk + └─crypt1 253:3 0 50G 0 crypt + ...... + ``` + +3. Perform I/O read and write operations on the encrypted device. + + Deliver I/Os to raw drives. + + ```shell + # dd if=/dev/random of=/dev/mapper/crypt1 bs=4k count=10240 + ``` + + Deliver I/Os through the file system. + + ```shell + # mkfs.ext4 /dev/mapper/crypt1 + # mount /dev/mapper/crypt1 /mnt/crypt/ + # dd if=/dev/random of=/mnt/crypt/tmp bs=4k count=10240 + ``` + +4. Disable device mapping. + + If a file system is mounted, unmount it first. + + ```shell + # umount /mnt/crypt + ``` + + Closes a device. + + ```shell + # cryptsetup close crypt1 + ``` diff --git a/docs/en/server/security/shangmi/file_integrity_protection.md b/docs/en/server/security/shangmi/file_integrity_protection.md new file mode 100644 index 0000000000000000000000000000000000000000..409b28e2e2c57638c9b5e48390a0ccd0482bf18c --- /dev/null +++ b/docs/en/server/security/shangmi/file_integrity_protection.md @@ -0,0 +1,512 @@ +# File Integrity Protection + +## Kernel Integrity Measurement Architecture (IMA) + +IAM is a mandatory access control subsystem provided by the Linux kernel. It measures and verifies file integrity by adding check hooks to file access system calls. + +### Prerequisites + +1. The openEuler kernel compilation environment has been prepared. For details, see . +2. You are advised to select the latest kernel source code for compilation. +3. The kernel SM2 root certificate has been generated (for appraisal mode only). + + ```sh + # Generate a certificate configuration file. (Other fields in the configuration file can be defined as required.) + echo 'subjectKeyIdentifier=hash' > ima.cfg + echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg + echo 'keyUsage=digitalSignature,nonRepudiation' >> ima.cfg + # Generate a private key for SM2 signing. + # openssl ecparam -genkey -name SM2 -out ima.key + # Generate a signing request. + # openssl req -new -sm3 -key ima.key -out ima.csr + # Generate an SM2 certificate. + # openssl x509 -req -days 3650 -extfile ima.cfg -signkey ima.key -in ima.csr -out ima.crt + ``` + +4. The level-2 IMA certificate has been generated. + + ```sh + # Create a certificate configuration file. + echo 'subjectKeyIdentifier=hash' > ima.cfg + echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg + # Generate a private key. + openssl ecparam -genkey -name SM2 -out ima.key + # Generate a signing request. + openssl req -new -sm3 -key ima.key -out ima.csr + # Generate a level-2 certificate based on the level-1 certificate. + openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -extfile ima.cfg -in ima.csr -out ima.crt + # Convert to the DER format. + openssl x509 -outform DER -in ima.crt -out x509_ima.der + ``` + +5. The root certificate has been placed in the kernel source code directory, and **CONFIG_SYSTEM_TRUSTED_KEYS** has been modified to compile the certificate to the kernel trusted key. + + ```sh + $ cp /path/to/ca.crt . + $ make openeuler_defconfig + $ cat .config | grep CONFIG_SYSTEM_TRUSTED_KEYS + CONFIG_SYSTEM_TRUSTED_KEYS="ca.crt" + ``` + +6. The kernel has been compiled and installed. + +```sh +make -j64 +make modules_install +make install +``` + +### Usage + +#### Scenario 1: Native IMA + +##### IMA-Measurement + +Configure the IMA policy and message digest algorithm, disable the IMA-appraisal mode, and restart the system. + +```sh +ima_policy=tcb ima_hash=sm3 ima_appraise=off +``` + +Check the measurement log. It is found that the IMA measures all protected files and the message digest algorithm is SM3. + +```sh +cat /sys/kernel/security/ima/ascii_runtime_measurements +10 601989730f01fb4688bba92d0ec94340cd90757f ima-sig sm3:0000000000000000000000000000000000000000000000000000000000000000 boot_aggregate +10 dc0a98316b03ab15edd2b8daae75a0d64bca7c56 ima-sig sm3:3c62ee3c13ee32d7a287e04c843c03ebb428a5bb3dd83561efffe9b08444be22 /usr/lib/systemd/systemd +10 1d0a5140e3924e2542963ad887a80def0aa8acac ima-sig sm3:4d3b83e143bd9d5288ef099eff4d01444947516d680165c6dd08cd5900768032 /usr/lib64/ld-linux-x86-64.so.2 +...... +``` + +##### IMA-Appraisal (Hash) + +Configure the IMA policy and message digest algorithm, enable the IMA-appraisal fix mode, and restart the system. + +```sh +ima_policy=appraise_tcb ima_hash=sm3 ima_appraise=fix +``` + +**appraise_tcb** indicates to appraise all files owned by the **root** user. + +Perform an open operation on all files to be appraised to automatically mark the .ima extension. + +```sh +find / -fstype ext4 -type f -uid 0 -exec dd if='{}' of=/dev/null count=0 status=none \; +``` + +After the marking is complete, you can see that all files with the .ima extension of the SM3 message digest algorithm are marked. + +```sh +getfattr -m - -d -e hex /bin/bash +getfattr: Removing leading '/' from absolute path names +# file: bin/bash +security.ima=0x0411a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 +security.selinux=0x73797374656d5f753a6f626a6563745f723a7368656c6c5f657865635f743a733000 + +openssl dgst -sm3 /bin/bash +SM3(/bin/bash)= a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 +``` + +Enable the enforce mode and restart the system. The system can run properly. + +```sh +ima_policy=appraise_tcb ima_hash=sm3 ima_appraise=enforce +``` + +##### IMA-Appraisal (Signing) + +**Prerequisites** + +1. The SM root certificate has been preset in the kernel. +2. The ima-evm-utils software package whose version is later than or equal to the specified version has been installed. + +```sh +$ rpm -qa ima-evm-utils +ima-evm-utils-1.3.2-4.oe2209.x86_64 +``` + +Generate a level-2 IMA certificate. + +```sh +# Create a certificate configuration file. +echo 'subjectKeyIdentifier=hash' > ima.cfg +echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg +# Generate a private key. +openssl ecparam -genkey -name SM2 -out ima.key +# Generate a signing request. +openssl req -new -sm3 -key ima.key -out ima.csr +# Generate a level-2 certificate based on the level-1 certificate. +openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -extfile ima.cfg -in ima.csr -out ima.crt +# Convert to the DER format. +openssl x509 -outform DER -in ima.crt -out x509_ima.der +``` + +Place the IMA certificate in the **/etc/keys** directory and run the **dracut** command to create initrd again. + +```sh +mkdir -p /etc/keys +cp x509_ima.der /etc/keys +echo 'install_items+=" /etc/keys/x509_ima.der "' >> /etc/dracut.conf +dracut -f +``` + +Sign the files to be protected. For example, sign all executable files of the **root** user in the **/usr/bin** directory. + +```sh +find /usr/bin -fstype ext4 -type f -executable -uid 0 -exec evmctl -a sm3 ima_sign --key /path/to/ima.key '{}' \; +``` + +Enable the enforce mode and restart the system. The system can run properly. + +```sh +ima_policy=appraise_tcb ima_hash=sm3 ima_appraise=enforce +``` + +Check the protection effect of the signing mode. + +```sh +# getfattr -m - -d /bin/echo +getfattr: Removing leading '/' from absolute path names +# file: bin/echo +security.ima=0sAwIRNJFkBQBIMEYCIQDLBg/bYlrkBqSaXNQMyK7rhiZj+qRiKdu+0fqW8lSmPQIhAJY2qSZJ0HgSu7kygydrS4MCC0KTK59nUkvISenZAUCo +security.selinux="system_u:object_r:bin_t:s0" + +# echo 123 >> /bin/echo +-bash: /bin/echo: Permission denied +``` + +**Note:** + +For each file under the IMA protection, you need to use either the hash mode or the signing mode to mark the integrity information. Generally, files that may change (such as data files and configuration files) are marked in hash mode, and files that do not change (such as executable files and dynamic link libraries) are marked in signing mode. + +#### Scenario 2: IMA Digest Lists Mode + +##### Generating SM3 Digest Lists + +Configure **-a sm3** when calling **gen_digest_lists** to generate SM3 digest lists. + +```sh +gen_digest_lists -a sm3 -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/bash -d -i i: +gen_digest_lists -a sm3 -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/bash -d -i i: -T +``` + +##### Configuring the SM3 Message Digest Algorithm + +The overall procedure is the same as that for enabling the IMA Digest Lists feature. The only difference is that the **ima_hash** startup parameter is set to **sm3**. The following gives an example: + +```sh +# Log mode +ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sm3 ima_appraise=log evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest +# enforce mode +ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sm3 ima_appraise=enforce-evm evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest +``` + +After the configuration is complete, restart the system and query the measurement log. The default algorithm in the measurement log is changed to SM3. + +```sh +$ cat /sys/kernel/security/ima/ascii_runtime_measurements +...... +11 9e32183b5b1da72c6ff4298a44026e3f9af510c9 ima-sig sm3:5a2d81cd135f41e73e0224b9a81c3d8608ccde8caeafd5113de959ceb7c84948 /usr/bin/upload_digest_lists +11 f3b9264761dbaeaf637d08b86cc3655e8f3380f7 ima-sig sm3:cc6faecee9976c12279dab1627a78ef36f6998c65779f3b846494ac5fe5493a1 /usr/libexec/rpm_parser +11 dc0a98316b03ab15edd2b8daae75a0d64bca7c56 ima-sig sm3:3c62ee3c13ee32d7a287e04c843c03ebb428a5bb3dd83561efffe9b08444be22 /usr/lib/systemd/systemd +...... +``` + +##### Verifying Digest Lists Using the SM2 Certificates + +**Prerequisites** + +1. The SM root certificate has been preset in the kernel. +2. The digest-list-tools and ima-evm-utils software packages of the specified versions or later have been installed. + +```sh +$ rpm -qa ima-evm-utils +ima-evm-utils-1.3.2-4.oe2209.x86_64 +$ rpm -qa digest-list-tools +digest-list-tools-0.3.95-10.oe2209.x86_64 +``` + +**Procedure** + +1. Generate level-2 IMA and EVM certificates (sub-certificates of the SM root certificate preset in the kernel). + + ```sh + # Create a certificate configuration file. + echo 'subjectKeyIdentifier=hash' > ima.cfg + echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg + # Generate a private key. + openssl ecparam -genkey -name SM2 -out ima.key + # Generate a signing request. + openssl req -new -sm3 -key ima.key -out ima.csr + # Generate a level-2 certificate based on the level-1 certificate. + openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -extfile ima.cfg -in ima.csr -out ima.crt + # Convert to the DER format. + openssl x509 -outform DER -in ima.crt -out x509_ima.der + openssl x509 -outform DER -in ima.crt -out x509_evm.der + ``` + +2. Place the IMA and EVM certificates in the **/etc/keys** directory and run the **dracut** command to create initrd again. + + ```sh + mkdir -p /etc/keys + cp x509_ima.der /etc/keys + cp x509_evm.der /etc/keys + echo 'install_items+=" /etc/keys/x509_ima.der /etc/keys/x509_evm.der "' >> /etc/dracut.conf + dracut -f -e xattr + ``` + +3. Enable the IMA Digest Lists function. After the restart, check whether the certificates are imported to the IMA and EVM key rings. + + ```sh + $ cat /proc/keys + ...... + 024dee5e I------ 1 perm 1f0f0000 0 0 keyring .evm: 1 + ...... + 3980807f I------ 1 perm 1f0f0000 0 0 keyring .ima: 1 + ...... + ``` + +4. Sign the IMA digest lists using the private keys corresponding to the IMA and EVM certificates. The signed IMA digest lists can be imported to the kernel. + + ```sh + # Use **evmctl** to sign the digest lists. + evmctl ima_sign --key /path/to/ima.key -a sm3 0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 + # Check the extension after signing. + getfattr -m - -d 0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 + # file: 0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 + security.ima=0sAwIRNJFkBQBHMEUCIQCzdKVWdxw1hoVm9lgZB6sl+sxapptUFNjqHt5XZD87hgIgBMuZqBdrcNm7fXq/reQw7rzY/RN/UXPrIOxrVvpTouw= + security.selinux="unconfined_u:object_r:admin_home_t:s0" + # Import the signed digest lists file to the kernel. + echo /root/tree/etc/ima/digest_lists/0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 > /sys/kernel/security/ima/digest_list_data + # Check the measurement log. You can view the import record of the digest lists. + cat /sys/kernel/security/ima/ascii_runtime_measurements + 11 43b6981f84ba2725d05e91f19577cedb004adffb ima-sig sm3:b9430bbde2b7f30e935d91e29ab6778b6a825a2c3e5e7255895effb8747b7c1a /root/tree/etc/ima/digest_lists/0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 0302113491640500473045022100b374a556771c35868566f6581907ab25facc5aa69b5414d8ea1ede57643f3b86022004cb99a8176b70d9bb7d7abfade430eebcd8fd137f5173eb20ec6b56fa53a2ec + ``` + +**Notes:** + +1. By default, the hash algorithm used in the digest lists provided by openEuler is SHA256. When the IMA digest lists measurement algorithm is set to SM3, you must remove the digest lists from the **/etc/ima/digest_lists** directory, generate new digest lists, and sign the digest lists. Otherwise, an error occurs during file integrity check. The procedure is as follows: + + ```sh + # Reset the SELinux tag of a disk (perform this operation when IMA extension verification and SELinux are enabled). + fixfiles -F restore + # Generate digest lists for all files (you can also specify the files). + gen_digest_lists -a sm3 -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/ -d /etc/ima/digest_lists -i i: + # (Optional) Change the name of the generated digest lists file. + mv /etc/ima/digest_lists/0-metadata_list-compact- /etc/ima/digest_lists/0-metadata_list-compact-everything-sm3 + # Sign + evmctl ima_sign --key /path/to/ima.key -a sm3 /etc/ima/digest_lists/0-metadata_list-compact-everything-sm3 + # Re-create initrd. + dracut -f -e xattr + ``` + +2. For the software packages released by openEuler, the IMA digest lists file is provided by default. The default message digest algorithm is SHA256. Therefore, when the message digest algorithm is changed to SM3, the digest lists released by openEuler cannot be imported, and the following message may be displayed during software package installation: + + ```text + Cannon parse /etc/ima/digest_lists/0-metadata_list-rpm-...... + ``` + +# Lightweight Intrusion Detection (AIDE) + +AIDE is a lightweight intrusion detection tool. It checks file integrity to detect malicious intrusions to the system in a timely manner. The AIDE database can use hash algorithms such as SHA256 and SHA512 to create a verification code or hash value for each file in ciphertext. The AIDE provided by openEuler supports the SM3 algorithm in addition to the open source software. + +## Prerequisites + +AIDE 0.17.4-1 or later + +```sh +$ rpm -qa aide +aide-0.17.4-1.oe2209.x86_64 +``` + +## Usage + +Add the SM3 algorithm to the **/etc/aide.conf** configuration file. + +```text +...... +FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256+sm3 +...... +DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256+sm3 +...... +``` + +Initialize the database and save the database as the benchmark. + +Initialize the database. + +```sh +aide -c /etc/aide.conf -i +``` + +The example output is as follows: + +```text +AIDE initialized database at /var/lib/aide/aide.db.new.gz + +Number of entries: 64249 + +--------------------------------------------------- +The attributes of the (uncompressed) database(s): +--------------------------------------------------- + +/var/lib/aide/aide.db.new.gz + MD5 : a7y5ErdpBAezV2iGdaVleg== + SHA1 : u7W7jxomFtZn8rwMlkIRCN0r7iQ= + SHA256 : 88Kw5b2yJ9bejwO+NqT6lyAieno+K0+W + BPVBjXcUl08= + SHA512 : WyOIgRxk9SeSoktF6BYVV0tRL7nGNDKQ + A9QyxVCgzg+PwPMV7tzxmwOZI/dB64pP + vQ/D2jqJdf3NS2PHMI4yvg== + RMD160 : qTEPs2SIxPm3iEwsCnwvp9hR4s4= + TIGER : 0HgLucmhCcB56bxOMj+j1Kuja8UIsFRg + CRC32 : VKE1TA== + WHIRLPOOL : JSA35/NmkMOkUWEpcZJf3PR1UUz5WcLG + AmBKPkao3fzQUsLMTJizCV4CwAE0G/Yc + KX0mpW5vx+gk3njya8rAvA== + GOST : yKjiytOwRr3bJcFsxnJ310t1FY6YE3HB + YNT8XP93xpc= + STRIBOG256: 9bzS+5j4ZAoU/P7v3tkKOWn4ZfggcX28 + 9dLQVhaiJtQ= + STRIBOG512: 9LLXgqsRIRiXP2WOrOJt1qhx6psfbACd + un+GTVmu441quX4zaaPIIG9lzDMBAqMg + hZx5DlxsQj3YjMezSUsXLg== + SM3 : Vwii+uw3Ge5Hh3eo1KOombxn2jWgyYRX + ZdyCRZqWZ/E= + + +End timestamp: 2022-08-12 09:01:25 +0800 (run time: 2m 43s) +``` + +Save the database as the benchmark. + +```sh +mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz +``` + +### Scenario 1: Detecting Changes of Protected Files + +```sh +$ aide -c /etc/aide.conf --check +--------------------------------------------------- +Detailed information about changes: +--------------------------------------------------- + +File: /boot/config-5.10.0-106.3.0.57.oe2209.aarch64 + Size : 182936 | 182938 + Mtime : 2022-08-04 08:00:00 +0800 | 2022-08-12 09:05:34 +0800 + Ctime : 2022-08-11 01:42:44 +0800 | 2022-08-12 09:05:34 +0800 + SHA256 : ae0fOzf7U+e/evTZKpk6JQa00kvSkc5J | gOlhcUgnZWhcyJYMEPxCYccXwFr9lERX + vMTX5Ysh+1k= | KK3O/ytfR/g= + SHA512 : zAPIxIAM7YvJPjwl/PH23leBb/HiO0Rf | p+WxVOZ6DX323rHDRF864w297yh7POk6 + PlRME7yvpzFZk/5BrNe2ofQWR/0sFu1m | 11dOzahlKTWpAKaexC/u+4REiCzjl1rm + JsDSy8m57wzCpJA9iUFq1g== | eb/kd3Xgp1LoKwn49mtqxw== + SM3 : CW0GnITxNeGeYOCAm4xfu78Vqm+wLp/Z | GWq/3nXL16tMYyxyFD/HTZbvJi2h+ttg + cOmXmIKJT4Q= | 6d8XmSHu26A= +``` + +### Scenario 2: Updating the Database + +Update the database. After the update, the database file is **/var/lib/aide/aide.db.new.gz**. + +```sh +$ aide -c /etc/aide.conf --update +--------------------------------------------------- +Detailed information about changes: +--------------------------------------------------- + +File: /boot/config-5.10.0-106.3.0.57.oe2209.aarch64 + Size : 182936 | 182938 + Mtime : 2022-08-04 08:00:00 +0800 | 2022-08-12 09:05:34 +0800 + Ctime : 2022-08-11 01:42:44 +0800 | 2022-08-12 09:05:34 +0800 + SHA256 : ae0fOzf7U+e/evTZKpk6JQa00kvSkc5J | gOlhcUgnZWhcyJYMEPxCYccXwFr9lERX + vMTX5Ysh+1k= | KK3O/ytfR/g= + SHA512 : zAPIxIAM7YvJPjwl/PH23leBb/HiO0Rf | p+WxVOZ6DX323rHDRF864w297yh7POk6 + PlRME7yvpzFZk/5BrNe2ofQWR/0sFu1m | 11dOzahlKTWpAKaexC/u+4REiCzjl1rm + JsDSy8m57wzCpJA9iUFq1g== | eb/kd3Xgp1LoKwn49mtqxw== + SM3 : CW0GnITxNeGeYOCAm4xfu78Vqm+wLp/Z | GWq/3nXL16tMYyxyFD/HTZbvJi2h+ttg + cOmXmIKJT4Q= | 6d8XmSHu26A= +``` + +### Scenario 3: Comparing Databases + +Configure two databases in **/etc/aide.conf**. + +```conf +# The location of the database to be read. +database_in=file:@@{DBDIR}/aide.db.gz +database_new=file:@@{DBDIR}/aide.db.new.gz +``` + +Compare the databases. + +```sh +$ aide -c /etc/aide.conf --compare +--------------------------------------------------- +Detailed information about changes: +--------------------------------------------------- + +File: /boot/config-5.10.0-106.3.0.57.oe2209.aarch64 + Size : 182936 | 182938 + Mtime : 2022-08-04 08:00:00 +0800 | 2022-08-12 09:05:34 +0800 + Ctime : 2022-08-11 01:42:44 +0800 | 2022-08-12 09:05:34 +0800 + SHA256 : ae0fOzf7U+e/evTZKpk6JQa00kvSkc5J | gOlhcUgnZWhcyJYMEPxCYccXwFr9lERX + vMTX5Ysh+1k= | KK3O/ytfR/g= + SHA512 : zAPIxIAM7YvJPjwl/PH23leBb/HiO0Rf | p+WxVOZ6DX323rHDRF864w297yh7POk6 + PlRME7yvpzFZk/5BrNe2ofQWR/0sFu1m | 11dOzahlKTWpAKaexC/u+4REiCzjl1rm + JsDSy8m57wzCpJA9iUFq1g== | eb/kd3Xgp1LoKwn49mtqxw== + SM3 : CW0GnITxNeGeYOCAm4xfu78Vqm+wLp/Z | GWq/3nXL16tMYyxyFD/HTZbvJi2h+ttg + cOmXmIKJT4Q= | 6d8XmSHu26A= + +--------------------------------------------------- +The attributes of the (uncompressed) database(s): +--------------------------------------------------- + +/var/lib/aide/aide.db.gz + MD5 : a7y5ErdpBAezV2iGdaVleg== + SHA1 : u7W7jxomFtZn8rwMlkIRCN0r7iQ= + SHA256 : 88Kw5b2yJ9bejwO+NqT6lyAieno+K0+W + BPVBjXcUl08= + SHA512 : WyOIgRxk9SeSoktF6BYVV0tRL7nGNDKQ + A9QyxVCgzg+PwPMV7tzxmwOZI/dB64pP + vQ/D2jqJdf3NS2PHMI4yvg== + RMD160 : qTEPs2SIxPm3iEwsCnwvp9hR4s4= + TIGER : 0HgLucmhCcB56bxOMj+j1Kuja8UIsFRg + CRC32 : VKE1TA== + WHIRLPOOL : JSA35/NmkMOkUWEpcZJf3PR1UUz5WcLG + AmBKPkao3fzQUsLMTJizCV4CwAE0G/Yc + KX0mpW5vx+gk3njya8rAvA== + GOST : yKjiytOwRr3bJcFsxnJ310t1FY6YE3HB + YNT8XP93xpc= + STRIBOG256: 9bzS+5j4ZAoU/P7v3tkKOWn4ZfggcX28 + 9dLQVhaiJtQ= + STRIBOG512: 9LLXgqsRIRiXP2WOrOJt1qhx6psfbACd + un+GTVmu441quX4zaaPIIG9lzDMBAqMg + hZx5DlxsQj3YjMezSUsXLg== + SM3 : Vwii+uw3Ge5Hh3eo1KOombxn2jWgyYRX + ZdyCRZqWZ/E= + +/var/lib/aide/aide.db.new.gz + MD5 : sKt4dVDKY/8A9EY/X4Ue2A== + SHA1 : hagLXMv7G+KbEKh861kjjFSYpRw= + SHA256 : HTHF7k5U294ECjCLneoZ3o8bH6PYgY5u + AzoIyCacZp4= + SHA512 : 5gWi7K/ztWMl7H+PK1doV/tWDHmaE2m/ + ndRXGR7b5J3v82Jv2HeJPoOt5A4Z/9FH + 5H+uCLYaHwRleyalyy5Wew== + RMD160 : uMM1HtAbfz+G3Y9Z+rVR4qjdqcQ= + TIGER : OTHdXNQOxnHnOl6C9M3czSC42+SeZAZA + CRC32 : T9G1Tw== + WHIRLPOOL : FRMnQ2wHgylsTmpKE8RwdUvkzXucHwu1 + W9ZkUrxoXeci2g7jIgoMmpoeDPhH73qz + nZ7fKj1lStSpiUGD5KPeWA== + GOST : haeO5dhT+t34C1GJf+2dc3q1GMN71FqB + kqoiODo+j2o= + STRIBOG256: lgZUZhhd9JfMOXgNzYptapqagwgmvdM+ + 7uWzJsmOxoY= + STRIBOG512: PA6jksprS37xQzHm1ZIvLR9ROa+FxoiF + /xbAe0pSi4lMXXzABrPKkjyK0WtjxFvx + 07Poj2iDwNNcUJWekbaEXA== + SM3 : R5/HXng5MNvrjoCh8/JzrWle1IO8ggsR + P5i2ePX5BpY= +``` diff --git a/docs/en/server/security/shangmi/kernel_module_signing.md b/docs/en/server/security/shangmi/kernel_module_signing.md new file mode 100644 index 0000000000000000000000000000000000000000..d9ced9bdcff475b349284b1f790f52fbccfe288c --- /dev/null +++ b/docs/en/server/security/shangmi/kernel_module_signing.md @@ -0,0 +1,107 @@ +# Kernel Module Signing + +## Overview + +The kernel module signing facility is an important mechanism for protecting Linux kernel security. Signature information is added to the end of the kernel module file in a certain format, and the system checks whether the signature matches the public key preset in the kernel when the kernel module is loaded. In this way, the authenticity and integrity of the kernel module file are ensured. + +## Prerequisites + +1. The openEuler kernel compilation environment has been prepared. For details, see . +2. In openEuler kernel 5.10, the ShangMi (SM) series cryptographic algorithms are supported for kernel module signing. You are advised to select the latest kernel 5.10 source code for compilation. +3. The SM2 private key and certificate used for kernel module signing have been generated. The reference commands using OpenSSL are as follows: + +```shell +# Generate a certificate configuration file. (Other fields in the configuration file can be defined as required.) +$ echo 'subjectKeyIdentifier=hash' > mod.cfg +# Generate a private key for SM2 signing. +$ openssl ecparam -genkey -name SM2 -out mod.key +# Generate a signing request. +$ openssl req -new -sm3 -key mod.key -out mod.csr +# Generate an SM2 certificate. +$ openssl x509 -req -days 3650 -extfile mod.cfg -signkey mod.key -in mod.csr -out mod.crt +``` + +## How to Use + +### Scenario 1: Automatic Signing + +Write the certificate and private key to the **mod.pem** file. + +```shell +cat /path/to/mod.key > mod.pem +cat /path/to/mod.crt >> mod.pem +``` + +Use the SM3 algorithm to sign the kernel module in the kernel compilation options. + +```shell +make openeuler_defconfig +make menuconfig +``` + +Choose **Enable loadable module support** > **Sign modules with SM3** on the GUI. + +```shell +Which hash algorithm should modules be signed with? (Sign modules with SM3) +``` + +Configure **Cryptographic API** > **Certificates for signature checking** to read the private key and certificate used for kernel signing from **mod.pem**. + +```text +(mod.pem) File name or PKCS#11 URI of module signing key +``` + +Build the kernel. + +```shell +make -j64 +make modules_install +make install +``` + +Run the **modinfo** command to check the signature information of the kernel module. + +```shell +$ modinfo /usr/lib/modules/5.10.0/kernel/crypto/sm4.ko +filename: /usr/lib/modules/5.10.0/kernel/crypto/sm4.ko +license: GPL v2 +description: Generic SM4 library +srcversion: 371050FDB8BF9878D9B5B9B +depends: +retpoline: Y +intree: Y +name: sm4 +vermagic: 5.10.0 SMP mod_unload modversions +sig_id: PKCS#7 +signer: Internet Widgits Pty Ltd +sig_key: 33:0B:96:3E:1F:C1:CA:28:98:72:F5:AE:FF:3F:A4:F3:50:5D:E1:87 +sig_hashalgo: sm3 +signature: 30:45:02:21:00:81:96:8D:40:CE:7F:7D:AE:3A:4B:CC:DC:9A:F2:B4: + 16:87:3E:C3:DC:77:ED:BC:6E:F5:D8:F3:DD:77:2B:D4:05:02:20:3B: + 39:5A:89:9D:DC:27:83:E8:D8:B4:75:86:FF:33:2B:34:33:D0:90:76: + 32:4D:36:88:84:34:31:5C:83:63:6B +``` + +### Scenario 2: Manual Signing + +Call **sign_file** in the kernel source code directory to sign the specified kernel module. + +```shell +./scripts/sign-file sm3 /path/to/mod.key /path/to/mod.crt +``` + +Other steps are the same as those in scenario 1. + +### Scenario 3: Module Loading Verification + +Add **module.sig_enforce** to the kernel startup parameters to enable forcible signature verification for the kernel module. + +```text +linux /vmlinuz-5.10.0-106.1.0.55.oe2209.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap crashkernel=512M module.sig_enforce +``` + +After the system is restarted, only the kernel modules that pass the certificate verification can be loaded. + +```shell +# insmod /usr/lib/modules/5.10.0/kernel/crypto/sm4.ko +``` diff --git a/docs/en/server/security/shangmi/overview.md b/docs/en/server/security/shangmi/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..d450b81a20cfc57fdef580cfa4cb0f1a2dce3021 --- /dev/null +++ b/docs/en/server/security/shangmi/overview.md @@ -0,0 +1,29 @@ +# Overview + +ShangMi (SM) algorithms are commercial-grade cryptographic technologies. Cryptographic algorithms form the backbone of security technologies in information systems. Globally, widely adopted algorithms include RSA, AES, and SHA256. In parallel, China has developed a suite of cryptographic algorithms that cater to mainstream application scenarios. Among these, SM2, SM3, and SM4 are particularly prominent in OSs. + +| Algorithm | Publicly Available | Type | Application Scenarios | +| --------- | ------------------ | --------------------- | --------------------------------------------------------------------- | +| SM2 | Yes | Asymmetric encryption | Digital signatures, key exchange, encryption/decryption, PKI systems | +| SM3 | Yes | Hash algorithm | Integrity protection, one-way encryption, and other general scenarios | +| SM4 | Yes | Symmetric encryption | Encrypted storage, secure transmission | + +Additionally, other publicly available algorithms like SM9 and ZUC, as well as non-public algorithms such as SM1 and SM7, are part of the ecosystem. Notably, all publicly available Chinese algorithms have been integrated into ISO/IEC standards, gaining international recognition. China has also established a series of cryptographic technical specifications and application standards, including commercial cryptographic certificate standards and the TLCP protocol stack. These collectively form China's commercial cryptographic standard system, which guides the development of the cryptographic security industry. + +The SM features for the openEuler OS aims to enable SM series cryptographic algorithms for key security features of the OS and provide cryptographic services such as the SM series cryptographic algorithm library, certificates, and secure transmission protocols for upper-layer applications. + +Currently, the following SM features are supported: + +1. SM2, SM3, and SM4 algorithms are supported in the user-mode algorithm libraries, such as OpenSSL and libgcrypt. +2. SM2, SM3, and SM4 cipher suites are supported in OpenSSH. +3. The SM Transport Layer Cryptography Protocol (TLCP) stack is supported in OpenSSL. +4. SM3 and SM4 algorithms are supported for disk encryption (dm-crypt/cryptsetup). +5. The SM3 algorithm is supported for password encryption in user identity authentication (pam/libuser/shadow). +6. The SM3 algorithm is supported for data digest in intrusion detection (AIDE). +7. SM2, SM3, and SM4 algorithms are supported in the kernel cryptographic framework (crypto) and algorithm performance optimization using instruction sets such as AVX/CE/NEON is allowed. +8. The SM3 message digest algorithm and SM2 certificate are supported in Integrity Measurement Architecture and Extended Verification Module (IMA/EVM) of the kernel. +9. The SM2 certificate is supported in kernel module signing and module signature verification. +10. SM4-CBC and SM4-GCM algorithms are supported in Kernel Transport Layer Security (KTLS). +11. SM3 and SM4 algorithms are supported in Kunpeng Accelerator Engine (KAE). +12. UEFI secure boot supports the SM3 digest algorithm and SM2 digital signatures. +13. RPM supports the SM2 encryption/decryption algorithm and SM3 digest algorithm for signing and verification. diff --git a/docs/en/server/security/shangmi/rpm_signature_verification.md b/docs/en/server/security/shangmi/rpm_signature_verification.md new file mode 100644 index 0000000000000000000000000000000000000000..c0df357090c3133907ed134f3a8fdd370cf012be --- /dev/null +++ b/docs/en/server/security/shangmi/rpm_signature_verification.md @@ -0,0 +1,99 @@ +# RPM Signature Verification + +## Overview + +openEuler employs RPM for package management, adhering to the openPGP signature specification. openEuler 24.03 LTS SP1 enhances the open source RPM by adding support for SM2/3 algorithm-based signature generation and verification. + +The following packages have been enhanced for SM algorithm capabilities: + +- GnuPG: The `gpg` CLI tool now supports generating SM signatures. +- RPM: RPM can now invoke `gpg` commands and openSSL APIs for SM signature generation and verification. +- openSSL: SM signature verification is supported (already supported in the open source version). + +## Prerequisites + +1. The following or later versions of gnupg2, libgcrypt, and rpm packages must be installed: + + ```sh + $ rpm -qa libgcrypt + libgcrypt-1.10.2-3.oe2403sp1.x86_64 + + $ rpm -qa gnupg2 + gnupg2-2.4.3-5.oe2403sp1.x86_64 + + $ rpm -qa rpm + rpm-4.18.2-20.oe2403sp1.x86_64 + ``` + +2. ECDSA signing and verification are limited to SM2. + +## Usage + +1. Generate a key. + + Method 1: + + ```sh + gpg --full-generate-key --expert + ``` + + Method 2: + + ```sh + gpg --quick-generate-key sm2p256v1 + ``` + + You will be prompted to enter a password. This password is required for subsequent key operations or signing. Pressing Enter without entering a password means no password is set. + +2. Export the certificate. + + ```sh + gpg -o --export + ``` + +3. Enable the macro for SM3 hash algorithm and SM2 algorithm. + + ```sh + $ vim /usr/lib/rpm/macros + %_enable_sm2p256v1_sm3_algo 1 + ``` + +4. Import the certificate into the RPM database. + + ```sh + rpm --import + ``` + +5. Write the macros required for signing. + + ```sh + $ vim ~/.rpmmacros + %_signature gpg + %_gpg_path /root/.gnupg + %_gpg_name + %_gpgbin /usr/bin/gpg2 + + %__gpg_sign_cmd %{shescape:%{__gpg}} \ + gpg --no-verbose --no-armor --no-secmem-warning --passphrase-file /root/passwd \ + %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \ + %{?_gpg_sign_cmd_extra_args} \ + %{?_gpg_name:-u %{shescape:%{_gpg_name}}} \ + -sbo %{shescape:%{?__signature_filename}} \ + %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + ``` + + `%__gpg_sign_cmd` includes the default configuration with the addition of `--passphrase-file /root/passwd`. The **passwd** file contains the password. This addition is required only If a password is set in step 1. + +6. Generate a RPM package signature. + + ```sh + rpmsign --addsign + ``` + +7. Verify the RPM package signature. + + ```sh + rpm -Kv + ``` + + If the output shows "Header V4 ECDSA/SM3 Signature" and "OK," the signature verification is successful. diff --git a/docs/en/server/security/shangmi/secure_boot.md b/docs/en/server/security/shangmi/secure_boot.md new file mode 100644 index 0000000000000000000000000000000000000000..5dc1f3aa6ca70a9f3847712cbd46e8ddd1ca0a30 --- /dev/null +++ b/docs/en/server/security/shangmi/secure_boot.md @@ -0,0 +1,185 @@ +# Secure Boot + +Secure Boot is a standard feature defined in the UEFI specification. It verifies the signature of each component level by level during system startup to ensure the integrity and authenticity of the boot sequence. The UEFI Secure Boot of the Linux system includes the following three procedures: + +1. The BIOS uses its built-in certificate to verify the signature of the shim component. +2. The shim component uses its built-in certificate to verify the signature of the grub component. +3. The grub component verifies the signature of the kernel component through the interface provided by the shim component. + +openEuler adds support for ShangMi (SM) algorithms to the pesign EFI signature tool and its nss algorithm library. That is, openEuler supports SM3 for hash calculation, SM2 for signing and verifying EFI files. In this way, the secure boot of openEuler can be implemented using SM algorithms. + +## Constraints + +- The openEuler shim component supports SM-based Secure Boot, including verification of the GRUB signature by shim, and verification of the kernel signature by GRUB. The verification of the shim signature depends on the BIOS. +- An ARM64/x86 physical machine that supports UEFI Secure Boot is required. +- The pesign tool can sign signatures with a maximum level of 2. +- Currently, the pesign tool can only generate signatures but cannot verify signatures. + +## Preparations + +1. The following software packages (or their later versions) must be installed: + + ```shell + openssl-1.1.1m-15.oe2203.aarch64 + nss-3.72.0-4.oe2203.aarch64 + pesign-115-2.oe2203.aarch64 + shim-15.6-7.oe2203.aarch64 + crypto-policies-20200619-3.git781bbd4.oe2203.noarch + ``` + +2. Download the source code of the openEuler shim component. Ensure that the version in the spec file is later than 15.6-7. + + ```shell + git clone https://gitee.com/src-openeuler/shim.git -b openEuler-{version} --depth 1 + ``` + +3. Install software packages required for building the shim component: + + ```shell + yum install elfutils-libelf-devel gcc gnu-efi gnu-efi-devel openssl-devel make git rpm-build + ``` + +4. Check whether the SM3 algorithm is enabled for nss. If not, modify the file content as follows: + + ```shell + cat /usr/share/crypto-policies/DEFAULT/nss.txt | grep SM3 + config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048:SM3" + ``` + +## Generation of Keys and Certificates + +1. Generate the key and certificate for signing the shim component. The shim signature is verified by the BIOS. As most BIOSs do not support SM algorithms, the RSA algorithm is used. For BIOSs that support SM algorithms you can generate the SM2 key and certificate by referring to the next step. + + ```shell + openssl genrsa -out rsa.key 4096 + openssl req -new -key rsa.key -out rsa.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot BIOS' + openssl x509 -req -days 365 -in rsa.csr -signkey rsa.key -out rsa.crt + openssl x509 -in rsa.crt -out rsa.der -outform der + ``` + +2. Generate the SM2 key and certificate for signing the GRUB and kernel components. + + ```shell + openssl ecparam -genkey -name SM2 -out sm2.key + openssl req -new -sm3 -key sm2.key -out sm2.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot shim' + openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt + openssl x509 -in sm2.crt -out sm2.der -outform der + ``` + +3. Create an NSS database and import the keys and certificates generated in the preceding two steps to the NSS database. + + ```shell + # The NSS database is organized in the form of directories. The storage location can be customized. + mkdir certdb + certutil -N -d certdb + # Import the SM2 and RSA certificates to the NSS database and name them sm2 and rsa respectively. + certutil -A -n sm2 -d certdb -t CT,CT,CT -i sm2.crt + certutil -A -n rsa -d certdb -t CT,CT,CT -i rsa.crt + # To import the SM2 and RSA keys to the NSS database, compress them into PKCS 12 files. + openssl pkcs12 -export -out rsa.p12 -inkey rsa.key -in rsa.crt + openssl pkcs12 -export -out sm2.p12 -inkey sm2.key -in sm2.crt + pk12util -d certdb -i rsa.p12 + pk12util -d certdb -i sm2.p12 + ``` + +## shim Component Building + +1. Go to the shim source code directory, modify the configuration variables in shim.spec to enable the support for SM algorithms, and specify the built-in SM2 certificate. + + ```text + %global enable_sm 1 + %global vendor_cert /path/to/sm2.der + ``` + +2. Build the shim software package. + + ```shell + rpmbuild -ba shim.spec --define "_sourcedir $PWD" + ``` + +3. Install the built shim software package. + + ```shell + rpm -Uvh ~/rpmbuild/RPMS/aarch64/shim-xxx.rpm + ``` + +## SM Signature for UEFI Files + +1. Sign the shim component with the RSA key and certificate and replace the original one. + + ```shell + # ARM64 + pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimaa64.efi -o shimaa64.efi.signed + cp shimaa64.efi.signed /boot/efi/EFI/openEuler/shimaa64.efi + # x86 + pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimx64.efi -o shimx64.efi.signed + cp shimx64.efi.signed /boot/efi/EFI/openEuler/shimx64.efi + ``` + +2. Sign the GRUB component with the SM2 key and certificate and replace the original one. + + ```shell + # ARM64 + pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubaa64.efi -o grubaa64.efi.signed -d sm3 + cp grubaa64.efi.signed /boot/efi/EFI/openEuler/grubaa64.efi + # x86 + pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubx64.efi -o grubx64.efi.signed -d sm3 + cp grubx64.efi.signed /boot/efi/EFI/openEuler/grubx64.efi + ``` + +3. Sign the kernel component with the SM2 key and certificate and replace the original one. (Note that the file name contains the actual version number.) + + ```shell + # For the ARM64 architecture,you need to decompress and sign the component, and compress it again. + cp /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz + gzip -d vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz + pesign -n certdb -c sm2 -s -i vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed -d sm3 + gzip vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed + cp vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed.gz /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 + # x86 + pesign -n certdb -c sm2 -s -i /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed -d sm3 + cp vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 + ``` + +4. Check the signature information. The following uses shim and GRUB as examples: + + ```shell + pesign -S -i /boot/efi/EFI/openEuler/grubaa64.efi + pesign -S -i /boot/efi/EFI/openEuler/shimaa64.efi + ``` + +## Secure Boot + +Enter the BIOS, import the certificate for signing the shim component, and enable the Secure Boot option. The operation method varies depending on the BIOS. The following uses the Kunpeng 2280 v2 server as an example: + +1. Place the RSA certificate for signing the shim component in the **/boot/efi/EFI/openEuler** directory. + + ```shell + cp rsa.der /boot/efi/EFI/openEuler + ``` + +2. Restart the system. +3. Enter BIOS to enable Secure Boot: + + ```text + Setup > Security > Secure Boot > Enable + ``` + +4. Set the Secure Boot mode to custom: + + ```text + Setup > Security > Secure Boot Certificate Configuration > Secure Boot Mode > Custom + ``` + +5. Import the Secure Boot certificate: + + ```text + Setup > Security > Secure Boot Certificate Configuration > Options Related to Secure Boot Custom Mode > DB Options > Import Signature > Add Signature by File > Select rsa.der > Save and exit. + ``` + +6. Save the configuration and restart the system. The system is started successfully. Secure Boot is enabled. + + ```shell + mokutil --sb-state + SecureBoot enabled + ``` diff --git a/docs/en/server/security/shangmi/ssh_stack.md b/docs/en/server/security/shangmi/ssh_stack.md new file mode 100644 index 0000000000000000000000000000000000000000..219a551288267a76272aa8a1f046b34f2e1567f0 --- /dev/null +++ b/docs/en/server/security/shangmi/ssh_stack.md @@ -0,0 +1,52 @@ +# SSH Stack + +## Overview + +The OpenSSH component is a Secure Shell Protocol (SSH) component implemented based on libcrypto of OpenSSL in C language. The main function is remote login to ensure the integrity and reliability of encrypted information over an unsecured network. The SSH server and client configuration items provided by openEuler involve key exchange, public key authentication, symmetric encryption, and integrity authentication. The values of these configuration items can be ShangMi (SM) Cipher Suites (including SM2, SM3, and SM4 algorithms). + +## Prerequisites + +OpenSSH 8.8p1-5 or later + +```shell +$ rpm -qa | grep openssh +openssh-8.8p1-5.oe2209.x86_64 +openssh-server-8.8p1-5.oe2209.x86_64 +openssh-clients-8.8p1-5.oe2209.x86_64 +``` + +## How to Use + +### Scenario 1: Remote Login + +1. On the client, call **ssh-keygen** to generate a user key, which is saved as **\~/.ssh/id_sm2** and **\~/.ssh/id_sm2.pub** by default. Then, send **\~/.ssh/id_sm2.pub** from the client to the server. (You can also run the **ssh-copy-id** command to send the file.) + + ```shell + ssh-keygen -t sm2 -m PEM + ``` + +2. On the server, call **ssh-keygen** to generate a host key and add the public key sent by the client to the authorized key file list. (If you run the **ssh-copy-id** command, the public key is automatically written.) + + ```shell + ssh-keygen -t sm2 -m PEM -f /etc/ssh/ssh_host_sm2_key + cat /path/to/id_sm2.pub >> ~/.ssh/authorized_keys + ``` + +3. On the server, modify the **/etc/ssh/sshd_config** file to support login using SM series cryptographic algorithms. The following table lists the SM configuration items. + + | Description | Configuration Item | SM Value | + | ------------------------------------------------------------------------------------ | ---------------------- | ------------------------- | + | Authentication key for the host key and public key (configurable only on the server) | HostKeyAlgorithms | /etc/ssh/ssh_host_sm2_key | + | Host key and public key authentication algorithm | HostKeyAlgorithms | sm2 | + | Key exchange algorithm | KexAlgorithms | sm2-sm3 | + | Symmetric cryptographic algorithm | Ciphers | sm4-ctr | + | Integrity check algorithm | MACs | hmac-sm3 | + | User public key authentication algorithm | PubkeyAcceptedKeyTypes | sm2 | + | Authentication key for the user public key (configurable only on the client) | IdentityFile | ~/.ssh/id_sm2 | + | Hash algorithm used for printing key fingerprints | FingerprintHash | sm3 | + +4. On the client, configure the SM series cryptographic algorithms to complete the login. You can enable the SM Cipher Suites on the client by running commands or modifying the configuration file. The following shows how to log in using the CLI: + + ```shell + ssh -o PreferredAuthentications=publickey -o HostKeyAlgorithms=sm2 -o PubkeyAcceptedKeyTypes=sm2 -o Ciphers=sm4-ctr -o MACs=hmac-sm3 -o KexAlgorithms=sm2-sm3 -i ~/.ssh/id_sm2 [remote-ip] + ``` diff --git a/docs/en/server/security/shangmi/tlcp_stack.md b/docs/en/server/security/shangmi/tlcp_stack.md new file mode 100644 index 0000000000000000000000000000000000000000..36eae8769a46b99d6c5160c98d85f6da5f91935d --- /dev/null +++ b/docs/en/server/security/shangmi/tlcp_stack.md @@ -0,0 +1,518 @@ +# TLCP Stack + +## Overview + +Transport Layer Cryptography Protocol (TLCP) is a secure communication protocol that complies with the *GB/T 38636-2020 Information security technology-Transport layer cryptography protocol (TLCP)*. TLCP requires an encryption certificate and a signature certificate with their corresponding private keys in communication. Based on the open source version, the OpenSSL software released after openEuler 22.09 supports the TLCP and provides the following functions: + +- Double certificates for SM series cryptographic algorithms based on TLCP +- ECC_SM4_CBC_SM3 and ECDHE_SM4_CBC_SM3 cipher suites +- SM2 certificates + +## Prerequisites + +The version of the OpenSSL software installed in the openEuler operating system is later than 1.1.1m-4. + +```shell +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` + +## How to Use + +### Scenario 1: Generating Two SM2 Certificates + +According to the TLCP, two certificates are required for communication: signature certificate and encryption certificate. The signature certificate is used for identity authentication, and the encryption certificate is used for data encryption during key negotiation. CA is short for Certificate Authority. A certificate is generated only after the CSR certificate request file is issued by the CA. The following is a reference case that describes how to use a self-signed CA certificate to issue an entity certificate: + +1. Prepare the configuration file **openssl.cnf** required for generating the certificates. The reference content is as follows (modified based on the OpenSSL source code **apps/openssl.cnf**): + + ```conf + # This definition stops the following lines choking if HOME isn't + # defined. + HOME = . + + # Extra OBJECT IDENTIFIER info: + #oid_file = $ENV::HOME/.oid + oid_section = new_oids + + # To use this configuration file with the "-extfile" option of the + # "openssl x509" utility, name here the section containing the + # X.509v3 extensions to use: + # extensions = + # (Alternatively, use a configuration file that has only + # X.509v3 extensions in its main [= default] section.) + + [ new_oids ] + + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. + # Add a simple OID like this: + # testoid1=1.2.3.4 + # Or use config file substitution like this: + # testoid2=${testoid1}.5.6 + + # Policies used by the TSA examples. + tsa_policy1 = 1.2.3.4.1 + tsa_policy2 = 1.2.3.4.5.6 + tsa_policy3 = 1.2.3.4.5.7 + + #################################################################### + [ ca ] + default_ca = CA_default # The default ca section + + #################################################################### + [ CA_default ] + + dir = ./demoCA # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. + #unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. + new_certs_dir = $dir/newcerts # default place for new certs. + + certificate = $dir/cacert.pem # The CA certificate + serial = $dir/serial # The current serial number + crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL + crl = $dir/crl.pem # The current CRL + private_key = $dir/private/cakey.pem# The private key + + x509_extensions = usr_cert # The extensions to add to the cert + + # Comment out the following two lines for the "traditional" + # (and highly broken) format. + name_opt = ca_default # Subject Name options + cert_opt = ca_default # Certificate field options + + # Extension copying option: use with caution. + # copy_extensions = copy + + # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs + # so this is commented out by default to leave a V1 CRL. + # crlnumber must also be commented out to leave a V1 CRL. + # crl_extensions = crl_ext + + default_days = 365 # how long to certify for + default_crl_days= 30 # how long before next CRL + default_md = default # use public key default MD + preserve = no # keep passed DN ordering + + # A few difference way of specifying how similar the request should look + # For type CA, the listed attributes must be the same, and the optional + # and supplied fields are just that :-) + policy = policy_match + + # For the CA policy + [ policy_match ] + countryName = match + stateOrProvinceName = match + organizationName = match + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + + # For the 'anything' policy + # At this point in time, you must list all acceptable 'object' + # types. + [ policy_anything ] + countryName = optional + stateOrProvinceName = optional + localityName = optional + organizationName = optional + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + + #################################################################### + [ req ] + default_bits = 2048 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes + x509_extensions = v3_ca # The extensions to add to the self signed cert + + # Passwords for private keys if not present they will be prompted for + # input_password = secret + # output_password = secret + + # This sets a mask for permitted string types. There are several options. + # default: PrintableString, T61String, BMPString. + # pkix : PrintableString, BMPString (PKIX recommendation before 2004) + # utf8only: only UTF8Strings (PKIX recommendation after 2004). + # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). + # MASK:XXXX a literal mask value. + # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. + string_mask = utf8only + + # req_extensions = v3_req # The extensions to add to a certificate request + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) + countryName_default = AU + countryName_min = 2 + countryName_max = 2 + + stateOrProvinceName = State or Province Name (full name) + stateOrProvinceName_default = Some-State + + localityName = Locality Name (eg, city) + + 0.organizationName = Organization Name (eg, company) + 0.organizationName_default = Internet Widgits Pty Ltd + + # we can do this but it is not needed normally :-) + #1.organizationName = Second Organization Name (eg, company) + #1.organizationName_default = World Wide Web Pty Ltd + + organizationalUnitName = Organizational Unit Name (eg, section) + #organizationalUnitName_default = + + commonName = Common Name (e.g. server FQDN or YOUR name) + commonName_max = 64 + + emailAddress = Email Address + emailAddress_max = 64 + + # SET-ex3 = SET extension number 3 + + [ req_attributes ] + challengePassword = A challenge password + challengePassword_min = 4 + challengePassword_max = 20 + + unstructuredName = An optional company name + + [ usr_cert ] + + # These extensions are added when 'ca' signs a request. + + # This goes against PKIX guidelines but some CAs do it and some software + # requires this to avoid interpreting an end user certificate as a CA. + + basicConstraints=CA:FALSE + + # Here are some examples of the usage of nsCertType. If it is omitted + # the certificate can be used for anything *except* object signing. + + # This is OK for an SSL server. + # nsCertType = server + + # For an object signing certificate this would be used. + # nsCertType = objsign + + # For normal client use this is typical + # nsCertType = client, email + + # and for everything including object signing: + # nsCertType = client, email, objsign + + # This is typical in keyUsage for a client certificate. + # keyUsage = nonRepudiation, digitalSignature, keyEncipherment + + # This will be displayed in Netscape's comment listbox. + nsComment = "OpenSSL Generated Certificate" + + # PKIX recommendations harmless if included in all certificates. + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid,issuer + + # This stuff is for subjectAltName and issuerAltname. + # Import the email address. + # subjectAltName=email:copy + # An alternative to produce certificates that aren't + # deprecated according to PKIX. + # subjectAltName=email:move + + # Copy subject details + # issuerAltName=issuer:copy + + #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem + #nsBaseUrl + #nsRevocationUrl + #nsRenewalUrl + #nsCaPolicyUrl + #nsSslServerName + + # This is required for TSA certificates. + # extendedKeyUsage = critical,timeStamping + + [ v3_req ] + + # Extensions to add to a certificate request + + basicConstraints = CA:FALSE + keyUsage = nonRepudiation, digitalSignature + + [ v3enc_req ] + + # Extensions to add to a certificate request + + basicConstraints = CA:FALSE + keyUsage = keyAgreement, keyEncipherment, dataEncipherment + + [ v3_ca ] + + # Extensions for a typical CA + + + # PKIX recommendation. + + subjectKeyIdentifier=hash + + authorityKeyIdentifier=keyid:always,issuer + + basicConstraints = critical,CA:true + + # Key usage: this is typical for a CA certificate. However since it will + # prevent it being used as an test self-signed certificate it is best + # left out by default. + keyUsage = cRLSign, keyCertSign + + # Some might want this also + # nsCertType = sslCA, emailCA + + # Include email address in subject alt name: another PKIX recommendation + # subjectAltName=email:copy + # Copy issuer details + # issuerAltName=issuer:copy + + # DER hex encoding of an extension: beware experts only! + # obj=DER:02:03 + # Where 'obj' is a standard or added object + # You can even override a supported extension: + # basicConstraints= critical, DER:30:03:01:01:FF + + [ crl_ext ] + + # CRL extensions. + # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + + # issuerAltName=issuer:copy + authorityKeyIdentifier=keyid:always + + [ proxy_cert_ext ] + # These extensions should be added when creating a proxy certificate + + # This goes against PKIX guidelines but some CAs do it and some software + # requires this to avoid interpreting an end user certificate as a CA. + + basicConstraints=CA:FALSE + + # Here are some examples of the usage of nsCertType. If it is omitted + # the certificate can be used for anything *except* object signing. + + # This is OK for an SSL server. + # nsCertType = server + + # For an object signing certificate this would be used. + # nsCertType = objsign + + # For normal client use this is typical + # nsCertType = client, email + + # and for everything including object signing: + # nsCertType = client, email, objsign + + # This is typical in keyUsage for a client certificate. + # keyUsage = nonRepudiation, digitalSignature, keyEncipherment + + # This will be displayed in Netscape's comment listbox. + nsComment = "OpenSSL Generated Certificate" + + # PKIX recommendations harmless if included in all certificates. + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid,issuer + + # This stuff is for subjectAltName and issuerAltname. + # Import the email address. + # subjectAltName=email:copy + # An alternative to produce certificates that aren't + # deprecated according to PKIX. + # subjectAltName=email:move + + # Copy subject details + # issuerAltName=issuer:copy + + #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem + #nsBaseUrl + #nsRevocationUrl + #nsRenewalUrl + #nsCaPolicyUrl + #nsSslServerName + + # This really needs to be in place for it to be a proxy certificate. + proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + + #################################################################### + [ tsa ] + + default_tsa = tsa_config1 # the default TSA section + + [ tsa_config1 ] + + # These are used by the TSA reply generation only. + dir = ./demoCA # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) + certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) + signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + signer_digest = sha256 # Signing digest to use. (Optional) + default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) + other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) + digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) + accuracy = secs:1, millisecs:500, microsecs:100 # (optional) + clock_precision_digits = 0 # number of digits after dot. (optional) + ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) + tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) + ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) + ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) + ``` + +2. Generate a self-signed CA certificate. (The following commands are for scenarios using OpenSSL version 1.1.1. If using OpenSSL version 3.0.9 or above, the `-newkey` option in the `openssl req` command needs to be replaced with `sm2:SM2.pem`): + + ```shell + openssl ecparam -name SM2 -out SM2.pem + openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=root ca' -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr + openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt + ``` + +3. Generate the server signature certificate and encryption certificate. (The following commands are for scenarios using OpenSSL version 1.1.1. If using OpenSSL version 3.0.9 or above, the `-newkey` option in the `openssl req` command needs to be replaced with `sm2:SM2.pem`): + + ```shell + openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server sign' -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr + openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial + openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server enc' -keyout SE.key -newkey ec:SM2.pem -new -out SE.csr + openssl x509 -sm3 -req -days 30 -in SE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out SE.crt -CAcreateserial + ``` + +4. Generate the client signature certificate and encryption certificate. + + ```shell + openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client sign' -keyout CS.key -newkey ec:SM2.pem -new -out CS.csr + openssl x509 -sm3 -req -days 30 -in CS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out CS.crt -CAcreateserial + openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client enc' -keyout CE.key -newkey ec:SM2.pem -new -out CE.csr + openssl x509 -sm3 -req -days 30 -in CE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out CE.crt -CAcreateserial + ``` + +### Scenario 2: Using the OpenSSL CLI to Verify the TLCP Stack + +The **s_server/s_client** tool provided by OpenSSL can be used to test the TLCP. + +```shell +# Start the server. +openssl s_server -verify 5 -accept 4433 \ + -cert SS.crt \ + -key SS.key \ + -dcert SE.crt \ + -dkey SE.key \ + -CAfile CA.crt + +# Start the client. +openssl s_client -verify 5 -connect 127.0.0.1:4433 \ + -cert CS.crt \ + -key CS.key \ + -dcert CE.crt \ + -dkey CE.key \ + -CAfile CA.crt -tlcp +``` + +### Scenario 3: Using OpenSSL APIs + +Reference code on the server: + +```cpp +int main() { + // Define the variables. + SSL_CTX *ctx = NULL; + const char *sign_cert_file = "SS.crt"; + const char *sign_key_file = "SS.key"; + const char *enc_cert_file = "SE.crt"; + const char *enc_key_file = "SE.key"; + + // Generate the context. + ctx = SSL_CTX_new(TLS_server_method()); + + // Load the signature certificate and encryption certificate and their private keys. + if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + SSL_CTX_set_options(ctx, SSL_OP_ENCCERT_SECOND_POSITION); + + // The subsequent procedure is the same as that of the standard TLS. + SSL *ssl = SSL_new(ctx); +} +``` + +Client reference code: + +```cpp +int main() { + // Define the variables. + SSL_CTX *ctx = NULL; + const char *sign_cert_file = "CS.crt"; + const char *sign_key_file = "CS.key"; + const char *enc_cert_file = "CE.crt"; + const char *enc_key_file = "CE.key"; + + // Generate the context. + ctx = SSL_CTX_new(TLCP_client_method()); + + // Load the signature certificate and encryption certificate and their private keys. + if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + // Set the cipher suite to ECC-SM4-CBC-SM3 or ECDHE-SM4-CBC-SM3. + // This step is not mandatory. By default, ECC-SM4-CBC-SM3 is preferred. + if(SSL_CTX_set_cipher_list(ctx, "ECC-SM4-CBC-SM3") <= 0) + goto err; + + // The subsequent procedure is the same as that of the standard TLS. + SSL *ssl = SSL_new(ctx); +} +``` + +# KTLS Uninstallation + +## Overview + +The Linux kernel protocol stack implements only the TCP/IP model and does not support the SSL/TLS session layer protocol. Currently, TLS encryption and decryption are implemented in user mode. However, in some scenarios, for example, when the kernel sends a file, multiple cross-state copies are generated, causing performance overhead. Therefore, the kernel implements KTLS. That is, the encryption context can be configured for the socket to offload data encryption to the kernel mode or lower-layer hardware. + +The KTLS feature of the openEuler kernel 5.10 supports SM series cryptographic algorithms. Currently, the SM4-GCM and SM4-CCM algorithms are supported. + +## Prerequisites + +Kernel 5.10.0-106 or later + +```shell +$ rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +## How to Use + +The method of calling SM series cryptographic algorithms is the same as that of calling other algorithms of the same type. For details, see the [Linux kernel document](https://www.kernel.org/doc/html/v5.10/networking/tls.html). diff --git a/docs/en/server/security/shangmi/user_identity_authentication.md b/docs/en/server/security/shangmi/user_identity_authentication.md new file mode 100644 index 0000000000000000000000000000000000000000..241d2e6a1d14059a937f63bf0d5e1cb9cc413279 --- /dev/null +++ b/docs/en/server/security/shangmi/user_identity_authentication.md @@ -0,0 +1,131 @@ +# User Identity Authentication + +Operating systems usually use the password mechanism to authenticate users. openEuler provides user password management components, such as PAM, passwd, shadow, and libuser. After a user password is set, it needs to be encrypted for storage. Generally, the hash algorithm is used for encryption. The user password management component provided by openEuler supports the ShangMi 3 (SM3) cryptographic hash algorithm. + +## Using PAM to Encrypt User Passwords + +### Overview + +PAM is a pluggable authentication module of the system that provides an authentication mechanism for upper-layer applications. PAM released by openEuler supports user password encryption using the SM3 algorithm. + +### Prerequisites + +1. PAM 1.5.2-2 or later + + ```shell + $ rpm -qa pam + pam-1.5.2-2.oe2209.x86_64 + ``` + +2. libxcrypt 4.4.26-2 or later + + ```shell + $ rpm -qa libxcrypt + pam-4.4.26-2.oe2209.x86_64 + ``` + +### How to Use + +1. Open the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files, locate the line starting with **password sufficient pam_unix.so**, and change the algorithm field in the line to **sm3**. + + ```shell + $ cat /etc/pam.d/password-auth + ...... + password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok + ...... + + $ cat /etc/pam.d/system-auth + ...... + password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok + ...... + ``` + +2. After the configuration is modified, the password changed by running the **passwd** command or the password created by a new user is encrypted using the SM3 algorithm. The encryption result starts with **sm3** and is stored in **/etc/shadow**. + + ```shell + $ passwd testuser + Changing password for user testuser. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + $ cat /etc/shadow | grep testuser + testuser:$sm3$wnY86eyUlB5946gU$99LlMr0ddeZNDqnB2KRxn9f30SFCCvMv1WN1cFdsKJ2:19219:0:90:7:35:: + ``` + +### Notes + +1. By default, the SHA512 algorithm is used. After the SM3 algorithm is used, the existing user passwords are not affected. The cryptographic algorithm takes effect only after the passwords are changed. +2. If PAM and libxcrypt need to be downgraded to non-SM versions and existing user passwords are encrypted using the SM3 algorithm, modify the configuration first. + Set the algorithm to a non-SM algorithm, change the user passwords, and downgrade the software to a non-SM version. Otherwise, these users cannot log in to the system. + +## Using Shadow to Encrypt User Passwords + +### Overview + +Shadow is a common user management component in Linux. It provides commands such as **chpasswd**, **chgpasswd**, and **newusers**. The shadow component provided by openEuler supports the SM3 algorithm in user management. By default, Shadow uses the PAM security authentication mechanism. Therefore, the SM3 algorithm supported by Shadow affects only the **chpasswd** and **chgpasswd** commands. + +### Prerequisites + +Shadow 4.9-4 or later + +```shell +$ rpm -qa shadow +shadow-4.9-4.oe2209.x86_64 +``` + +### How to Use + +1. By default, **chpasswd** uses the PAM configuration. Use **-c** to specify the SM3 algorithm. The encryption result starts with **sm3** and is stored in **/etc/shadow**. + + ```shell + $ echo testuser:testPassword |chpasswd -c SM3 + $ cat /etc/shadow | grep testuser + testuser:$sm3$moojQQeBfdGOrL14$NqjckLHlk3ICs1cx.0rKZwRHafjVlqksdSJqfx9eYh6:19220:0:99999:7::: + ``` + +2. By default, **chgpasswd** uses the PAM configuration. Use **-c** to specify the SM3 algorithm. The encryption result starts with **sm3** and is stored in **/etc/shadow**. + + ```shell + $ echo testGroup:testPassword |chpasswd -c SM3 + $ cat /etc/gshadow | grep testGroup + testGroup:$sm3$S3h3X6U6KsXg2Gkc$LFCAnKbi6JItarQz4Y/Aq9/hEbEMQXq9nQ4rY1j9BY9:: + ``` + +### Notes + +By default, Shadow uses the PAM security authentication mechanism. When **-c** is used to specify the encryption algorithm in related commands, the PAM mechanism is not used. + +## Using libuser to Encrypt User Passwords + +### Overview + +The libuser library implements a standardized interface for operating and managing users and group accounts. This library is encapsulated and provides the command line interface (CLI) and Python interface for managing users and groups. User passwords can be encrypted using algorithms such as DES, MD5, Blowfish, SHA256, and SHA512. libuser released by openEuler supports the SM3 algorithm. + +### Prerequisites + +libuser 0.63-3 or later + +```shell +$ rpm -qa libuser +libuser-0.63-3.oe2209.x86_64 +``` + +### How to Use + +1. Configure **crypt_style=sm3** in the **\[defaults]** section in **/etc/libuser.conf**. + + ```shell + $ cat /etc/libuser.conf + ...... + [defaults] + crypt_style = sm3 + ...... + ``` + +2. When you run the **lusermod**, **lpasswd**, or **luseradd** command to set a user password, the default password encryption algorithm is SM3. The encryption result starts with **sm3** and is stored in **/etc/shadow**. + + ```shell + # luseradd testuser -P Test@123 + # cat /etc/shadow | grep testuser + testuser:$sm3$1IJtoN6zlBDCiPKC$5oxscBTgiquPAEmZWGNDVqTPrboHJw3fFSohjF6sONB:18862:0:90:7:35:: + ``` diff --git a/docs/en/server/security/trusted_computing/_toc.yaml b/docs/en/server/security/trusted_computing/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9b3a00ae25f4dd03f5343e6bab21af9d2da4fbac --- /dev/null +++ b/docs/en/server/security/trusted_computing/_toc.yaml @@ -0,0 +1,18 @@ +label: Trusted Computing +isManual: true +description: Definition and key concepts of trusted computing +sections: + - label: Trusted Computing Definition + href: ./trusted_computing.md + - label: Kernel Integrity Measurement Architecture (IMA) + href: ./ima.md + - label: Dynamic Integrity Measurement (DIM) + href: ./dim.md + - label: Remote Attestation (Kunpeng Security Library) + href: ./remote_attestation_kunpeng_security_library.md + - label: Trusted Platform Control Module (TPCM) + href: ./tpcm.md + - label: Kernel Root of Trust Framework + href: ./kernel_root_of_trust_framework.md + - label: Protection for Interpreted Applications + href: ./protection_for_interpreted_applications.md diff --git a/docs/en/server/security/trusted_computing/dim.md b/docs/en/server/security/trusted_computing/dim.md new file mode 100644 index 0000000000000000000000000000000000000000..015be8aee1c9597e36a40e8ba2ca39ae5f3a07a7 --- /dev/null +++ b/docs/en/server/security/trusted_computing/dim.md @@ -0,0 +1,727 @@ +# Dynamic Integrity Measurement (DIM) + +This section describes the DIM feature and its usage. + +## Context + +With the development of the IT industry, information systems are facing an increasing number of security risks. Information systems run a large amount of software, some of which is inevitably vulnerable. Once exploited by attackers, these vulnerabilities could severely damage system services, resulting in data leakage and service unavailability. + +Most software attacks are accompanied by integrity damage, such as malicious process execution, configuration file tampering, and backdoor implantation. Therefore, protection technologies are proposed in the industry. Key data is measured and verified during system startup to ensure that the system can run properly. However, popular integrity protection technologies (such as secure boot and file integrity measurement) cannot protect memory data during process running. If an attacker somehow modifies the instructions of a process, the process may be hijacked or implanted with a backdoor, which is highly destructive and stealthy. To defend against such attacks, the DIM technology is proposed to measure and protect key data in the memory of a running process. + +## Terminology + +Static baseline: baseline measurement data generated by parsing the binary file of the measurement target + +Dynamic baseline: result of the first measurement on the measurement target + +Measurement policy: configuration information for measuring the target + +Measurement log: list of measurement information, including the measurement targets and measurement results + +## Description + +The DIM feature measures key data (such as code sections and data sections) in the memory during program running and compares the measurement result with the baseline value to determine whether the memory data has been tampered with. In this way, DIM can detect attacks and take countermeasures. + +### Function Scope + +- Currently, DIM supports only AArch64 and x86 architectures. +- Currently, DIM supports measurement of the following key memory data: + - Code section of a user-mode process (the section whose attribute is **PT_LOAD** and permission is **RX** in the ELF file, and the virtual memory area whose permission is **RX** after the corresponding process is loaded) + - Kernel module code section, whose start address and length are **core_layout.base** and **core_layout.text_size** respectively in the **struct module** structure corresponding to the kernel module. + - Kernel code section, corresponding to **\_stext** to **\_etext** (Addresses that may change due to the kernel static key mechanism are skipped.) +- DIM can work with the following hardware: + - The measurement result can be extended to the Platform Configuration Register (PCR) of Trusted Platform Module (TPM) 2.0 to connect to the remote attestation service. + +### Technical Limitations + +- For user-mode processes, only mapped code sections of files can be measured. Anonymous code sections cannot be measured. +- Kernel hot patches cannot be measured. +- Measurement can only be triggered proactively. If a file is attacked and recovered during two measurement processes, the attack cannot be identified. +- Proactive modification of code sections, such as relocation of code sections, self-modification, and hot patches, will be identified as attacks. +- For kernel and kernel module measurement, the measurement result when dynamic baseline establishment is triggered is used as the measurement baseline value. The static baseline value only serves as a fixed identifier. +- The measurement target must have been loaded to the memory when dynamic baseline establishment is triggered (for example, process running or kernel module loading). Otherwise, the object cannot be measured. +- If the TPM PCR needs to be used to verify measurement logs, the DIM module cannot be removed. Otherwise, the measurement logs will be cleared and cannot match the PCR. + +> [!NOTE]NOTE +> After DIM is enabled, system performance is affected in the following aspects: + +- Loading the DIM feature and managing baseline data and measurement logs consume system memory. The impact depends on the protection policy configuration. +- Hashing is performed during DIM running, which consumes CPU resources. The impact depends on the size of the data to be measured. +- Resources will be locked and semaphores need to be obtained during DIM running, which may cause other concurrent processes to wait. + +### Specification Constraints + +| Item | Value | +| ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| Maximum size of a policy file, static baseline file, signature file, or certificate file | 10MB | +| Maximum number of tampering measurement logs recorded for a measurement target during multiple measurement periods after a dynamic baseline is established. | 10 | +| Maximum number of measurement policies that can be stored in **/etc/dim/policy** | 10,000 | + +### Architecture Description + +DIM includes the dim_tools and dim software packages, which contain the following components: + +| Software Package | Component | Description | +| --------- | ---------------- | ------------------------------------------------------------ | +| dim_tools | dim_gen_baseline| User-mode component for generating the static baseline, which is required for generating the dynamic measurement. The baseline data is imported when DIM runs.| +| dim | dim_core | Kernel module for executing the core dynamic measurement logic, including policy parsing, static baseline parsing, dynamic baseline establishment, measurement execution, measurement logging, and TPM extension operations, to measure key memory data.| +| dim | dim_monitor | Kernel module for measuring and protecting dim_core code sections and key data to prevent DIM function failures caused by attacks on dim_core. | + +The following figure shows the overall architecture: + +![](./figures/dim_architecture.jpg) + +### Key Procedures + +Both the dim_core and dim_monitor modules provide the memory data measurement function, including the following core processes: + +- Dynamic baseline process: The dim_core module reads and parses the policy and static baseline file, measures the code section of the target process, stores the measurement result as a dynamic baseline in the memory, compares the dynamic baseline data with the static baseline data, and records the comparison result in measurement logs. The dim_monitor module measures the code sections and key data of the dim_core module, uses the data as the dynamic baseline, and records measurement logs. +- Dynamic measurement process: The dim_core and dim_monitor modules measure the target and compare the measurement result with the dynamic baseline. If the measurement result is inconsistent with the dynamic baseline, the dim_core and dim_monitor modules record the result in measurement logs. + +### Interfaces + +#### Interface Files + +| Path | Description | +| ------------------------------- | ------------------------------------------------------------ | +| /etc/dim/policy | Measurement policy file | +| /etc/dim/policy.sig | Measurement policy signature file, which is used to store the signature information of the policy file and is used when the signature verification function is enabled| +| /etc/dim/digest_list/*.hash | Static baseline file, which is used to store measurement baseline values | +| /etc/dim/digest_list/*.hash.sig | Static baseline signature file, which is used to store the signature information of the static baseline file and is used when the signature verification function is enabled| +| /etc/keys/x509_dim.der | Certificate file, which is used to verify the signature information of the policy file and static baseline file and is used when the signature verification function is enabled| +| /sys/kernel/security/dim | DIM file system directory, which is generated after the DIM kernel module is loaded and provides kernel interfaces for operating the DIM function| + +#### File Formats + +1. Measurement policy file format + + The lines, each representing a measurement policy, are in plaintext and are separated by Unix newline (LF) characters. The following configuration formats are supported: + + 1. User-mode process code section measurement + + ```text + measure obj=BPRM_TEXT path= + ``` + + 2. Kernel module code section measurement + + ```text + measure obj=MODULE_TEXT name= + ``` + + 3. Kernel measurement + + ```text + measure obj=KERNEL_TEXT + ``` + + **Example:** + + ```shell + # cat /etc/dim/policy + measure obj=BPRM_TEXT path=/usr/bin/bash + measure obj=BPRM_TEXT path=/usr/lib64/libc.so.6 + measure obj=MODULE_TEXT name=ext4 + measure obj=KERNEL_TEXT + ``` + +2. Static baseline file format + + The lines, each representing a static baseline, are in plaintext and are separated by Unix newline (LF) characters. The following configuration formats are supported: + + 1. User-mode process baseline + + ```text + dim USER sha256:6ae347be2d1ba03bf71d33c888a5c1b95262597fbc8d00ae484040408a605d2b + ``` + + 2. Kernel module baseline + + ```text + dim KERNEL sha256:a18bb578ff0b6043ec5c2b9b4f1c5fa6a70d05f8310a663ba40bb6e898007ac5 / + ``` + + 3. Kernel baseline + + ```text + dim KERNEL sha256:2ce2bc5d65e112ba691c6ab46d622fac1b7dbe45b77106631120dcc5441a3b9a + ``` + + **Example:** + + ```text + dim USER sha256:6ae347be2d1ba03bf71d33c888a5c1b95262597fbc8d00ae484040408a605d2b /usr/bin/bash + dim USER sha256:bc937f83dee4018f56cc823f5dafd0dfedc7b9872aa4568dc6fbe404594dc4d0 /usr/lib64/libc.so.6 + dim KERNEL sha256:a18bb578ff0b6043ec5c2b9b4f1c5fa6a70d05f8310a663ba40bb6e898007ac5 6.4.0-1.0.1.4.oe2309.x86_64/dim_monitor + dim KERNEL sha256:2ce2bc5d65e112ba691c6ab46d622fac1b7dbe45b77106631120dcc5441a3b9a 6.4.0-1.0.1.4.oe2309.x86_64 + ``` + +3. Measurement log format + + The lines, each representing a measurement log, are in plaintext and are separated by Unix newline (LF) characters. The format is as follows: + + ```text + : + ``` + + **Example:** + + 1. The code section of the bash process is measured. The measurement result is consistent with the static baseline. + + ```text + 12 0f384a6d24e121daf06532f808df624d5ffc061e20166976e89a7bb24158eb87 sha256:db032449f9e20ba37e0ec4a506d664f24f496bce95f2ed972419397951a3792e /usr/bin.bash [static baseline] + ``` + + 2. The code section of the bash process is measured. The measurement result is inconsistent with the static baseline. + + ```text + 12 0f384a6d24e121daf06532f808df624d5ffc061e20166976e89a7bb24158eb87 sha256:db032449f9e20ba37e0ec4a506d664f24f496bce95f2ed972419397951a3792e /usr/bin.bash [tampered] + ``` + + 3. The code section of the ext4 kernel module is measured. No static baseline is found. + + ```text + 12 0f384a6d24e121daf06532f808df624d5ffc061e20166976e89a7bb24158eb87 sha256:db032449f9e20ba37e0ec4a506d664f24f496bce95f2ed972419397951a3792e ext4 [no static baseline] + ``` + + 4. dim_monitor measures dim_core and records the measurement result of the baseline. + + ```text + 12 660d594ba050c3ec9a7cdc8cf226c5213c1e6eec50ba3ff51ff76e4273b3335a sha256:bdab94a05cc9f3ad36d29ebbd14aba8f6fd87c22ae580670d18154b684de366c dim_core.text [dynamic baseline] + 12 28a3cefc364c46caffca71e7c88d42cf3735516dec32796e4883edcf1241a7ea sha256:0dfd9656d6ecdadc8ec054a66e9ff0c746d946d67d932cd1cdb69780ccad6fb2 dim_core.data [dynamic baseline] + ``` + +4. Certificate and signature file formats + +The files are in the common format. For details, see [Enabling Signature Verification](#enabling-signature-verification). + +#### Kernel Module Parameters + +1. dim_core parameters + + | Parameter | Description | Value Range | Default Value | + | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | ------------- | + | measure_log_capacity | Maximum number of measurement logs recorded by dim_core. When this value is reached, dim_core stops recording measurement logs. | 100-UINT_MAX (64-bit OS) | 100000 | + | measure_schedule | Scheduling time after a process or module is measured, in milliseconds. The value 0 indicates that measurement is not scheduled. | 0-1000 | 0 | + | measure_interval | Automatic measurement interval, in minutes. The value 0 indicates that automatic measurement is not enabled. | 0-525600 | 0 | + | measure_hash | Measurement hash algorithm | sha256, sm3 | sha256 | + | measure_pcr | The TPM PCR to which the measurement result is extended. The value 0 indicates that the measurement result is not extended. The value must be an actual TPM PCR number. | 0-128 | 0 | + | signature | Whether to enable the policy file and signature verification. The value 0 indicates that they are disabled, and the value 1 indicates that they are enabled. | 0, 1 | 0 | + + **Example:** + + ```shell + insmod /path/to/dim_core.ko measure_log_capacity=10000 measure_schedule=10 measure_pcr=12 + modprobe dim_core measure_log_capacity=10000 measure_schedule=10 measure_pcr=12 + ``` + +2. dim_monitor parameters + + | Parameter | Description | Value Range | Default Value| + | -------------------- | ------------------------------------------------------------ | ------------------------ | ------ | + | measure_log_capacity | Maximum number of measurement logs recorded by dim_monitor. When this value is reached, dim_monitor stops recording measurement logs.| 100-UINT_MAX (64-bit OS)| 100000 | + | measure_hash | Measurement hash algorithm | sha256, sm3 | sha256 | + | measure_pcr | The TPM PCR to which the measurement result is extended. The value 0 indicates that the measurement result is not extended. | 0-128 | 0 | + + **Example:** + + ```shell + insmod /path/to/dim_monitor.ko measure_log_capacity=10000 measure_hash=sm3 + modprobe dim_monitor measure_log_capacity=10000 measure_hash=sm3 + ``` + +#### Kernel Interfaces + +1. dim_core interface + + | Interface | Attribute| Function | Example | + | -------------------------- | ---- | ------------------------------------------------------------ | --------------------------------------------------------- | + | measure | Write-only| Write **1** to trigger dynamic measurement. If the operation is successful, **0** is returned. If the operation fails, an error code is returned. | echo 1 > /sys/kernel/security/dim/measure | + | baseline_init | Write-only| Write **1** to trigger dynamic baseline establishment. If the operation is successful, **0** is returned. If the operation fails, an error code is returned. | echo 1 > /sys/kernel/security/dim/baseline_init | + | ascii_runtime_measurements | Read-only| Read the interface to query measurement logs. | cat /sys/kernel/security/dim/ascii_runtime_measurements | + | runtime_status | Read-only| Read the interface to query the status information. If the operation fails, an error code is returned. | cat /sys/kernel/security/dim/runtime_status | + | interval | Read/Write| Write a numeric string to set the automatic measurement interval (the value range is the same as that of **measure_interval**). Read the interface to query the current automatic measurement interval. If the query fails, an error code is returned.| echo 10 > /sys/kernel/security/dim/interval
cat /sys/kernel/security/dim/interval | + + **dim_core Statuses** + + The possible statuses of dim_core are as follows: + + - DIM_NO_BASELINE: dim_core is loaded but no operation is performed. + - DIM_BASELINE_RUNNING: The dynamic baseline is being established. + - DIM_MEASURE_RUNNING: Dynamic measurement is being performed. + - DIM_PROTECTED: The dynamic baseline has been established and is protected. + - DIM_ERROR: An error occurs during dynamic baseline establishment or dynamic measurement. You need to rectify the error and trigger dynamic baseline establishment or dynamic measurement again. + +2. dim_monitor interfaces + + | Interface | Attribute| Description | Example | + | ---------------------------------- | ---- | ---------------------------------------------- | ------------------------------------------------------------ | + | monitor_run | Write-only| Write **1** to trigger measurement. If the operation is successful, **0** is returned. If the operation fails, an error code is returned.| echo 1 > /sys/kernel/security/dim/monitor_run | + | monitor_baseline | Write-only| Write **1** to trigger baseline establishment. If the operation is successful, **0** is returned. If the operation fails, an error code is returned.| echo 1 > /sys/kernel/security/dim/monitor_baseline | + | monitor_ascii_runtime_measurements | Read-only| Read the interface to query measurement logs. | cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements | + | monitor_status | Read-only| Read the interface to query the status information. If the operation fails, an error code is returned. | cat /sys/kernel/security/dim/monitor_status | + + **dim_monitor Statuses** + + - ready: dim_monitor is loaded but no operation is performed. + - running: The dynamic baseline is being established or dynamic measurement is being performed. + - error: An error occurs during dynamic baseline establishment or dynamic measurement. You need to rectify the error and trigger dynamic baseline establishment or dynamic measurement again. + - protected: The dynamic baseline has been established and is protected. + +#### User-Mode Tool Interface + +See for the details of the `dim_gen_baseline` CLI interface. + +## Usage + +### Installing and Uninstalling DIM + +**Prerequisites**: + +- OS: openEuler 23.09 or later +- Kernel: openEuler kernel 5.10 or 6.4 + +Install dim_tools and dim software packages. The following uses openEuler 23.09 as an example: + +```shell +# yum install -y dim_tools dim +``` + +After the software packages are installed, the DIM kernel components are not loaded by default. You can run the following commands to load or unload them: + +```shell +# modprobe dim_core or insmod /path/to/dim_core.ko +# modprobe dim_monitor or insmod /path/to/dim_monitor.ko +# rmmod dim_monitor +# rmmod dim_core +``` + +After the components are loaded successfully, you can run the following commands to query the components: + +```shell +# lsmod | grep dim_core +dim_core 77824 1 dim_monitor +# lsmod | grep dim_monitor +dim_monitor 36864 0 +``` + +Unload the KO files before uninstalling the RPM package. + +```shell +# rmmod dim_monitor +# rmmod dim_core +# rpm -e dim +``` + +> [!NOTE]NOTE +> dim_monitor must be loaded after dim_core and removed before dim_core. +> You can also install DIM from source. For details, see . + +### Measuring Code Sections of User-Mode Processes + +**Prerequisites**: + +- The dim_core module is loaded successfully. + +- A user-mode resident measurement target program has been prepared. This section uses **/opt/dim/demo/dim_test_demo** as an example. + + ```shell + # /opt/dim/demo/dim_test_demo & + ``` + +**Step 1**: Generate a static baseline for the binary file corresponding to the measurement target process. + +```shell +# mkdir -p /etc/dim/digest_list +# dim_gen_baseline /opt/dim/demo/dim_test_demo -o /etc/dim/digest_list/test.hash +``` + +**Step 2**: Configure a measurement policy. + +```shell +# echo "measure obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo" > /etc/dim/policy +``` + +**Step 3**: Trigger dynamic baseline establishment. + +```shell +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**Step 4**: Query measurement logs. + +```shell +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 e9a79e25f091e03a8b3972b1a0e4ae2ccaed1f5652857fe3b4dc947801a6913e sha256:02e28dff9997e1d81fb806ee5b784fd853eac8812059c4dba7c119c5e5076989 /opt/dim/demo/dim_test_demo [static baseline] +``` + +If the preceding measurement log is displayed, the target process is measured successfully and the measurement result is consistent with the static baseline. + +**Step 5**: Trigger dynamic measurement. + +```shell +# echo 1 > /sys/kernel/security/dim/measure +``` + +After the measurement is complete, you can perform **Step 4** to query the measurement logs. If the measurement result is consistent with the dynamic baseline, the measurement logs are not updated. Otherwise, an exception measurement log is added. If an attacker attempts to tamper with the target program (for example, by modifying and recompiling the code) and restart the target program, for example: + +```shell +# pkill dim_test_demo +# /opt/dim/demo/dim_test_demo & +``` + +Trigger the measurement again and query the measurement logs. You can see a measurement log marked with "tampered." + +```shell +# echo 1 > /sys/kernel/security/dim/measure +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 e9a79e25f091e03a8b3972b1a0e4ae2ccaed1f5652857fe3b4dc947801a6913e sha256:02e28dff9997e1d81fb806ee5b784fd853eac8812059c4dba7c119c5e5076989 /opt/dim/demo/dim_test_demo [static baseline] +0 08a2f6f2922ad3d1cf376ae05cf0cc507c2f5a1c605adf445506bc84826531d6 sha256:855ec9a890ff22034f7e13b78c2089e28e8d217491665b39203b50ab47b111c8 /opt/dim/demo/dim_test_demo [tampered] +``` + +### Measuring Code Sections of Kernel Modules + +**Prerequisites**: + +- The dim_core module is loaded successfully. + +- A measurement target kernel module has been prepared. This section uses dim_test_module as an example, whose path is **/opt/dim/demo/dim_test_module.ko**. + + ```shell + # insmod /opt/dim/demo/dim_test_module.ko + ``` + +> [!NOTE]NOTE +> The kernel version of the environment where the module is compiled must be the same as the current kernel version. Run the following command to confirm: +> +> ```shell +> # modinfo dim_monitor.ko | grep vermagic | grep "$(uname -r)" +> vermagic: 6.4.0-1.0.1.4.oe2309.x86_64 SMP preempt mod_unload modversions +> ``` + +The first field of the vermagic kernel module information must be the same as the current kernel version. + +**Step 1**: Generate a static baseline for the measurement target kernel module. + +```shell +# mkdir -p /etc/dim/digest_list +# dim_gen_baseline /opt/dim/demo/dim_test_module.ko -o /etc/dim/digest_list/test.hash +``` + +**Step 2**: Configure a measurement policy. + +```shell +# echo "measure obj=MODULE_TEXT name=dim_test_module" > /etc/dim/policy +``` + +**Step 3**: Trigger dynamic baseline establishment. + +```shell +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**Step 4**: Query measurement logs. + +```shell +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 9603a9d5f87851c8eb7d2619f7abbe28cb8a91f9c83f5ea59f036794e23d1558 sha256:9da4bccc7ae1b709deab8f583b244822d52f3552c93f70534932ae21fac931c6 dim_test_module [static baseline] +``` + +The preceding measurement log indicates that dim_test_module is successfully measured and the current measurement result is used as the baseline value for subsequent measurement. The hash value in the measurement log is not the actual measurement value. + +**Step 5**: Trigger dynamic measurement. + +```shell +echo 1 > /sys/kernel/security/dim/measure +``` + +After the measurement is complete, you can perform **Step 4** to query the measurement logs. If the measurement result is consistent with the dynamic baseline, the measurement logs are not updated. Otherwise, an exception measurement log is added. If an attacker attempts to tamper with the target kernel module (for example, by modifying and recompiling the code) and reload the module, for example: + +```shell +rmmod dim_test_module +insmod /opt/dim/demo/dim_test_module.ko +``` + +Trigger the measurement again and query the measurement logs. You can see a measurement log marked with "tampered." + +```shell +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 9603a9d5f87851c8eb7d2619f7abbe28cb8a91f9c83f5ea59f036794e23d1558 sha256:9da4bccc7ae1b709deab8f583b244822d52f3552c93f70534932ae21fac931c6 dim_test_module [static baseline] +0 6205915fe63a7042788c919d4f0ff04cc5170647d7053a1fe67f6c0943cd1f40 sha256:4cb77370787323140cb572a789703be1a4168359716a01bf745aa05de68a14e3 dim_test_module [tampered] +``` + +### Measuring Code Sections of the Kernel + +**Prerequisites**: + +- The dim_core module is loaded successfully. + +**Step 1**: generate a static baseline for the kernel. + +```shell +# mkdir -p /etc/dim/digest_list +# dim_gen_baseline -k "$(uname -r)" -o /etc/dim/digest_list/test.hash /boot/vmlinuz-6.4.0-1.0.1.4.oe2309.x86_64 +``` + +> [!NOTE]NOTE +> The file name **/boot/vmlinuz-6.4.0-1.0.1.4.oe2309.x86_64** is used as an example. + +**Step 2**: Configure a DIM policy. + +```shell +# echo "measure obj=KERNEL_TEXT" > /etc/dim/policy +``` + +**Step 3**: Trigger dynamic baseline establishment. + +```shell +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**Step 4**: Query measurement logs. + +```shell +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 ef82c39d767dece1f5c52b31d1e8c7d55541bae68a97542dda61b0c0c01af4d2 sha256:5f1586e95b102cd9b9f7df3585fe13a1306cbd464f2ebe47a51ad34128f5d0af 6.4.0-1.0.1.4.oe2309.x86_64 [static baseline] +``` + +The preceding measurement log indicates that the kernel is successfully measured and the current measurement result is used as the baseline value for subsequent measurement. The hash value in the measurement log is not the actual measurement value. + +**Step 5**: Trigger dynamic measurement. + +```shell +# echo 1 > /sys/kernel/security/dim/measure +``` + +After the measurement is complete, you can perform **Step 4** to query the measurement logs. If the measurement result is consistent with the dynamic baseline, the measurement logs are not updated. Otherwise, an exception measurement log is added. + +### Measuring the dim_core Module + +**Prerequisites**: + +- The dim_core and dim_monitor modules are loaded successfully. +- The measurement policy has been configured. + +**Step 1**: Trigger dynamic baseline establishment for dim_core. + +```shell +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**Step2**: Trigger dynamic baseline establishment for dim_monitor. + +```shell +# echo 1 > /sys/kernel/security/dim/monitor_baseline +``` + +**Step 3**: Query dim_monitor measurement logs. + +```shell +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +0 c1b0d9909ddb00633fc6bbe7e457b46b57e165166b8422e81014bdd3e6862899 sha256:35494ed41109ebc9bf9bf7b1c190b7e890e2f7ce62ca1920397cd2c02a057796 dim_core.text [dynamic baseline] +0 9be7121cd2c215d454db2a8aead36b03d2ed94fad0fbaacfbca83d57a410674f sha256:f35d20aae19ada5e633d2fde6e93133c3b6ae9f494ef354ebe5b162398e4d7fa dim_core.data [dynamic baseline] +``` + +The preceding measurement log indicates that dim_core is successfully measured and the current measurement result is used as the baseline value for subsequent measurement. +> [!NOTE]NOTE +> If you skip dynamic baseline establishment and directly perform measurement, "tampered" is displayed in the log. + +**Step 4**: Trigger dynamic measurement of dim_monitor. + +```shell +# echo 1 > /sys/kernel/security/dim/monitor_run +``` + +If the measurement result is consistent with the dynamic baseline, the measurement logs are not updated. Otherwise, an exception measurement log is added. If dynamic baseline establishment for dim_core is triggered again after the policy is modified, the measurement target changes, and the baseline data managed by dim_core also changes. As a result, the dim_monitor measurement result changes. + +```shell +# echo "measure obj=BPRM_TEXT path=/usr/bin/bash" > /etc/dim/policy +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +Trigger the measurement of dim_monitor again and query the measurement logs. You can see a measurement log marked with "tampered." + +```shell +# echo 1 > /sys/kernel/security/dim/monitor_run +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +0 c1b0d9909ddb00633fc6bbe7e457b46b57e165166b8422e81014bdd3e6862899 sha256:35494ed41109ebc9bf9bf7b1c190b7e890e2f7ce62ca1920397cd2c02a057796 dim_core.text [dynamic baseline] +0 9be7121cd2c215d454db2a8aead36b03d2ed94fad0fbaacfbca83d57a410674f sha256:f35d20aae19ada5e633d2fde6e93133c3b6ae9f494ef354ebe5b162398e4d7fa dim_core.data [dynamic baseline] +0 6a60d78230954aba2e6ea6a6b20a7b803d7adb405acbb49b297c003366cfec0d sha256:449ba11b0bfc6146d4479edea2b691aa37c0c025a733e167fd97e77bbb4b9dab dim_core.data [tampered] +``` + +### Extending to the TPM PCR + +**Prerequisites**: + +- The TPM 2.0 has been installed in the system. After the following command is executed, the command output is not empty: + + ```shell + # ls /dev/tpm* + /dev/tpm0 /dev/tpmrm0 + ``` + +- The tpm2-tools software package has been installed in the system. After the following command is executed, the command output is not empty: + + ```shell + # rpm -qa tpm2-tools + ``` + +- The measurement policy and static baseline have been configured. + +**Step 1**: Load the dim_core and dim_monitor modules and set the numbers of the PCRs to which the measurement results are extended. In this example, PCR 12 is specified for the dim_core measurement result, and PCR 13 is specified for the dim_monitor measurement result. + +```shell +# modprobe dim_core measure_pcr=12 +# modprobe dim_monitor measure_pcr=13 +``` + +**Step 2**: Trigger baseline establishment for dim_core and dim_monitor. + +```shell +# echo 1 > /sys/kernel/security/dim/baseline_init +# echo 1 > /sys/kernel/security/dim/monitor_baseline +``` + +**Step 3**: Check the measurement logs. Each log is marked with the corresponding TPM PCR number. + +```shell +# cat /sys/kernel/security/dim/ascii_runtime_measurements +12 2649c414d1f9fcac1c8d0df8ae7b1c18b5ea10a162b957839bdb8f8415ec6146 sha256:83110ce600e744982d3676202576d8b94cea016a088f99617767ddbd66da1164 /usr/lib/systemd/systemd [static baseline] +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +13 72ee3061d5a80eb8547cd80c73a80c3a8dc3b3e9f7e5baa10f709350b3058063 sha256:5562ed25fcdf557efe8077e231399bcfbcf0160d726201ac8edf7a2ca7c55ad0 dim_core.text [dynamic baseline] +13 8ba44d557a9855c03bc243a8ba2d553347a52c1a322ea9cf8d3d1e0c8f0e2656 sha256:5279eadc235d80bf66ba652b5d0a2c7afd253ebaf1d03e6e24b87b7f7e94fa02 dim_core.data [dynamic baseline] +``` + +**Step 4**: Check the TPM PCRs. Extended values have been written to the corresponding PCRs. + +```shell +# tpm2_pcrread sha256 | grep "12:" + 12: 0xF358AC6F815BB29D53356DA2B4578B4EE26EB9274E553689094208E444D5D9A2 +# tpm2_pcrread sha256 | grep "13:" + 13: 0xBFB9FF69493DEF9C50E52E38B332BDA8DE9C53E90FB96D14CD299E756205F8EA +``` + +### Enabling Signature Verification + +**Prerequisites**: + +- A public key certificate and a signature private key have been prepared. The signature algorithm is RSA, the hash algorithm is sha256, and the certificate format is DER. You can also run the following commands to generate the files: + + ```shell + # openssl genrsa -out dim.key 4096 + # openssl req -new -sha256 -key dim.key -out dim.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=DIM Test" + # openssl x509 -req -days 3650 -signkey dim.key -in dim.csr -out dim.crt + # openssl x509 -in dim.crt -out dim.der -outform DER + ``` + +- The measurement policy has been configured. + +**Step 1**: Save the DER certificate as **/etc/keys/x509_dim.der**. + +```shell +# mkdir -p /etc/keys +# cp dim.der /etc/keys/x509_dim.der +``` + +**Step 2**: Sign the policy file and static baseline file. The signature file name must be the original file name suffixed with **.sig**. + +```shell +# openssl dgst -sha256 -out /etc/dim/policy.sig -sign dim.key /etc/dim/policy +# openssl dgst -sha256 -out /etc/dim/digest_list/test.hash.sig -sign dim.key /etc/dim/digest_list/test.hash +``` + +**Step 3**: Load the dim_core module and enable the signature verification function. + +```shell +modprobe dim_core signature=1 +``` + +Now, the policy file and static baseline file can be loaded only after they pass the signature verification. +The baseline establishment will fail if it is triggered after the policy file is modified: + +```shell +# echo "" >> /etc/dim/policy +# echo 1 > /sys/kernel/security/dim/baseline_init +-bash: echo: write error: Key was rejected by service +``` + +> [!NOTE]NOTE +> If the signature verification of a static baseline file fails, dim_core skips the parsing of the file without causing a baseline establishment failure. + +### Configuring Measurement Algorithms + +**Prerequisites**: + +- The measurement policy has been configured. + +**Step 1**: Load the dim_core and dim_monitor modules and configure the measurement algorithm. The following uses the SM3 algorithm as an example. + +```shell +# modprobe dim_core measure_hash=sm3 +# modprobe dim_monitor measure_hash=sm3 +``` + +**Step 2**: Configure a policy that establishes a static baseline of the SM3 algorithm for the measurement target program. + +```shell +# echo "measure obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo" > /etc/dim/policy +# dim_gen_baseline -a sm3 /opt/dim/demo/dim_test_demo -o /etc/dim/digest_list/test.hash +``` + +**Step 3**: Trigger baseline establishment. + +```shell +# echo 1 > /sys/kernel/security/dim/baseline_init +# echo 1 > /sys/kernel/security/dim/monitor_baseline +``` + +**Step 4**: Check the measurement logs. Each log is marked with the corresponding hash algorithm. + +```shell +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 585a64feea8dd1ec415d4e67c33633b97abb9f88e6732c8a039064351d24eed6 sm3:ca84504c02bef360ec77f3280552c006ce387ebb09b49b316d1a0b7f43039142 /opt/dim/demo/dim_test_demo [static baseline] +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +0 e6a40553499d4cbf0501f32cabcad8d872416ca12855a389215b2509af76e60b sm3:47a1dae98182e9d7fa489671f20c3542e0e154d3ce941440cdd4a1e4eee8f39f dim_core.text [dynamic baseline] +0 2c862bb477b342e9ac7d4dd03b6e6705c19e0835efc15da38aafba110b41b3d1 sm3:a4d31d5f4d5f08458717b520941c2aefa0b72dc8640a33ee30c26a9dab74eae9 dim_core.data [dynamic baseline] +``` + +### Configuring Automatic Measurement + +**Prerequisites**: + +- The measurement policy has been configured. + +**Method 1**: Load the dim_core module and set the automatic measurement interval to 1 minute. + +```shell +modprobe dim_core measure_interval=1 +``` + +After the module is loaded, dynamic baseline establishment is automatically triggered. Then, dynamic measurement is triggered every minute. + +> [!NOTE]NOTE +> In this case, do not configure the measurement policy for dim_core to measure its own code sections. Otherwise, false alarms may occur. +> In addition, you need to configure **/etc/dim/policy** in advance. Otherwise, the module fails to be loaded when **measure_interval** is set to **1**. + +**Method 2**: After the dim_core module is loaded, you can configure the measurement interval through the kernel module interface. In the following example, the measurement interval is set to 1 minute. + +```shell +modprobe dim_core +echo 1 > /sys/kernel/security/dim/interval +``` + +In this case, the measurement is not triggered immediately. One minute later, dynamic baseline establishment, or dynamic measurement, is triggered. Subsequently, dynamic measurement is triggered every minute. + +### Configuring the Measurement Scheduling Time + +**Prerequisites**: + +- The measurement policy has been configured. + +Load the dim_core module and set the measurement scheduling time to 10 ms. + +```shell +modprobe dim_core measure_schedule=10 +``` + +When the dynamic baseline establishment or dynamic measurement is triggered, dim_core schedules the CPU to release 10 ms each time a process is measured. diff --git a/docs/en/server/security/trusted_computing/figures/1665628542704.png b/docs/en/server/security/trusted_computing/figures/1665628542704.png new file mode 100644 index 0000000000000000000000000000000000000000..58907e0ed31c79b260be80480d4fd4c27e4e2e24 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/1665628542704.png differ diff --git a/docs/en/server/security/trusted_computing/figures/AT_CHECK_Process.png b/docs/en/server/security/trusted_computing/figures/AT_CHECK_Process.png new file mode 100644 index 0000000000000000000000000000000000000000..f32d5af3a31c740febf1a4783a1dd0daafacb0df Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/AT_CHECK_Process.png differ diff --git a/docs/en/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/en/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png differ diff --git a/docs/en/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/en/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png differ diff --git a/docs/en/server/security/trusted_computing/figures/PostgreSql_architecture.png b/docs/en/server/security/trusted_computing/figures/PostgreSql_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..f780ad9cb56378e7baa3497da68ca1610a6dfadb Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/PostgreSql_architecture.png differ diff --git a/docs/en/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/en/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png new file mode 100644 index 0000000000000000000000000000000000000000..c8f54fe96648f0c012462073a8cd118fd552483c Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png differ diff --git a/docs/en/server/security/trusted_computing/figures/RA-arch-1.png b/docs/en/server/security/trusted_computing/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0ad1375a27cd61abf9f06518dbe1c01554623efd Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/RA-arch-1.png differ diff --git a/docs/en/server/security/trusted_computing/figures/RA-arch-2.png b/docs/en/server/security/trusted_computing/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..19c7a1ee60422eb13d8a300514f78a63d1640394 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/RA-arch-2.png differ diff --git a/docs/en/server/security/trusted_computing/figures/TPCM.png b/docs/en/server/security/trusted_computing/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..50882fb08433ee3ce187b3846bd6ec4a9f6d6818 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/TPCM.png differ diff --git a/docs/en/server/security/trusted_computing/figures/creat_datadisk.png b/docs/en/server/security/trusted_computing/figures/creat_datadisk.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/creat_datadisk.png differ diff --git a/docs/en/server/security/trusted_computing/figures/creat_datadisk1.png b/docs/en/server/security/trusted_computing/figures/creat_datadisk1.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/creat_datadisk1.png differ diff --git a/docs/en/server/security/trusted_computing/figures/dim_architecture.jpg b/docs/en/server/security/trusted_computing/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b0561e749098f906f1eeef06366569941602a1ca Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/dim_architecture.jpg differ diff --git a/docs/en/server/security/trusted_computing/figures/etmem-system-architecture.png b/docs/en/server/security/trusted_computing/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/etmem-system-architecture.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima-modsig.png b/docs/en/server/security/trusted_computing/figures/ima-modsig.png new file mode 100644 index 0000000000000000000000000000000000000000..c3e54e27b6ce30bd21e97908b6168a73f318c117 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima-modsig.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_digest_list_flow.png b/docs/en/server/security/trusted_computing/figures/ima_digest_list_flow.png new file mode 100644 index 0000000000000000000000000000000000000000..11711ca21c6b327c3d347ad4c389d037a6c2c6ae Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_digest_list_flow.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_digest_list_pkg.png b/docs/en/server/security/trusted_computing/figures/ima_digest_list_pkg.png new file mode 100644 index 0000000000000000000000000000000000000000..8a2128add583d3c25ee5f281bb882c94f23b97c7 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_digest_list_pkg.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_digest_list_update.png b/docs/en/server/security/trusted_computing/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_digest_list_update.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_performance.gif b/docs/en/server/security/trusted_computing/figures/ima_performance.gif new file mode 100644 index 0000000000000000000000000000000000000000..72fad8a8333f7357c64a160c1d1c174c31201eaa Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_performance.gif differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_priv_key.png b/docs/en/server/security/trusted_computing/figures/ima_priv_key.png new file mode 100644 index 0000000000000000000000000000000000000000..c939b8e2e8bcd30869f938161ea1edbccd9c89c4 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_priv_key.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_rpm.png b/docs/en/server/security/trusted_computing/figures/ima_rpm.png new file mode 100644 index 0000000000000000000000000000000000000000..6c4b620ded02ee96357eb587890555af5a319e51 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_rpm.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_secure_boot.png b/docs/en/server/security/trusted_computing/figures/ima_secure_boot.png new file mode 100644 index 0000000000000000000000000000000000000000..85b959ff1da0f4bcf919f6fea712a0c053f7ad01 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_secure_boot.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_sig_verify.png b/docs/en/server/security/trusted_computing/figures/ima_sig_verify.png new file mode 100644 index 0000000000000000000000000000000000000000..e0d7ff55ab93dca65763881ba4ff136b85521123 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_sig_verify.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_tpm.png b/docs/en/server/security/trusted_computing/figures/ima_tpm.png new file mode 100644 index 0000000000000000000000000000000000000000..931440ebdb8a8c993a2f9ef331b214b40d8f9535 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_tpm.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_trusted_measurement.png b/docs/en/server/security/trusted_computing/figures/ima_trusted_measurement.png new file mode 100644 index 0000000000000000000000000000000000000000..e64224fdf4b99429aeabb87947de2c9f23f1df14 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_trusted_measurement.png differ diff --git a/docs/en/server/security/trusted_computing/figures/ima_verification.png b/docs/en/server/security/trusted_computing/figures/ima_verification.png new file mode 100644 index 0000000000000000000000000000000000000000..d022b9d4ea08d4af386c7b76ca28115ad90e5451 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/ima_verification.png differ diff --git a/docs/en/server/security/trusted_computing/figures/logical_architectureofMariaDB.png b/docs/en/server/security/trusted_computing/figures/logical_architectureofMariaDB.png new file mode 100644 index 0000000000000000000000000000000000000000..8caa189a6fbf37bf4e9fd863c2ebb24e25547789 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/logical_architectureofMariaDB.png differ diff --git a/docs/en/server/security/trusted_computing/figures/login.png b/docs/en/server/security/trusted_computing/figures/login.png new file mode 100644 index 0000000000000000000000000000000000000000..d15c2cad98fba16320d587f3c7b0c80f435c5d3a Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/login.png differ diff --git a/docs/en/server/security/trusted_computing/figures/nginx_deployed_success.png b/docs/en/server/security/trusted_computing/figures/nginx_deployed_success.png new file mode 100644 index 0000000000000000000000000000000000000000..9ffb2c142defbd690e5407659116bf8e5582ba73 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/nginx_deployed_success.png differ diff --git a/docs/en/server/security/trusted_computing/figures/nginx_start_failed.png b/docs/en/server/security/trusted_computing/figures/nginx_start_failed.png new file mode 100644 index 0000000000000000000000000000000000000000..c8b855453433796265de42d7ffd0189c7ff9be2b Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/nginx_start_failed.png differ diff --git a/docs/en/server/security/trusted_computing/figures/nginx_start_success.png b/docs/en/server/security/trusted_computing/figures/nginx_start_success.png new file mode 100644 index 0000000000000000000000000000000000000000..bc6929772fd98fac3494b4436f26910b09818cb7 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/nginx_start_success.png differ diff --git a/docs/en/server/security/trusted_computing/figures/postgres.png b/docs/en/server/security/trusted_computing/figures/postgres.png new file mode 100644 index 0000000000000000000000000000000000000000..e7fc36882718587ec949133fe9892185cb4c2158 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/postgres.png differ diff --git a/docs/en/server/security/trusted_computing/figures/root_of_trust_framework.png b/docs/en/server/security/trusted_computing/figures/root_of_trust_framework.png new file mode 100644 index 0000000000000000000000000000000000000000..354b40fa4c4f0ed6f7312e0ce3848ed42155732e Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/root_of_trust_framework.png differ diff --git a/docs/en/server/security/trusted_computing/figures/top_display.png b/docs/en/server/security/trusted_computing/figures/top_display.png new file mode 100644 index 0000000000000000000000000000000000000000..2d77d3dc2934763b5da896a827b9805da34d1c09 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/top_display.png differ diff --git a/docs/en/server/security/trusted_computing/figures/trusted_chain.png b/docs/en/server/security/trusted_computing/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/trusted_chain.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0229622729.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0229622729.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0229622729.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0229622789.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0229622789.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0229622789.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0230050789.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0230050789.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143176.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143176.png new file mode 100644 index 0000000000000000000000000000000000000000..300165189e6d3e8fa356f3d463cfc627c2ece0e2 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143176.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143177.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143177.png new file mode 100644 index 0000000000000000000000000000000000000000..ccafce4b0c58a4da0a9f7aece335ede24e5030c0 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143177.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143178.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143178.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143178.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143180.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143180.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143180.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143181.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143181.png new file mode 100644 index 0000000000000000000000000000000000000000..d3698e6c0e021a56be46b9f4944c858a425eb66c Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143181.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143183.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143183.png new file mode 100644 index 0000000000000000000000000000000000000000..55ffdfa2616ee259543c1539e46c3e05f9335354 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143183.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143185.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143185.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143185.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143187.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143187.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143187.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143189.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143189.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143191.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143191.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143193.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143193.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143195.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143195.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143196.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143196.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143197.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143197.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143198.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231143198.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563132.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563132.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563134.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563134.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563135.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563135.png differ diff --git a/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563136.png b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/en/server/security/trusted_computing/figures/zh-cn_image_0231563136.png differ diff --git a/docs/en/server/security/trusted_computing/ima.md b/docs/en/server/security/trusted_computing/ima.md new file mode 100644 index 0000000000000000000000000000000000000000..b466ba105977c49b575566e4b108502df9560c9f --- /dev/null +++ b/docs/en/server/security/trusted_computing/ima.md @@ -0,0 +1,1161 @@ +# Kernel Integrity Measurement Architecture (IMA) + +## Overview + +### Introduction to IMA + +IMA is a kernel subsystem that measures files accessed through system calls like `execve()`, `mmap()`, and `open()` based on custom policies. These measurements can be used for **local or remote attestation** or compared against reference values to **control file access**. + +IMA operates in two main modes: + +- Measurement: This mode observes the integrity of files. When protected files are accessed, measurement records are added to the measurement log in kernel memory. If the system has a Trusted Platform Module (TPM), the measurement digest can also be extended into the TPM platform configuration registers (PCRs) to ensure the integrity of the measurement data. This mode does not restrict file access but provides recorded file information to upper-layer applications for remote attestation. +- Appraisal: This mode verifies file integrity, preventing access to unknown or tampered files. It uses cryptographic methods like hashes, signatures, and hash-based message authentication codes (HMACs) to validate file contents. If verification fails, the file is inaccessible to any process. This feature enhances system resilience by isolating compromised files and preventing further damage during an attack. + +In summary, the measurement mode acts as a passive observer, while the appraisal mode enforces strict access control, blocking any file that fails integrity checks. + +### Introduction to EVM + +EVM, or Extended Verification Module, builds on IMA capabilities. While IMA protects file contents, EVM extends this protection to file attributes such as `uid`, `security.ima`, and `security.selinux`. + +### Introduction to IMA Digest Lists + +IMA digest lists enhance the native integrity protection mechanism of the kernel in openEuler, addressing key limitations of the native IMA/EVM mechanism: + +**File access performance degradation due to extension to TPM** + +In IMA measurement mode, each measurement requires accessing the TPM. Since the TPM operates at low speeds, typically using the Serial Peripheral Interface (SPI) protocol with clock frequencies in the tens of MHz, system call performance suffers. + +![](./figures/ima_tpm.png) + +**File access performance degradation due to asymmetric operations** + +In IMA appraisal mode, immutable files are protected using a signature mechanism. Each file verification requires signature validation, and the complexity of asymmetric operations further degrades system call performance. + +![](./figures/ima_sig_verify.png) + +**Decreased efficiency and security from complex deployment** + +In IMA appraisal mode, deployment requires the system to first enter fix mode to mark IMA/EVM extended attributes, then switch to appraisal mode for startup. Additionally, upgrading protected files necessitates rebooting into fix mode to update files and extended attributes. This process reduces deployment efficiency and exposes keys in the runtime environment, compromising security. + +![](./figures/ima_priv_key.png) + +IMA digest lists address these issues by managing baseline digest values for multiple files through a single hash list file. This file consolidates the baseline digest values of files (such as all executables in a software package) for centralized management. The baseline digest values can include file content digests (for IMA mode) and file extended attribute digests (for EVM mode). This consolidated file is the IMA digest list file. + +![](./figures/ima_digest_list_pkg.png) + +When the IMA digest list feature is enabled, the kernel maintains a hash allowlist pool to store digest values from imported IMA digest list files. It also provides interfaces via securityfs for importing, deleting, and querying these files. + +In measurement mode, imported digest list files must undergo measurement and extension to TPM before being added to the allowlist pool. If the digest value of a target file matches the allowlist pool, no additional measurement logging or extension to TPM is required. In appraisal mode, imported digest list files must pass signature verification before being added to the allowlist pool. The digest value of the accessed target file is then matched against the allowlist pool to determine the appraisal result. + +![](./figures/ima_digest_list_flow.png) + +Compared to the native Linux IMA/EVM mechanism, the IMA digest list extension enhances security, performance, and usability for better practical implementation: + +- Security: IMA digest lists are distributed with software packages. During installation, digest lists are imported simultaneously, ensuring baseline values originate from the software distributor (like the openEuler community). This eliminates the need to generate baseline values in the runtime environment, establishing a complete trust chain. +- Performance: The IMA digest list mechanism operates on a per-digest-list basis, reducing TPM access and asymmetric operation frequency to 1/n (where n is the average number of file hashes managed by a single digest list). This improves system call and boot performance. +- Usability: The IMA digest list mechanism supports out-of-the-box functionality, allowing the system to enter appraisal mode immediately after installation. It also enables software package installation and upgrades in appraisal mode without requiring fix mode for file marking, facilitating rapid deployment and seamless updates. + +It is worth noting that, unlike the native IMA/EVM, the IMA digest list stores baseline values for measurement/appraisal in kernel memory. This assumes that kernel memory cannot be tampered with by unauthorized entities. Therefore, the IMA digest list relies on additional security mechanisms (including kernel module secure boot and runtime memory measurement) to safeguard kernel memory integrity. + +However, both the native IMA mechanism and the IMA digest list extension are only components of the system security chain. Neither can independently ensure system security. Security is inherently a systematic, defense-in-depth engineering effort. + +## Interface Description + +### Kernel Boot Parameters + +The openEuler IMA/EVM mechanism provides the following kernel boot parameters. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterValueFunction
ima_appraiseenforce-evmEnable IMA appraisal enforce mode (EVM enabled).
log-evmEnable IMA appraisal log mode (EVM enabled).
enforceEnable IMA appraisal enforce mode.
logEnable IMA appraisal log mode.
offDisable IMA appraisal.
ima_appraise_digest_listdigestEnable IMA+EVM appraisal based on digest lists (comparing file content and extended attributes).
digest-nometadataEnable IMA appraisal based on digest lists (comparing file content only).
evmx509Enable portable signature-based EVM directly (regardless of EVM certificate loading)
completePrevent modification of EVM mode via securityfs after boot.
allow_metadata_writesAllow file metadata modifications without EVM interception.
ima_hashsha256/sha1/...Specify the IMA measurement hash algorithm.
ima_templateimaSpecify the IMA measurement template (d or n).
ima-ngSpecify the IMA measurement template (d-ng or n-ng), default template.
ima-sigSpecify the IMA measurement template (d-ng, n-ng, or sig).
ima_policyexec_tcbMeasure all files accessed via execution or mapping, including loaded kernel modules, firmware, and kernel files.
tcbExtend exec_tcb policy to measure files accessed with uid=0 or euid=0.
secure_bootAppraise all loaded kernel modules, firmware, and kernel files, using IMA signature mode.
appraise_exec_tcbExtend secure_boot policy to appraise all files accessed via execution or mapping.
appraise_tcbAppraise all files owned by uid=0.
appraise_exec_immutableUsed with the appraise_exec_tcb policy, making executable file extended attributes immutable.
ima_digest_list_pcr10Extend IMA measurement results based on digest list in PCR 10, disable native IMA measurement.
11Extend IMA measurement results based on digest list in PCR 11, disable native IMA measurement.
+11Extend IMA measurement results based on digest list in PCR 11, extend native IMA measurement results in PCR 10.
ima_digest_db_sizenn[M]Set kernel digest list size limit (0 to 64 MB), defaulting to 16 MB if not configured. ("Not configured" means to omit the parameter, not leaving the value cannot blank like ima_digest_db_size=.)
ima_capacity-1 to 2147483647Set the kernel measurement log entry limit, defaulting to 100,000. -1 means no limit.
initramtmpfsNoneSupport tmpfs in initrd to carry file extended attributes.
+ +Based on user scenarios, the following parameter combinations are recommended: + +**(1) Native IMA measurement** + +```ini +# Native IMA measurement + custom policy +# No configuration required. This is enabled by default. +# Native IMA measurement + TCB default policy +ima_policy="tcb" +``` + +**(2) IMA measurement based on digest list** + +```ini +# Digest list IMA measurement + custom policy +ima_digest_list_pcr=11 ima_template=ima-ng initramtmpfs +# Digest list IMA measurement + default policy +ima_digest_list_pcr=11 ima_template=ima-ng ima_policy="exec_tcb" initramtmpfs +``` + +**(3) IMA appraisal based on digest list, protecting file content only** + +```ini +# IMA appraisal + log mode +ima_appraise=log ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs +# IMA appraisal + enforce mode +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs +``` + +**(4) IMA appraisal based on digest list, protecting file content and extended attributes** + +```ini +# IMA appraisal + log mode +ima_appraise=log-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete +# IMA appraisal + enforce mode +ima_appraise=enforce-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete +``` + +> ![](./public_sys-resources/icon-note.gif) **Note:** +> All four parameter sets above can be used individually, but only digest list-based measurement and appraisal modes can be combined, such as (2) with (3) or (2) with (4). + +### securityfs Interface Description + +The securityfs interfaces provided by openEuler IMA are located in the **/sys/kernel/security** directory. Below are the interface names and their descriptions. + +| Path | Permissions | Description | +| :----------------------------- | :---------- | :---------------------------------------------------------------------- | +| ima/policy | 600 | Display or import IMA policies. | +| ima/ascii_runtime_measurement | 440 | Display IMA measurement logs in ASCII format. | +| ima/binary_runtime_measurement | 440 | Display IMA measurement logs in binary format. | +| ima/runtime_measurement_count | 440 | Display the count of IMA measurement log entries. | +| ima/violations | 440 | Display the number of abnormal IMA measurement logs. | +| ima/digests_count | 440 | Display the total number of digests in the system hash table (IMA+EVM). | +| ima/digest_list_data | 200 | Add digest lists. | +| ima/digest_list_data_del | 200 | Delete digest lists. | +| evm | 660 | Query or set EVM mode. | + +The **/sys/kernel/security/evm** interface supports the following values: + +- `0`: EVM is not initialized. +- `1`: Use HMAC (symmetric encryption) to verify extended attribute integrity. +- `2`: Use public key signature verification (asymmetric encryption) to verify extended attribute integrity. +- `6`: Disable extended attribute integrity verification. + +### Digest List Management Tool Description + +The digest-list-tools package includes tools for generating and managing IMA digest list files. The primary CLI tools are as follows. + +#### gen_digest_lists + +The `gen_digest_lists` tool allows users to generate digest lists. The command options are defined below. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionValueFunction
-d<path>Specify the directory to store the generated digest list files. The directory must be valid.
-fcompactSpecify the format of the generated digest list files. Currently, only the compact format is supported.
-i<option arg>:<option value>Define the target file range for generating digest lists. Specific parameters are listed below.
I:<path>Specify the absolute path of files for which digest lists will be generated. If a directory is specified, recursive generation is performed.
E:<path>Specify paths or directories to exclude.
F:<path>Specify paths or directories to generate digest lists for all files under them (ignores the filtering effect of e: when combined with e:).
e:Generate digest lists only for executable files.
l:policyMatch file security contexts from the SELinux policy instead of reading them directly from file extended attributes.
i:Include the file digest value in the calculated extended attribute information when generating metadata-type digest lists (required).
M:Allow explicit specification of file extended attribute information (requires use with the rpmbuild command).
u:Use the list file name specified by the L: parameter as the name of the generated digest list file (requires use with the rpmbuild command).
L:<path>Specify the path to the list file, which contains the information data required to generate digest lists (requires use with the rpmbuild command).
-oaddSpecify the operation for generating digest lists. Currently, only the add operation is supported, which adds the digest list to the file.
-p-1Specify the position in the file where the digest list will be written. Currently, only -1 is supported.
-tfileGenerate digest lists only for file content.
metadataGenerate digest lists for both file content and extended attributes.
-TN/AIf this option is not used, digest list files are generated. Otherwise, TLV digest list files are generated.
-A<path>Specify the relative root directory to truncate the file path prefix for path matching and SELinux label matching.
-mimmutableSpecify the modifiers attribute for the generated digest list files. Currently, only immutable is supported. In enforce/enforce-evm mode, digest lists can only be opened in read-only mode.
-hN/APrint help information.
+ +**Usage examples** + +- Scenario 1: Generate a digest list/TLV digest list for a single file. + + ```shell + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -d ./ -i i: + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -d ./ -i i: -T + ``` + +- Scenario 2: Generate a digest list/TLV digest list for a single file and specify a relative root directory. + + ```shell + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -A /usr/ -d ./ -i i: + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -A /usr/ -d ./ -i i: -T + ``` + +- Scenario 3: Recursively generate a digest list/TLV digest list for files in a directory. + + ```shell + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: -T + ``` + +- Scenario 4: Recursively generate a digest list/TLV digest list for executable files in a directory. + + ```shell + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: -i e: + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: -i e: -T + ``` + +- Scenario 5: Recursively generate a digest list/TLV digest list for files in a directory, excluding specific subdirectories. + + ```shell + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/ -d ./ -i i: -i E:/usr/bin/ + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/ -d ./ -i i: -i E:/usr/bin/ -T + ``` + +- Scenario 6: In an `rpmbuild` callback script, generate a digest list by reading the list file passed by `rpmbuild`. + + ```shell + gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \ + -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \ + -A $RPM_BUILD_ROOT -i e: \ + -i E:/usr/src \ + -i E:/boot/efi \ + -i F:/lib \ + -i F:/usr/lib \ + -i F:/lib64 \ + -i F:/usr/lib64 \ + -i F:/lib/modules \ + -i F:/usr/lib/modules \ + -i F:/lib/firmware \ + -i F:/usr/lib/firmware + + gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR.tlv \ + -i l:policy -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \ + -T -A $RPM_BUILD_ROOT -i e: \ + -i E:/usr/src \ + -i E:/boot/efi \ + -i F:/lib \ + -i F:/usr/lib \ + -i F:/lib64 \ + -i F:/usr/lib64 \ + -i F:/lib/modules \ + -i F:/usr/lib/modules \ + -i F:/lib/firmware \ + -i F:/usr/lib/firmware + ``` + +#### manage_digest_lists + +The `manage_digest_lists` tool is designed to parse and convert binary-format TLV digest list files into a human-readable text format. Below are the command options. + +| Option | Value | Function | +| ------ | ------------ | ------------------------------------------------------------------------------------------------------------ | +| -d | \ | Specify the directory containing the TLV digest list files. | +| -f | \ | Specify the name of the TLV digest list file. | +| -p | dump | Define the operation type. Currently, only `dump` is supported, which parses and prints the TLV digest list. | +| -v | N/A | Print verbose details. | +| -h | N/A | Display help information. | + +**Usage example** + +View TLV digest list information. + +```ini +manage_digest_lists -p dump -d /etc/ima/digest_lists.tlv/ +``` + +## File Format Description + +### IMA Policy File Syntax Description + +The IMA policy file is a text-based file that can include multiple rule statements separated by newline characters (`\n`). Each rule statement must begin with an **action** keyword, followed by one or more **filter conditions**: + +```text + [filter condition 2] [filter condition 3]... +``` + +The action keyword defines the specific action for the policy. Only one action is allowed per policy. Refer to the table below for specific actions (note that the `action=` prefix can be omitted in practice, for example, use `dont_measure` instead of `action=dont_measure`). + +Supported filter conditions include: + +- `func`: indicates the type of file to be measured or appraised. It is typically used with `mask`. Only one `func` is allowed per policy. + - `FILE_CHECK` can only be paired with `MAY_EXEC`, `MAY_WRITE`, or `MAY_READ`. + - `MODULE_CHECK`, `MMAP_CHECK`, and `BPRM_CHECK` can only be paired with `MAY_EXEC`. + - Other combinations will not take effect. + +- `mask`: specifies the operation on the file that triggers measurement or appraisal. Only one `mask` is allowed per policy. + +- `fsmagic`: represents the hexadecimal magic number of the file system type, as defined in **/usr/include/linux/magic.h** (by default, all file systems are measured unless excluded using `dont_measure` or `dont_appraise`). + +- `fsuuid`: represents the 16-character hexadecimal string of the system device UUID. + +- `objtype`: specifies the file security type. Only one file type is allowed per policy. Compared to `func`, `objtype` offers finer granularity. For example, `obj_type=nova_log_t` refers to files with the SELinux type `nova_log_t`. + +- `uid`: specifies the user (by user ID) performing the operation on the file. Only one `uid` is allowed per policy. + +- `fowner`: specifies the file owner (by user ID). Only one `fowner` is allowed per policy. + +The keywords are detailed as follows. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeywordValueDescription
actionmeasureEnable IMA measurement.
actiondont_measureDisable IMA measurement.
actionappraiseEnable IMA appraisal.
actiondont_appraiseDisable IMA appraisal.
actionauditEnable auditing.
funcFILE_CHECKFiles to be opened
funcMODULE_CHECKKernel module files to be loaded
funcMMAP_CHECKShared library files to be mapped into process memory
funcBRPM_CHECKFiles to be executed (excluding script files opened via programs like /bin/hash)
funcPOLICY_CHECKIMA policy files to be imported
funcFIRMWARE_CHECKFirmware to be loaded into memory
funcDIGEST_LIST_CHECKDigest list files to be loaded into the kernel
funcKEXEC_KERNEL_CHECKKernel to be switched to using kexec
maskMAY_EXECExecute a file.
maskMAY_WRITEWrite to a file.
maskMAY_READRead a file.
maskMAY_APPENDAppend to a file.
fsmagicfsmagic=xxxHexadecimal magic number representing the file system type
fsuuidfsuuid=xxx16-character hexadecimal string representing the system device UUID
fownerfowner=xxxUser ID of the file owner
uiduid=xxxUser ID of the user performing the operation on the file
obj_typeobj_type=xxx_tFile type based on SELinux labels
pcrpcr=<num>PCR in TPM for extending measurements (defaulting to 10)
appraise_typeimasigIMA appraisal based on signatures
appraise_typemeta_immutableAppraisal based on file extended attributes with signatures (supporting digest lists)
+ +## Usage Instructions + +> ![](./public_sys-resources/icon-note.gif) **Note:** +> Native IMA/EVM is an open source Linux feature. This section offers a concise overview of its basic usage. For further details, consult the open source wiki: +> + +### Native IMA Usage Instructions + +#### IMA Measurement Mode + +To enable IMA measurement, configure the measurement policy. + +**Step 1:** Specify the measurement policy by configuring boot parameters or manually. For example, configure the IMA policy via boot parameters as follows: + +```ini +ima_policy="tcb" +``` + +Alternatively, manually configure the IMA policy like this: + +```shell +echo "measure func=BPRM_CHECK" > /sys/kernel/security/ima/policy +``` + +**Step 2:** Reboot the system. You can then check the measurement log in real time to monitor the current measurement status: + +```shell +cat /sys/kernel/security/ima/ascii_runtime_measurements +``` + +#### IMA Appraisal Mode + +Enter fix mode, complete IMA labeling for files, and then enable log or enforce mode. + +**Step 1:** Configure boot parameters and reboot to enter fix mode: + +```ini +ima_appraise=fix ima_policy=appraise_tcb +``` + +**Step 2:** Generate IMA extended attributes for all files requiring appraisal: + +For immutable files (such as binary program files), use signature mode to write the signature of the file digest value into the IMA extended attribute. For example (where **/path/to/ima.key** is the signing private key matching the IMA certificate): + +```shell +find /usr/bin -fstype ext4 -type f -executable -uid 0 -exec evmctl -a sha256 ima_sign --key /path/to/ima.key '{}' \; +``` + +For mutable files (such as data files), use hash mode to write the file digest value into the IMA extended attribute. IMA supports an automatic labeling mechanism, where accessing the file in fix mode will generate the IMA extended attribute: + +```shell +find / -fstype ext4 -type f -uid 0 -exec dd if='{}' of=/dev/null count=0 status=none \; +``` + +To verify if the file has been successfully labeled with the IMA extended attribute (`security.ima`), use: + +```shell +getfattr -m - -d /sbin/init +``` + +**Step 3:** Configure boot parameters, switch the IMA appraisal mode to log or enforce, and reboot the system: + +```ini +ima_appraise=enforce ima_policy=appraise_tcb +``` + +### IMA Digest List Usage Instructions + +#### Prerequisites + +Before using the IMA digest list feature, install the ima-evm-utils and digest-list-tools packages: + +```shell +yum install ima-evm-utils digest-list-tools +``` + +#### Mechanism Overview + +##### Digest List Files + +After installing RPM packages released by openEuler, digest list files are automatically generated in the **/etc/ima** directory. The following types of files exist: + +**/etc/ima/digest_lists/0-metadata_list-compact-\** + +This is the IMA digest list file, generated using the `gen_digest_lists` command (see [gen_digest_lists](#gen_digest_lists) for details). This binary file contains header information and a series of SHA256 hash values, representing the digest values of legitimate file contents and file extended attributes. Once measured or appraised, this file is imported into the kernel, and IMA digest list measurement or appraisal is performed based on the allowlist digest values in this file. + +**/etc/ima/digest_lists/0-metadata_list-rpm-\** + +This is the RPM digest list file, **essentially the header information of the RPM package**. After the RPM package is installed, if the IMA digest list file does not contain a signature, the RPM header information is written into this file, and the signature of the header information is written into the `security.ima` extended attribute. This allows the authenticity of the RPM header information to be verified through the signature. Since the RPM header information includes the digest value of the digest list file, indirect verification of the digest list is achieved. + +**/etc/ima/digest_lists/0-parser_list-compact-libexec** + +This is the IMA parser digest list file, storing the digest value of the **/usr/libexec/rpm_parser** file. This file is used to establish a trust chain from the RPM digest list to the IMA digest list. The kernel IMA digest list mechanism performs special verification on processes generated by this file. If the process is confirmed to be the `rpm_parser` program, all digest lists imported by it are trusted without requiring signature verification. + +**/etc/ima/digest_lists.sig/0-metadata_list-compact-\.sig** + +This is the signature file for the IMA digest list. If this file is included in the RPM package, its content is written into the `security.ima` extended attribute of the corresponding RPM digest list file during the RPM installation phase. This enables signature verification during the IMA digest list import phase. + +**/etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-\** + +This is the TLV digest list file, typically generated alongside the IMA digest list file for target files. It stores the integrity information of the target files (such as file content digest values and file extended attributes). The purpose of this file is to assist users in querying or restoring the integrity information of target files. + +##### Digest List File Signing Methods + +In IMA digest list appraisal mode, the IMA digest list file must undergo signature verification before it can be imported into the kernel and used for subsequent file whitelist matching. The IMA digest list file supports the following signing methods. + +**(1) IMA extended attribute signature** + +This is the native IMA signing mechanism, where the signature information is stored in the `security.ima` extended attribute in a specific format. It can be generated and added using the `evmctl` command: + +```shell +evmctl ima_sign --key /path/to/ima.key -a sha256 +``` + +Alternatively, the `-f` parameter can be added to store the signature and header information in a separate file: + +```shell +evmctl ima_sign -f --key /path/to/ima.key -a sha256 +``` + +When IMA digest list appraisal mode is enabled, you can directly write the path of a a digest list file to the kernel interface to import or delete it. This process automatically triggers appraisal, performing signature verification on the digest list file content based on the `security.ima` extended attribute: + +```shell +# Import the IMA digest list file. +echo > /sys/kernel/security/ima/digest_list_data +# Delete the IMA digest list file. +echo > /sys/kernel/security/ima/digest_list_data_del +``` + +**(2) IMA digest list appended signature (default in openEuler 24.03 LTS)** + +Starting with openEuler 24.03 LTS, IMA-specific signing keys are supported, and Cryptographic Message Syntax (CMS) signing is used. Since the signature information includes a certificate chain, it may exceed the length limit for the `security.ima` extended attribute. Therefore, a signature appending method similar to kernel module insertion is adopted: + + + +The signing mechanism is as follows: + +1. Append the CMS signature information to the end of the IMA digest list file. + +2. Fill in the structure and append it to the end of the signature information. The structure is defined as follows: + + ```c + struct module_signature { + u8 algo; /* Public-key crypto algorithm [0] */ + u8 hash; /* Digest algorithm [0] */ + u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ + u8 signer_len; /* Length of signer's name [0] */ + u8 key_id_len; /* Length of key identifier [0] */ + u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ + }; + ``` + +3. Add the `"~Module signature appended~\n"` magic string. + +A reference script for this step is as follows: + +```shell +#!/bin/bash +DIGEST_FILE=$1 # Path to the IMA digest list file +SIG_FILE=$2 # Path to save the IMA digest list signature information +OUT=$3 # Output path for the digest list file after adding the signature information + +cat $DIGEST_FILE $SIG_FILE > $OUT +echo -n -e "\x00\x00\x02\x00\x00\x00\x00\x00" >> $OUT +echo -n -e $(printf "%08x" "$(ls -l $SIG_FILE | awk '{print $5}')") | xxd -r -ps >> $OUT +echo -n "~Module signature appended~" >> $OUT +echo -n -e "\x0a" >> $OUT +``` + +**(3) Reusing RPM signatures (default in openEuler 22.03 LTS)** + +openEuler 22.03 LTS supports reusing the RPM signing mechanism to sign IMA digest list files. This aims to address the lack of dedicated IMA signing keys in the version. Users do not need to be aware of this signing process. When an RPM package contains an IMA digest list file but no IMA digest list signature file, this signing mechanism is automatically used. The core principle is to verify the IMA digest list through the RPM package header information. + +For RPM packages released by openEuler, each package file can consist of two parts: + +- **RPM header information:** Stores RPM package attribute fields, including the package name and file digest list. The integrity of this information is ensured by the RPM header signature. +- **RPM files:** The actual files installed into the system, including IMA digest list files generated during the build phase. + + + +During RPM package installation, if the RPM process detects that the digest list file in the package does not contain a signature, it creates an RPM digest list file in the **/etc/ima** directory, writes the RPM header information into the file content, and writes the RPM header signature into the `security.ima` extended attribute of the file. This allows indirect verification and import of the IMA digest list through the RPM digest list. + +##### IMA Digest List Import + +When IMA measurement mode is enabled, importing IMA digest list files does not require signature verification. The file path can be directly written to the kernel interface to import or delete the digest list: + +```shell +# Import the IMA digest list file. +echo > /sys/kernel/security/ima/digest_list_data +# Delete the IMA digest list file. +echo > /sys/kernel/security/ima/digest_list_data_del +``` + +When IMA appraisal mode is enabled, importing a digest list requires signature verification. Depending on the signing method, there are two import approaches. + +**Direct import** + +For IMA digest list files that already contain signature information (IMA extended attribute signature or IMA digest list appended signature), the file path can be directly written to the kernel interface to import or delete the digest list. This process automatically triggers appraisal, performing signature verification on the digest list file content based on the `security.ima` extended attribute: + +```shell +# Import the IMA digest list file. +echo > /sys/kernel/security/ima/digest_list_data +# Delete the IMA digest list file. +echo > /sys/kernel/security/ima/digest_list_data_del +``` + +**Using `upload_digest_lists` for import** + +For IMA digest list files that reuse RPM signatures, the `upload_digest_lists` command must be used for import. The specific commands are as follows (note that the specified path should point to the corresponding RPM digest list): + +```shell +# Import the IMA digest list file. +upload_digest_lists add +# Delete the IMA digest list file. +upload_digest_lists del +``` + +This process is relatively complex and requires the following prerequisites: + +1. The system has already imported the digest lists (including IMA digest lists and IMA PARSER digest lists) from the `digest_list_tools` package released by openEuler. + +2. An IMA appraisal policy for application execution (`BPRM_CHECK` policy) has been configured. + +#### Operation Guide + +##### Automatic Digest List Generation During RPM Build + +The openEuler RPM toolchain supports the `%__brp_digest_list` macro, which is configured as follows: + +```text +%__brp_digest_list /usr/lib/rpm/brp-digest-list %{buildroot} +``` + +When this macro is configured, the **/usr/lib/rpm/brp-digest-list** script is invoked when a user runs the `rpmbuild` command to build a package. This script handles the generation and signing of digest lists. By default, openEuler generates digest lists for critical files such as executables, dynamic libraries, and kernel modules. YOU can also modify the script to customize the scope of digest list generation and specify signing keys. The following example uses a user-defined signing key (**/path/to/ima.key**) to sign the digest list. + +```shell +...... (line 66) +DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basename $BIN_PKG_FILES)" +[ -f $DIGEST_LIST_TLV_PATH ] || exit 0 + +chmod 644 $DIGEST_LIST_TLV_PATH +echo $DIGEST_LIST_TLV_PATH + +evmctl ima_sign -f --key /path/to/ima.key -a sha256 $DIGEST_LIST_PATH &> /dev/null +chmod 400 $DIGEST_LIST_PATH.sig +mkdir -p $DIGEST_LIST_DIR.sig +mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_DIR.sig +echo $DIGEST_LIST_DIR.sig/0-metadata_list-compact-$(basename $BIN_PKG_FILES).sig +``` + +##### IMA Digest List Measurement + +Enable IMA digest list measurement using the following steps: + +**Step 1:** Configure the boot parameters to enable IMA measurement. The process is similar to **native IMA measurement**, but a specific TPM PCR must be configured for measurement. An example boot parameter is as follows: + +```ini +ima_policy=exec_tcb ima_digest_list_pcr=11 +``` + +**Step 2:** Import the IMA digest list. For example, using the digest list of the Bash package: + +```shell +echo /etc/ima/digest_lists/0-metadata_list-compact-bash-5.1.8-6.oe2203sp1.x86_64 > /sys/kernel/security/ima/digest_list_data +``` + +The IMA digest list measurement logs can be queried as follows: + +```shell +cat /sys/kernel/security/ima/ascii_runtime_measurements +``` + +After importing the IMA digest list, if the digest value of the measured file is included in the IMA digest list, no additional measurement logs will be recorded. + +##### IMA Digest List Appraisal + +###### Boot With the Default Policy + +You can configure the `ima_policy` parameter in the boot parameters to specify the IMA default policy. After IMA initialization during kernel startup, the default policy is immediately applied for appraisal. You can enable IMA digest list appraisal using the following steps: + +**Step 1:** Execute the `dracut` command to write the digest list file into initrd: + +```shell +dracut -f -e xattr +``` + +**Step 2:** Configure the boot parameters and IMA policy. Typical configurations are as follows: + +```ini +# IMA appraisal in log/enforce mode based on digest lists, protecting only file content, with the default policy set to appraise_exec_tcb +ima_appraise=log ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs module.sig_enforce +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs module.sig_enforce +# IMA appraisal in log/enforce mode based on digest lists, protecting file content and extended attributes, with the default policy set to appraise_exec_tcb+appraise_exec_immutable +ima_appraise=log-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete module.sig_enforce +ima_appraise=enforce-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete module.sig_enforce +``` + +Reboot the system to enable IMA digest list appraisal. During the boot process, the IMA policy will take effect, and the IMA digest list files will be automatically imported. + +###### Boot Without a Default Policy + +You can omit the `ima_policy` parameter in the boot parameters, indicating that no default policy is applied during system startup. The IMA appraisal mechanism will wait for the you to import a policy before becoming active. + +**Step 1:** Configure the boot parameters. Typical configurations are as follows: + +```ini +# IMA appraisal in log/enforce mode based on digest lists, protecting only file content, with no default policy +ima_appraise=log ima_appraise_digest_list=digest-nometadata initramtmpfs +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata initramtmpfs +# IMA appraisal in log/enforce mode based on digest lists, protecting file content and extended attributes, with no default policy +ima_appraise=log-evm ima_appraise_digest_list=digest initramtmpfs evm=x509 evm=complete +ima_appraise=enforce-evm ima_appraise_digest_list=digest initramtmpfs evm=x509 evm=complete +``` + +Reboot the system. At this point, since no policy is configured, IMA appraisal will not be active. + +**Step 2:** Import the IMA policy by writing the full path of the policy file to the kernel interface: + +```shell +echo /path/to/policy > /sys/kernel/security/ima/policy +``` + +> ![](./public_sys-resources/icon-note.gif) **Note:** +> The policy must include certain fixed rules. Refer to the following policy templates. +> For openEuler 22.03 LTS (reusing RPM signatures): + +```ini +# Do not appraise access behavior for the securityfs file system. +dont_appraise fsmagic=0x73636673 +# Other user-defined dont_appraise rules +...... +# Appraise imported IMA digest list files. +appraise func=DIGEST_LIST_CHECK appraise_type=imasig +# Appraise all files opened by the /usr/libexec/rpm_parser process. +appraise parser appraise_type=imasig +# Appraise executed applications (triggering appraisal for /usr/libexec/rpm_parser execution, additional conditions such as SELinux labels can be added). +appraise func=BPRM_CHECK appraise_type=imasig +# Other user-defined appraise rules +...... +``` + +> For openEuler 24.03 LTS (IMA extended attribute signatures or appended signatures): + +```ini +# User-defined dont_appraise rules +...... +# Appraise imported IMA digest list files. +appraise func=DIGEST_LIST_CHECK appraise_type=imasig|modsig +# Other user-defined appraise rules. +...... +``` + +**Step 3:** Import the IMA digest list files. Different import methods are required for digest lists with different signing methods. + +> For openEuler 22.03 LTS (IMA digest lists reusing RPM signatures): + +```ini +# Import digest lists from the digest_list_tools package +echo /etc/ima/digest_lists/0-metadata_list-compact-digest-list-tools-0.3.95-13.x86_64 > /sys/kernel/security/ima/digest_list_data +echo /etc/ima/digest_lists/0-parser_list-compact-libexec > /sys/kernel/security/ima/digest_list_data +# Import other RPM digest lists +upload_digest_lists add /etc/ima/digest_lists +# Check the number of imported digest list entries +cat /sys/kernel/security/ima/digests_count +``` + +> For openEuler 24.03 LTS (IMA digest lists with appended signatures): + +```shell +find /etc/ima/digest_lists -name "0-metadata_list-compact-*" -exec echo {} > /sys/kernel/security/ima/digest_list_data \; +``` + +##### Software Upgrade + +After the IMA digest list feature is enabled, files covered by IMA protection require synchronized updates to their digest lists during upgrades. For RPM packages released by openEuler, the addition, update, and deletion of digest lists within the RPM packages are automatically handled during package installation, upgrade, or removal, without requiring manual user intervention. For user-maintained non-RPM packages, manual import of digest lists is necessary. + +##### User Certificate Import + +You can import custom certificates to measure or appraise software not released by openEuler. The openEuler IMA appraisal mode supports signature verification using certificates from the following two key rings: + +- **builtin_trusted_keys**: root certificates pre-configured during kernel compilation +- **ima**: imported via **/etc/keys/x509_ima.der** in initrd, which must be a subordinate certificate of any certificate in the `builtin_trusted_keys` key ring + +**Steps to import a root certificate into the builtin_trusted_keys key ring:** + +**Step 1:** Generate a root certificate using the `openssl` command: + +```shell +echo 'subjectKeyIdentifier=hash' > root.cfg +openssl genrsa -out root.key 4096 +openssl req -new -sha256 -key root.key -out root.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=openeuler test ca" +openssl x509 -req -days 3650 -extfile root.cfg -signkey root.key -in root.csr -out root.crt +openssl x509 -in root.crt -out root.der -outform DER +``` + +**Step 2:** Obtain the openEuler kernel source code, using the latest OLK-5.10 branch as an example: + +```shell +git clone https://gitee.com/openeuler/kernel.git -b OLK-5.10 +``` + +**Step 3:** Navigate to the source code directory and copy the root certificate into it: + +```shell +cd kernel +cp /path/to/root.der . +``` + +Modify the `CONFIG_SYSTEM_TRUSTED_KEYS` option in the config file: + +```shell +CONFIG_SYSTEM_TRUSTED_KEYS="./root.crt" +``` + +**Step 4:** Compile and install the kernel (steps omitted; ensure digest lists are generated for kernel modules). + +**Step 5:** Verify certificate import after rebooting: + +```shell +keyctl show %:.builtin_trusted_keys +``` + +**Steps to import a subordinate certificate into the ima key ring (requires the root certificate to be imported into the builtin_trusted_keys key ring first):** + +**Step 1:** Generate a subordinate certificate based on the root certificate using the `openssl` command: + +```shell +echo 'subjectKeyIdentifier=hash' > ima.cfg +echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg +echo 'keyUsage=digitalSignature' >> ima.cfg +openssl genrsa -out ima.key 4096 +openssl req -new -sha256 -key ima.key -out ima.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=openeuler test ima" +openssl x509 -req -sha256 -CAcreateserial -CA root.crt -CAkey root.key -extfile ima.cfg -in ima.csr -out ima.crt +openssl x509 -outform DER -in ima.crt -out x509_ima.der +``` + +**Step 2:** Copy the IMA certificate to the **/etc/keys** directory: + +```shell +mkdir -p /etc/keys/ +cp x509_ima.der /etc/keys/ +``` + +**Step 3:** Package initrd, embedding the IMA certificate and digest lists into the initrd image: + +```shell +echo 'install_items+=" /etc/keys/x509_ima.der "' >> /etc/dracut.conf +dracut -f -e xattr +``` + +**Step 4:** Verify certificate import after rebooting: + +```shell +keyctl show %:.ima +``` + +#### Typical Use Cases + +Depending on the operating mode, IMA digest lists can be applied to trusted measurement scenarios and user-space secure boot scenarios. + +##### Trusted Measurement Scenario + +The trusted measurement scenario primarily relies on the IMA digest list measurement mode, where the kernel and hardware root of trust (RoT) like the TPM jointly measure critical files. This is combined with a remote attestation toolchain to prove the trusted state of current system files: + +![](./figures/ima_trusted_measurement.png) + +**Runtime phase** + +- During software package deployment, digest lists are imported synchronously. IMA measures the digest lists and records the measurement logs (synchronously extended to the TPM). + +- When an application is executed, IMA measurement is triggered. If the file digest matches the allowlist, it is ignored. Otherwise, the measurement log is recorded (synchronously extended to the TPM). + +**Attestation phase (industry standard process)** + +- The remote attestation server sends an attestation request, and the client returns the IMA measurement logs along with the signed TPM PCR values. + +- The remote attestation server sequentially verifies the PCR (signature verification), measurement logs (PCR replay), and file measurement information (comparison with local baseline values), reporting the results to the security center. + +- The security management center takes corresponding actions, such as event notification or node isolation. + +##### User-Space Secure Boot Scenario + +The user-space secure boot scenario primarily relies on the IMA digest list appraisal mode, similar to secure boot. It aims to perform integrity checks on executed applications or accessed critical files. If the check fails, access is denied: + +![](./figures/ima_secure_boot.png) + +**Runtime phase** + +- During application deployment, digest lists are imported. After the kernel verifies the signature, the digest values are loaded into the kernel hash table as an allowlist. + +- When an application is executed, IMA verification is triggered. The file hash value is calculated, and if it matches the baseline value, access is allowed. Otherwise, the event is logged or access is denied. + +## Appendix + +### Kernel Compilation Options + +The compilation options provided by native IMA/EVM and their descriptions are as follows. + +| Compilation Option | Functionality | +| :------------------------------- | :------------------------------------------- | +| CONFIG_INTEGRITY | Enable IMA/EVM compilation. | +| CONFIG_INTEGRITY_SIGNATURE | Enable IMA signature verification. | +| CONFIG_INTEGRITY_ASYMMETRIC_KEYS | Enable IMA asymmetric signature verification. | +| CONFIG_INTEGRITY_TRUSTED_KEYRING | Enable IMA/EVM keyring. | +| CONFIG_INTEGRITY_AUDIT | Compile IMA audit module. | +| CONFIG_IMA | Enable IMA. | +| CONFIG_IMA_WRITE_POLICY | Allow updating IMA policies during runtime. | +| CONFIG_IMA_MEASURE_PCR_IDX | Allow specifying IMA measurement PCR index. | +| CONFIG_IMA_LSM_RULES | Allow configuring LSM rules. | +| CONFIG_IMA_APPRAISE | Enable IMA appraisal. | +| IMA_APPRAISE_BOOTPARAM | Enable IMA appraisal boot parameters. | +| CONFIG_EVM | Enable EVM. | + +The compilation options provided by the openEuler IMA digest list feature and their descriptions are as follows (enabled by default in openEuler kernel compilation). + +| Compilation Option | Functionality | +| :----------------- | :----------------------------- | +| CONFIG_DIGEST_LIST | Enable the IMA digest list feature. | + +### IMA Digest List Root Certificate + +In openEuler 22.03, the RPM key pair is used to sign IMA digest lists. To ensure the IMA feature is usable out-of-the-box, the openEuler kernel compilation process imports the RPM root certificate (PGP certificate) into the kernel by default. This includes the OBS certificate used in older versions and the openEuler certificate introduced in openEuler 22.03 LTS SP1: + +```shell +# cat /proc/keys | grep PGP +1909b4ad I------ 1 perm 1f030000 0 0 asymmetri private OBS b25e7f66: PGP.rsa b25e7f66 [] +2f10cd36 I------ 1 perm 1f030000 0 0 asymmetri openeuler fb37bc6f: PGP.rsa fb37bc6f [] +``` + +Since the current kernel does not support importing PGP subkeys, and the openEuler certificate uses subkey signing, the openEuler kernel preprocesses the certificate before compilation by extracting the subkey and importing it into the kernel. The specific process can be found in the [**process_pgp_certs.sh**](https://gitee.com/src-openeuler/kernel/blob/openEuler-22.03-LTS-SP1/process_pgp_certs.sh) script in the kernel package repository. + +Starting from openEuler 24.03, dedicated IMA certificates are supported. For details, refer to the relevant section in [Introduction to Signature Certificates](../cert_signature/introduction_to_signature_certificates.md). + +If you do not intend to use the IMA digest list feature or prefer other keys for signing/verification, you can remove the related code and implement your own kernel root certificate configuration. diff --git a/docs/en/server/security/trusted_computing/kernel_root_of_trust_framework.md b/docs/en/server/security/trusted_computing/kernel_root_of_trust_framework.md new file mode 100644 index 0000000000000000000000000000000000000000..2975282fe17dee2ac4a143ddb311ac5040fbd423 --- /dev/null +++ b/docs/en/server/security/trusted_computing/kernel_root_of_trust_framework.md @@ -0,0 +1,3 @@ +# Kernel Root of Trust Framework + +This document is currently not available in English. diff --git a/docs/en/server/security/trusted_computing/protection_for_interpreted_applications.md b/docs/en/server/security/trusted_computing/protection_for_interpreted_applications.md new file mode 100644 index 0000000000000000000000000000000000000000..635b83763943f98ddf37f573c55b7821f3252368 --- /dev/null +++ b/docs/en/server/security/trusted_computing/protection_for_interpreted_applications.md @@ -0,0 +1,3 @@ +# Protection for Interpreted Applications + +This document is currently not available in English. diff --git a/docs/en/server/security/trusted_computing/public_sys-resources/icon-caution.gif b/docs/en/server/security/trusted_computing/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/security/trusted_computing/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/server/security/trusted_computing/public_sys-resources/icon-danger.gif b/docs/en/server/security/trusted_computing/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/security/trusted_computing/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/server/security/trusted_computing/public_sys-resources/icon-note.gif b/docs/en/server/security/trusted_computing/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/server/security/trusted_computing/public_sys-resources/icon-note.gif differ diff --git a/docs/en/server/security/trusted_computing/public_sys-resources/icon-notice.gif b/docs/en/server/security/trusted_computing/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/server/security/trusted_computing/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/server/security/trusted_computing/public_sys-resources/icon-tip.gif b/docs/en/server/security/trusted_computing/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/server/security/trusted_computing/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/server/security/trusted_computing/public_sys-resources/icon-warning.gif b/docs/en/server/security/trusted_computing/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/server/security/trusted_computing/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/server/security/trusted_computing/remote_attestation_kunpeng_security_library.md b/docs/en/server/security/trusted_computing/remote_attestation_kunpeng_security_library.md new file mode 100644 index 0000000000000000000000000000000000000000..9d6cb0b519514e2261d6ce2569c6ee41bb02d6cf --- /dev/null +++ b/docs/en/server/security/trusted_computing/remote_attestation_kunpeng_security_library.md @@ -0,0 +1,417 @@ +# Remote Attestation (Kunpeng Security Library) + +## Introduction + +This project develops basic security software components running on Kunpeng processors. In the early stage, the project focuses on trusted computing fields such as remote attestation to empower security developers in the community. + +## Software Architecture + +On the platform without TEE enabled, this project can provide the platform remote attestation feature, and its software architecture is shown in the following figure: + +![img](./figures/RA-arch-1.png) + +On the platform that has enabled TEE, this project can provide TEE remote attestation feature, and its software architecture is shown in the following figure: + +![img](./figures/RA-arch-2.png) + +## Installation and Configuration + +1. Run the following command to use the RPM package of the Yum installation program: + + ```shell + yum install kunpengsecl-ras kunpengsecl-rac kunpengsecl-rahub kunpengsecl-qcaserver kunpengsecl-attester kunpengsecl-tas kunpengsecl-devel + ``` + +2. Prepare the database environment. Go to the `/usr/share/attestation/ras` directory and run the p`prepare-database-env.sh` script to automatically configure the database environment. + +3. The configuration files required for program running are stored in three paths: current path `./config.yaml`, home path `${HOME}/.config/attestation/ras(rac)(rahub)(qcaserver)(attester)(tas)/config.yaml`, and system path `/etc/attestation/ras(rac)(rahub)(qcaserver)(attester)(tas)/config.yaml`. + +4. (Optional) To create a home directory configuration file, run the `prepare-ras(rac)(hub)(qca)(attester)(tas)conf-env.sh` script in `/usr/share/attestation/ras(rac)(rahub)(qcaserver)(attester)(tas)` after installing the RPM package. + +## Options + +### RAS Boot Options + +Run the `ras` command to start the RAS program. Note that you need to provide the ECDSA public key in the current directory and name it `ecdsakey.pub`. Options are as follows: + +```console + -H --https HTTP/HTTPS mode switch. The default value is https(true), false=http. + -h --hport RESTful API port listened by RAS in HTTPS mode. + -p, --port string Client API port listened by RAS. + -r, --rest string RESTful API port listened by RAS in HTTP mode. + -T, --token Generates a verification code for test and exits. + -v, --verbose Prints more detailed RAS runtime log information. + -V, --version Prints the RAS version and exits. +``` + +### RAC Boot Options + +Run the `sudo raagent` command to start the RAC program. Note that the sudo permission is required to enable the physical TPM module. Options are as follows: + +```console + -s, --server string Specifies the RAS service port to be connected. + -t, --test Starts in test mode. + -v, --verbose Prints more detailed RAC runtime log information. + -V, --version Prints the RAC version and exits. + -i, --imalog Specifies the path of the IMA file. + -b, --bioslog Specifies the path of the BIOS file. + -T, --tatest Starts in TA test mode. +``` + +**Note:** +>1.To use TEE remote attestation feature, you must start RAC not in TA test mode. And place the uuid, whether to use TCB, mem_hash and img_hash of the TA to be attestated sequentially in the **talist** file under the RAC execution path. At the same time, pre install the **libqca.so** and **libteec.so** library provided by the TEE team. The format of the **talist** file is as follows: +> +>```text +>e08f7eca-e875-440e-9ab0-5f381136c600 false ccd5160c6461e19214c0d8787281a1e3c4048850352abe45ce86e12dd3df9fde 46d5019b0a7ffbb87ad71ea629ebd6f568140c95d7b452011acfa2f9daf61c7a +>``` +> +>2.To not use TEE remote attestation feature, you must copy the **libqca.so** and **libteec.so** library in `${DESTDIR}/usr/share/attestation/qcaserver` path to `/usr/lib` or `/usr/lib64` path, and start RAC in TA test mode. + +### QCA Boot Options + +Run the `${DESTDIR}/usr/bin/qcaserver` command to start the QCA program. Note that to start QTA normally, the full path of qcaserver must be used, and the CA path parameter in QTA needs to be kept the same as the path. Options are as follows: + +```console + -C, --scenario int Sets the application scenario of the program, The default value is sce_no_as(0), 1=sce_as_no_daa, 2=sce_as_with_daa. + -S, --server string Specifies the open server address/port. +``` + +### ATTESTER Boot Options + +Run the `attester` command to start the ATTESTER program. Options are as follows: + +```console + -B, --basevalue string Sets the base value file read path + -M, --mspolicy int Sets the measurement strategy, which defaults to -1 and needs to be specified manually. 1=compare only img-hash values, 2=compare only hash values, and 3=compare both img-hash and hash values at the same time. + -S, --server string Specifies the address of the server to connect to. + -U, --uuid int Specifies the trusted apps to verify. + -V, --version Prints the program version and exit. + -T, --test Reads fixed nonce values to match currently hard-coded trusted reports. +``` + +### TAS Boot Options + +Run the `tas` command to start the TAS program. Options are as follows: + +```console + -T, --token Generates a verification code for test and exits. +``` + +**Note:** +>1.To enable the TAS, you must configure the private key for TAS. Run the following command to modify the configuration file in the home directory: +> +>```shell +>$ cd ${HOME}/.config/attestation/tas +>$ vim config.yaml +> # The values of the following DAA_GRP_KEY_SK_X and DAA_GRP_KEY_SK_Y are for testing purposes only. +> # Be sure to update their contents to ensure safety before normal use. +>tasconfig: +> port: 127.0.0.1:40008 +> rest: 127.0.0.1:40009 +> akskeycertfile: ./ascert.crt +> aksprivkeyfile: ./aspriv.key +> huaweiitcafile: ./Huawei IT Product CA.pem +> DAA_GRP_KEY_SK_X: 65a9bf91ac8832379ff04dd2c6def16d48a56be244f6e19274e97881a776543c65a9bf91ac8832379ff04dd2c6def16d48a56be244f6e19274e97881a776543c +> DAA_GRP_KEY_SK_Y: 126f74258bb0ceca2ae7522c51825f980549ec1ef24f81d189d17e38f1773b56126f74258bb0ceca2ae7522c51825f980549ec1ef24f81d189d17e38f1773b56 +>``` +> +>Then enter `tas` to start TAS program. +> +>2.In an environment with TAS, in order to improve the efficiency of QCA's certificate configuration process, not every boot needs to access the TAS to generate the certificate, but through the localized storage of the certificate. That is, read the certification path configured in `config.yaml` on QCA side, check if a TAS-issued certificate has been saved locally through the `func hasAKCert(s int) bool` function. If the certificate is successfully read, there is no need to access TAS. If the certificate cannot be read, you need to access TAS and save the certificate returned by TAS locally. + +## API Definition + +### RAS APIs + +To facilitate the administrator to manage the target server, RAS and the user TA in the TEE deployed on the target server, the following APIs are designed for calling: + +| API | Method | +| --------------------------------- | --------------------------- | +| / | GET | +| /{id} | GET, POST, DELETE | +| /{from}/{to} | GET | +| /{id}/reports | GET | +| /{id}/reports/{reportid} | GET, DELETE | +| /{id}/basevalues | GET | +| /{id}/newbasevalue | POST | +| /{id}/basevalues/{basevalueid} | GET, POST, DELETE | +| /{id}/ta/{tauuid}/status | GET | +| /{id}/ta/{tauuid}/tabasevalues | GET | +| /{id}/ta/{tauuid}/tabasevalues/{tabasevalueid} | GET, POST, DELETE | +| /{id}/ta/{tauuid}/newtabasevalue | POST | +| /{id}/ta/{tauuid}/tareports | GET | +| /{id}/ta/{tauuid}/tareports/{tareportid} | GET, POST, DELETE | +| /{id}/basevalues/{basevalueid} | GET, DELETE | +| /version | GET | +| /config | GET, POST | +| /{id}/container/status | GET | +| /{id}/device/status | GET | + +The usage of the preceding APIs is described as follows: + +To query information about all servers, use `/`. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/ +``` + +*** +To query detailed information about a target server, use the GET method of `/{id}`. **{id}** is the unique ID allocated by RAS to the target server. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/1 +``` + +*** +To modify information about the target server, use the POST method of `/{id}`. `$AUTHTOKEN` is the identity verification code automatically generated by running the `ras -T` command. + +```go +type clientInfo struct { + Registered *bool `json:"registered"` // Registration status of the target server + IsAutoUpdate *bool `json:"isautoupdate"`// Target server base value update policy +} +``` + +```shell +curl -X POST -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1 -d '{"registered":false, "isautoupdate":false}' +``` + +*** +To delete a target server, use the DELETE method of `/{id}`. + +**Note:** +>This method does not delete all information about the target server. Instead, it sets the registration status of the target server to `false`. + +```shell +curl -X DELETE -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1 +``` + +*** +To query information about all servers in a specified range, use the GET method of `/{from}/{to}`. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/9 +``` + +*** +To query all trust reports of the target server, use the GET method of `/{id}/reports`. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/reports +``` + +*** +To query details about a specified trust report of the target server, use the GET method of `/{id}/reports/{reportid}`. **{reportid}** indicates the unique ID assigned by RAS to the trust report of the target server. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/reports/1 +``` + +*** +To delete a specified trust report of the target server, use the DELETE method of `/{id}/reports/{reportid}`. + +**Note:** +>This method will delete all information about the specified trusted report, and the report cannot be queried through the API. + +```shell +curl -X DELETE -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1/reports/1 +``` + +*** +To query all base values of the target server, use the GET method of `/{id}/reports/{reportid}`. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/basevalues +``` + +*** +To add a base value to the target server, use the POST method of `/{id}/newbasevalue`. + +```go +type baseValueJson struct { + BaseType string `json:"basetype"` // Base value type + Uuid string `json:"uuid"` // ID of a container or device + Name string `json:"name"` // Base value name + Enabled bool `json:"enabled"` // Whether the base value is available + Pcr string `json:"pcr"` // PCR value + Bios string `json:"bios"` // BIOS value + Ima string `json:"ima"` // IMA value + IsNewGroup bool `json:"isnewgroup"` // Whether this is a group of new reference values +} +``` + +```shell +curl -X POST -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1/newbasevalue -d '{"name":"test", "basetype":"host", "enabled":true, "pcr":"testpcr", "bios":"testbios", "ima":"testima", "isnewgroup":true}' +``` + +*** +To query details about a specified base value of a target server, use the get method of `/{id}/basevalues/{basevalueid}`. **{basevalueid}** indicates the unique ID allocated by RAS to the specified base value of the target server. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/basevalues/1 +``` + +*** +To change the availability status of a specified base value of the target server, use the POST method of `/{id}/basevalues/{basevalueid}`. + +```shell +curl -X POST -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40002/1/basevalues/1 -d '{"enabled":true}' +``` + +*** +To delete a specified base value of the target server, use the DELETE method of `/{id}/basevalues/{basevalueid}`. + +**Note:** +>This method will delete all the information about the specified base value, and the base value cannot be queried through the API. + +```shell +curl -X DELETE -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1/basevalues/1 +``` + +To query the trusted status of a specific user TA on the target server, use the GET method of the `"/{id}/ta/{tauuid}/status"` interface. Where {id} is the unique identification number assigned by RAS to the target server, and {tauuid} is the identification number of the specific user TA. + +```shell +curl -X GET -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40002/1/ta/test/status +``` + +*** +To query all the baseline value information of a specific user TA on the target server, use the GET method of the `"/{id}/ta/{tauuid}/tabasevalues"` interface. + +```shell +curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tabasevalues +``` + +*** +To query the details of a specified base value for a specific user TA on the target server, use the GET method of the `"/{id}/ta/{tauuid}/tabasevalues/{tabasevalueid}"` interface. where {tabasevalueid} is the unique identification number assigned by RAS to the specified base value of a specific user TA on the target server. + +```shell +curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tabasevalues/1 +``` + +*** +To modify the available status of a specified base value for a specific user TA on the target server, use the `POST` method of the `"/{id}/ta/{tauuid}/tabasevalues/{tabasevalueid}"` interface. + +```shell +curl -X POST -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40002/1/ta/test/tabasevalues/1 --data '{"enabled":true}' +``` + +*** +To delete the specified base value of a specific user TA on the target server, use the `DELETE` method of the `"/{id}/ta/{tauuid}/tabasevalues/{tabasevalueid}"` interface. + +**Note:** +>This method will delete all information about the specified base value, and the base value cannot be queried through the API. + +```shell +curl -X DELETE -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" -k http://localhost:40002/1/ta/test/tabasevalues/1 +``` + +*** +To add a baseline value to a specific user TA on the target server, use the `POST` method of the `"/{id}/ta/{tauuid}/newtabasevalue"` interface. + +```go +type tabaseValueJson struct { + Uuid string `json:"uuid"` // the identification number of the user TA + Name string `json:"name"` // base value name + Enabled bool `json:"enabled"` // whether a baseline value is available + Valueinfo string `json:"valueinfo"` // mirror hash value and memory hash value +} +``` + +```shell +curl -X POST -H "Content-Type: application/json" -H "Authorization: $AUTHTOKEN" -k http://localhost:40002/1/ta/test/newtabasevalue -d '{"uuid":"test", "name":"testname", "enabled":true, "valueinfo":"test info"}' +``` + +*** +To query the target server for all trusted reports for a specific user TA, use the `GET` method of the `"/{id}/ta/{tauuid}/tareports"` interface. + +```shell +curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tareports +``` + +*** +To query the details of a specified trusted report for a specific user TA on the target server, use the `GET` method of the `"/{id}/ta/{tauuid}/tareports/{tareportid}"` interface. Where {tareportid} is the unique identification number assigned by RAS to the specified trusted report of a specific user TA on the target server. + +```shell +curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tareports/2 +``` + +*** +To delete the specified trusted report of a specific user TA on the target server, use the `DELETE` method of the `"/{id}/ta/{tauuid}/tareports/{tareportid}"` interface. + +**Note:** +>This method will delete all information of the specified trusted report, and the report cannot be queried through the API. + +```shell +curl -X DELETE -H "Content-type: application/json" http://localhost:40002/1/ta/test/tareports/2 +``` + +*** +To obtain the version information of the program, use the GET method of `/version`. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/version +``` + +*** +To query the configuration information about the target server, RAS, or database, use the GET method of `/config`. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40002/config +``` + +*** +To modify the configuration information about the target server, RAS, or database, use the POST method of /config. + +```go +type cfgRecord struct { + // Target server configuration + HBDuration string `json:"hbduration" form:"hbduration"` + TrustDuration string `json:"trustduration" form:"trustduration"` + DigestAlgorithm string `json:"digestalgorithm" form:"digestalgorithm"` + // RAS configuration + MgrStrategy string `json:"mgrstrategy" form:"mgrstrategy"` + ExtractRules string `json:"extractrules" form:"extractrules"` + IsAllupdate *bool `json:"isallupdate" form:"isallupdate"` + LogTestMode *bool `json:"logtestmode" form:"logtestmode"` +} +``` + +```shell +curl -X POST -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/config -d '{"hbduration":"5s","trustduration":"20s","DigestAlgorithm":"sha256"}' +``` + +### TAS APIs + +To facilitate the administrator's management of TAS for remote control, the following API is designed for calling: + +| API | Method | +| --------------------| ------------------| +| /config | GET, POST | + +To query the configuration information, use the GET method of the `/config` interface. + +```shell +curl -X GET -H "Content-Type: application/json" http://localhost:40009/config +``` + +*** +To modify the configuration information, use the POST method of the `/config` interface. + +```shell +curl -X POST -H "Content-Type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40009/config -d '{"basevalue":"testvalue"}' +``` + +**Note:** +>Currently, only the base value in the configuration information of TAS is supported for querying and modifying. + +## FAQs + +1. Why cannot RAS be started after it is installed? + + > In the current RAS design logic, after the program is started, it needs to search for the `ecdsakey.pub` file in the current directory and read the file as the identity verification code for accessing the program. If the file does not exist in the current directory, an error is reported during RAS boot. + >> Solution 1: Run the `ras -T` command to generate a test token. The `ecdsakey.pub` file is generated. + >> Solution 2: After deploying the oauth2 authentication service, save the verification public key of the JWT token generator as `ecdsakey.pub`. + +2. Why cannot RAS be accessed through REST APIs after it is started? + + > RAS is started in HTTPS mode by default. Therefore, you need to provide a valid certificate for RAS to access it. However, RAS started in HTTP mode does not require a certificate. diff --git a/docs/en/server/security/trusted_computing/tpcm.md b/docs/en/server/security/trusted_computing/tpcm.md new file mode 100644 index 0000000000000000000000000000000000000000..e92a4bbb8183fb04dc992708257fcbce2e10a9a2 --- /dev/null +++ b/docs/en/server/security/trusted_computing/tpcm.md @@ -0,0 +1,37 @@ +# Trusted Platform Control Module + +## Background + +Trusted computing has undergone continuous development and improvement in the past 40 years and has become an important branch of information security. Trusted computing technologies have developed rapidly in recent years and have solved the challenges in Trusted Computing 2.0—integration of trusted systems and existing systems, trusted management, and simplification of trusted application development. These technical breakthroughs form Trusted Computing 3.0, that is, trusted computing based on an active immune system. Compared with the passive plug-in architecture of the previous generation, Trusted Computing 3.0 proposes a new trusted system framework based on self-controlled cryptography algorithms, control chips, trusted software, trusted connections, policy management, and secure and trusted protection applications, implementing trust across the networks. + +The trusted platform control module (TPCM) is a base and core module that can be integrated into a trusted computing platform to establish and ensure a trust source. As one of the innovations in Trusted Computing 3.0 and the core of active immunity, TPCM implements active control over the entire platform. + +The TPCM-based Trusted Computing 3.0 architecture consists of the protection module and the computing module. On the one hand, based on the Trusted Cryptography Module (TPM), the TPCM main control firmware measures the reliability of the protection and computing modules, as well as their firmware. On the other hand, the Trusted Software Base (TSB) measures the reliability of system software and application software. In addition, the TPCM management platform verifies the reliability measurement and synchronizes and manages the trust policies. + +## Feature Description + +The overall system design consists of the protection module, computing module, and trusted management center software, as shown in the following figure. + +![](./figures/TPCM.png) + +- Trusted management center: This centralized management platform, provided by a third-party vendor, formulates, delivers, maintains, and stores protection policies and reference values for trusted computing nodes. +- Protection module: This module operates independently of the computing module and provides trusted computing protection functions that feature active measurement and active control to implement security protection during computing. The protection module consists of the TPCM main control firmware, TCB, and TCM. As a key module for implementing trust protection in a trusted computing node, the TPCM can be implemented in multiple forms, such as cards, chips, and IP cores. It contains a CPU and memory, firmware, and software such as an OS and trusted function components. The TPCM operates alongside the computing module and works according to the built-in protection policy to monitor the trust of protected resources, such as hardware, firmware, and software of the computing module. The TPCM is the Root of Trust in a trusted computing node. + +- Computing module: This module includes hardware, an OS, and application layer software. The running of the OS can be divided into the boot phase and the running phase. In the boot phase, GRUB2 and shim of openEuler support the reliability measurement capability, which protects boot files such as shim, GRUB2, kernel, and initramfs. In the running phase, openEuler supports the deployment of the trusted verification agent (provided by third-party vendor HTTC). The agent sends data to the TPCM for trusted measurement and protection in the running phase. + +The TPCM interacts with other components as follows: + +1. The TPCM hardware, firmware, and software provide an operating environment for the TSB. The trusted function components of the TPCM provide support for the TSB to implement measurement, control, support, and decision-making based on the policy library interpretation requirements. +2. The TPCM accesses the TCM for trusted cryptography functions to complete computing tasks such as trusted verification, measurement, and confidential storage, and provides services for TCM access. +3. The TPCM connects to the trusted management center through the management interface to implement protection policy management and trusted report processing. +4. The TPCM uses the built-in controller and I/O port to interact with the controller of the computing module through the bus to actively monitor the computing module. +5. The built-in protection agent in the OS of the computing module obtains the code and data related to the preset protection object and provides them to the TPCM. The TPCM forwards the monitoring information to the TSB, and the TSB analyzes and processes the information according to the policy library. + +## Constraints + +Supported server: TaiShan 200 server (model 2280) +Supported BMC card: BC83SMMC + +## Application Scenarios + +The TPCM enables a complete trust chain to ensure that the OS boots into a trusted computing environment. diff --git a/docs/en/server/security/trusted_computing/trusted_computing.md b/docs/en/server/security/trusted_computing/trusted_computing.md new file mode 100644 index 0000000000000000000000000000000000000000..a7f9d171dcbb5fd7e36e1fa8e5b2bce6ba35d488 --- /dev/null +++ b/docs/en/server/security/trusted_computing/trusted_computing.md @@ -0,0 +1,25 @@ +# Trusted Computing + +## Trusted Computing Basics + +### What Is Trusted Computing + +The definition of being trusted varies with international organizations. + +1. Trusted Computing Group (TCG): + + An entity that is trusted always achieves the desired goal in an expected way. + +2. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (1999): + + The components, operations, or processes involved in computing are predictable under any conditions and are resistant to viruses and a certain degree of physical interference. + +3. IEEE Computer Society Technical Committee on Dependable Computing: + + Being trusted means that the services provided by the computer system can be proved to be reliable, and mainly refers to the reliability and availability of the system. + +In short, being trusted means that the system operates according to a pre-determined design and policy. + +A trusted computing system consists of a root of trust, a trusted hardware platform, operating system (OS), and application. The basic idea of the system is to create a trusted computing base (TCB) first, and then establish a trust chain that covers the hardware platform, OS, and application. In the trust chain, authentication is performed from the root to the next level, extending trust level by level and building a secure and trusted computing environment. + +![](./figures/trusted_chain.png) diff --git a/docs/en/tools/_toc.yaml b/docs/en/tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ce2b2cd69d4505e5ed043c697db421e045c37c89 --- /dev/null +++ b/docs/en/tools/_toc.yaml @@ -0,0 +1,9 @@ +label: Tools +sections: + - href: ./community_tools/_toc.yaml + - href: ./devops/_toc.yaml + - href: ./ai/_toc.yaml + - href: ./desktop/_toc.yaml + - href: ./cloud/_toc.yaml + - href: ./maintenance/_toc.yaml + - href: ./security/_toc.yaml diff --git a/docs/en/tools/ai/_toc.yaml b/docs/en/tools/ai/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c442acbbe89e1e35e559e147aedf2cc75b8ccfea --- /dev/null +++ b/docs/en/tools/ai/_toc.yaml @@ -0,0 +1,20 @@ +label: AI +sections: + - label: openEuler Intelligence + sections: + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/openEuler_intelligence/intelligent_assistant/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/openEuler_intelligence/intelligent_vulnerability_patching/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/openEuler_intelligence/mcp_agent/_toc.yaml + - label: Intelligent Foundation + sections: + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/intelligent_foundation/sysHAX/deploy_guide/_toc.yaml + - label: AI Full Stack + sections: + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/ai_full_stack/ai_container_image_userguide/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/ai_full_stack/ai_large_model_service_images_userguide/_toc.yaml diff --git a/docs/en/tools/cloud/_toc.yaml b/docs/en/tools/cloud/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..823043d5cef5330a8d1a7a13a519881de69da28d --- /dev/null +++ b/docs/en/tools/cloud/_toc.yaml @@ -0,0 +1,5 @@ +label: Cloud +sections: + - href: ./ctinspector/_toc.yaml + - href: ./cpds/_toc.yaml + - href: ./pilotgo/_toc.yaml diff --git a/docs/en/tools/cloud/cpds/_toc.yaml b/docs/en/tools/cloud/cpds/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f66f49efab6f03cfd01e92dfa3b73dccd071c090 --- /dev/null +++ b/docs/en/tools/cloud/cpds/_toc.yaml @@ -0,0 +1,10 @@ +label: CPDS User Guide +isManual: true +description: CPDS for container fault and sub-health status monitoring +sections: + - label: CPDS Introduction + href: ./cpds_introduction.md + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage Instructions + href: ./usage_instructions.md diff --git a/docs/en/tools/cloud/cpds/cpds_introduction.md b/docs/en/tools/cloud/cpds/cpds_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..91b647eaca4008e39d77a6697a26e52f88a347f8 --- /dev/null +++ b/docs/en/tools/cloud/cpds/cpds_introduction.md @@ -0,0 +1,57 @@ +# CPDS Overview + +## Introduction + +CPDS (Container Problem Detect System), developed by Beijing Linx Software Corp., is a fault detection system for container clusters. It monitors and identifies container top faults and sub-health conditions. + +## Key Features + +**1. Cluster information collection** + +The system uses node agents on host machines, leveraging systemd, initv, and eBPF technologies to monitor key container services. It collects data on node networks, kernels, drive LVM, and other critical metrics. It also tracks application status, resource usage, system function execution, and I/O operations within containers for anomalies. + +**2. Cluster exception detection** + +The system gathers raw data from cluster nodes and applies predefined rules to detect anomalies, extracting essential information. It uploads both detection results and raw data online while ensuring data persistence. + +**3. Node and service container fault/sub-health diagnosis** + +Using exception detection data, the system diagnoses faults or sub-health conditions in nodes and service containers. Analysis results are stored persistently, and a UI layer enables real-time and historical diagnosis data access. + +## System Architecture + +CPDS comprises four components, as illustrated below. The system follows a microservices architecture, with components interacting via APIs. + +![Architecture](images/architecture.png) + +- [cpds-agent](https://gitee.com/openeuler/cpds-agent): Collects raw data about containers and systems from cluster nodes. + +- [cpds-detector](https://gitee.com/openeuler/cpds-detector): Analyzes node data based on exception rules to detect abnormalities. + +- [cpds-analyzer](https://gitee.com/openeuler/cpds-analyzer): Diagnoses node health using configured rules to assess current status. + +- [cpds-dashboard](https://gitee.com/openeuler/cpds-dashboard): Provides a web interface for node health visualization and diagnostic rule configuration. + +## Supported Fault Detection + +CPDS detects the following fault conditions. + +| No. | Fault Detection Item | +| --- | -------------------------------------------------------------------- | +| 1 | Container service functionality | +| 2 | Container node agent functionality | +| 3 | Container group functionality | +| 4 | Node health detection functionality | +| 5 | Log collection functionality | +| 6 | Drive usage exceeding 85% | +| 7 | Network issues | +| 8 | Kernel crashes | +| 9 | Residual LVM drive issues | +| 10 | CPU usage exceeding 85% | +| 11 | Node monitoring functionality | +| 12 | Container memory allocation failures | +| 13 | Container memory allocation timeouts | +| 14 | Container network response timeouts | +| 15 | Slow container drive read/write operations | +| 16 | Zombie child processes in container applications | +| 17 | Child process and thread creation failures in container applications | diff --git a/docs/en/tools/cloud/cpds/images/architecture.png b/docs/en/tools/cloud/cpds/images/architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..c92664dc42d195e60c46946d0ce224db3fc22dd9 Binary files /dev/null and b/docs/en/tools/cloud/cpds/images/architecture.png differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\345\233\276\350\241\250.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\345\233\276\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..3f3929f2cb29a8a211852af1d468322d52b6e1af Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\345\233\276\350\241\250.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\346\243\200\347\264\242.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\346\243\200\347\264\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..da9ab5d92c314be3e97560c449b8e55ff6cc44aa Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\346\243\200\347\264\242.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\345\270\203\345\261\200.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\345\270\203\345\261\200.png" new file mode 100644 index 0000000000000000000000000000000000000000..be9a66c364e92b3376766c59f3cebeebe123daec Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\345\270\203\345\261\200.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\346\227\266\351\227\264\350\214\203\345\233\264\351\200\211\346\213\251.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\227\266\351\227\264\350\214\203\345\233\264\351\200\211\346\213\251.png" new file mode 100644 index 0000000000000000000000000000000000000000..f4abd49e0bf2f62b6bea4968bf13a131f859918a Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\227\266\351\227\264\350\214\203\345\233\264\351\200\211\346\213\251.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\345\216\237\345\247\213\346\225\260\346\215\256.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\345\216\237\345\247\213\346\225\260\346\215\256.png" new file mode 100644 index 0000000000000000000000000000000000000000..a6d27210ed11f2c2ae66068d0ebd74121fa62437 Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\345\216\237\345\247\213\346\225\260\346\215\256.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\350\247\204\345\210\231.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\350\247\204\345\210\231.png" new file mode 100644 index 0000000000000000000000000000000000000000..f896cdb44a15c527fec3a8df8e6149673f194aeb Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\350\247\204\345\210\231.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\346\267\273\345\212\240\350\247\204\345\210\231.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\267\273\345\212\240\350\247\204\345\210\231.png" new file mode 100644 index 0000000000000000000000000000000000000000..599665e676bc623604bee376e883524838dd663a Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\346\267\273\345\212\240\350\247\204\345\210\231.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\201\245\345\272\267.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\201\245\345\272\267.png" new file mode 100644 index 0000000000000000000000000000000000000000..75adbc5d24a46edfe914b2c7e1297882388058fd Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\201\245\345\272\267.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..9ba876561699f46b49f6bc0cc8815d0b5806087b Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247\346\216\222\345\272\217.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247\346\216\222\345\272\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..a88de9fd4d87411ed5348a3cf43d4bfcd3ea4395 Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247\346\216\222\345\272\217.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210-\346\214\211\351\222\256.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210-\346\214\211\351\222\256.png" new file mode 100644 index 0000000000000000000000000000000000000000..e0ceb89269e6f8a161a2613ae9c542199161e1c8 Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210-\346\214\211\351\222\256.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..6f5fd9a5728bb416638feba8174cfb499e5e8f7a Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..c0253de34176db4b23e1491a86bb7892966a7c96 Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\350\257\212\346\226\255\347\273\223\346\236\234.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\257\212\346\226\255\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..ffec25e8ff163efc47c38b23fc180ce8188d38dc Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\350\257\212\346\226\255\347\273\223\346\236\234.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244-\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244-\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..5924d73d2b659d92387a19521fd0692d07601046 Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244-\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\346\246\202\350\247\210.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..351614ce5254748c4d233a2189f3f4a71d2f546a Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\346\246\202\350\247\210.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..5256783e5f907232f3cbd3655b8ee81c03c0ffdd Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" differ diff --git "a/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\212\266\346\200\201-\346\246\202\350\247\210.png" "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\212\266\346\200\201-\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..751887e223d0a323feee7baef3202ed23e6ce5de Binary files /dev/null and "b/docs/en/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\212\266\346\200\201-\346\246\202\350\247\210.png" differ diff --git a/docs/en/tools/cloud/cpds/installation_and_deployment.md b/docs/en/tools/cloud/cpds/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..009a7b5cddf181e0ac93274a204baf8ecaba8658 --- /dev/null +++ b/docs/en/tools/cloud/cpds/installation_and_deployment.md @@ -0,0 +1,258 @@ +# Installation and Deployment + +This chapter provides a step-by-step guide to installing and deploying CPDS. + +## Installing CPDS + +This section covers the steps to install CPDS components. + +1. Install cpds-agent. + + > cpds-agent gathers raw data from nodes and can be installed independently on multiple nodes. + + ```shell + yum install cpds-agent + ``` + +2. Install cpds-detector. + + ```shell + yum install cpds-detector + ``` + +3. Install cpds-analyzer. + + ```shell + yum install cpds-analyzer + ``` + +4. Install cpds-dashboard. + + ```shell + yum install cpds-dashboard + ``` + +5. Install Cpds. + + ```shell + yum install Cpds + ``` + +# Deployment of CPDS + +This section explains the configuration and deployment of CPDS. + +## Configuration Overview + +### cpds-agent Configuration + +cpds-agent collects node network information by sending ICMP packets to a specified IP address. The `net_diagnostic_dest` field must specify a reachable IP address, not the local node IP address. You are advised to set the master node IP address on worker nodes and any worker node IP address on the master. + +```bash +vim /etc/cpds/agent/config.json +``` + +```json +{ + "expose_port":"20001", # Port to listen on + "log_cfg_file": "/etc/cpds/agent/log.conf", + "net_diagnostic_dest": "192.30.25.18" # Destination IP address for ICMP packets +} +``` + +### Prometheus Configuration + +CPDS uses Prometheus to collect raw data generated by cpds-agent. cpds-agent opens port 20001 by default. Edit the Prometheus configuration file to connect to cpds-agent for data collection. + +```bash +vim /etc/prometheus/prometheus.yml +``` + +```yaml +global: + scrape_interval: 2s + evaluation_interval: 3s +scrape_configs: + - job_name: "cpds" + static_configs: + - targets: ["cpds-agent1:port","cpds-agent2:port","..."] # IP addresses and ports of deployed cpds-agent instances +``` + +### cpds-detector Configuration + +```bash +vim /etc/cpds/detector/config.yml +``` + +```yaml +generic: + bindAddress: "127.0.0.1" # Address to listen on + port: 19091 # Port to listen on + +database: + host: "127.0.0.1" # Database IP address + port: 3306 # Database port + username: root # Database username + password: root # Database password + maxOpenConnections: 123 # Maximum number of connections + +prometheus: + host: "127.0.0.1" # Detector IP address + port: 9090 # Prometheus port + +log: + fileName: "/var/log/cpds/cpds-detector/cpds-detector.log" + level: "warn" + maxAge: 15 + maxBackups: 100 + maxSize: 100 + localTime: true + compress: true +``` + +### cpds-analyzer Configuration + +```bash +vim /etc/cpds/analyzer/config.yml +``` + +```yaml +generic: + bindAddress: "127.0.0.1" # Address to listen on + port: 19091 # Port to listen on + +database: + host: "127.0.0.1" # Database IP address + port: 3306 # Database port + username: root # Database username + password: root # Database password + maxOpenConnections: 123 # Maximum number of connections + +detector: + host: "127.0.0.1" # Detector IP address + port: 19092 # Detector port + +log: + fileName: "/var/log/cpds/cpds-analyzer/cpds-analyzer.log" + level: "warn" + maxAge: 15 + maxBackups: 100 + maxSize: 100 + localTime: true +``` + +### cpds-dashboard Configuration + +```bash +vim /etc/nginx/conf.d/cpds-ui.conf +``` + +```conf +server { + listen 10119; + + location / { + root /etc/cpds/cpds-ui/; + index index.html index.htm; + } + + location /api/ { + proxy_pass http://127.0.0.1:19091; # Backend analyzer IP address and port + } + + location /websocket/ { + proxy_pass http://127.0.0.1:19091; # Backend analyzer IP address and port + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto http; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } +} +``` + +# Starting CPDS + +This section outlines the steps to start CPDS. + +## Disabling the Firewall + +```shell +systemctl stop firewalld +systemctl disable firewalld +``` + +Set the SELINUX status to `disabled` in the **/etc/selinux/config** file. + +```conf +SELINUX=disabled +``` + +Restart the system to apply the changes. + +## Initializing the Database + +1. Start the database service. + + ```shell + systemctl start mariadb.service + systemctl enable mariadb.service + ``` + +2. Initialize the database with root privileges. + + ```shell + /usr/bin/mysql_secure_installation + ``` + + > During the process, you will be prompted to enter the **root** user password for the database. If no password is set, press **Enter** and follow the prompts to configure the settings. + +3. Configure database connection permissions. + + ```shell + mysql -u root -p + ``` + + Enter the password set in the previous step when prompted. + + ```shell + GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION; + ``` + + > Replace `username` with the database username and `password` with the corresponding password. + + For example: + + ```shell + mysql -u root -p + Enter password: + Welcome to the MariaDB monitor. Commands end with ; or \g. + Your MariaDB connection id is 5 + Server version: 10.5.16-MariaDB MariaDB Server + + Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. + + Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + + MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT OPTION; + Query OK, 0 rows affected (0.014 sec) + ``` + +### Starting the Service + +```shell +systemctl start Cpds.service +systemctl enable Cpds.service +``` + +Start cpds-agent on all nodes. + +```shell +systemctl start cpds-agent +systemctl enable cpds-agent +``` + +### Accessing the Frontend Management Platform + +Once the services are running, open a browser and navigate to **** to access the frontend management platform. diff --git a/docs/en/tools/cloud/cpds/usage_instructions.md b/docs/en/tools/cloud/cpds/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..f9e07e7ca55d8211b97b753819dbebca0a19ec7b --- /dev/null +++ b/docs/en/tools/cloud/cpds/usage_instructions.md @@ -0,0 +1,3 @@ +# User Guide + +This document is currently not available in English. diff --git a/docs/en/tools/cloud/ctinspector/_toc.yaml b/docs/en/tools/cloud/ctinspector/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..97cda4ea490c194d9d948303c1327e089f8a78d4 --- /dev/null +++ b/docs/en/tools/cloud/ctinspector/_toc.yaml @@ -0,0 +1,10 @@ +label: CTinspector Introduction +isManual: true +description: CTinspector enables precise diagnosis of runtime performance bottlenecks and system faults. +sections: + - label: Installation and Deployment + href: ./ctinspector_introduction.md + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage Instructions + href: ./usage_instructions.md diff --git a/docs/en/tools/cloud/ctinspector/ctinspector_introduction.md b/docs/en/tools/cloud/ctinspector/ctinspector_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..3fe26197753f175c18f491c28ced200755037952 --- /dev/null +++ b/docs/en/tools/cloud/ctinspector/ctinspector_introduction.md @@ -0,0 +1,48 @@ +# CTinspector Introduction + +## Overview + +CTinspector is a language VM framework developed by China Telecom e-Cloud Technology Co., Ltd. based on the eBPF instruction set. CTinspector enables quick expansion of application instances to diagnose network performance bottlenecks, storage I/O hotspots, and load balancing issues, ensuring stable and timely diagnosis during system running. + +Before CTinspector introduces the O&M and problem analysis of the cloud base system, the OVS O&M and ACL configuration efficiency is relatively low, and some functions are not supported. + +* The filtering field needed by the maintenance personnel is not implemented, or the AND or NOT condition expression is not supported. + +* Many commands in the system have similar filtering requirements, such as CT flow tables, OpenFlow flow tables, and offload flow tables. Developing command parameters for each flow table is a heavy development burden. + +* Stateful filtering, for example, viewing the flow table that matches the most packets, cannot be implemented based on command parameters. Traditional filtering rules are for individual flow tables. The relationships between flow tables cannot be established. + +## Architecture + +CTinspector uses a packet VM of the eBPF instruction set. The minimum size of the packet VM is 256 bytes, covering registers, segments (stack, code, and data), and page tables. The packet VM supports independent migration, in which the packet VM code can invoke the migrate kernel function to migrate to a specified node. It also supports resumable execution, that is, once migrated, the packet VM continues to execute the next instruction from the position where it has been interrupted on the previous node. + +![](./figures/CT-package-vm.png) + +The overall architecture of CTinspector is as follows: + +![](./figures/CTinspector-arch.png) + +The CTinspector framework comprises the following components: + +* **eBPF compiler/JIT**: + The eBPF compiler compiles C code into eBPF binary code, and JIT compiles eBPF instructions into +machine code. + +* **eBPF linker/loader**: + loads and links library functions, that is, kernel functions. + +* **Runner**: + executes the eBPF VM, including loading registers, code segments, and stacks, and mapping data segments. + +* **Scheduler**: + determines when to execute the eBPF VM, including determining the VM status and dependency wait conditions. + +* **Basic kernel functions**: + basic library functions, such as transporter, memory mapper, fork, and join_meeting. + +* **Extended kernel functions**: + custom library functions provided by each hook point in addition to the core functions +provided by the eBPF VM runner. + +* **Memory mapper**: + maps application data to the eBPF VM to ensure the eBPF program can read and write application data. diff --git a/docs/en/tools/cloud/ctinspector/figures/CT-package-vm.png b/docs/en/tools/cloud/ctinspector/figures/CT-package-vm.png new file mode 100644 index 0000000000000000000000000000000000000000..bb1ad48a6f28f39b73776b67804332036c32bdce Binary files /dev/null and b/docs/en/tools/cloud/ctinspector/figures/CT-package-vm.png differ diff --git a/docs/en/tools/cloud/ctinspector/figures/CTinspector-arch.png b/docs/en/tools/cloud/ctinspector/figures/CTinspector-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..82f647b7c0a311c8af597ce3fabb3cdf93e5afcc Binary files /dev/null and b/docs/en/tools/cloud/ctinspector/figures/CTinspector-arch.png differ diff --git a/docs/en/tools/cloud/ctinspector/figures/migrate_node_1.png b/docs/en/tools/cloud/ctinspector/figures/migrate_node_1.png new file mode 100644 index 0000000000000000000000000000000000000000..3d7ddb16959cf83235703f564d002f95396f1963 Binary files /dev/null and b/docs/en/tools/cloud/ctinspector/figures/migrate_node_1.png differ diff --git a/docs/en/tools/cloud/ctinspector/figures/migrate_node_2.png b/docs/en/tools/cloud/ctinspector/figures/migrate_node_2.png new file mode 100644 index 0000000000000000000000000000000000000000..99448ced22a6cd34d393ea31cff0ef67d43ec028 Binary files /dev/null and b/docs/en/tools/cloud/ctinspector/figures/migrate_node_2.png differ diff --git a/docs/en/tools/cloud/ctinspector/installation_and_deployment.md b/docs/en/tools/cloud/ctinspector/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..adcad9ae2726897e663c39f364ca84af422d4aba --- /dev/null +++ b/docs/en/tools/cloud/ctinspector/installation_and_deployment.md @@ -0,0 +1,38 @@ +# Installation and Deployment + +## Hardware Requirements + +* x86_64 architecture + +## Environment Preparation + +* Install openEuler by referring to [Installation Guide](../../../server/installation_upgrade/installation/installation_on_servers.md) + +* CTinspector installation requires **root** permissions. + +## CTinspector Installation + +* Install the CTinspector framework software package. + +```shell +yum install ctinspector +``` + +* Check whether the installation is successful. If the corresponding software package is displayed in the output, the installation is successful. + +```shell +rpm -q ctinspector +``` + +* Check whether the core dynamic library **libebpf_vm_executor.so** or main program **vm_test** is installed. + +```shell +rpm -ql ctinspector +/usr/bin/vm_test +/usr/include/ctinspector/ebpf_vm_functions.h +/usr/include/ctinspector/ebpf_vm_simulator.h +/usr/include/ctinspector/ebpf_vm_transport_rdma.h +/usr/include/ctinspector/list.h +/usr/include/ctinspector/ub_list.h +/usr/lib64/libebpf_vm_executor.so +``` diff --git a/docs/en/tools/cloud/ctinspector/usage_instructions.md b/docs/en/tools/cloud/ctinspector/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..f2aae495057bd4fb920a4e6f9f0506d2193c5a0c --- /dev/null +++ b/docs/en/tools/cloud/ctinspector/usage_instructions.md @@ -0,0 +1,45 @@ +# Usage + +## NIC Configuration + +```shell +# Change the MTU of the NIC. +ifconfig ens33 mtu 4200 + +# Add an RXE interface to ens33 for the IB function. +rdma link add rxe_0 type rxe netdev ens33 + +``` + +## Application Development + +Use relevant APIs to develop a scenario-specific application. Build the application as a binary ELF file based on the eBPF instruction set. Take **vm_migrate** of the provided **ebpf_example** for example. **vm_migrate** calls the CTinspector framework and can migrate package VMs between nodes in a resumable manner. + +```text +# Compose the Makefile and set the eBPF instruction set. + +CFLAGS=-O2 -fno-inline -emit-llvm -I/usr/include/ctinspector/ +LINKFLAGS=-march=bpf -filetype=obj + +all: vm_migrate.o + +vm_migrate.o: + clang $(CFLAGS) -c migrate.c -o - | llc $(LINKFLAGS) -o vm_migrate.o + +clean: + rm -f vm_migrate.o +``` + +```shell +# Run make to build the application. +make +clang -O2 -fno-inline -emit-llvm -I/usr/include/ctinspector/ -c migrate.c -o - | llc -march=bpf -filetype=obj -o vm_migrate.o +``` + +## Application Running + +Running **vm_migrate** on node 1. +![](./figures/migrate_node_1.png) + +Running the CTinspector main program on node 2. +![](./figures/migrate_node_2.png) diff --git a/docs/en/tools/cloud/pilotgo/_toc.yaml b/docs/en/tools/cloud/pilotgo/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5ba2a8aa9fa61f248a742490ab066e2b5208843c --- /dev/null +++ b/docs/en/tools/cloud/pilotgo/_toc.yaml @@ -0,0 +1,8 @@ +label: PilotGo User Guide +isManual: true +Description: Manage hosts, permissions, alarms, and other tasks using PilotGo. +sections: + - label: Overview + href: ./pilotgo_introduction.md + - label: Usage Instructions + href: ./usage_instructions.md diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2661.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..47530416ac9ec71da0d1e925e3132b0b2b785855 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2661.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26610.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26610.png" new file mode 100644 index 0000000000000000000000000000000000000000..39a57121b446cdbf5b4331d15bb6360eb5496b69 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26610.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26611.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26611.png" new file mode 100644 index 0000000000000000000000000000000000000000..60b687eb558441caec7dc875677b27c86ce65025 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26611.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26612.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26612.png" new file mode 100644 index 0000000000000000000000000000000000000000..b48b1b06a4d993e56475d93684a0f330dcfdf979 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26612.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26613.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26613.png" new file mode 100644 index 0000000000000000000000000000000000000000..c11643e7ded48861f0ed8ec6b42e0b6133345df6 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26613.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26614.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26614.png" new file mode 100644 index 0000000000000000000000000000000000000000..b6865b5086e39119276bd5b5a6ded26549cc4f84 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26614.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26615.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26615.png" new file mode 100644 index 0000000000000000000000000000000000000000..604eb1bfa61471130f26a8f7ffd1c0b3614b22d3 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26615.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26616.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26616.png" new file mode 100644 index 0000000000000000000000000000000000000000..912a5d5d99277969277b372581ca1ecc039019c4 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26616.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26617.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26617.png" new file mode 100644 index 0000000000000000000000000000000000000000..ca4ef0f0e6dff84b39f4dab70a6b84a0a40cfb04 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26617.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26618.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26618.png" new file mode 100644 index 0000000000000000000000000000000000000000..41db05c19217a7f913b902e548a85d0f818fd5fb Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26618.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26619.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26619.png" new file mode 100644 index 0000000000000000000000000000000000000000..9c973575f161d398a347960ecc0b07b4d465033a Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26619.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2662.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..84fb9ab57756bb845d87e7d485a6a10ed2da280b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2662.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26620.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26620.png" new file mode 100644 index 0000000000000000000000000000000000000000..b4df524d8de03adb72d85e20c79124fec981af5a Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26620.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2663.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..1c14ef5949d4db979061aba87962e6236207dfcd Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2663.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2664.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..e8fcd86545f43145738da6ba02ae4e3e3f97d6b6 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2664.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2665.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2665.png" new file mode 100644 index 0000000000000000000000000000000000000000..9b1627384a188a831a1f2c629220bbbf2b102d86 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2665.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2666.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2666.png" new file mode 100644 index 0000000000000000000000000000000000000000..db62f93aaeb6c273984fb11854ee1585015131ea Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2666.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2667.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2667.png" new file mode 100644 index 0000000000000000000000000000000000000000..df8450690e4e7becd0c999fb5d2d3561a9b3d44b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2667.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2668.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2668.png" new file mode 100644 index 0000000000000000000000000000000000000000..b58d90081d2a8735bcd4af4f3a878badcab78ccd Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2668.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2669.png" "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2669.png" new file mode 100644 index 0000000000000000000000000000000000000000..daebc416e2f8700d4e57371c2f6d3a727f401e05 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2669.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2661.png" "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..6a5398b3ede4a0939f415df176aed10d0c582506 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2661.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2662.png" "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..4c51e269d22cda516e7a7c4191aa5a398773e1be Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2662.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2663.png" "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..d120fdc034f2c588c222837e8316a33cda339e22 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2663.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2664.png" "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..1e2ed031ac525d8a69c98c9f143b3edece72be77 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2664.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2665.png" "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2665.png" new file mode 100644 index 0000000000000000000000000000000000000000..b0f366b001a09dc1d1f4096ff5aa4f5ec6429087 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2665.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2661.png" "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..bdb7a7c95da1562829cb12a445948f1bdcc8d7e5 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2661.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2662.png" "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..d54a04a42afa0f0ae7d37fb2eef88943e4b402f5 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2662.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2663.png" "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..a85aad4547a6dc8b6d55d50524c69c92668e54a6 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2663.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2664.png" "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..c56bcc5248a53f9d5daeadaddb998d69ef154c4e Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2664.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\345\210\233\345\273\27216.png" "b/docs/en/tools/cloud/pilotgo/figures/T\345\210\233\345\273\27216.png" new file mode 100644 index 0000000000000000000000000000000000000000..6170f1e4b3c72d7c5759f8604e5eb81fd4f0ba81 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\345\210\233\345\273\27216.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2661.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..f8a60fe0a2c7ab78b7cb9e27d2ee3e2bb46b855c Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2661.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26610.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26610.png" new file mode 100644 index 0000000000000000000000000000000000000000..0737ac47dd75324fd32bc04d30efebc0c82d06e6 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26610.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26611.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26611.png" new file mode 100644 index 0000000000000000000000000000000000000000..e68b2924606bdacd45780df26ea3040512f41529 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26611.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26612.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26612.png" new file mode 100644 index 0000000000000000000000000000000000000000..434f5ae6f698cffe047c8d841e33d56b9524fb57 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26612.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26613.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26613.png" new file mode 100644 index 0000000000000000000000000000000000000000..52b832b784480c487bbfe522a2c288abc7688d63 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26613.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26614.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26614.png" new file mode 100644 index 0000000000000000000000000000000000000000..9f9d37bc22605aeca505ffa02cdb1fb4f77348c2 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26614.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26615.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26615.png" new file mode 100644 index 0000000000000000000000000000000000000000..9e2ae86c1eeb97b7a5497bd9088f397f12a1f1c3 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26615.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26616.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26616.png" new file mode 100644 index 0000000000000000000000000000000000000000..e11c688d9c1bf95b54006c48d34dd986e743d875 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26616.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26617.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26617.png" new file mode 100644 index 0000000000000000000000000000000000000000..a51bf0d3c26008efdf1611c57d9edd8566b4404b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26617.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2662.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..642736945bc173fc0ee586d3dcced92b8b095b51 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2662.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2663.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..cacef3c82a2b26d782a93855bd90b4997877ba6b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2663.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2664.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..1b83df0d7778cac5296d2e9886a901a8292160a9 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2664.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2665.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2665.png" new file mode 100644 index 0000000000000000000000000000000000000000..7d444877c2dbc0f7ed83528f1847c45e3aa0aec5 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2665.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2666.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2666.png" new file mode 100644 index 0000000000000000000000000000000000000000..45ec5470710ecdf3430f4468b1dcb8716f8b8485 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2666.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2667.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2667.png" new file mode 100644 index 0000000000000000000000000000000000000000..8531a7cc0116c09e01b7ce0a46fd3c9b873fa254 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2667.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2668.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2668.png" new file mode 100644 index 0000000000000000000000000000000000000000..c413b2ce7881ffcba3bcb38b766ed2c0961bbad7 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2668.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2669.png" "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2669.png" new file mode 100644 index 0000000000000000000000000000000000000000..882213869392dd7e787e92f45b65386c71e8305d Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2669.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2011.png" "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2011.png" new file mode 100644 index 0000000000000000000000000000000000000000..94b11e9d73b09a6592418fd28895f14049aa3042 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2011.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2012.png" "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2012.png" new file mode 100644 index 0000000000000000000000000000000000000000..283a407e3c2c051893528306d485b9cb0df9f4df Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2012.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2013.png" "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2013.png" new file mode 100644 index 0000000000000000000000000000000000000000..123213c25423d8eaa72f346f9531dcd7f0ff15af Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2013.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2711.png" "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..6a703ed196cdc2b4658e317d5fa51330583977fa Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2711.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2712.png" "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..aedc97318d613a230f584d3cd7a39b38d30619e4 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2712.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2713.png" "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2713.png" new file mode 100644 index 0000000000000000000000000000000000000000..28d6cc49987efe174b3ff8a53db25d472c35c334 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2713.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2411.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2411.png" new file mode 100644 index 0000000000000000000000000000000000000000..c68c4411fd6c1babe7b2014c1dcbd0a60854b033 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2411.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2412.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2412.png" new file mode 100644 index 0000000000000000000000000000000000000000..ef19f105e2490140151cb54ebffeebcc5aba87e1 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2412.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2413.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2413.png" new file mode 100644 index 0000000000000000000000000000000000000000..f252f90886373a0378effb7a41ca2e2c7d3f4f60 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2413.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2414.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2414.png" new file mode 100644 index 0000000000000000000000000000000000000000..0f0e95086a9082fc339e9dd930d727f652cea3d8 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2414.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2661.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..74889505efa10bf45d699d9c8ec19c81cd63ef4f Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2661.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2662.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..0a0f563aa9efd21a789058b76dc88e5e0208a996 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2662.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2663.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..e7dfcf189d030a4bffa1ce92885e27e3fab7ecde Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2663.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2411.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2411.png" new file mode 100644 index 0000000000000000000000000000000000000000..5b463d0ebb4d5ee3de034e9bfcd668ec5dd20486 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2411.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2412.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2412.png" new file mode 100644 index 0000000000000000000000000000000000000000..441278a946303bd01f93bddfcbd7b5f5c248033e Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2412.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2413.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2413.png" new file mode 100644 index 0000000000000000000000000000000000000000..4f5f66df31a36437f14e2bb82c8c95c1cecc977a Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2413.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2501.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2501.png" new file mode 100644 index 0000000000000000000000000000000000000000..46b8df350f33a09d26250fc1394ff364c5240877 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2501.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2502.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2502.png" new file mode 100644 index 0000000000000000000000000000000000000000..987d5c751cbdcd7a931c8e790c77a8acd69761d6 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2502.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2503.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2503.png" new file mode 100644 index 0000000000000000000000000000000000000000..2690f8dd111fca999a6208ac6220fba27c8de7d8 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2503.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2671.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2671.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa44c85f2249df946761c8a230edc0289ea028f2 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2671.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2672.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2672.png" new file mode 100644 index 0000000000000000000000000000000000000000..1bed708ca71b6c69229697707c54be66d96803ac Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2672.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2711.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..b1fb1936d03477f1fa3f774382a30f423aae30be Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2711.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2712.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..417f2c3ab074a0e962ea08e81b9511322851700f Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2712.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2713.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2713.png" new file mode 100644 index 0000000000000000000000000000000000000000..ade96f981a8b1dcb8fa18e21a710ae5eba829024 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2713.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2621.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2621.png" new file mode 100644 index 0000000000000000000000000000000000000000..0173d0db11dd18d0454523ead716e5dcd80fc833 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2621.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2622.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2622.png" new file mode 100644 index 0000000000000000000000000000000000000000..e3d52203ec36234581a3064ff0931cb9c9cf7afe Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2622.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2623.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2623.png" new file mode 100644 index 0000000000000000000000000000000000000000..966f04257fbd52ee6713d83350b251b8f7255567 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2623.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\212\237\350\203\275\346\250\241\345\235\227.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\212\237\350\203\275\346\250\241\345\235\227.png" new file mode 100644 index 0000000000000000000000000000000000000000..86782bfc46f42a051b56f457cd46fad60cad3332 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\212\237\350\203\275\346\250\241\345\235\227.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2201.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2201.png" new file mode 100644 index 0000000000000000000000000000000000000000..6d46d6f496a3b43a501b6e9f806f5501069e4bb5 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2201.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2202.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2202.png" new file mode 100644 index 0000000000000000000000000000000000000000..901bed4daf0c9b7dbbe7bd6833dea6093e2b6e9a Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2202.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2501.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2501.png" new file mode 100644 index 0000000000000000000000000000000000000000..708de466507f8c07f29c0b23915b99b66e5ab308 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2501.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2502.png" "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2502.png" new file mode 100644 index 0000000000000000000000000000000000000000..3c401d9c96c8c3cd4602540296143d1d3331d845 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2502.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2211.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2211.png" new file mode 100644 index 0000000000000000000000000000000000000000..82518a40fd982bff95ff7af1cd94b2f6970eb4c4 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2211.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2212.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2212.png" new file mode 100644 index 0000000000000000000000000000000000000000..6dec37e1e56e9c0c56469e2dd81b350f287d25ff Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2212.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2751.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2751.png" new file mode 100644 index 0000000000000000000000000000000000000000..a8f3dfd37854995e502ca77e04e794e380c8467f Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2751.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2752.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2752.png" new file mode 100644 index 0000000000000000000000000000000000000000..584a55ba3a87ff087d77de756e455c61276ed022 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2752.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\346\223\215\344\275\2341.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\346\223\215\344\275\2341.png" new file mode 100644 index 0000000000000000000000000000000000000000..0b25e8e5cee2f6d4597d2d244565ff827947b4d2 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\346\223\215\344\275\2341.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2211.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2211.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5d54a3679b9a183dbc8eddacf881a8c30c0967b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2211.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2212.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2212.png" new file mode 100644 index 0000000000000000000000000000000000000000..d639180465474d529758cb83e98b8bd44c409e47 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2212.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2213.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2213.png" new file mode 100644 index 0000000000000000000000000000000000000000..87082b54be5d405f859bd17b558b061e08565f0c Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2213.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2441.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2441.png" new file mode 100644 index 0000000000000000000000000000000000000000..e292e6abbde7b787e8c5246fe0a754e8bd3f3277 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2441.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2442.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2442.png" new file mode 100644 index 0000000000000000000000000000000000000000..eb643a896473ade847fd6091dd031eadc3444a4c Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2442.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2443.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2443.png" new file mode 100644 index 0000000000000000000000000000000000000000..a8f2dd996fb826ace2a657ae330aaf36d7c1b884 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2443.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\216\206\345\217\262\347\211\210\346\234\254.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\216\206\345\217\262\347\211\210\346\234\254.png" new file mode 100644 index 0000000000000000000000000000000000000000..74f5e745836607702d69f97939b8629446dc0d71 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\216\206\345\217\262\347\211\210\346\234\254.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2321.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2321.png" new file mode 100644 index 0000000000000000000000000000000000000000..8a7e6dfd18608275d496de46cc157bdcfcc1ffa4 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2321.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2322.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2322.png" new file mode 100644 index 0000000000000000000000000000000000000000..0ceef0dcacc27149d2feb2eff3a7902af1c13186 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2322.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2323.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2323.png" new file mode 100644 index 0000000000000000000000000000000000000000..69b4cda58e7962c11e40bdac7555afb9428941b2 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2323.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2324.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2324.png" new file mode 100644 index 0000000000000000000000000000000000000000..79281449c580ef3059dc30329416e6fb564fb5ae Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2324.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2131.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2131.png" new file mode 100644 index 0000000000000000000000000000000000000000..14e91000f62a312b9004ab2108929d90ee49f1b1 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2131.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2132.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2132.png" new file mode 100644 index 0000000000000000000000000000000000000000..517fd0fcdce1ccf35216bc0e98c4ea3127145d1b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2132.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\346\237\245\347\234\213.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..aef655d63baec93d740d8a1bb010715ee5f46b43 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\346\237\245\347\234\213.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\350\257\246\346\203\205.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..97864d9a760b2bc0acd6e82b2d072cf3647384a2 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\350\257\246\346\203\205.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..2c866f8739a5757505aeb5d5ad1626a6c0e42179 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\344\277\241\346\201\257.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\344\277\241\346\201\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..e0be6aec62ea1de2de8f8a771a3b4f5f07d9ecea Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\344\277\241\346\201\257.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2701.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2701.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1c722e66168c29fbc1aea72a24f90c05d23b459 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2701.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2702.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2702.png" new file mode 100644 index 0000000000000000000000000000000000000000..cb4263a4961d75a687b0d073f6922af6e936970d Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2702.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2711.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..ae23a49e9ef1d9c2be390a4715f83457c05dce69 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2711.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2712.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..344f95e052c876e312043099b36267e4e9544e5c Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2712.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2713.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2713.png" new file mode 100644 index 0000000000000000000000000000000000000000..1f108d6f224f30a5973b4ddbe7e8d551d8e1f9c5 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2713.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\201\234\346\255\242.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\201\234\346\255\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..c482e8389f10bca2f1ad43545af169d6dd26b1a5 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\201\234\346\255\242.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\220\257\345\212\250.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\220\257\345\212\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..3d8674a65895b1138ca2826b2496f17c81e5818b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\220\257\345\212\250.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\346\237\245\350\257\242.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\346\237\245\350\257\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..c9f00f1467981d26f162c45fc065cba7043e88c7 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\346\237\245\350\257\242.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\351\207\215\345\220\257.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\351\207\215\345\220\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..a77c72630b6ab284232f7584d4f688e243439960 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\351\207\215\345\220\257.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\224\250\346\210\267\344\277\241\346\201\257.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\224\250\346\210\267\344\277\241\346\201\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..e96ba36aa2bcbadd7b7f9bd23e451d6faa456bb9 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\224\250\346\210\267\344\277\241\346\201\257.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\257.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..2a7e5cbb1366030517ceeacc8a1459a764ac98eb Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\257.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\2571.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\2571.png" new file mode 100644 index 0000000000000000000000000000000000000000..d3130734e2fb884c74209411dbb647d88e575a8f Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\2571.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\275\221\347\273\234\351\205\215\347\275\256.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\275\221\347\273\234\351\205\215\347\275\256.png" new file mode 100644 index 0000000000000000000000000000000000000000..6a3017159efe20948a8c1cdbd4d98b9ef482e775 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\275\221\347\273\234\351\205\215\347\275\256.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\257\246\346\203\205.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..8013f25410e592c4f10486b7d6214f6eba3717fd Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\257\246\346\203\205.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\215\270\350\275\275.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\215\270\350\275\275.png" new file mode 100644 index 0000000000000000000000000000000000000000..d9299c2fa59898b7063049aa7ecb428eed4601b7 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\215\270\350\275\275.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\205.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..f9726c1b6b879f63e618a2245354c595e4b17f55 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\205.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2051.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2051.png" new file mode 100644 index 0000000000000000000000000000000000000000..1801f6adbd2b2cf1c00fd279c720192915a34d55 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2051.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2052.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2052.png" new file mode 100644 index 0000000000000000000000000000000000000000..b24a22cbafc042b7d4cb234708a161a4b6910048 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2052.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\346\220\234\347\264\242.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\346\220\234\347\264\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..d6119cf60ec4dfa952fcf4f16dec97ab6daf1863 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\346\220\234\347\264\242.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\246\202\350\247\210.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..d32d9673426c3a3beb3b7b02ae2dd7ba0cee8671 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\246\202\350\247\210.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2671.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2671.png" new file mode 100644 index 0000000000000000000000000000000000000000..04ed9a75aacb082a4c416b4d3309606b800c8d27 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2671.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2672.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2672.png" new file mode 100644 index 0000000000000000000000000000000000000000..e69cb0806e796f31a54a37ec0d9136e2ce74efab Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2672.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2711.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..f7554243b3009c7945ad1746f86a77b046573f2f Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2711.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2712.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ee25dd17e3252c21267231e4b6ad17860ceac6e Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2712.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2621.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2621.png" new file mode 100644 index 0000000000000000000000000000000000000000..5a98fc65e9f7e3dbdb312ed5951eb3767a5001f8 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2621.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2622.png" "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2622.png" new file mode 100644 index 0000000000000000000000000000000000000000..ba014915a2fec33734e7daee451c8eaf7738d6a1 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2622.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2451.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2451.png" new file mode 100644 index 0000000000000000000000000000000000000000..b538a40e8b89c49ff4ee4a26df7f390c8564dbd6 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2451.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2452.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2452.png" new file mode 100644 index 0000000000000000000000000000000000000000..c725bbe4a5e738bafebeefbe0c90b2f555275cc8 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2452.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2453.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2453.png" new file mode 100644 index 0000000000000000000000000000000000000000..c731959721be7ecacd4f7f5e2d82486deecb997f Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2453.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2721.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2721.png" new file mode 100644 index 0000000000000000000000000000000000000000..fc395b3b31fe80d8d63caf644b8af92bccadb691 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2721.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2722.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2722.png" new file mode 100644 index 0000000000000000000000000000000000000000..fd44f2600b62b30ac8abb125668ecc3e4f59cf5f Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2722.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\231\273\345\275\225.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\231\273\345\275\225.png" new file mode 100644 index 0000000000000000000000000000000000000000..6eb0106de32bd3d9da30d194035f129e3083791a Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\231\273\345\275\225.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2411.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2411.png" new file mode 100644 index 0000000000000000000000000000000000000000..ddc0b69e0101881902ed3f12cf5f56cdc20dc32b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2411.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2412.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2412.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5625966a81c44421eb1c2f3906aa7ce2746faf5 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2412.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2413.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2413.png" new file mode 100644 index 0000000000000000000000000000000000000000..27519a3d4f0becbc9b77e27897741547ae12e269 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2413.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2661.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..50b5f27cc9cecee17b7758683f61bf21544e8c3b Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2661.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2662.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..1362aac595643c19f924cf92098bf43abf75c78e Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2662.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2663.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..ffa2ed188539c7aa0f95cd6beb21d07c0ed6fc84 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2663.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2671.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2671.png" new file mode 100644 index 0000000000000000000000000000000000000000..4df5e7583f4a9676c864dda18bb9d411c29862e8 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2671.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2672.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2672.png" new file mode 100644 index 0000000000000000000000000000000000000000..0a36495c86e915bc3c8c9d23f422755aeea80f46 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2672.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2621.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2621.png" new file mode 100644 index 0000000000000000000000000000000000000000..4ace76039f0cfe5a21d1ec53940819ed3ca31c5a Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2621.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2622.png" "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2622.png" new file mode 100644 index 0000000000000000000000000000000000000000..65b8bb7a4def07435da61d80f9485f9637a109e3 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2622.png" differ diff --git "a/docs/en/tools/cloud/pilotgo/figures/\351\207\215\347\275\256\345\257\206\347\240\2011.png" "b/docs/en/tools/cloud/pilotgo/figures/\351\207\215\347\275\256\345\257\206\347\240\2011.png" new file mode 100644 index 0000000000000000000000000000000000000000..bad1fce9f9742ee586ac3f8d9f61ae37b03b8779 Binary files /dev/null and "b/docs/en/tools/cloud/pilotgo/figures/\351\207\215\347\275\256\345\257\206\347\240\2011.png" differ diff --git a/docs/en/tools/cloud/pilotgo/pilotgo_introduction.md b/docs/en/tools/cloud/pilotgo/pilotgo_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..78b724a4c2a618ce7b6c292a0e2bb42b3102227e --- /dev/null +++ b/docs/en/tools/cloud/pilotgo/pilotgo_introduction.md @@ -0,0 +1,3 @@ +# PilotGo Introduction + +This document is currently not available in English. diff --git a/docs/en/tools/cloud/pilotgo/usage_instructions.md b/docs/en/tools/cloud/pilotgo/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..aaec2203303b9e2ae0f077d1184478dd02ca52aa --- /dev/null +++ b/docs/en/tools/cloud/pilotgo/usage_instructions.md @@ -0,0 +1,3 @@ +# PilotGo Usage Instructions + +This document is currently not available in English. diff --git a/docs/en/tools/community_tools/_toc.yaml b/docs/en/tools/community_tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d45d3b54a36acefa7e053e23c7bde194040d4b09 --- /dev/null +++ b/docs/en/tools/community_tools/_toc.yaml @@ -0,0 +1,18 @@ +label: Community Tools +sections: + - label: Image Creation + sections: + - href: ./isocut/_toc.yaml + - href: ./image_tailor/_toc.yaml + - label: Migration + sections: + - href: ./migration_tools/_toc.yaml + - label: Virtualization + sections: + - href: ./virtualization/euler_launcher/_toc.yaml + - label: epkg + sections: + - href: ./epkg_use/_toc.yaml + - label: Compilation + sections: + - href: ./pin/_toc.yaml diff --git a/docs/en/tools/community_tools/epkg_use/_toc.yaml b/docs/en/tools/community_tools/epkg_use/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..902d536acf0cba62f39d51a6bfe989b77f203b6b --- /dev/null +++ b/docs/en/tools/community_tools/epkg_use/_toc.yaml @@ -0,0 +1,6 @@ +label: epkg User Guide +isManual: true +description: Use epkg to manage packages. +sections: + - label: epkg User Guide + href: ./epkg_package_manager_usage_guide.md diff --git a/docs/en/tools/community_tools/epkg_use/epkg_package_manager_usage_guide.md b/docs/en/tools/community_tools/epkg_use/epkg_package_manager_usage_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..d88d3e2949955d7fb4be45cf9389bb966ea70394 --- /dev/null +++ b/docs/en/tools/community_tools/epkg_use/epkg_package_manager_usage_guide.md @@ -0,0 +1,320 @@ +# epkg User Guide + +## Introduction + +This document explains how to initialize the working environment for the epkg package manager and how to use its basic features. All operation results in this document are demonstrated using a non-root user as an example. +Note: Currently, epkg packages are only compatible with the AArch64 architecture, and support for other architectures will be expanded in the future. + +## Quick Start + +The following examples demonstrate how to install different versions of software packages. + +```bash +# Install epkg using curl. +# During installation, you can choose between user/global installation modes to install epkg for the current user or all users. +# Only the root user can use the global installation mode. +wget https://repo.oepkgs.net/openeuler/epkg/rootfs/epkg-installer.sh +sh epkg-installer.sh + +# Uninstall epkg. +wget https://repo.oepkgs.net/openeuler/epkg/rootfs/epkg-uninstaller.sh +sh epkg-uninstaller.sh + +# Initialize epkg. +epkg init +bash // Re-execute .bashrc to update the PATH + +# Create environment 1. +epkg env create t1 +epkg install tree +tree --version +which tree + +# View repositories. +[root@vm-4p64g ~]# epkg repo list +------------------------------------------------------------------------------------------------------------------------------------------------------ +channel | repo | url +------------------------------------------------------------------------------------------------------------------------------------------------------ +openEuler-22.03-LTS-SP3 | OS | https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-22.03-LTS-SP3/OS/aarch64/ +openEuler-24.09 | everything | https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64/ +openEuler-24.09 | OS | https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/OS/aarch64/ +------------------------------------------------------------------------------------------------------------------------------------------------------ + +# Create environment 2, specify a repository. +epkg env create t2 --repo openEuler-22.03-LTS-SP3 +epkg install tree +tree --version +which tree + +# Switch back to environment 1. +epkg env activate t1 +``` + +## epkg Usage + +```bash +Usage: + epkg install PACKAGE + epkg install [--env ENV] PACKAGE (under development) + epkg remove [--env ENV] PACKAGE (under development) + epkg upgrade [PACKAGE] (under development) + + epkg search PACKAGE (under development) + epkg list (under development) + + epkg env list + epkg env create|remove ENV + epkg env activate ENV + epkg env deactivate ENV + epkg env register|unregister ENV + epkg env history ENV (under development) + epkg env rollback ENV (under development) +``` + +Package installation: + +```bash +epkg env create $env # Create an environment. +epkg install $package # Install a package in the environment. +epkg env create $env2 --repo $repo # Create environment 2, specify a repository. +epkg install $package # Install a package in environment 2. +``` + +Package building: + +```bash +epkg build ${yaml_path}/$pkg_name.yaml +``` + +### Installing Software + +Function description: + +Install software in the current environment (confirm the current environment before operation). + +Command: + +```shell +epkg install ${package_name} +``` + +Example output: + +```shell +[root@2d785c36ee2e /]# epkg env activate t1 +Add common to path +Add t1 to path +Environment 't1' activated. +Environment 't1' activated. +[root@2d785c36ee2e /]# epkg install tree +EPKG_ENV_NAME: t1 +Caching repodata for: "OS" +Cache for "OS" already exists. Skipping... +Caching repodata for: "OS" +Cache for "OS" already exists. Skipping... +Caching repodata for: "everything" +Cache for "everything" already exists. Skipping... +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/FF/FFCRTKRFGFQ6S2YVLOSUF6PHSMRP7A2N__ncurses-libs__6.4__8.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/D5/D5BOEFTRBNV3E4EXBVXDSRNTIGLGWVB7__glibc-all-langpacks__2.38__34.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/VX/VX6SUOPGEVDWF6E5M2XBV53VS7IXSFM5__openEuler-repos__1.0__3.3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/LO/LO6RYZTBB2Q7ZLG6SWSICKGTEHUTBWUA__libselinux__3.5__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/EP/EPIEEK2P5IUPO4PIOJ2BXM3QPEFTZUCT__basesystem__12__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/2G/2GYDDYVWYYIDGOLGTVUACSBHYVRCRJH3__setup__2.14.5__2.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/HC/HCOKXTWQQUPCFPNI7DMDC6FGSDOWNACC__glibc__2.38__34.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/OJ/OJQAHJTY3Y7MZAXETYMTYRYSFRVVLPDC__glibc-common__2.38__34.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/FJ/FJXG3K2TSUYXNU4SES2K3YSTA3AHHUMB__tree__2.1.1__1.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/KD/KDYRBN74LHKSZISTLMYOMTTFVLV4GPYX__readline__8.2__2.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/MN/MNJPSSBS4OZJL5EB6YKVFLMV4TGVBUBA__tzdata__2024a__2.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/S4/S4FBO2SOMG3GKP5OMDWP4XN5V4FY7OY5__bash__5.2.21__1.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/EJ/EJGRNRY5I6XIDBWL7H5BNYJKJLKANVF6__libsepol__3.5__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/TZ/TZRQZRU2PNXQXHRE32VCADWGLQG6UL36__bc__1.07.1__12.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/WY/WYMBYMCARHXD62ZNUMN3GQ34DIWMIQ4P__filesystem__3.16__6.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/KQ/KQ2UE3U5VFVAQORZS4ZTYCUM4QNHBYZ7__openEuler-release__24.09__55.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/HD/HDTOK5OTTFFKSTZBBH6AIAGV4BTLC7VT__openEuler-gpg-keys__1.0__3.3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/EB/EBLBURHOKKIUEEFHZHMS2WYF5OOKB4L3__pcre2__10.42__8.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/YW/YW5WTOMKY2E5DLYYMTIDIWY3XIGHNILT__info__7.0.3__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/E4/E4KCO6VAAQV5AJGNPW4HIXDHFXMR4EJV__ncurses-base__6.4__8.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start install FFCRTKRFGFQ6S2YVLOSUF6PHSMRP7A2N__ncurses-libs__6.4__8.oe2409 +start install D5BOEFTRBNV3E4EXBVXDSRNTIGLGWVB7__glibc-all-langpacks__2.38__34.oe2409 +start install VX6SUOPGEVDWF6E5M2XBV53VS7IXSFM5__openEuler-repos__1.0__3.3.oe2409 +start install LO6RYZTBB2Q7ZLG6SWSICKGTEHUTBWUA__libselinux__3.5__3.oe2409 +start install EPIEEK2P5IUPO4PIOJ2BXM3QPEFTZUCT__basesystem__12__3.oe2409 +start install 2GYDDYVWYYIDGOLGTVUACSBHYVRCRJH3__setup__2.14.5__2.oe2409 +start install HCOKXTWQQUPCFPNI7DMDC6FGSDOWNACC__glibc__2.38__34.oe2409 +start install OJQAHJTY3Y7MZAXETYMTYRYSFRVVLPDC__glibc-common__2.38__34.oe2409 +start install FJXG3K2TSUYXNU4SES2K3YSTA3AHHUMB__tree__2.1.1__1.oe2409 +start install KDYRBN74LHKSZISTLMYOMTTFVLV4GPYX__readline__8.2__2.oe2409 +start install MNJPSSBS4OZJL5EB6YKVFLMV4TGVBUBA__tzdata__2024a__2.oe2409 +start install S4FBO2SOMG3GKP5OMDWP4XN5V4FY7OY5__bash__5.2.21__1.oe2409 +start install EJGRNRY5I6XIDBWL7H5BNYJKJLKANVF6__libsepol__3.5__3.oe2409 +start install TZRQZRU2PNXQXHRE32VCADWGLQG6UL36__bc__1.07.1__12.oe2409 +start install WYMBYMCARHXD62ZNUMN3GQ34DIWMIQ4P__filesystem__3.16__6.oe2409 +start install KQ2UE3U5VFVAQORZS4ZTYCUM4QNHBYZ7__openEuler-release__24.09__55.oe2409 +start install HDTOK5OTTFFKSTZBBH6AIAGV4BTLC7VT__openEuler-gpg-keys__1.0__3.3.oe2409 +start install EBLBURHOKKIUEEFHZHMS2WYF5OOKB4L3__pcre2__10.42__8.oe2409 +start install YW5WTOMKY2E5DLYYMTIDIWY3XIGHNILT__info__7.0.3__3.oe2409 +start install E4KCO6VAAQV5AJGNPW4HIXDHFXMR4EJV__ncurses-base__6.4__8.oe2409 +``` + +### Listing Environments + +Function description: + +List all environments in epkg (under the `$EPKG_ENVS_ROOT` directory) and indicate the current environment. + +Command: + +```shell +epkg env list +``` + +Example output: + +```shell +[small_leek@19e784a5bc38 bin]# epkg env list +Available environments(sort by time): +w1 +main +common +You are in [main] now +``` + +### Creating an Environment + +Function description: + +Create a new environment. After successful creation, the new environment is activated by default, but is not globally registered. + +Command: + +```shell +epkg env create ${env_name} +``` + +Example output: + +```shell +[small_leek@b0e608264355 bin]# epkg env create work1 +YUM --installroot directory structure created successfully in: /root/.epkg/envs/work1/profile-1 +Environment 'work1' added to PATH. +Environment 'work1' activated. +Environment 'work1' created. +``` + +### Activating an Environment + +Function description: + +Activate the specified environment, refresh `EPKG_ENV_NAME` and `RPMDB_DIR` (used to point to `--dbpath` when software is installed into the specified environment), refresh `PATH` to include the specified environment and the common environment, and set the specified environment as the first priority. + +Command: + +```shell +epkg env activate ${env_name} +``` + +Example output: + +```shell +[small_leek@9d991d463f89 bin]# epkg env activate main +Environment 'main' activated +``` + +### Deactivating an Environment + +Function description: + +Deactivate the specified environment, refresh `EPKG_ENV_NAME` and `RPMDB_DIR`, refresh `PATH`, and default to the main environment. + +Command: + +```shell +epkg env deactivate ${env_name} +``` + +Example output: + +```shell +[small_leek@398ec57ce780 bin]# epkg env deactivate w1 +Environment 'w1' deactivated. +``` + +### Registering an Environment + +Function description: + +Register the specified environment, persistently refresh `PATH` to include all registered environments in epkg, and set the specified environment as the first priority. + +Command: + +```shell +epkg env register ${env_name} +``` + +Example output: + +```shell +[small_leek@5042ae77dd75 bin]# epkg env register lkp +EPKG_ACTIVE_ENV: +Environment 'lkp' has been registered to PATH. +``` + +### Unregistering an Environment + +Function description: + +Unregister the specified environment, persistently refresh `PATH` to include all registered environments in epkg except the specified one. + +Command: + +```shell +epkg env unregister ${env_name} +``` + +Example output: + +```shell +[small_leek@69393675945d /]# epkg env unregister w4 +EPKG_ACTIVE_ENV: +Environment 'w4' has been unregistered from PATH. +``` + +### Building an epkg Package + +Function description: + +Build an epkg package using the YAML file provided by autopkg. + +Command: + +```shell +epkg build ${yaml_path}/$pkg_name.yaml +``` + +Example output: + +```shell +[small_leek@69393675945d /]# epkg build /root/epkg/build/test/tree/package.yaml +pkg_hash: fbfqtsnza9ez1zk0cy23vyh07xfzsydh, dir: /root/.cache/epkg/build-workspace/result +Compress success: /root/.cache/epkg/build-workspace/epkg/fbfqtsnza9ez1zk0cy23vyh07xfzsydh__tree__2.1.1__0.oe2409.epkg +``` diff --git a/docs/en/tools/community_tools/image_tailor/_toc.yaml b/docs/en/tools/community_tools/image_tailor/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9e7350413fa5d6e4caeee93a25ca1bfac5f8cda6 --- /dev/null +++ b/docs/en/tools/community_tools/image_tailor/_toc.yaml @@ -0,0 +1,6 @@ +label: imageTailor User Guide +isManual: true +description: OS image tailoring by removing unneeded packages or files +sections: + - label: imageTailor User Guide + href: ./imagetailor_userguide.md diff --git a/docs/en/tools/community_tools/image_tailor/figures/flowchart.png b/docs/en/tools/community_tools/image_tailor/figures/flowchart.png new file mode 100644 index 0000000000000000000000000000000000000000..e4fecb8b310f204d6cfd07449ccc3c93d1badd51 Binary files /dev/null and b/docs/en/tools/community_tools/image_tailor/figures/flowchart.png differ diff --git a/docs/en/tools/community_tools/image_tailor/figures/lack_pack.png b/docs/en/tools/community_tools/image_tailor/figures/lack_pack.png new file mode 100644 index 0000000000000000000000000000000000000000..a4b7f1da15da70f63a86aae360e89017c2b98f2d Binary files /dev/null and b/docs/en/tools/community_tools/image_tailor/figures/lack_pack.png differ diff --git a/docs/en/tools/community_tools/image_tailor/imagetailor_userguide.md b/docs/en/tools/community_tools/image_tailor/imagetailor_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..9bfad2ea58af5e2a9b249c171754ae7be67921a2 --- /dev/null +++ b/docs/en/tools/community_tools/image_tailor/imagetailor_userguide.md @@ -0,0 +1,890 @@ +# imageTailor User Guide + +## Introduction + +In addition to the kernel, an operating system contains various peripheral packages. These peripheral packages provide functions of a general-purpose operating system but also cause the following problems: + +- A large number of resources (such as memory, disks, and CPUs) are occupied, resulting in low system performance. +- Unnecessary functions increase the development and maintenance costs. + +To address these problems, openEuler provides the imageTailor tool for tailoring and customization images. You can tailor unnecessary peripheral packages in the OS image or add service packages or files as required. This tool includes the following functions: + +- System package tailoring: Tailors system commands, libraries, and drivers based on the list of RPM packages to be installed. +- System configuration modification: Configures the host name, startup services, time zone, network, partitions, drivers to be loaded, and kernel version. +- Software package addition: Adds custom RPM packages or files to the system. + +## Installation + +This section uses openEuler 22.03 LTS in the AArch64 architecture as an example to describe the installation method. + +### Software and Hardware Requirements + +The software and hardware requirements of imageTailor are as follows: + +- The architecture is x86_64 or AArch64. + +- The OS is openEuler 22.03 LTS (the kernel version is 5.10 and the Python version is 3.9, which meet the tool requirements). + +- The root directory **/** of the host to run the tool have at least 40 GB space. + +- The Python version is 3.9 or later. + +- The kernel version is 5.10 or later. + +- The SElinux service is disabled. + + ```shell + $ sudo setenforce 0 + $ getenforce + Permissive + ``` + +### Obtaining the Installation Package + +Download the openEuler release package to install and use imageTailor. + +1. Obtain the ISO image file and the corresponding verification file. + + The image must be an everything image. Assume that the image is to be stored in the **root** directory. Run the following commands: + + ```shell + cd /root/temp + wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso + wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso.sha256sum + ``` + +2. Obtain the verification value in the sha256sum verification file. + + ```shell + cat openEuler-{version}-everything-aarch64-dvd.iso.sha256sum + ``` + +3. Calculate the verification value of the ISO image file. + + ```shell + sha256sum openEuler-{version}-everything-aarch64-dvd.iso + ``` + +4. Compare the verification value in the sha256sum file with that of the ISO image. If they are the same, the file integrity is verified. Otherwise, the file integrity is damaged. You need to obtain the file again. + +### Installing imageTailor + +The following uses openEuler 22.03 LTS in AArch64 architecture as an example to describe how to install imageTailor. + +1. Ensure that openEuler 22.03 LTS (or a running environment that meets the requirements of imageTailor) has been installed on the host. + + ```shell + $ cat /etc/openEuler-release + openEuler release 22.03 LTS + ``` + +2. Create a **/etc/yum.repos.d/local.repo** file to configure the Yum source. The following is an example of the configuration file. **baseurl** indicates the directory for mounting the ISO image. + + ```shell + [local] + name=local + baseurl=file:///root/imageTailor_mount + gpgcheck=0 + enabled=1 + ``` + +3. Run the following commands as the **root** user to mount the image to the **/root/imageTailor_mount** directory as the Yum source (ensure that the value of **baseurl** is the same as that configured in the repo file and the disk space of the directory is greater than 20 GB): + + ```shell + mkdir /root/imageTailor_mount + sudo mount -o loop /root/temp/openEuler-{version}-everything-aarch64-dvd.iso /root/imageTailor_mount/ + ``` + +4. Make the Yum source take effect. + + ```shell + yum clean all + yum makecache + ``` + +5. Install the imageTailor tool as the **root** user. + + ```shell + sudo yum install -y imageTailor + ``` + +6. Run the following command as the **root** user to verify that the tool has been installed successfully: + + ```shell + $ cd /opt/imageTailor/ + $ sudo ./mkdliso -h + ------------------------------------------------------------------------------------------------------------- + Usage: mkdliso -p product_name -c configpath [--minios yes|no|force] [-h] [--sec] + Options: + -p,--product Specify the product to make, check custom/cfg_yourProduct. + -c,--cfg-path Specify the configuration file path, the form should be consistent with custom/cfg_xxx + --minios Make minios: yes|no|force + --sec Perform security hardening + -h,--help Display help information + + Example: + command: + ./mkdliso -p openEuler -c custom/cfg_openEuler --sec + + help: + ./mkdliso -h + ------------------------------------------------------------------------------------------------------------- + ``` + +### Directory Description + +After imageTailor is installed, the directory structure of the tool package is as follows: + +```shell +[imageTailor] + |-[custom] + |-[cfg_openEuler] + |-[usr_file] // Stores files to be added. + |-[usr_install] //Stores hook scripts to be added. + |-[all] + |-[conf] + |-[hook] + |-[cmd.conf] // Configures the default commands and libraries used by an ISO image. + |-[rpm.conf] // Configures the list of RPM packages and drivers installed by default for an ISO image. + |-[security_s.conf] // Configures security hardening policies. + |-[sys.conf] // Configures ISO image system parameters. + |-[kiwi] // Basic configurations of imageTailor. + |-[repos] //RPM sources for obtaining the RPM packages required for creating an ISO image. + |-[security-tool] // Security hardening tool. + |-mkdliso // Executable script for creating an ISO image. +``` + +## Image Customization + +This section describes how to use the imageTailor tool to package the service RPM packages, custom files, drivers, commands, and libraries to the target ISO image. + +### Overall Process + +The following figure shows the process of using imageTailor to customize an image. + +![](./figures/flowchart.png) + +The steps are described as follows: + +- Check software and hardware environment: Ensure that the host for creating the ISO image meets the software and hardware requirements. + +- Customize service packages: Add RPM packages (including service RPM packages, commands, drivers, and library files) and files (including custom files, commands, drivers, and library files). + + - Adding service RPM packages: Add RPM packages to the ISO image as required. For details, see [Installation](#installation). + - Adding custom files: If you want to perform custom operations such as hardware check, system configuration check, and driver installation when the target ISO system is installed or started, you can compile custom files and package them to the ISO image. + - Adding drivers, commands, and library files: If the RPM package source of openEuler does not contain the required drivers, commands, or library files, you can use imageTailor to package the corresponding drivers, commands, or library files into the ISO image. + +- Configure system parameters: + + - Configuring host parameters: To ensure that the ISO image is successfully installed and started, you need to configure host parameters. + - Configuring partitions: You can configure service partitions based on the service plan and adjust system partitions. + - Configuring the network: You can set system network parameters as required, such as the NIC name, IP address, and subnet mask. + - Configuring the initial password: To ensure that the ISO image is successfully installed and started, you need to configure the initial passwords of the **root** user and GRUB. + - Configuring kernel parameters: You can configure the command line parameters of the kernel as required. + +- Configure security hardening policies. + + imageTailor provides default security hardening policies. You can modify **security_s.conf** (in the ISO image customization phase) to perform secondary security hardening on the system based on service requirements. For details, see the [Security Hardening Guide](https://docs.openeuler.org/en/docs/22.03_LTS/docs/SecHarden/secHarden.html). + +- Create an ISO image: + + Use the imageTailor tool to create an ISO image. + +### Customizing Service Packages + +You can pack service RPM packages, custom files, drivers, commands, and library files into the target ISO image as required. + +#### Setting a Local repository + +To customize an ISO image, you must set a repository in the **/opt/imageTailor/repos/euler_base/** directory. This section describes how to set a local repository. + +1. Download the ISO file released by openEuler. (The RPM package of the everything image released by the openEuler must be used.) + + ```shell + cd /opt + wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso + ``` + +2. Create a mount directory **/opt/openEuler_repo** and mount the ISO file to the directory. + + ```shell + $ sudo mkdir -p /opt/openEuler_repo + $ sudo mount openEuler-{version}-everything-aarch64-dvd.iso /opt/openEuler_repo + mount: /opt/openEuler_repo: WARNING: source write-protected, mounted read-only. + ``` + +3. Copy the RPM packages in the ISO file to the **/opt/imageTailor/repos/euler_base/** directory. + + ```shell + $ sudo rm -rf /opt/imageTailor/repos/euler_base && sudo mkdir -p /opt/imageTailor/repos/euler_base + $ sudo cp -ar /opt/openEuler_repo/Packages/* /opt/imageTailor/repos/euler_base + $ sudo chmod -R 644 /opt/imageTailor/repos/euler_base + $ sudo ls /opt/imageTailor/repos/euler_base|wc -l + 2577 + $ sudo umount /opt/openEuler_repo && sudo rm -rf /opt/openEuler_repo + $ cd /opt/imageTailor + ``` + +#### Adding Files + +You can add files to an ISO image as required. The file types include custom files, drivers, commands, or library file. Store the files to the **/opt/imageTailor/custom/cfg_openEuler/usr_file** directory. + +##### Precautions + +- The commands to be packed must be executable. Otherwise, imageTailor will fail to pack the commands into the ISO. + +- The file stored in the **/opt/imageTailor/custom/cfg_openEuler/usr_file** directory will be generated in the root directory of the ISO. Therefore, the directory structure of the file must be a complete path starting from the root directory so that imageTailor can place the file in the correct directory. + + For example, if you want **file1** to be in the **/opt** directory of the ISO, create an **opt** directory in the **usr_file** directory and copy **file1** to the **opt** directory. For example: + + ```shell + $ pwd + /opt/imageTailor/custom/cfg_openEuler/usr_file + + $ tree + . + ├── etc + │   ├── default + │   │   └── grub + │   └── profile.d + │   └── csh.precmd + └── opt + └── file1 + + 4 directories, 3 files + ``` + +- The paths in **/opt/imageTailor/custom/cfg_openEuler/usr_file** must be real paths. For example, the paths do not contain soft links. You can run the `realpath` or `readlink -f` command to query the real path. + +- If you need to invoke a custom script in the system startup or installation phase, that is, a hook script, store the file in the **hook** directory. + +#### Adding RPM Packages + +##### Procedure + +To add RPM packages (drivers, commands, or library files) to an ISO image, perform the following steps: + +> [!NOTE]NOTE +> +> - The **rpm.conf** and **cmd.conf** files are stored in the **/opt/imageTailor/custom/cfg_openEuler/** directory. +> - The RPM package tailoring granularity below indicates **sys_cut='no'**. For details about the cutout granularity, see [Configuring Host Parameters](#configuring-host-parameters). +> - If no local repository is configured, configure a local repository by referring to [Setting a Local repository](#setting-a-local-repository). +> + +1. Check whether the **/opt/imageTailor/repos/euler_base/** directory contains the RPM package to be added. + + - If yes, go to step 2. + - If no, go to step 3. + +2. Configure the RPM package information in the **\** section in the **rpm.conf** file. + + - For the RPM package tailoring granularity, no further action is required. + - For other tailoring granularities, go to step 4. + +3. Obtain the RPM package and store it in the **/opt/imageTailor/custom/cfg_openEuler/usr_rpm** directory. If the RPM package depends on other RPM packages, store the dependency packages to this directory because the added RPM package and its dependent RPM packages must be packed into the ISO image at the same time. + + - For the RPM package tailoring granularity, go to step 4. + - For other tailoring granularities, no further action is required. + +4. Configure the drivers, commands, and library files to be retained in the RPM package in the **rpm.conf** and **cmd.conf** files. If there are common files to be tailored, configure them in the **\\** section in the **cmd.conf** file. + +##### Configuration File Description + +| Operation | Configuration File| Section | +| :----------- | :----------- | :----------------------------------------------------------- | +| Adding drivers | rpm.conf | \
\
\
Note: The **driver_name** is the relative path of **/lib/modules/{kernel_version_number}/kernel/**.| +| Adding commands | cmd.conf | \
\
\ | +| Adding library files | cmd.conf | \
\
\ | +| Deleting other files| cmd.conf | \
\
\
Note: The file name must be an absolute path.| + +**Example** + +- Adding drivers + + ```shell + + + + + ...... + + ``` + +- Adding commands + + ```shell + + + + + ...... + + ``` + +- Adding library files + + ```shell + + + + + + ``` + +- Deleting other files + + ```shell + + + + + + ``` + +#### Adding Hook Scripts + +A hook script is invoked by the OS during startup and installation to execute the actions defined in the script. The directory for storing hook scripts of imageTailor is **custom/cfg_openEuler/usr_install/hook directory**, which has different subdirectories. Each subdirectory represents an OS startup or installation phase. Store the scripts based on the phases in which the scripts are invoked. + +##### Script Naming Rule + +The script name must start with **S+number** (the number must be at least two digits). The number indicates the execution sequence of the hook script. Example: **S01xxx.sh** + +> [!NOTE]NOTE +> +> The scripts in the **hook** directory are executed using the `source` command. Therefore, exercise caution when using the `exit` command in the scripts because the entire installation script exits after the `exit` command is executed. + +##### Description of hook Subdirectories + +| Subdirectory | Script Example | Time for Execution | Description | +| :-------------------- | :---------------------| :------------------------------- | :----------------------------------------------------------- | +| insmod_drv_hook | N/A | After OS drivers are loaded | N/A | +| custom_install_hook | S01custom_install.sh | After the drivers are loaded, that is, after **insmod_drv_hook** is executed| You can customize the OS installation process by using a custom script.| +| env_check_hook | S01check_hw.sh | Before the OS installation initialization | The script is used to check hardware specifications and types before initialization.| +| set_install_ip_hook | S01set_install_ip.sh | When network configuration is being performed during OS installation initialization. | You can customize the network configuration by using a custom script.| +| before_partition_hook | S01checkpart.sh | Before partitioning | You can check correctness of the partition configuration file by using a custom script.| +| before_setup_os_hook | N/A | Before the repo file is decompressed | You can customize partition mounting.
If the decompression path of the installation package is not the root partition specified in the partition configuration, customize partition mounting and assign the decompression path to the input global variable.| +| before_mkinitrd_hook | S01install_drv.sh | Before the `mkinitrd` command is run | The hook script executed before running the `mkinitrd` command when **initrd** is saved to the disk. You can add and update driver files in **initrd**.| +| after_setup_os_hook | N/A | After OS installation | After the installation is complete, you can perform custom operations on the system files, such as modifying **grub.cfg**.| +| install_succ_hook | N/A | When the OS is successfully installed | The scripts in this subdirectory are used to parse the installation information and send information of whether the installation succeeds.**install_succ_hook** cannot be set to **install_break**.| +| install_fail_hook | N/A | When the OS installation fails | The scripts in this subdirectory are used to parse the installation information and send information of whether the installation succeeds.**install_fail_hook** cannot be set to **install_break**.| + +### Configuring System Parameters + +Before creating an ISO image, you need to configure system parameters, including host parameters, initial passwords, partitions, network, compilation parameters, and system command line parameters. + +#### Configuring Host Parameters + +The **\ \** section in the **/opt/imageTailor/custom/cfg_openEuler/sys.conf** file is used to configure common system parameters, such as the host name and kernel boot parameters. + +The default configuration provided by openEuler is as follows. You can modify the configuration as required. + +```shell + + sys_service_enable='ipcc' + sys_service_disable='cloud-config cloud-final cloud-init-local cloud-init' + sys_utc='yes' + sys_timezone='' + sys_cut='no' + sys_usrrpm_cut='no' + sys_hostname='Euler' + sys_usermodules_autoload='' + sys_gconv='GBK' + +``` + +The parameters are described as follows: + +- sys_service_enable + + This parameter is optional. Services enabled by the OS by default. Separate multiple services with spaces. If you do not need to add a system service, use the default value **ipcc**. Pay attention to the following during the configuration: + + - Default system services cannot be deleted. + - You can configure service-related services, but the repository must contain the service RPM package. + - By default, only the services configured in this parameter are enabled. If a service depends on other services, you need to configure the depended services in this parameter. + +- sys_service_disable + + This parameter is optional. Services that are not allowed to automatically start upon system startup. Separate multiple services with spaces. If no system service needs to be disabled, leave this parameter blank. + +- sys_utc + + (Mandatory) Indicates whether to use coordinated universal time (UTC) time. The value can be **yes** or **no**. The default value is **yes**. + +- sys_timezone + + This parameter is optional. Sets the time zone. The value can be a time zone supported by openEuler, which can be queried in the **/usr/share/zoneinfo/zone.tab** file. + +- sys_cut + + (Mandatory) Indicates whether to tailor the RPM packages. The value can be **yes**, **no**, or **debug**.**yes** indicates that the RPM packages are tailored. **no** indicates that the RPM packages are not tailored (only the RPM packages in the **rpm.conf** file is installed). **debug** indicates that the RPM packages are tailored but the `rpm` command is retained for customization after installation. The default value is **no**. + + > [!NOTE]NOTE + > imageTailor installs the RPM package added by the user, deletes the files configured in the **\** section of the **cmd.conf** file, and then deletes the commands, libraries, and drivers that are not configured in **cmd.conf** or **rpm.conf**. + > When **sys_cut='yes'** is configured, imageTailor does not support the installation of the `rpm` command. Even if the `rpm` command is configured in the **rpm.conf** file, the configuration does not take effect. + +- sys_usrrpm_cut + + (Mandatory) Indicates whether to tailor the RPM packages added by users to the **/opt/imageTailor/custom/cfg_openEuler/usr_rpm** directory. The value can be **yes** or **no**. The default value is **no**. + + - **sys_usrrpm_cut='yes'**: imageTailor installs the RPM packages added by the user, deletes the file configured in the **\** section in the **cmd.conf** file, and then deletes the commands, libraries, and drivers that are not configured in **cmd.conf** or **rpm.conf**. + + - **sys_usrrpm_cut='no'**: imageTailor installs the RPM packages added by the user but does not delete the files in the RPM packages. + +- sys_hostname + + (Mandatory) Host name. After the OS is deployed in batches, you are advised to change the host name of each node to ensure that the host name of each node is unique. + + The host name must be a combination of letters, digits, and hyphens (-) and must start with a letter or digit. Letters are case sensitive. The value contains a maximum of 63 characters. The default value is **Euler**. + +- sys_usermodules_autoload + + (Optional) Driver loaded during system startup. When configuring this parameter, you do not need to enter the file extension **.ko**. If there are multiple drivers, separate them by space. By default, this parameter is left blank, indicating that no additional driver is loaded. + +- sys_gconv + + (Optional) This parameter is used to tailor **/usr/lib/gconv** and **/usr/lib64/gconv**. The options are as follows: + + - **null**/**NULL**: indicates that this parameter is not configured. If **sys_cut='yes'** is configured, **/usr/lib/gconv** and **/usr/lib64/gconv** will be deleted. + - **all**/**ALL**: keeps **/usr/lib/gconv** and **/usr/lib64/gconv**. + - **xxx,xxx**: keeps the corresponding files in the **/usr/lib/gconv** and **/usr/lib64/gconv** directories. If multiple files need to be kept, use commas (,) to separate them. + +- sys_man_cut + + (Optional) Indicates whether to tailor the man pages. The value can be **yes** or **no**. The default value is **yes**. + +> [!NOTE]NOTE +> If both **sys_cut** and **sys_usrrpm_cut** are configured, **sys_cut** is used. The following rules apply: + +- sys_cut='no' + +No matter whether **sys_usrrpm_cut** is set to **yes** or **no**, the system RPM package tailoring granularity is used. That is, imageTailor installs the RPM packages in the repository and the RPM packages in the **usr_rpm** directory, however, the files in the RPM package are not deleted. Even if some files in the RPM packages are not required, imageTailor will delete them. + +- sys_cut='yes' + +1. sys_usrrpm_cut='no' + + System RPM package tailoring granularity: imageTailor deletes files in the RPM packages in the repositories as configured. + +2. sys_usrrpm_cut='yes' + + System and user RPM package tailoring granularity: imageTailor deletes files in the RPM packages in the repositories and the **usr_rpm** directory as configured. + +#### Configuring Initial Passwords + +The **root** and GRUB passwords must be configured during OS installation. Otherwise, you cannot log in to the OS as the **root** user after the OS is installed using the tailored ISO image. This section describes how to configure the initial passwords. + +> [!NOTE]NOTE +> You must configure the initial **root** and GRUB passwords manually. + +##### Configuring the Initial Password of the root User + +###### Introduction + +The initial password of the **root** user is stored in the **/opt/imageTailor/custom/cfg_openEuler/rpm.conf** file. You can modify this file to set the initial password of the **root** user. + +> [!NOTE]NOTE +> +> - If the `--minios yes/force` parameter is required when you run the `mkdliso` command to create an ISO image, you need to enter the corresponding information in the **/opt/imageTailor/kiwi/minios/cfg_minios/rpm.conf** file. + +The default configuration of the initial password of the **root** user in the **/opt/imageTailor/custom/cfg_openEuler/rpm.conf** file is as follows. Add a password of your choice. + +```xml + + + +``` + +The parameters are described as follows: + +- **group**: group to which the user belongs. +- **pwd**: ciphertext of the initial password. The encryption algorithm is SHA-512. Replace **${pwd}** with the actual ciphertext. +- **home**: home directory of the user. +- **name**: name of the user to be configured. + +###### Modification Method + +Before creating an ISO image, you need to change the initial password of the **root** user. The following describes how to set the initial password of the **root** user (**root** permissions are required): + +1. Add a user for generating a password, for example, **testUser**. + + ```shell + sudo useradd testUser + ``` + +2. Set the password of **testUser**. Run the following command and set the password as prompted: + + ```shell + $ sudo passwd testUser + Changing password for user testUser. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + ``` + +3. View the **/etc/shadow** file. The content following **testUser** (string between two colons) is the ciphertext of the password. + + ``` shell script + $ sudo cat /etc/shadow | grep testUser + testUser:$6$YkX5uFDGVO1VWbab$jvbwkZ2Kt0MzZXmPWy.7bJsgmkN0U2gEqhm9KqT1jwQBlwBGsF3Z59heEXyh8QKm3Qhc5C3jqg2N1ktv25xdP0:19052:0:90:7:35:: + ``` + +4. Copy and paste the ciphertext to the **pwd** field in the **/opt/imageTailor/custom/cfg_openEuler/rpm.conf** file. + + ``` shell script + + + + ``` + +5. If the `--minios yes/force` parameter is required when you run the `mkdliso` command to create an ISO image, configure the **pwd** field of the corresponding user in **/opt/imageTailor/kiwi/minios/cfg_minios/rpm.conf**. + + ``` shell script + + + + ``` + +##### Configuring the Initial GRUB Password + +The initial GRUB password is stored in the **/opt/imageTailor/custom/cfg_openEuler/usr_file/etc/default/grub** file. Modify this file to configure the initial GRUB password. If the initial GRUB password is not configured, the ISO image will fail to be created. + +> [!NOTE]NOTE: + +- The **root** permissions are required for configuring the initial GRUB password. +- The default user corresponding to the GRUB password is **root**. +- The `grub2-set-password` command must exist in the system. If the command does not exist, install it in advance. + +1. Run the following command and set the GRUB password as prompted: + + ```shell + $ sudo grub2-set-password -o ./ + Enter password: + Confirm password: + grep: .//grub.cfg: No such file or directory + WARNING: The current configuration lacks password support! + Update your configuration with grub2-mkconfig to support this feature. + ``` + +2. After the command is executed, the **user.cfg** file is generated in the current directory. The content starting with **grub.pbkdf2.sha512** is the encrypted GRUB password. + + ```shell + $ sudo cat user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.CE285BE1DED0012F8B2FB3DEA38782A5B1040FEC1E49D5F602285FD6A972D60177C365F1 + B5D4CB9D648AD4C70CF9AA2CF9F4D7F793D4CE008D9A2A696A3AF96A.0AF86AB3954777F40D324816E45DD8F66CA1DE836DC7FBED053DB02 + 4456EE657350A27FF1E74429546AD9B87BE8D3A13C2E686DD7C71D4D4E85294B6B06E0615 + ``` + +3. Copy the preceding ciphertext and add the following configuration to the **/opt/imageTailor/custom/cfg_openEuler/usr_file/etc/default/grub** file: + + ```shell + GRUB_PASSWORD="grub.pbkdf2.sha512.10000.CE285BE1DED0012F8B2FB3DEA38782A5B1040FEC1E49D5F602285FD6A972D60177C365F1 + B5D4CB9D648AD4C70CF9AA2CF9F4D7F793D4CE008D9A2A696A3AF96A.0AF86AB3954777F40D324816E45DD8F66CA1DE836DC7FBED053DB02 + 4456EE657350A27FF1E74429546AD9B87BE8D3A13C2E686DD7C71D4D4E85294B6B06E0615" + ``` + +#### Configuring Partitions + +If you want to adjust system partitions or service partitions, modify the **\** section in the **/opt/imageTailor/custom/cfg_openEuler/sys.conf** file. + +> [!NOTE]NOTE +> +> - System partition: partition for storing the OS. +> - Service partition: partition for service data. +> - The type of a partition is determined by the content it stores, not the size, mount path, or file system. +> - Partition configuration is optional. You can manually configure partitions after OS installation. + +The format of **\** is as follows: + +disk_ID mount_path partition _size partition_type file_system \[Secondary formatting flag] + +The default configuration is as follows: + +```shell + +hd0 /boot 512M primary ext4 yes +hd0 /boot/efi 200M primary vfat yes +hd0 / 30G primary ext4 +hd0 - - extended - +hd0 /var 1536M logical ext4 +hd0 /home max logical ext4 + +``` + +The parameters are described as follows: + +- disk_ID: + ID of a disk. Set this parameter in the format of **hd***x*, where *x* indicates the *x*th disk. + + > [!NOTE]NOTE + > + > Partition configuration takes effect only when the disk can be recognized. + +- mount_path: + Mount path to a specified partition. You can configure service partitions and adjust the default system partition. If you do not mount partitions, set this parameter to **-**. + + > [!NOTE]NOTE + > + > - You must configure the mount path to **/**. You can adjust mount paths to other partitions according to your needs. + > - When the UEFI boot mode is used, the partition configuration in the x86_64 architecture must contain the mount path **/boot**, and the partition configuration in the AArch64 architecture must contain the mount path **/boot/efi**. + +- partition_size: + The value types are as follows: + + - G/g: The unit of a partition size is GB, for example, 2G. + - M/m: The unit of a partition size is MB, for example, 300M. + - T/t: The unit of a partition size is TB, for example, 1T. + - MAX/max: The rest space of a hard disk is used to create a partition. This value can only be assigned to the last partition. + + > [!NOTE]NOTE + > + > - A partition size value cannot contain decimal numbers. If there are decimal numbers, change the unit of the value to make the value an integer. For example, 1.5 GB should be changed to 1536 MB. + > - When the partition size is set to **MAX**/**max**, the size of the remaining partition cannot exceed the limit of the supported file system type (the default file system type is **ext4**, and the maximum size is **16T**). + +- partition_type: + The values of partition types are as follows: + + - primary: primary partitions + - extended: extended partition (configure only *disk_ID* for this partition) + - logical: logical partitions + +- file_system: + Currently, **ext4** and **vfat** file systems are supported. + +- Secondary formatting flag: + Indicates whether to format the disk during secondary installation. This parameter is optional. + + - The value can be **yes** or **no**. The default value is **no**. + + > [!NOTE]NOTE + > + > Secondary formatting indicates that openEuler has been installed on the disk before this installation. If the partition table configuration (partition size, mount point, and file type) used in the previous installation is the same as that used in the current installation, this flag can be used to configure whether to format the previous partitions, except the **/boot** and **/** partitions. If the target host is installed for the first time, this flag does not take effect, and all partitions with specified file systems are formatted. + +#### Configuring the Network + +The system network parameters are stored in **/opt/imageTailor/custom/cfg_openEuler/sys.conf**. You can modify the network parameters of the target ISO image, such as the NIC name, IP address, and subnet mask, by configuring **\\** in this file. + +The default network configuration in the **sys.conf** file is as follows. **netconfig-0** indicates the **eth0** NIC. If you need to configure an additional NIC, for example, **eth1**, add **\\** to the configuration file and set the parameters of **eth1**. + +```shell + +BOOTPROTO="dhcp" +DEVICE="eth0" +IPADDR="" +NETMASK="" +STARTMODE="auto" + +``` + +The following table describes the parameters. + +| Parameter | Mandatory or Not| Value | Description | +| :-------- | -------- | :------------------------------------------------ | :----------------------------------------------------------- | +| BOOTPROTO | Yes | none / static / dhcp | **none**: No protocol is used for boot, and no IP address is assigned.
**static**: An IP address is statically assigned.
**dhcp**: An IP address is dynamically obtained using the dynamic host configuration protocol (DHCP).| +| DEVICE | Yes | Example: **eth1** | NIC name. | +| IPADDR | Yes | Example: **192.168.11.100** | IP address.
This parameter must be configured only when the value of **BOOTPROTO** is **static**.| +| NETMASK | Yes | - | Subnet mask.
This parameter must be configured only when the value of **BOOTPROTO** is **static**.| +| STARTMODE | Yes | manual / auto / hotplug / ifplugd / nfsroot / off | NIC start mode.
**manual**: A user runs the `ifup` command on a terminal to start an NIC.
**auto**/**hotplug**/**ifplug**/**nfsroot**: An NIC is started when the OS identifies it.
**off**: An NIC cannot be started in any situations.
For details about the parameters, run the `man ifcfg` command on the host that is used to create the ISO image.| + +#### Configuring Kernel Parameters + +To ensure stable and efficient running of the system, you can modify kernel command line parameters as required. For an OS image created by imageTailor, you can modify the **GRUB_CMDLINE_LINUX** configuration in the **/opt/imageTailor/custom/cfg_openEuler/usr_file/etc/default/grub** file to modify the kernel command line parameters. The default settings of the kernel command line parameters in **GRUB_CMDLINE_LINUX** are as follows: + +```shell +GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 crashkernel=512M oops=panic softlockup_panic=1 reserve_kbox_mem=16M crash_kexec_post_notifiers panic=3 console=tty0" +``` + +The meanings of the configurations are as follows (for details about other common kernel command line parameters, see related kernel documents): + +- net.ifnames=0 biosdevname=0 + + Name the NIC in traditional mode. + +- crashkernel=512M + + The memory space reserved for kdump is 512 MB. + +- oops=panic panic=3 + + The kernel panics when an oops error occurs, and the system restarts 3 seconds later. + +- softlockup_panic=1 + + The kernel panics when a soft-lockup is detected. + +- reserve_kbox_mem=16M + + The memory space reserved for Kbox is 16 MB. + +- console=tty0 + + Specifies **tty0** as the output device of the first virtual console. + +- crash_kexec_post_notifiers + + After the system crashes, the function registered with the panic notification chain is called first, and then kdump is executed. + +### Creating an Image + +After customizing the operating system, you can use the `mkdliso` script to create the OS image file. The OSimage created using imageTailor is an ISO image file. + +#### Command Description + +##### Syntax + +**mkdliso -p openEuler -c custom/cfg_openEuler \[--minios yes\|no\|force] \[--sec] \[-h]** + +##### Parameter Description + +| Parameter| Mandatory| Description | Value Range | +| -------- | -------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| -p | Yes | Specifies the product name. | **openEuler** | +| c | Yes | Specifies the relative path of the configuration file. | **custom/cfg_openEuler** | +| --minios | No | Specifies whether to create the **initrd** file that is used to boot the system during system installation. | The default value is **yes**.
**yes**: The **initrd** file will be created when the command is executed for the first time. When a subsequent `mkdliso` is executed, the system checks whether the **initrd** file exists in the **usr_install/boot** directory using sha256 verification. If the **initrd** file exists, it is not created again. Otherwise, it is created.
**no**: The **initrd** file is not created. The **initrd** file used for system boot and running is the same.
**force**: The **initrd** file will be created forcibly, regardless of whether it exists in the **usr_install/boot** directory or not.| +| --sec | No | Specifies whether to perform security hardening on the generated ISO file.
If this parameter is not specified, the user should undertake the resultant security risks| N/A | +| -h | No | Obtains help information. | N/A | + +#### Image Creation Guide + +To create an ISO image using`mkdliso`, perform the following steps: + +> [!NOTE]NOTE: + +- The absolute path to `mkdliso` must not contain spaces. Otherwise, the ISO image creation will fail. +- In the environment for creating the ISO image, the value of **umask** must be set to **0022**. + +1. Run the `mkdliso` command as the **root** user to generate the ISO image file. The following command is used for reference: + + ```shell + # sudo /opt/imageTailor/mkdliso -p openEuler -c custom/cfg_openEuler --sec + ``` + + After the command is executed, the created files are stored in the **/opt/imageTailor/result/{date}** directory, including **openEuler-aarch64.iso** and **openEuler-aarch64.iso.sha256**. + +2. Verify the integrity of the ISO image file. Assume that the date and time is **2022-03-21-14-48**. + + ```shell + cd /opt/imageTailor/result/2022-03-21-14-48/ + sha256sum -c openEuler-aarch64.iso.sha256 + ``` + + If the following information is displayed, the ISO image creation is complete. + + ```text + openEuler-aarch64.iso: OK + ``` + + If the following information is displayed, the image is incomplete. The ISO image file is damaged and needs to be created again. + + ```shell + openEuler-aarch64.iso: FAILED + sha256sum: WARNING: 1 computed checksum did NOT match + ``` + +3. View the logs. + + After an image is created, you can view logs as required (for example, when an error occurs during image creation). When an image is created for the first time, the corresponding log file and security hardening log file are compressed into a TAR package (the log file is named in the format of **sys_custom_log_{Date}.tar.gz**) and stored in the **result/log directory**. Only the latest 50 compressed log packages are stored in this directory. If the number of compressed log packages exceeds 50, the earliest files will be overwritten. + +### Tailoring Time Zones + +After the customized ISO image is installed, you can tailor the time zones supported by the openEuler system as required. This section describes how to tailor the time zones. + +The information about time zones supported by openEuler is stored in the time zone folder **/usr/shre/zoninfo**. You can run the following command to view the time zone information: + +```shell +$ ls /usr/share/zoneinfo/ +Africa/ America/ Asia/ Atlantic/ Australia/ Etc/ Europe/ +Pacific/ zone.tab +``` + +Each subfolder represents an area. The current areas include continents, oceans, and **Etc**. Each area folder contains the locations that belong to it. Generally, a location is a city or an island. + +All time zones are in the format of *area/location*. For example, if China Standard Time is used in southern China, the time zone is Asia/Shanghai (location may not be the capital). The corresponding time zone file is: + +```texta +/usr/share/zoneinfo/Asia/Shanghai +``` + +If you want to tailor some time zones, delete the corresponding time zone files. + +### Customization Example + +This section describes how to use imageTailor to create an ISO image. + +1. Check whether the environment used to create the ISO meets the requirements. + + ``` shell + $ cat /etc/openEuler-release + openEuler release 22.03 LTS + ``` + +2. Ensure that the root directory has at least 40 GB free space. + + ```shell + $ df -h + Filesystem Size Used Avail Use% Mounted on + ...... + /dev/vdb 196G 28K 186G 1% / + ``` + +3. Install the imageTailor tailoring tool. For details, see [Installation](#installation). + + ```shell + $ sudo yum install -y imageTailor + $ ll /opt/imageTailor/ + total 88K + drwxr-xr-x. 3 root root 4.0K Mar 3 08:00 custom + drwxr-xr-x. 10 root root 4.0K Mar 3 08:00 kiwi + -r-x------. 1 root root 69K Mar 3 08:00 mkdliso + drwxr-xr-x. 2 root root 4.0K Mar 9 14:48 repos + drwxr-xr-x. 2 root root 4.0K Mar 9 14:48 security-tool + ``` + +4. Configure a local repository. + + ```shell + $ wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso + $ sudo mkdir -p /opt/openEuler_repo + $ sudo mount openEuler-{version}-everything-aarch64-dvd.iso /opt/openEuler_repo + mount: /opt/openEuler_repo: WARNING: source write-protected, mounted read-only. + $ sudo rm -rf /opt/imageTailor/repos/euler_base && sudo mkdir -p /opt/imageTailor/repos/euler_base + $ sudo cp -ar /opt/openEuler_repo/Packages/* /opt/imageTailor/repos/euler_base + $ sudo chmod -R 644 /opt/imageTailor/repos/euler_base + $ sudo ls /opt/imageTailor/repos/euler_base|wc -l + 2577 + $ sudo umount /opt/openEuler_repo && sudo rm -rf /opt/openEuler_repo + $ cd /opt/imageTailor + ``` + +5. Change the **root** and GRUB passwords. + + Replace **\${pwd}** with the encrypted password by referring to [Configuring Initial Passwords](#configuring-initial-passwords). + + ```shell + $ cd /opt/imageTailor/ + $ sudo vi custom/cfg_openEuler/usr_file/etc/default/grub + GRUB_PASSWORD="${pwd1}" + $ + $ sudo vi kiwi/minios/cfg_minios/rpm.conf + + + + $ + $ sudo vi custom/cfg_openEuler/rpm.conf + + + + ``` + +6. Run the tailoring command. + + ```shell + $ sudo rm -rf /opt/imageTailor/result + $ sudo ./mkdliso -p openEuler -c custom/cfg_openEuler --minios force + ...... + Complete release iso file at: result/2022-03-09-15-31/openEuler-aarch64.iso + move all mkdliso log file to result/log/sys_custom_log_20220309153231.tar.gz + $ ll result/2022-03-09-15-31/ + total 889M + -rw-r--r--. 1 root root 889M Mar 9 15:32 openEuler-aarch64.iso + -rw-r--r--. 1 root root 87 Mar 9 15:32 openEuler-aarch64.iso.sha256 + ``` diff --git a/docs/en/tools/community_tools/image_tailor/public_sys-resources/icon-note.gif b/docs/en/tools/community_tools/image_tailor/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/tools/community_tools/image_tailor/public_sys-resources/icon-note.gif differ diff --git a/docs/en/tools/community_tools/isocut/_toc.yaml b/docs/en/tools/community_tools/isocut/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..017bfc9b95691d1daa420d11e74849929fa5ef22 --- /dev/null +++ b/docs/en/tools/community_tools/isocut/_toc.yaml @@ -0,0 +1,6 @@ +label: isocut User Guide +isManual: true +description: Customize openEuler ISO images. +sections: + - label: isocut User Guide + href: ./isocut_user_guide.md diff --git a/docs/en/tools/community_tools/isocut/figures/flowchart.png b/docs/en/tools/community_tools/isocut/figures/flowchart.png new file mode 100644 index 0000000000000000000000000000000000000000..e4fecb8b310f204d6cfd07449ccc3c93d1badd51 Binary files /dev/null and b/docs/en/tools/community_tools/isocut/figures/flowchart.png differ diff --git a/docs/en/tools/community_tools/isocut/figures/lack_pack.png b/docs/en/tools/community_tools/isocut/figures/lack_pack.png new file mode 100644 index 0000000000000000000000000000000000000000..a4b7f1da15da70f63a86aae360e89017c2b98f2d Binary files /dev/null and b/docs/en/tools/community_tools/isocut/figures/lack_pack.png differ diff --git a/docs/en/tools/community_tools/isocut/isocut_user_guide.md b/docs/en/tools/community_tools/isocut/isocut_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..53fb1031606c88809e10f7869f1b142a87dc7309 --- /dev/null +++ b/docs/en/tools/community_tools/isocut/isocut_user_guide.md @@ -0,0 +1,356 @@ +# isocut User Guide + +## Introduction + +The size of an openEuler image is large, and the process of downloading or transferring an image is time-consuming. In addition, when an openEuler image is used to install the OS, all RPM packages contained in the image are installed. You cannot choose to install only the required software packages. + +In some scenarios, you do not need to install the full software package provided by the image, or you need to install additional software packages. Therefore, openEuler provides an image tailoring and customization tool. You can use this tool to customize an ISO image that contains only the required RPM packages based on an openEuler image. The software packages can be the ones contained in an official ISO image or specified in addition to meet custom requirements. + +This document describes how to install and use the openEuler image tailoring and customization tool. + +## Software and Hardware Requirements + +The hardware and software requirements of the computer to make an ISO file using the openEuler tailoring and customization tool are as follows: + +- The CPU architecture is AArch64 or x86_64. +- You are advised to reserve at least 30 GB drive space for running the tailoring and customization tool and storing the ISO image. + +## Installation + +The following uses openEuler 20.03 LTS SP3 on the AArch64 architecture as an example to describe how to install the ISO image tailoring and customization tool. + +1. Ensure that openEuler 20.03 LTS SP3 has been installed on the computer. + + ```shell + cat /etc/openEuler-release + ``` + +2. Download the ISO image (must be an **everything** image) of the corresponding architecture and save it to any directory (it is recommended that the available space of the directory be greater than 20 GB). In this example, the ISO image is saved to the **/home/isocut_iso** directory. + + The download address of the AArch64 image is as follows: + + + +3. Create a **/etc/yum.repos.d/local.repo** file to configure the Yum repository. The following is an example of the configuration file. **baseurl** is the directory for mounting the ISO image. + + ```shell + [local] + name=local + baseurl=file:///home/isocut_mount + gpgcheck=0 + enabled=1 + ``` + +4. Run the following command as the **root** user to mount the image to the **/home/isocut_mount** directory (ensure that the mount directory is the same as **baseurl** configured in the **repo** file) as the Yum repository: + + ```shell + sudo mount -o loop /home/isocut_iso/openEuler-24.03-LTS-SP1-everything-aarch64-dvd.iso /home/isocut_mount + ``` + +5. Make the Yum repository take effect. + + ```shell + yum clean all + yum makecache + ``` + +6. Install the image tailoring and customization tool as the **root** user. + + ```shell + sudo yum install -y isocut + ``` + +7. Run the following command as the **root** user to verify that the tool has been installed successfully: + + ```shell + $ sudo isocut -h + Checking input ... + usage: isocut [-h] [-t temporary_path] [-r rpm_path] [-k file_path] source_iso dest_iso + + Cut openEuler iso to small one + + positional arguments: + source_iso source iso image + dest_iso destination iso image + + optional arguments: + -h, --help show this help message and exit + -t temporary_path temporary path + -r rpm_path extern rpm packages path + -k file_path kickstart file + ``` + +## Tailoring and Customizing an Image + +This section describes how to use the image tailoring and customization tool to create an image by tailoring or adding RPM packages to an openEuler image. + +### Command Description + +#### Format + +Run the `isocut` command to use the image tailoring and customization tool. The command format is as follows: + +**isocut** \[ --help \| -h \] \[ -t \ ] \[ -r \ ] \[ -k \ ] \ \ + +#### Parameter Description + +| Parameter | Mandatory | Description | +| ---------------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------- | +| --help \| -h | No | Queries the help information about the command. | +| -t \<*temp_path*> | No | Specifies the temporary directory *temp_path* for running the tool, which is an absolute path. The default value is **/tmp**. | +| -r \<*rpm_path*> | No | Specifies the path of the RPM packages to be added to the ISO image. | +| -k \<*file_path*> | No | Specifies the kickstart template path if kickstart is used for automatic installation. | +| *source_iso* | Yes | Path and name of the ISO source image to be tailored. If no path is specified, the current path is used by default. | +| *dest_iso* | Yes | Specifies the path and name of the new ISO image created by the tool. If no path is specified, the current path is used by default. | + +### Software Package Source + +The RPM packages of the new image can be: + +- Packages contained in an official ISO image. In this case, the RPM packages to be installed are specified in the configuration file **/etc/isocut/rpmlist**. The configuration format is *software_package_name.architecture*. For example, **kernel.aarch64**. + +- Specified in addition. In this case, use the `-r` parameter to specify the path in which the RPM packages are stored when running the `isocut` command and add the RPM package names to the **/etc/isocut/rpmlist** configuration file. (See the name format above.) + + > [!NOTE]NOTE + > + > - When customizing an image, if an RPM package specified in the configuration file cannot be found, the RPM package will not be added to the image. + > - If the dependency of the RPM package is incorrect, an error may be reported when running the tailoring and customization tool. + +### kickstart Functions + +You can use kickstart to install images automatically by using the `-k` parameter to specify a kickstart file when running the `isocut` command. + +The isocut tool provides a kickstart template (**/etc/isocut/anaconda-ks.cfg**). You can modify the template as required. + +#### Modifying the kickstart Template + +If you need to use the kickstart template provided by the isocut tool, perform the following modifications: + +- Configure the root user password and the GRUB2 password in the **/etc/isocut/anaconda-ks.cfg** file. Otherwise, the automatic image installation will pause during the password setting process, waiting for you to manually enter the passwords. +- If you want to specify additional RPM packages and use kickstart for automatic installation, specify the RPM packages in the **%packages** field in both the **/etc/isocut/rpmlist** file and the kickstart file. + +See the next section for details about how to modify the kickstart file. + +##### Configuring Initial Passwords + +###### Setting the Initial Password of the **root** User + +Set the initial password of the **root** user as follows in the **/etc/isocut/anaconda-ks.cfg** file. Replace **${pwd}** with the encrypted password. + +```shell +rootpw --iscrypted ${pwd} +``` + +Obtain the initial password of the **root** user as follows (**root** permissions are required): + +1. Add a user for generating the password, for example, **testUser**. + + ```shell + sudo useradd testUser + ``` + +2. Set the password for the **testUser** user. Run the following command to set the password as prompted: + + ```shell + $ sudo passwd testUser + Changing password for user testUser. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + ``` + +3. View the **/etc/shadow** file to obtain the encrypted password. The encrypted password is the string between the two colons (:) following the **testUser** user name. (******* is used as an example.) + + ```shell + $ sudo cat /etc/shadow | grep testUser + testUser:***:19052:0:90:7:35:: + ``` + +4. Run the following command to replace the **pwd** field in the **/etc/isocut/anaconda-ks.cfg** file with the encrypted password (replace __***__ with the actual password): + + ```shell + rootpw --iscrypted *** + ``` + +###### Configuring the Initial GRUB2 Password + +Add the following configuration to the **/etc/isocut/anaconda-ks.cfg** file to set the initial GRUB2 password: Replace **${pwd}** with the encrypted password. + +```shell +%addon com_huawei_grub_safe --iscrypted --password='${pwd}' +%end +``` + +> ![](./public_sys-resources/icon-note.gif)NOTE: +> +> - The **root** permissions are required for configuring the initial GRUB password. +> - The default user corresponding to the GRUB password is **root**. +> +> - The `grub2-set-password` command must exist in the system. If the command does not exist, install it in advance. + +1. Run the following command and set the GRUB2 password as prompted: + + ```shell + $ sudo grub2-set-password -o ./ + Enter password: + Confirm password: + grep: .//grub.cfg: No such file or directory + WARNING: The current configuration lacks password support! + Update your configuration with grub2-mkconfig to support this feature. + ``` + +2. After the command is executed, the **user.cfg** file is generated in the current directory. The content starting with **grub.pbkdf2.sha512** is the encrypted GRUB2 password. + + ```shell + $ sudo cat user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.*** + ``` + +3. Add the following information to the **/etc/isocut/anaconda-ks.cfg** file. Replace ******* with the encrypted GRUB2 password. + + ```shell + %addon com_huawei_grub_safe --iscrypted --password='grub.pbkdf2.sha512.***' + %end + ``` + +##### Configuring the %packages Field + +If you want to specify additional RPM packages and use kickstart for automatic installation, specify the RPM packages in the **%packages** field in both the **/etc/isocut/rpmlist** file and the kickstart file. + +This section describes how to specify RPM packages in the **/etc/isocut/anaconda-ks.cfg** file. + +The default configurations of **%packages** in the **/etc/isocut/anaconda-ks.cfg** file are as follows: + +```shell +%packages --multilib --ignoremissing +acl.aarch64 +aide.aarch64 +...... +NetworkManager.aarch64 +%end +``` + +Add specified RPM packages to the **%packages** configurations in the following format: + +*software_package_name.architecture*. For example, **kernel.aarch64**. + +```shell +%packages --multilib --ignoremissing +acl.aarch64 +aide.aarch64 +...... +NetworkManager.aarch64 +kernel.aarch64 +%end +``` + +### Operation Guide + +> [!NOTE]NOTE +> +> - Do not modify or delete the default configuration items in the **/etc/isocut/rpmlist** file. +> - All `isocut` operations require **root** permissions. +> - The source image to be tailored can be a basic image or **everything** image. In this example, the basic image **openEuler-{version}-aarch64-dvd.iso** is used. +> - In this example, assume that the new image is named **new.iso** and stored in the **/home/result** directory, the temporary directory for running the tool is **/home/temp**, and the additional RPM packages are stored in the **/home/rpms** directory. + +1. Open the configuration file **/etc/isocut/rpmlist** and specify the RPM packages to be installed (from the official ISO image). + + ```shell + sudo vi /etc/isocut/rpmlist + ``` + +2. Ensure that the space of the temporary directory for running the image tailoring and customization tool is greater than 8 GB. The default temporary directory is**/tmp**. You can also use the `-t` parameter to specify another directory as the temporary directory. The path of the directory must be an absolute path. In this example, the **/home/temp** directory is used. The following command output indicates that the available drive space of the **/home** directory is 38 GB, which meets the requirements. + + ```shell + $ df -h + Filesystem Size Used Avail Use% Mounted on + devtmpfs 1.2G 0 1.2G 0% /dev + tmpfs 1.5G 0 1.5G 0% /dev/shm + tmpfs 1.5G 23M 1.5G 2% /run + tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup + /dev/mapper/openeuler_openeuler-root 69G 2.8G 63G 5% / + /dev/sda2 976M 114M 796M 13% /boot + /dev/mapper/openeuler_openeuler-home 61G 21G 38G 35% /home + ``` + +3. Tailor and customize the image. + + **Scenario 1**: All RPM packages of the new image are from the official ISO image. + + ```shell + $ sudo isocut -t /home/temp /home/isocut_iso/openEuler-{version}-aarch64-dvd.iso /home/result/new.iso + Checking input ... + Checking user ... + Checking necessary tools ... + Initing workspace ... + Copying basic part of iso image ... + Downloading rpms ... + Finish create yum conf + finished + Regenerating repodata ... + Checking rpm deps ... + Getting the description of iso image ... + Remaking iso ... + Adding checksum for iso ... + Adding sha256sum for iso ... + ISO cutout succeeded, enjoy your new image "/home/result/new.iso" + isocut.lock unlocked ... + ``` + + If the preceding information is displayed, the custom image **new.iso** is successfully created. + + **Scenario 2**: The RPM packages of the new image are from the official ISO image and additional packages in **/home/rpms**. + + ```shell + sudo isocut -t /home/temp -r /home/rpms /home/isocut_iso/openEuler-24.03-LTS-SP1-aarch64-dvd.iso /home/result/new.iso + ``` + + **Scenario 3**: The kickstart file is used for automatic installation. You need to modify the **/etc/isocut/anaconda-ks.cfg** file. + + ```shell + sudo isocut -t /home/temp -k /etc/isocut/anaconda-ks.cfg /home/isocut_iso/openEuler-24.03-LTS-SP1-aarch64-dvd.iso /home/result/new.iso + ``` + +## FAQ + +### 1. Default RPM Package List Causes System Installation Failure + +#### Context + +When using isocut to trim ISO images, users specify required software packages via the configuration file **/etc/isocut/rpmlist**. + +Since different OS versions may have reduced package sets, the default configuration only includes the kernel package to ensure successful ISO trimming. This guarantees the default configuration always produces a valid ISO image. + +#### Symptom + +The trimmed ISO image created with default settings may be successfully generated but fail during system installation. + +The installation reports missing packages as shown in the error screenshot: + +![](./figures/lack_pack.png) + +#### Possible Causes + +The default RPM package list lacks essential packages required for system installation. The specific missing packages vary across OS versions, as shown in the error message during installation. + +#### Solution + +1. Add missing packages: + + 1. Identify required RPM packages from the installation error message. + 2. Append these packages to **/etc/isocut/rpmlist**. + 3. Rebuild the ISO image. + + Example modified **rpmlist** configuration based on the reported error: + + ```shell + $ cat /etc/isocut/rpmlist + kernel.aarch64 + lvm2.aarch64 + chrony.aarch64 + authselect.aarch64 + shim.aarch64 + efibootmgr.aarch64 + grub2-efi-aa64.aarch64 + dosfstools.aarch64 + ``` diff --git a/docs/en/tools/community_tools/isocut/public_sys-resources/icon-note.gif b/docs/en/tools/community_tools/isocut/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/tools/community_tools/isocut/public_sys-resources/icon-note.gif differ diff --git a/docs/en/tools/community_tools/migration_tools/_toc.yaml b/docs/en/tools/community_tools/migration_tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4d5cd9d79ad2390eb14ad81a03eeb83b9d5cb0bd --- /dev/null +++ b/docs/en/tools/community_tools/migration_tools/_toc.yaml @@ -0,0 +1,6 @@ +label: migration-tools User Guide +isManual: true +description: Migration from other OSs (CentOS 7/8) to UnionTech OS Server +sections: + - label: migration-tools User Guide + href: ./migration_tools_user_guide.md diff --git a/docs/en/tools/community_tools/migration_tools/figures/environment_check.png b/docs/en/tools/community_tools/migration_tools/figures/environment_check.png new file mode 100644 index 0000000000000000000000000000000000000000..b03c4da5ba24e345a3614cd2c7d7e3b52983ad1a Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/environment_check.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/homepage.png b/docs/en/tools/community_tools/migration_tools/figures/homepage.png new file mode 100644 index 0000000000000000000000000000000000000000..2fb66ae7dc8336d6e38437ba79175fe1c2207a5d Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/homepage.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/kernel.png b/docs/en/tools/community_tools/migration_tools/figures/kernel.png new file mode 100644 index 0000000000000000000000000000000000000000..ecd5bbb3cf306e46da3448de46c4f9fc2e03eed2 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/kernel.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/license.png b/docs/en/tools/community_tools/migration_tools/figures/license.png new file mode 100644 index 0000000000000000000000000000000000000000..41eb3b6aa755619b94965f8060a27c1940e6936e Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/license.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/migration-tools-conf.png b/docs/en/tools/community_tools/migration_tools/figures/migration-tools-conf.png new file mode 100644 index 0000000000000000000000000000000000000000..80520c44a86172c9f18e3d50930e0fcc25f411bb Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/migration-tools-conf.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/migration_check.png b/docs/en/tools/community_tools/migration_tools/figures/migration_check.png new file mode 100644 index 0000000000000000000000000000000000000000..776e9cafdf7e569cd33e1abd47217aa47c86f134 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/migration_check.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/migration_complete.png b/docs/en/tools/community_tools/migration_tools/figures/migration_complete.png new file mode 100644 index 0000000000000000000000000000000000000000..c832bb723ea5400aa2fe1f932f1f5dcb5a3d5065 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/migration_complete.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/migration_confirmation.png b/docs/en/tools/community_tools/migration_tools/figures/migration_confirmation.png new file mode 100644 index 0000000000000000000000000000000000000000..69567eabd886befe43fb8a512e7b6cde87fd0937 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/migration_confirmation.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/migration_in_progress.png b/docs/en/tools/community_tools/migration_tools/figures/migration_in_progress.png new file mode 100644 index 0000000000000000000000000000000000000000..e5bae64aaa303a6e7950ec0fdeb46a66bfaa70a3 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/migration_in_progress.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/migration_start.png b/docs/en/tools/community_tools/migration_tools/figures/migration_start.png new file mode 100644 index 0000000000000000000000000000000000000000..d8a2b58cd5ce8e559bd82c14400e16b4635d0ec3 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/migration_start.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/openeuler-migration-complete.png b/docs/en/tools/community_tools/migration_tools/figures/openeuler-migration-complete.png new file mode 100644 index 0000000000000000000000000000000000000000..20c5a4afaf2b06fae865137b9d4efd53326a9611 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/openeuler-migration-complete.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/prompt.png b/docs/en/tools/community_tools/migration_tools/figures/prompt.png new file mode 100644 index 0000000000000000000000000000000000000000..224a79aece026a4fa2b003753f40fc0f1ebd4d0d Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/prompt.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/repo.png b/docs/en/tools/community_tools/migration_tools/figures/repo.png new file mode 100644 index 0000000000000000000000000000000000000000..78437bbc839bff8906b535989bbac0c38a6263b7 Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/repo.png differ diff --git a/docs/en/tools/community_tools/migration_tools/figures/user_check.png b/docs/en/tools/community_tools/migration_tools/figures/user_check.png new file mode 100644 index 0000000000000000000000000000000000000000..8ec0b5518f37532eedb5897bc368d9b58a1ccafc Binary files /dev/null and b/docs/en/tools/community_tools/migration_tools/figures/user_check.png differ diff --git "a/docs/en/tools/community_tools/migration_tools/figures/\351\205\215\347\275\256\346\226\207\344\273\266.png" "b/docs/en/tools/community_tools/migration_tools/figures/\351\205\215\347\275\256\346\226\207\344\273\266.png" new file mode 100644 index 0000000000000000000000000000000000000000..aed6ce1cf37b1aad8d7bb037a422c726bb024d86 Binary files /dev/null and "b/docs/en/tools/community_tools/migration_tools/figures/\351\205\215\347\275\256\346\226\207\344\273\266.png" differ diff --git a/docs/en/tools/community_tools/migration_tools/migration_tools_user_guide.md b/docs/en/tools/community_tools/migration_tools/migration_tools_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..6f1fa3ca15ec790c2eb25746b5705af99a56c2f4 --- /dev/null +++ b/docs/en/tools/community_tools/migration_tools/migration_tools_user_guide.md @@ -0,0 +1,245 @@ +# migration-tools User Guide + +## Introduction + +This document outlines the usage of server migration software (migration-tools) for seamless migration from CentOS 7 and CentOS 8 systems to UnionTech OS Server (UOS). +The software features a web-based interface that simplifies the migration process through an intuitive graphical environment. + +### Deployment Method + +Install the server component on an openEuler 23.09 server and deploy the agent component on CentOS 7/CentOS 8 servers targeted for migration. + +#### Supported Systems for Migration + +1. Migration from AMD64 and AArch64 CentOS systems to UOS is supported. You need to prepare a complete repository for the target system before migration. + +2. openEuler migration: Only migration from CentOS 7.4 CUI to openEuler is supported. + +3. Systems with i686 architecture RPM packages should not be migrated as this will lead to migration failure. + +| Source System | Target System | Software Repository | +| ----------------- | ----------------------- | ------------------------------- | +| CentOS 7.4 CUI | openEuler | openEuler public repository | +| CentOS 7.0 to 7.7 | UOS 1002a | UOS 1002a (complete repository) | +| CentOS 8.0 to 8.2 | UOS 1050a | UOS 1050a (complete repository) | + +### Usage Instructions + +#### Installation and Configuration + +##### Installing migration-tools-server + +- Disable the firewall. + + ``` shell + systemctl stop firewalld + ``` + +- Install migration-tools-server. + + ``` shell + yum install migration-tools-server -y + ``` + +- Edit the configuration file. + + ``` shell + vim /etc/migration-tools/migration-tools.conf + ``` + + ![Configuration File](./figures/migration-tools-conf.png) + +- Restart the migration-tools-server service. + + ``` shell + systemctl restart migration-tools-server + ``` + +- Distribute the agent package. Choose the appropriate agent package based on the migration system version. + + For CentOS 7 series: + + Replace `xx.xx.xx.xx` with the migration machine's IP address. + + ``` shell + scp -r /usr/lib/migration-tools-server/agent-rpm/el7 root@xx.xx.xx.xx:/root + ``` + + For CentOS 8 series: + + ``` shell + scp -r /usr/lib/migration-tools-server/agent-rpm/el8 root@xx.xx.xx.xx:/root + ``` + +#### Migrating to openEuler + +> **Note:** openEuler migration currently supports only standalone script-based migration. + +- Distribute the migration script from the server to the agent. + + ``` shell + cd /usr/lib/migration-tools-server/ut-Migration-tools-0.1/centos7/ + scp openeuler/centos72openeuler.py root@10.12.23.106:/root + ``` + +- Install the required dependencies for migration. + + ``` shell + yum install python3 dnf rsync yum-utils -y + ``` + +- Begin the migration process. + + ``` shell + python3 centos7/openeuler/centos72openeuler.py + ``` + +- The system will automatically reboot after migration, and the process will be complete upon restart. + + ![openEuler Migration Complete](./figures/openeuler-migration-complete.png) + +#### Migrating to UOS + +##### Installing migration-tools-agent + +On the CentOS machine to be migrated, follow these steps: + +> **Note:** Currently, migration-tools only supports migration from CentOS 7.4 CUI to openEuler. + +- Disable the firewall. + + ``` shell + systemctl stop firewalld + ``` + +- Install epel-release (some dependencies are included in the epel repository). + + ``` shell + yum install epel-release -y + ``` + +- Install the migration-tools-agent package (for CentOS 7 series, install the package corresponding to the architecture). + + For CentOS 7: + + ``` shell + cd /root/el7/x86_64 + yum install ./* -y + ``` + + For CentOS 8: + + ``` shell + cd /root/el8/ + yum install ./* -y + ``` + +- Edit the configuration file. + + ``` shell + vim /etc/migration-tools/migration-tools.conf + ``` + + ![Configuration File](./figures/migration-tools-conf.png) + +- Restart the migration-tools-agent service. + + ``` shell + systemctl restart migration-tools-agent + ``` + +##### UOS Migration Steps + +- Access the web interface. + + Once both the server and agent services are running, open a browser (Chrome is recommended) and navigate to `https://server_IP_address:9999`. + + ![Home Page](./figures/homepage.png) + +- Click "I have read and agree to this agreement," then proceed by clicking "Next." + ![License Agreement](./figures/license.png) + +- Review the migration prompt page and click "Next." + ![Prompt](./figures/prompt.png) + +- The environment check page will verify the system version and available disk space. Click "Next" once the check is complete. + +> **Note:** If the check stalls, ensure the agent firewall is disabled and both server and agent services are active. Refresh the browser to restart the check. + +![Environment Check](./figures/environment_check.png) + +- The user check page will validate the username and password. Using the root user is recommended. Click "Next" to initiate the check, and the system will automatically proceed to the repository configuration page upon completion. + + ![User Check](./figures/user_check.png) + +Repository Configuration Page: + +- Enter the appropriate repository path based on the system to be migrated. + + CentOS 7: 1002a, CentOS 8: 1050a + +- Ensure the repository is complete; otherwise, the migration will fail. + +- Only one repository path needs to be entered in the input field. + +![Repo](./figures/repo.png) + +- After entering the repository, click "Next." Once the repository connectivity check is complete, proceed to the kernel version selection page. Select the 4.19 kernel and click "Next." + + ![Kernel](./figures/kernel.png) + +- The migration environment check page compares software package differences before and after migration and generates a report. After the check, you can export the report. + + > **Note:** The check typically takes about one hour. Please wait patiently. + + ![Migration Check](./figures/migration_check.png) + +- After the check, click "Next." A confirmation window for system migration will appear. Ensure the system is backed up, then click "Confirm" to start the migration. + + ![Migration Confirmation](./figures/migration_confirmation.png) + +- After clicking "Confirm," the system migration page will appear. + + ![Migration Start](./figures/migration_start.png) + +- Click "View Details" to monitor the migration progress. + + ![Migration in Progress](./figures/migration_in_progress.png) + +- Once migration is complete, the page will redirect to the completion page. From here, you can export the migration analysis report and logs. + +- The exported files can be found in the **/var/tmp/uos-migration/** directory on the server. Unzip the files to view them. + + ![Migration Complete](./figures/migration_complete.png) + +- After migration, manually restart the agent machine and verify the migration status. + +###### Verification Steps + +Run the following command to verify if the OS has been successfully migrated to the target version. + +``` shell +uosinfo +``` + +If the output matches the expected information below, the migration is successful. + +1002a: + +``` shell +################################################# +Release: UnionTech OS Server release 20 (kongli) +Kernel : 4.19.0-91.77.97.uelc20.x86_64 +Build : UnionTech OS Server 20 1002c 20211228 x86_64 +################################################# +``` + +1050a: + +``` shell +################################################# +Release: UnionTech OS Server release 20 (kongzi) +Kernel : 4.19.0-91.82.88.uelc20.x86_64 +Build : UnionTech OS Server 20 1050a 20220214 x86_64 +################################################# +``` diff --git a/docs/en/tools/community_tools/pin/_toc.yaml b/docs/en/tools/community_tools/pin/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..754f09961c90b08c3583801407aaa646e96e2c55 --- /dev/null +++ b/docs/en/tools/community_tools/pin/_toc.yaml @@ -0,0 +1,6 @@ +label: PIN User Guide +isManual: true +description: PIN User Guide +sections: + - label: PIN User Guide + href: ./pin_user_guide.md diff --git a/docs/en/tools/community_tools/pin/pin_user_guide.md b/docs/en/tools/community_tools/pin/pin_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..bf2c81d17eb9659799533dd84af635362af18cee --- /dev/null +++ b/docs/en/tools/community_tools/pin/pin_user_guide.md @@ -0,0 +1,134 @@ +# Installation and Deployment + +## Software + +* OS: openEuler 24.03 + +## Hardware + +* x86_64 +* Arm + +## Preparing the Environment + +* Install the openEuler operating system. For details, see the [*openEuler Installation Guide*](../../../server/installation_upgrade/installation/installation_on_servers.md). + +### Install the dependency + +#### Installing the Software on Which the PIN GCC Client Depends + +```shell +yum install -y grpc +yum install -y grpc-devel +yum install -y grpc-plugins +yum install -y protobuf-devel +yum install -y jsoncpp +yum install -y jsoncpp-devel +yum install -y gcc-plugin-devel +yum install -y llvm-mlir +yum install -y llvm-mlir-devel +yum install -y llvm-devel +``` + +#### Installing the Software on Which the PIN Server Depends + +```shell +yum install -y grpc +yum install -y grpc-devel +yum install -y grpc-plugins +yum install -y protobuf-devel +yum install -y jsoncpp +yum install -y jsoncpp-devel +yum install -y llvm-mlir +yum install -y llvm-mlir-devel +yum install -y llvm-devel +``` + +## Installing PIN + +### rpmbuild + +#### Building the PIN GCC Client + +```shell +git clone https://gitee.com/src-openeuler/pin-gcc-client.git +cd pin-gcc-client +mkdir -p ~/rpmbuild/SOURCES +cp *.path pin-gcc-client.tar.gz ~/rpmbuild/SOURCES +rpmbuild -ba pin-gcc-client.spec +cd ~/rpmbuild/RPMS +rpm -ivh pin-gcc-client.rpm +``` + +#### Building the PIN Server + +```shell +git clone https://gitee.com/src-openeuler/pin-server.git +cd pin-server +mkdir -p ~/rpmbuild/SOURCES +cp *.path pin-server.tar.gz ~/rpmbuild/SOURCES +rpmbuild -ba pin-server.spec +cd ~/rpmbuild/RPMS +rpm -ivh pin-server.rpm +``` + +### Build + +#### Building the PIN GCC Client + +```shell +git clone https://gitee.com/openeuler/pin-gcc-client.git +cd pin-gcc-client +mkdir build +cd build +cmake ../ -DMLIR_DIR=${MLIR_PATH} -DLLVM_DIR=${LLVM_PATH} +make +``` + +#### Building the PIN Server + +```shell +git clone https://gitee.com/openeuler/pin-server.git +cd pin-server +mkdir build +cd build +cmake ../ -DMLIR_DIR=${MLIR_PATH} -DLLVM_DIR=${LLVM_PATH} +make +``` + +# Usage + +You can use `-fplugin` and `-fplugin-arg-libpin_xxx` to enable the Plug-IN (PIN) tool. +Command: + +```shell +$(TARGET): $(OBJS) + $(CXX) -fplugin=${CLIENT_PATH}/build/libpin_gcc_client.so \ + -fplugin-arg-libpin_gcc_client-server_path=${SERVER_PATH}/build/pin_server \ + -fplugin-arg-libpin_gcc_client-log_level="1" \ + -fplugin-arg-libpin_gcc_client-arg1="xxx" +``` + +You can use the `${INSTALL_PATH}/bin/pin-gcc-client.json` file to configure PIN. The configuration options are as follows: + +`path`: path of the executable file of the PIN server. + +`sha256file`: path of the PIN verification file `xxx.sha256`. + +`timeout`: timeout interval for cross-process communication, in milliseconds. + +Compile options: + +`-fplugin`: path of the .so file of the PIN client. + +`-fplugin-arg-libpin_gcc_client-server_path`: path of the executable program of the PIN server. + +`-fplugin-arg-libpin_gcc_client-log_level`: default log level. The value ranges from `0` to `3`. The default value is `1`. + +`-fplugin-arg-libpin_gcc_client-argN`: other parameters that can be specified as required. `argN` indicates the argument required by PIN. + +# Compatibility + +This section describes the compatibility issues in some special scenarios. This project is in continuous iteration and will be fixed as soon as possible. Developers are welcome to join this project. + +* When PIN is enabled in the `-flto` phase, multi-process compilation using `make -j` is not supported. You are advised to use `make -j1` for compilation. diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/_toc.yaml b/docs/en/tools/community_tools/virtualization/euler_launcher/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fd5414ac7b55fa12e99d131490a9adcb99731ca8 --- /dev/null +++ b/docs/en/tools/community_tools/virtualization/euler_launcher/_toc.yaml @@ -0,0 +1,10 @@ +label: EulerLauncher User Guide +isManual: true +description: High-performance development resources on mainstream desktop OSs. +sections: + - label: Overview + href: ./overall.md + - label: Installing and Running EulerLauncher on Windows + href: ./win_user_manual.md + - label: Installing and Running EulerLauncher on macOS + href: ./mac_user_manual.md diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-content.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-content.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4b9f101056fb7bde536342896b94a698e72889a2 Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-content.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-install.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-install.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b710de9b24b76c35017cee591bc704750855781d Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-install.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-start.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-start.jpg new file mode 100644 index 0000000000000000000000000000000000000000..2805c6244da9d1409958e8c33fc5296b1e138856 Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-start.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-terminal.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-terminal.jpg new file mode 100644 index 0000000000000000000000000000000000000000..d0f3082cc64658afd888a02ca578f76857578f83 Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-terminal.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-visudo.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-visudo.jpg new file mode 100644 index 0000000000000000000000000000000000000000..7466ef4fec0f928ca0c0255ba59b628251216eb1 Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/mac-visudo.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-install.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-install.jpg new file mode 100644 index 0000000000000000000000000000000000000000..e395f62c0eb29390c980853f1d51ceb09641001e Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-install.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-terminal-1.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-terminal-1.jpg new file mode 100644 index 0000000000000000000000000000000000000000..5976bff82cd34b6195f11291d0a99341133cfce3 Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-terminal-1.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-terminal-2.jpg b/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-terminal-2.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a831c6972f99a30355f68e34f30e09be237f0723 Binary files /dev/null and b/docs/en/tools/community_tools/virtualization/euler_launcher/images/win-terminal-2.jpg differ diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/mac_user_manual.md b/docs/en/tools/community_tools/virtualization/euler_launcher/mac_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..979f9ea1d3a8eb33b2437d312266fa9a5728447c --- /dev/null +++ b/docs/en/tools/community_tools/virtualization/euler_launcher/mac_user_manual.md @@ -0,0 +1,234 @@ +# Installing and Running EulerLauncher on macOS + +## Preparations + +### Installing Homebrew + +Homebrew is the software package manager for macOS, which provides many practical functions, such as installation, uninstallation, update, viewing, and search. It allows you to use a simple command to manage packages without considering dependencies and file paths. + +On the macOS desktop, press **Shift**+**Command**+**U** to open the **Utilities** folder in **Go** and find **Terminal.app**. + +![](./images/mac-terminal.jpg) + +Install Homebrew based on the network status. + +Run the following command to install Homebrew: + +``` Shell +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +``` + +Alternatively, run the following command to install Homebrew: + +``` Shell +/bin/zsh -c "$(curl -fsSL https://gitee.com/cunkai/HomebrewCN/raw/master/Homebrew.sh)" +``` + +### Installing QEMU and Wget + +EulerLauncher depends on QEMU to run on macOS, and image download depends on Wget. Homebrew can be used to easily download and manage such software. Run the following command to install QEMU and Wget: + +``` Shell +brew install qemu +brew install wget +``` + +### Configuring the sudo Password-Free Permission + +EulerLauncher depends on QEMU to run on macOS. To improve user network experience, [vmnet framework][1] of macOS is used to provide VM network capabilities. Currently, administrator permissions are required for using vmnet. When using the QEMU backend to create VMs with vmnet network devices, you need to enable the administrator permission. EulerLauncher automatically uses the `sudo` command to implement this process during startup. Therefore, you need to configure the `sudo` password-free permission for the current user. If you do not want to perform this configuration, please stop using EulerLauncher. + +1. On the macOS desktop, press **Shift**+**Command**+**U** to open the **Utilities** folder in **Go** and find **Terminal.app**. + + ![](./images/mac-terminal.jpg) + +2. Enter `sudo visudo` in the terminal to modify the sudo configuration file. Note that you may be required to enter the password in this step. Enter the password as prompted. + +3. Find and replace `%admin ALL=(ALL) ALL` with `%admin ALL=(ALL) NOPASSWD: ALL`. + + ![](./images/mac-visudo.jpg) + +4. Press **ESC** and enter **:wq** to save the settings. + +## Installing EulerLauncher + +EulerLauncher supports macOS Ventura for Apple Silicon and x86 architectures. [Download the latest version of EulerLauncher][1] for macOS and decompress it to the desired location. + +The directory generated after the decompression contains the following files: + +![](./images/mac-content.jpg) + +**install.exe** is the installation file, which is used to install the support files required by EulerLauncher to the specified location. **EulerLauncher.dmg** is the disk image of the main program. + +1. This operation requires the `sudo` permission. You need to [configure the sudo password-free permission](#configuring-the-sudo-password-free-permission) first. +2. Install the support files. Double-click the **install** file and wait until the program execution is completed. + +3. Configure EulerLauncher. + + - Check the locations of QEMU and Wget. The name of the QEMU binary file varies according to the architecture. Select the correct name (Apple Silicon: **qemu-system-aarch64**; Intel: **qemu-system-x86_64**) as required. + + ``` Shell + which wget + which qemu-system-{host_arch} + ``` + + Reference output: + + ```shell + /opt/homebrew/bin/wget + /opt/homebrew/bin/qemu-system-aarch64 + ``` + + Record the paths, which will be used in the following steps. + + - Open the **eulerlauncher.conf** file and configure it. + + ```shell + sudo vi /Library/Application\ Support/org.openeuler.eulerlauncher/eulerlauncher.conf + ``` + + EulerLauncher configurations are as follows: + + ```ini + [default] + log_dir = # Log file location (xxx.log) + work_dir = # EulerLauncher working directory, which is used to store VM images and VM files. + wget_dir = # Path of the Wget executable file. Set this parameter based on the previous step. + qemu_dir = # Path of the QEMU executable file. Set this parameter based on the previous step. + debug = True + + [vm] + cpu_num = 1 # Number of CPUs of the VM. + memory = 1024 #Memory size of the VM, in MB. Do not set this parameter to a value greater than 2048 for M1 users. + ``` + + Save the modifications and exit. + +4. Install **EulerLauncher.app**. + + - Double-click **EulerLauncher.dmg**. In the displayed window, drag **EulerLauncher.app** to **Applications** to complete the installation. You can find **EulerLauncher.app** in applications. + + ![](./images/mac-install.jpg) + +## Using EulerLauncher + +1. Find **EulerLauncher.app** in applications and click to start the program. + +2. EulerLauncher needs to access the network. When the following dialog box is displayed, click **Allow**. + + ![](./images/mac-start.jpg) + +3. Currently, EulerLauncher can be accessed only in CLI mode. Open **Terminal.app** and use the CLI to perform operations. + +### Operations on Images + +1. List available images. + + ```Shell + eulerlauncher images + ``` + + There are two types of EulerLauncher images: remote images and local images. Only local images in the **Ready** state can be used to create VMs. Remote images can be used only after being downloaded. You can also load a downloaded local image to EulerLauncher. For details, see the following sections. + +2. Download a remote image. + + ```Shell + eulerlauncher download-image 23.09 + + Downloading: 23.09, this might take a while, please check image status with "images" command. + ``` + + The image download request is an asynchronous request. The download is completed in the background. The time required depends on your network status. The overall image download process includes download, decompression, and format conversion. During the download, you can run the `image` command to view the download progress and image status at any time. + + ```Shell + eulerlauncher images + ``` + + When the image status changes to **Ready**, the image is downloaded successfully. The image in the **Ready** state can be used to create VMs. + + ```Shell + eulerlauncher images + ``` + +3. Load a local image. + + Load a custom image or an image downloaded to the local host to EulerLauncher to create a custom VM. + + ```Shell + eulerlauncher load-image --path {image_file_path} IMAGE_NAME + ``` + + The supported image formats are *xxx***.qcow2.xz** and *xxx***.qcow2**. + + Example: + + ```Shell + eulerlauncher load-image --path /opt/openEuler-23.09-x86_64.qcow2.xz 2309-load + + Loading: 2309-load, this might take a while, please check image status with "images" command. + ``` + + Load the **openEuler-23.09-x86_64.qcow2.xz** file in the **/opt** directory to the EulerLauncher system and name it **2309-load**. Similar to the download command, the load command is also an asynchronous command. You need to run the image list command to query the image status until the image status is **Ready**. Compared with directly downloading an image, loading an image is much faster. + + ```Shell + eulerlauncher images + ...... + + eulerlauncher images + ...... + ``` + +4. Delete an image. + + Run the following command to delete an image from the EulerLauncher system: + + ```Shell + eulerlauncher delete-image 2309-load + + Image: 2309-load has been successfully deleted. + ``` + +### Operations on VMs + +1. List VMs. + + ```shell + eulerlauncher list + + +----------+-----------+---------+---------------+ + | Name | Image | State | IP | + +----------+-----------+---------+---------------+ + | test1 | 2309-load | Running | 172.22.57.220 | + +----------+-----------+---------+---------------+ + | test2 | 2309-load | Running | N/A | + +----------+-----------+---------+---------------+ + ``` + + If the VM IP address is **N/A** and the VM status is **Running**, the VM is newly created and the network configuration is not complete. Configuring the network takes several seconds. You can obtain the VM information again later. + +2. Log in to a VM. + + If an IP address has been assigned to a VM, you can run the `ssh` command to log in to the VM. + + ```Shell + ssh root@{instance_ip} + ``` + + If the official image provided by the openEuler community is used, the default username is **root** and the default password is **openEuler12#$**. + +3. Create a VM. + + ```Shell + eulerlauncher launch --image {image_name} {instance_name} + ``` + + Use `--image` to specify an image and a VM name. + +4. Delete a VM. + + ```Shell + eulerlauncher delete-instance {instance_name} + ``` + +Delete a specified VM based on the VM name. + +[1]: https://developer.apple.com/documentation/vmnet diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/overall.md b/docs/en/tools/community_tools/virtualization/euler_launcher/overall.md new file mode 100644 index 0000000000000000000000000000000000000000..2aa3e7b5229e7733afd53ceac16bd7a7b5612680 --- /dev/null +++ b/docs/en/tools/community_tools/virtualization/euler_launcher/overall.md @@ -0,0 +1,18 @@ +# EulerLauncher + +EulerLauncher is a developer tool set incubated by the technical operation team and infrastructure team of the openEuler community. It integrates virtualization technologies (such as LXD, HyperV, and Virtualization Framework) in mainstream desktop operating systems (OSs). It utilizes VMs and container images officially released by the openEuler community to provide developers with unified development resource (such as VMs and containers) provisioning and management experience on Windows, macOS, and Linux, improving the convenience and stability of using the openEuler development environment on mainstream desktop OSs, as well as developer experience. + +## Background + +The convenience and stability of development resources (such as VMs and containers) provided by mainstream desktop OSs are important factors that affect the experience of openEuler developers, especially for individuals and university developers with limited development resources. Common VM management platforms have many limitations. For example, VirtualBox requires developers to download a large ISO image and install the OS, WSL cannot provide a real openEuler kernel, most VM management software does not fully support Apple Sillicon chips, and many software needs to be paid, greatly reducing developers' work efficiency. + +EulerLauncher provides a convenient, easy-to-use, and unified developer tool set on mainstream desktop OSs such as Windows, macOS, and Linux (planned). It supported the x86_64 and AArch64 hardware architectures, including Apple Sillicon chips. It also supports virtual hardware acceleration capabilities for different platforms, providing developers with high-performance development resources. EulerLauncher allows users to use VMs and container images (planned) released by the openEuler community, Daily Build images provided by the openEuler community, and other custom images that meet requirements, providing developers with multiple choices. + +## Quick Start + +For macOS users, see [Installing and Running EulerLauncher on macOS][1]. + +For Windows users, see [Installing and Running EulerLauncher in Windows][2]. + +[1]: ./mac_user_manual.md +[2]: ./win_user_manual.md diff --git a/docs/en/tools/community_tools/virtualization/euler_launcher/win_user_manual.md b/docs/en/tools/community_tools/virtualization/euler_launcher/win_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..aa74f01b92d287da7c163e96f49ff6d862e47b32 --- /dev/null +++ b/docs/en/tools/community_tools/virtualization/euler_launcher/win_user_manual.md @@ -0,0 +1,159 @@ +# Installing and Running EulerLauncher on Windows + +EulerLauncher currently supports Windows 10/11. [Download the latest version of EulerLauncher][1] for Windows and decompress it to the desired location. +Right-click **config-env.bat** and choose **Run as administrator** from the shortcut menu. This script adds the current directory to the system environment variable `PATH`. If you know how to configure environment variables or the configuration script is incorrect, you can manually add the directory where the current script is located and the **qemu-img** subdirectory to the system environment variable `PATH`. + +To run EulerLauncher on Windows, you need to connect EulerLauncher to the Hyper-V virtualization backend. Hyper-V is a Microsoft hardware virtualization product that provides better performance for VMs on Windows. Before running EulerLauncher, check whether Hyper-V is enabled in your system. For details about how to check and enable Hyper-V, see [Install Hyper-V][2] or other network resources. + +The directory generated after the decompression contains the following files: + +- **eulerlauncherd.exe**: main process of EulerLauncher. It is a daemon process running in the background. It interacts with various virtualization backends and manages the life cycles of VMs, containers, and images. +- **eulerlauncher.exe**: EulerLauncher CLI client. You can use this client to interact with the eulerlauncherd daemon process and perform operations on VMs and images. +- **eulerlauncher.conf**: EulerLauncher configuration file, which must be stored in the same directory as **eulerlauncherd.exe**. Configure the file as follows: + +```ini +[default] +# Configure the directory for storing log files. +log_dir = D:\eulerlauncher-workdir\logs +# Whether to enable the debug log level. +debug = True +# Configure the EulerLauncher working directory. +work_dir = D:\eulerlauncher-workdir +# Configure the EulerLauncher image directory. The image directory is relative to the working directory. +image_dir = images +# Configure the VM file directory of EulerLauncher. The VM file directory is relative to the working directory. +instance_dir = instances +``` + +After the configuration is complete, right-click **eulerlauncherd.exe** and choose **Run as administrator** from the shortcut menu. **eulerlauncherd.exe** runs as a daemon process in the background. + +Start PowerShell or Command Prompt to prepare for the corresponding operation. + +## Exiting the eulerlauncherd Background Process on Windows + +After **eulerlauncherd.exe** is executed, the eulerlauncherd icon is displayed in the system tray in the lower right corner. Right-click the icon and choose **Exit EulerLauncher** from the shortcut menu to exit the eulerlauncherd background process. + +## Operations on Images + +1. List available images. + + ```PowerShell + eulerlauncher.exe images + + +-----------+----------+--------------+ + | Images | Location | Status | + +-----------+----------+--------------+ + | 22.03-LTS | Remote | Downloadable | + | 21.09 | Remote | Downloadable | + | 2203-load | Local | Ready | + +-----------+----------+--------------+ + ``` + + There are two types of EulerLauncher images: remote images and local images. Only local images in the **Ready** state can be used to create VMs. Remote images can be used only after being downloaded. You can also load a downloaded local image to EulerLauncher. For details, see the following sections. + +2. Download a remote image. + + ```PowerShell + eulerlauncher.exe download-image 23.09 + + Downloading: 23.09, this might take a while, please check image status with "images" command. + ``` + + The image download request is an asynchronous request. The download is completed in the background. The time required depends on your network status. The overall image download process includes download, decompression, and format conversion. During the download, you can run the `image` command to view the download progress and image status at any time. + + ```PowerShell + eulerlauncher.exe images + ``` + + When the image status changes to **Ready**, the image is downloaded successfully. The image in the **Ready** state can be used to create VMs. + + ```PowerShell + eulerlauncher.exe images + ``` + +3. Load a local image. + + Load a custom image or an image downloaded to the local host to EulerLauncher to create a custom VM. + + ```PowerShell + eulerlauncher.exe load-image --path {image_file_path} IMAGE_NAME + ``` + + The supported image formats are *xxx***.qcow2.xz** and *xxx***.qcow2**. + + Example: + + ```PowerShell + eulerlauncher.exe load-image --path D:\openEuler-23.09-x86_64.qcow2.xz 2309-load + + Loading: 2309-load, this might take a while, please check image status with "images" command. + ``` + + Load the **openEuler-23.09-x86_64.qcow2.xz** file in the **D:\\** directory to the EulerLauncher system and name it **2309-load**. Similar to the download command, the load command is also an asynchronous command. You need to run the image list command to query the image status until the image status is **Ready**. Compared with directly downloading an image, loading an image is much faster. + + ```PowerShell + eulerlauncher.exe images + + ...... + + eulerlauncher images + + ...... + ``` + +4. Delete an image. + + Run the following command to delete an image from the EulerLauncher system: + + ```PowerShell + eulerlauncher.exe delete-image 2309-load + + Image: 2309-load has been successfully deleted. + ``` + +## Operations on VMs + +1. List VMs. + + ```Powershell + eulerlauncher.exe list + + +----------+-----------+---------+---------------+ + | Name | Image | State | IP | + +----------+-----------+---------+---------------+ + | test1 | 2309-load | Running | 172.22.57.220 | + +----------+-----------+---------+---------------+ + | test2 | 2309-load | Running | N/A | + +----------+-----------+---------+---------------+ + ``` + + If the VM IP address is **N/A** and the VM status is **Running**, the VM is newly created and the network configuration is not complete. Configuring the network takes several seconds. You can obtain the VM information again later. + +2. Log in to a VM. + + If an IP address has been assigned to a VM, you can run the `ssh` command to log in to the VM. + + ```PowerShell + ssh root@{instance_ip} + ``` + + If the official image provided by the openEuler community is used, the default username is **root** and the default password is **openEuler12#$**. + +3. Create a VM. + + ```PowerShell + eulerlauncher.exe launch --image {image_name} {instance_name} + ``` + + Use `--image` to specify an image and a VM name. + +4. Delete a VM. + + ```PowerShell + eulerlauncher.exe delete-instance {instance_name} + ``` + + Delete a specified VM based on the VM name. + +[1]: https://gitee.com/openeuler/eulerlauncher/releases +[2]: https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v diff --git a/docs/en/tools/desktop/_toc.yaml b/docs/en/tools/desktop/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..22c0a7f745030dd0178d464a623187ddfa86013a --- /dev/null +++ b/docs/en/tools/desktop/_toc.yaml @@ -0,0 +1,6 @@ +label: Desktop Environments +sections: + - href: ./gnome/_toc.yaml + - href: ./ukui/_toc.yaml + - href: ./dde/_toc.yaml + - href: ./kiran/_toc.yaml diff --git a/docs/en/tools/desktop/dde/_toc.yaml b/docs/en/tools/desktop/dde/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dcef88c1ddebadf4fe4b4600eae62b663b823acf --- /dev/null +++ b/docs/en/tools/desktop/dde/_toc.yaml @@ -0,0 +1,8 @@ +label: DDE User Guide +isManual: true +description: Install and use DDE. +sections: + - label: DDE Installation + href: ./dde_installation.md + - label: DDE User Guide + href: ./dde_userguide.md diff --git a/docs/en/tools/desktop/dde/dde_installation.md b/docs/en/tools/desktop/dde/dde_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..80b1e26de882060a6597193ebfc5c6c31d4390b5 --- /dev/null +++ b/docs/en/tools/desktop/dde/dde_installation.md @@ -0,0 +1,39 @@ +# DDE Installation + +## Introduction + +DDE is a powerful desktop environment developed by UnionTech. It contains dozens of self-developed desktop applications. + +## Procedure + +1. [Download](https://openeuler.org/en/download/) the openEuler ISO file and install the OS. +2. Update the software source. + + ```bash + sudo dnf update + ``` + +3. Install DDE. + + ```bash + sudo dnf install dde + ``` + +4. Set the system to start with the graphical interface. + + ```bash + sudo systemctl set-default graphical.target + ``` + +5. Reboot the system. + + ```bash + sudo reboot + ``` + +6. After the reboot is complete, use the user created during the installation process or the **openeuler** user to log in to the desktop. + + > DDE does not allow login as the **root** user. + > DDE has a built-in **openeuler** user whose password is **openeuler**. + +Now you can use DDE. diff --git a/docs/en/tools/desktop/dde/dde_userguide.md b/docs/en/tools/desktop/dde/dde_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..b33fab70dd22c3096fb3a71a6163b52866f3d996 --- /dev/null +++ b/docs/en/tools/desktop/dde/dde_userguide.md @@ -0,0 +1,849 @@ +# DDE Desktop Environment + +## Overview + +DDE desktop environment is an elegant, secure, reliable and easy to use GUI comprised of the desktop, dock, launcher and control center. Acting as the key basis for our operating system, its main interface is shown as below. + +![](./figures/43.jpg) + +### Getting Started + +When you enter DDE for the very first time, a welcome program will automatically start. You can watch the introduction video, select your desktop style and icon theme, and learn more about the system functions. + +![](./figures/46.png) + +## Desktop + +Desktop is the main screen you see after logging in. On the desktop, you can create a new file/folder, sort files, open in terminal, set wallpaper and screensaver and etc. You can also add shortcuts for applications on desktop by using [Send to desktop](#set-app-shortcut). + +![](./figures/41.png) + +### Create New Folder/Document + +Just as in File Manager, you can create a new folder/document on the desktop, or do some operations for the files on it. + +- Right-click the desktop, select **New folder** and enter the name for it. +- Right-click the desktop, select **New document**, select the type and enter its name. + +Right-click a file or folder on the desktop, and use the features of File Manager as below: + +| Function | Description | +| ---------------- | ------------------------------------------------------------ | +| Open with | Select an app to open it. | +| Cut | Move it to another location. | +| Copy | Copy it to another location. | +| Rename | Change its name. | +| Delete | Delete and move it to the trash. | +| Create link | Create a shortcut of the file or folder. | +| Tag information | Add a tag. | +| Compress/Extract | Compress the file or folder, or extract the compressed file. | +| Properties | View the basic info, share it or change the permission. | + +### Sort Files + +Sort the files on your desktop to make it organized and fit your needs. + +1. Right-click the desktop. +2. Click **Sort by**, you can: + +- Click **Name** to display files in the name sequence. +- Click **Size** to display files in the size sequence. +- Click **Type** to display files in type. +- Click **Time modified** to display files in the order of last modified date. + +> ![](./figures/icon125-o.svg)Tips: *Check **Auto arrange**, icons on the desktop will be listed in order automatically, and if an icon is removed, another one will fill in the blank.* + +### Adjust Icon Size + +1. Right-click the desktop. +2. Click **Icon size**, and choose a proper size. + +> ![](./figures/icon125-o.svg)Tips: *Press **Ctrl** + ![](./figures/icon134-o.svg)/![](./figures/icon132-o.svg) scrolling mouse wheel to adjust icon size on the desktop and in Launcher.* + +### Set Display + +You can set display scaling, screen resolution, brightness and so on from the desktop. + +1. Right-click the desktop. +2. Click **Display Settings** to open the settings in Control Center. + +> ![](./figures/icon99-o.svg)Notes: *For specific operations, please refer to [Display](#Display).* + +### Change Wallpaper + +Select some elegant and fashionable wallpapers to beautify your desktop and make it distinctive. + +1. Right-click the desktop. +2. Click **Wallpaper and Screensaver** to preview all the wallpapers. +3. Click your favorite one and it will apply in your desktop and screen lock. +4. You can also choose **Only desktop**, **Only lock screen**, or both. + +![](./figures/63.jpg) + +> ![](./figures/icon125-o.svg)Tips: *You can also set your favorite picture as wallpaper in an image viewer.* + +### Clipboard + +All the texts, pictures and documents cut and copied by the current user after login are displayed in the clipboard, which can be copied quickly by double-clicking the clipboard. The clipboard is cleared automatically after logout and shutdown. + +1. Use the shortcuts **Ctrl**+**Alt**+ **V** to wake up the clipboard. + +2. Double-click in the clipboard to copy the current content quickly and the corresponding block will be moved to the top of the clipboard. + +3. Select the target destination to paste it. + +4. Click![](./figures/icon57-o.svg)to delete the current content and click **Clear All** to clear the clipboard. + + ![](./figures/40.png) + +## Dock + +Dock is at the bottom of the desktop by default to help you quickly open frequently-used applications, which includes Launcher, applications, system tray, and plugins. In the dock, you can open launcher, show the desktop, enter the workspaces, open and exit apps, set input methods, adjust the volume, connect to the network, view the calendar and enter the shutdown interface, and so on. + +### Icons on Dock + +In the Dock, there are icons of Launcher, applications, system tray, and plugins. + +![](./figures/45.png) + +| Icon | Description | +| ---- | ---- | +| ![](./figures/icon66-o.svg) | Launcher - click to view all the installed applications. | +| ![](./figures/icon69-o.svg) | Click to show the desktop. | +| ![](./figures/icon63-o.svg) | File Manager - click to view files and folders on the disk. | +| ![](./figures/icon62-o.svg) | Calendar - view dates and create new schedules. | +| ![](./figures/icon58-o.svg) | Control Center - click to check or change system settings. | +| ![](./figures/icon101-o.svg) | Notification Center - show all notifications from the system and applications. | +| ![](./figures/icon103-o.svg) | Onboard virtual keyboard. | +| ![](./figures/icon122-o.svg) | Click to enter the shutdown interface. | +| ![](./figures/icon126-o.svg) | Trash. | + +> ![](./figures/icon125-o.svg)Tips: *In Efficient Mode, you can click the right side of Dock to show the desktop. Move the cursor to the running app in the Dock and you will see its preview window.* + +### Switch Display Mode + +There are two display modes of Dock: fashion mode and efficient mode, icon sizes are different in them. + +![](./figures/46.png) + +![](./figures/63.png) + +You can switch the display modes by the following operations: + +1. Right-click the Dock and select **Mode**. +2. Select the display mode. + +### Change Dock Location + +You can place Dock on any direction of your desktop. + +1. Right-click the Dock and select **Location**. +2. Select a location. + +### Change Dock Height + +Drag the top edge to increase or decrease the height. + +### Show/Hide Plugins + +1. Right-click the Dock and select **Plugins**. +2. On the submenu, you can check or uncheck **Trash, Power, Show Desktop, Onboard**, and **Datetime** to show or hide the corresponding icon in the Dock. + +### View Notifications + +When there are system or application notifications, they will be shown in the middle of the screen. If there are buttons in the message, click buttons to do the actions; if there are not, click the message to close it. + +![](./figures/51.png) + +Click notification in Dock to view all the notifications. + +### View Date and Time + +- Hover the cursor over the Time icon in Dock to view the current time, date and day of the week. +- Click the Time icon to open Calendar. + +### Enter Shutdown Interface + +There are two ways to enter the shutdown interface: + +- Click ![](./figures/icon122-o.svg) in Dock. +- Click ![](./figures/icon136-o.svg) at the bottom right corner of Launcher mini mode. + +| Function | Description | +| ------------------------------------------------------------ | ------------------------------------------------------------ | +| Shut down ![](./figures/icon136-o.svg) | Shut down the computer. | +| Reboot ![](./figures/icon110-o.svg) | Restart the computer. | +| Lock ![](./figures/icon90-o.svg) | Lock the computer with the password. Or press **Super** + **L** to lock it. | +| Switch user ![](./figures/icon128-o.svg) | Log in with another user account. | +| Log out ![](./figures/icon92-o.svg) | End all the processes and initialize the system. | +| Start system monitor ![](./figures/icon68-o.svg) | View the running processes and end the one you want. | + +> ![](./figures/icon99-o.svg)Notes: ![](./figures/icon128-o.svg) *will be shown if there are multiple accounts in the system.* + +### Trash + +You can find all deleted files in the trash, which can be restored or emptied. + +#### Restore Files + +You can restore deleted files in Trash or press **Ctrl** + **Z** to restore the lately deleted files. + +1. Select the file in the trash. +2. Right-click the file and select **Restore**. +3. The file will be in its original path. + +> ![](./figures/icon52-o.svg)Attention: *If the original folder of the file has been deleted, the deleted file will be restored to a new folder automatically created.* + +#### Empty Trash + +In the trash, click **Empty** to permanently delete all the files in the trash. + +## Launcher + +Launcher ![](./figures/icon66-o.svg) helps you manage all the installed applications, where you can quickly find an application by category navigation or by a search. + +> ![](./figures/icon125-o.svg)Tips: *You can view newly installed applications in Launcher. The newly-installed ones are followed with a blue dot.* + +### Switch Launcher Modes + +There are two display modes of Launcher: fullscreen mode and mini mode. Click the icon at the upper right corner to switch modes. + +Both modes support searching applications and sending them to the desktop or Dock. + +The mini mode also supports opening File Manager, Control Center and shutdown interface directly. + +![](./figures/47.jpg) +![](./figures/52.png) + +### Sort Applications + +In fullscreen mode, all applications in Launcher are listed by the installation time by default. You can sort the application icons as the ways below: + +- Hover the cursor over an application icon, hold down the left key of mouse, drag and drop the application icon to arrange it freely. +- Click the category icon ![](./figures/icon56-o.svg) on the upper left in Launcher to arrange the icons by category. + +![](./figures/60.jpg) + +In mini mode, applications are displayed according to using frequency by default. + +### Find Applications + +In Launcher, you can scroll up and down to find an application, or locate it with the category navigation. + +If you already know the application name, just search for it. + +### Set App Shortcut + +The shortcut offers a method to run applications easily and quickly. + +#### Create App Shortcut + +Send the application icon to the desktop or Dock to facilitate the follow-up operations. + +In Launcher, right-click an app icon and you can: + +- Select **Send to desktop** to create a shortcut on the desktop. +- Select **Send to dock** to fix the application icon in Dock. + +![](./figures/58.png) + +> ![](./figures/icon99-o.svg)Notes: *You can drag the application icon from Launcher to Dock. But you cannot drag and drop the application while it is running. Then you can right-click the application icon in Dock and select **Dock** to fix it in order to open it quickly for the next time.* + +#### Delete Shortcut + +Delete a shortcut from the desktop directly, or remove it from Dock or Launcher. + +**Remove the shortcut from Dock:** + +- Hold down the left key of mouse, drag and drop the icon away from Dock. +- You cannot drag and drop the application icon while it is running. Then you can right-click the application icon in Dock and select **Undock** to remove it from Dock. + +**Remove the shortcut from Launcher:** + +In Launcher, right-click the icon and you can: + +- Select **Remove from desktop** to delete the shortcut from the desktop. +- Select **Remove from dock** to remove the application icon from Dock. + +> ![](./figures/icon99-o.svg)Notes: *The above operations only delete the shortcut rather than uninstall the applications.* + +### Run Applications + +For the applications whose shortcuts have been created on the desktop or Dock, you can open them in the following ways: + +- Double-click the desktop icon or right-click it and select **Open**. +- Click the application icon in Dock or right-click it and select **Open**. + +To open the application only shown in Launcher, click the icon or right-click it and select **Open**. + +> ![](./figures/icon125-o.svg)Tips: *For the frequently-used applications, right-click the app icon and select **Add to startup** to run it when the computer boots.* + +## Control Center + +You can manage the system settings in Control Center, including account management, network settings, date and time, personalization, display settings, etc. After entering the desktop environment, click ![](./figures/icon58-o.svg) to open Control Center. + +### Homepage Introduction + +The homepage of Control Center provides several setting modules and click one to enter the detailed settings. + +![](./figures/42.png) + +Once you open a setting module in Control Center, the navigation appears on the left. Click the left navigation to quickly switch to other settings. + +![](./figures/39.png) + +#### Title Bar + +The title bar contains the back button, search box, main menu and the window buttons. + +- Back button: Click ![](./figures/icon53-o.svg) to go back to the homepage. +- Search box: Input a keyword and search the related settings. +- Main menu: Click ![](./figures/icon83-o.svg) to enter the main menu where you can set the window theme, view the manual and exit. + +### Accounts + +You have already created an account when installing the system. Here you can modify account settings or create a new one. + +![](./figures/38.png) + +#### Create New Account + +1. On the homepage of Control Center, click ![](./figures/icon49-o.svg). +2. Click ![](./figures/icon50-o.svg). +3. Input a username and a password twice. +4. Click **Create**. +5. Input the password of the current user account in the authentication dialog box, and the new account will be added to the account list. + +#### Change Account Avatar + +1. On the homepage of Control Center, click ![](./figures/icon49-o.svg). +2. Click an existing account in the list. +3. Click the user avatar. +4. Select a avatar or upload a local avatar. + +#### Set Full Name + +The account full name is shown in account list and system login interface and you can set it as needed. + +1. On the homepage of Control Center, click ![](./figures/icon49-o.svg). +2. Click an existing account in the list. +3. Click ![](./figures/icon75-o.svg) after **Full Name**, and input a name. + +#### Change Password + +1. On the homepage of Control Center, click ![](./figures/icon49-o.svg). + +2. Click the current account. + +3. Click **Change Password**. + +4. Input a new password twice and confirm. + +#### Delete Account + +1. On the homepage of Control Center, click ![](./figures/icon49-o.svg). +2. Click an account that's not logged in. +3. Click **Delete Account**. +4. Click **Delete** in the pop-up window. + +> ![](./figures/icon52-o.svg)Attention: *The logged in account cannot be deleted.* + +#### Privilege + +The first account has administrator privilege when you install the system. All other accounts you add after that are common users. One account can be grouped in many user groups. + +##### Group setting + +When you add or modify accounts, you can: + +- Select a group existing in the system. +- Select the group with the same name as the current user. +- Select the group with the same name as another user when the account was previously added. + +### Display + +Set screen resolution, brightness, direction and display scaling properly to have the best visual effect. + +![](./figures/44.png) + +#### Single Screen Settings + +##### Change Resolution + +1. On the homepage of Control Center, click ![](./figures/icon72-o.svg). +2. Click **Resolution**. +3. Select a proper resolution in the list. +4. Click **Save**. + +##### Adjust Brightness + +1. On the homepage of Control Center, click ![](./figures/icon72-o.svg). +2. Click **Brightness**. + - Drag the slider to set screen brightness. + - Switch on **Night Shift**, the screen hue will be auto-adjusted according to your location. + - Switch on **Auto Brightness**, the monitor will change the brightness automatically according to ambient light (shown only if PC has a light sensor). + +##### Change Refresh Rate + +1. On the homepage of Control Center, click ![](./figures/icon72-o.svg). +2. Click **Refresh Rate**. +3. Select a proper one, and click **Save**. + +##### Change Display Direction + +1. On the homepage of Control Center, click ![](./figures/icon72-o.svg). +2. Click ![](./figures/icon112-o.svg). +3. Every time you click, the screen will rotate 90 degrees counterclockwise. +4. To restore to the original direction, click the right button to exit; to use the current direction, press **Ctrl**+ **S** to save it. + +#### Multiple Screen Settings + +Expand your desktop by multiple screens! Use VGA/HDMI/DP cable to connect your computer to other display devices. + +1. On the homepage of Control Center, click ![](./figures/icon72-o.svg). +2. Click **Multiple Displays**. +3. Select a display mode: + - **Duplicate**: display the same image on other screens. + - **Extend**: expand the desktop across the screens. + - **Customize**: customize the display settings for multiple screens. + +In multiple displays, press **Super** + **P** to show its OSD. + +Operations are as follows: + +1. Hold **Super** and press **P** or click to select the options. +2. Release the keys, the selected mode will take into effect. + +>![](./figures/icon99-o.svg)Notes: *When the multiple displays are in the extend mode, only the main screen supports desktop icon display, right-click menu operation and other functions, while the sub-screens do not.* + +##### Custom Settings + +1. On the homepage of Control Center, click ![](./figures/icon72-o.svg). +2. Click **Multiple Displays** > **Customize**. +3. Click **Recognize**. +4. Choose **Merge** or **Split** the screens, specify the main screen, set the resolution and refresh rate, and rotate screen if you want. +5. Click **Save**. + +> ![](./figures/icon99-o.svg)Notes: *"Merge" means duplicate mode, "Split" means extend mode.* + +### Default Application Settings + +If you have installed several applications with similar functions, such as text editor, choose one of them to be the default application to open that type of file. + +![](./figures/39.png) + +#### Set Default Application + +1. Right-click the file, choose **Open with** > **Set default program**. +2. Select one application, **Set as default** is checked by default, and click **Confirm**. +3. The application will automatically be added to the default application list in Control Center. + +#### Change Default Application + +1. On the homepage of Control Center, click ![](./figures/icon70-o.svg). +2. Select a file type. +3. Select another one in the list as the default application. + +#### Add Default Application + +1. On the homepage of Control Center, click ![](./figures/icon70-o.svg). +2. Select a file type. +3. Click ![](./figures/icon50-o.svg) below to add a desktop file (usually at /usr/share/applications) or a specified binary file as the default application. +4. The application will be added to the list and set as default application automatically. + +#### Delete Default Application + +In the default application list, you can only delete the applications you added. To remove other applications from the list, the only way is to uninstall them. Once uninstalled, they will automatically be deleted from the list. + +To delete the default applications you have added, do as below: + +1. On the homepage of Control Center, click ![](./figures/icon70-o.svg). +2. Select a file type. +3. Click ![](./figures/icon57-o.svg) after the application name to delete it. + +### Personalization Settings + +You can set theme, accent color, font, change the appearance of the desktop and windows to your favorite style. + +![](./figures/56.png) + +#### Set Window Theme + +1. On the homepage of Control Center, click ![](./figures/icon105-o.svg). +2. Click **General**. +3. Select one window theme, which will be used as system theme. + +> ![](./figures/icon99-o.svg)Notes: *"Auto" means changing window theme automatically according to the sunset and sunrise time. After sunrise, it is light theme; after sunset, it is dark theme.* + +#### Change Accent Color + +Accent color refers to the color used when you select one option or file in the system. + +1. On the homepage of Control Center, click ![](./figures/icon105-o.svg). +2. Click **General**. +3. Pick a color under **Accent Color** and view its effects. + +#### Set Icon Theme + +1. On the homepage of Control Center, click ![](./figures/icon105-o.svg). +2. Click **Icon Theme** and select an icon style. + +#### Set Cursor Theme + +1. On the homepage of Control Center, click ![](./figures/icon105-o.svg). +2. Click **Cursor Theme** and select a set of cursors. + +#### Change Font + +1. On the homepage of Control Center, click ![](./figures/icon105-o.svg). +2. Click **Font**. +3. Set the font and font size for the system. + +### Network Settings + +After login, you need to connect to a network first and then surf the Internet! + +> ![](./figures/icon125-o.svg)Tips: *Check your network status by hovering over or clicking the network icon in Dock.* + +![](./figures/54.png) + +#### Wired Network + +Wired network is secure and stable, which makes it the most common way to connect to the Internet. After your router is set, connect both ends of the network cable to the computer and router to connect to a wired network. + +1. Plug the cable into the network slot of a computer. +2. Plug another end of the cable into the router or network port. +3. On the homepage of Control Center, click ![](./figures/icon97-o.svg). +4. Click **Wired Network** to enter the setting page of wired network. +5. Switch on **Wired Network Adapter** to enable wired network. +6. If it is successfully connected to the network, there will be a prompt "Wired Connection connected". + +You can also edit and add a new wired network in the setting page. + +#### Mobile Network + +If you are at a place without network, mobile network adapter is a useful tool to help you connect to the Internet as long as the place is covered by telephone signals. + +1. Plug the mobile network adapter into your computer USB port. +2. Your computer will auto connect to the network. +3. On the homepage of Control Center, click ![](./figures/icon97-o.svg). +4. Click **Mobile Network** to view the detailed network info. + +#### DSL/PPPoE Connections + +DSL is a dial-up connection using a standard phone line and analog modem to access the Internet. Configure the modem, plug the telephone line into the network interface of the computer, create a broadband dial-up connection, and enter the user name and password provided by the operator to dial up the Internet. + +##### Create a PPPoE Connection + +1. On the homepage of Control Center, click ![](./figures/icon97-o.svg). +2. Click **DSL**. +3. Click ![](./figures/icon50-o.svg). +4. Enter the name, your account and password the operator provides. +5. Click **Save**. The connection will automatically start. + +#### VPN + +VPN is a virtual private network. Its main function is to establish a private network on the public network for encrypted communication. Whether you are on a business trip or working at home, you can use VPN to access intranet resources as long as you can access the Internet. You can also use VPN to speed up access to websites in other countries. + +1. On the homepage of Control Center, click ![](./figures/icon97-o.svg). +2. Click **VPN**, and click ![](./figures/icon50-o.svg) or ![](./figures/icon84-o.svg). +3. Select the VPN protocol type, and enter the name, gateway, account, password and other information. (Importing VPN will automatically fill in information) +4. Click **Save**, the system will try to connect VPN network automatically. +5. You can export the VPN settings to backup or share with other users. + +> ![](./figures/icon99-o.svg)Notes: *If you don't want to use the VPN as the default routing, but only want it to take effect on specific network resources, switch on **Only applied in corresponding resources**.* + +#### System Proxy + +1. On the homepage of Control Center, click ![](./figures/icon97-o.svg). +2. Click **System Proxy**. + +- Click **None** and **Save** to disable the proxy. +- Click **Manual** and input the address and port of proxy servers. +- Click **Auto** and input a URL to configure the proxy info. + +#### Application Proxy + +1. On the homepage of Control Center, click ![](./figures/icon97-o.svg). +2. Click **Application Proxy**. +3. Select a proxy type, and fill in the IP address, port, etc. +4. Click **Save** to save the proxy settings. + +> ![](./figures/icon99-o.svg)Notes: *After being configured, run Launcher, right-click any application's icon and check **Use a proxy**, and then the application will be opened by proxy.* + +#### Network Info + +You can view MAC, IP address, gateway and other network info in network details. + +1. On the homepage of Control Center, click ![](./figures/icon97-o.svg). +2. Click **Network Details**. +3. View the network info of the current network. + +### Sound Settings + +Set your speaker and microphone properly to make you hear more comfortable and make clearer recordings. + +![](./figures/61.png) + +#### Output + +1. On the homepage of Control Center, click ![](./figures/icon116-o.svg). + +2. Click **Output** to: + + - Select output device type from the dropdown list after **Output Device**. + + - Drag the slider to adjust output volume and left/right balance. + - Switch on **Volume Boost**, the volume could be adjustable from 0~150% (the former range is 0~100%). + +#### Input + +1. On the homepage of Control Center, click ![](./figures/icon116-o.svg). +2. Click **Input** to: + - Select input device type from the dropdown list after **Input Device**. + - Adjust input volume by dragging the slider. + - You can enable **Automatic Noise Suppression** by clicking the button after "Automatic Noise Suppression". + +> ![](./figures/icon125-o.svg)Tips: *Usually, you need to turn up the input volume to make sure that you can hear the sound of the sound source, but the volume should not be too high, because it will cause distortion of the sound. Here is how to set input volume: Speak to your microphone at a normal volume and view "Input Level". If the indicator changes obviously according to the volume, then the input volume is at a proper level.* + +#### System Sound Effects + +1. On the homepage of Control Center, click ![](./figures/icon116-o.svg). +2. Click **Sound Effects**, check the options you want to switch on the sound when the corresponding event occurs. + +> ![](./figures/icon125-o.svg)Tips: *Click to listen to the sound effect.* + +### Date and Time + +Set your timezone properly to have correct date and time. You can also change them manually. + +![](./figures/62.png) + +#### Change Timezone + +You have selected the timezone during system installation and do as follows to change it. + +1. On the homepage of Control Center, click ![](./figures/icon124-o.svg). +2. Click **Timezone List**. +3. Click **Change System Timezone** and select a timezone by searching or clicking on the map. +4. Click **Confirm**. + +#### Add Timezone + +Add another timezone to see the date and time there. + +1. On the homepage of Control Center, click ![](./figures/icon124-o.svg). +2. Click **Timezone List**. +3. Click ![](./figures/icon50-o.svg), select a timezone by searching or clicking on the map. +4. Click **Add**. + +#### Delete Timezone + +1. On the homepage of Control Center, click ![](./figures/icon124-o.svg). +2. Click **Timezone List**. +3. Click **Edit** after "Timezone List". +4. Click ![](./figures/icon71-o.svg) to remove the timezone. + +#### Change Date and Time + +Note that the auto-sync function will be disabled after changing date and time manually. + +1. On the homepage of Control Center, click ![](./figures/icon124-o.svg). +2. Click **Time Settings**. + - Switch on/off **Auto Sync**. + - Enter the correct date and time. +3. Click **Confirm**. + +#### Set Time Format + +Setting the format of time and date is supported. + +1. On the homepage of Control Center, click ![](./figures/icon124-o.svg). +2. Click **Time Format** to set the first day of week, long date, short date, long time, and short time. + +### Power Management + +Power management helps you to improve system safety. + +![](./figures/57.png) + +#### Time to Suspend + +1. On the homepage of Control Center, click ![](./figures/icon107-o.svg). +2. Click **Plugged In**. +3. Set the time to suspend. + +#### Time to Lock Screen + +1. On the homepage of Control Center, click ![](./figures/icon107-o.svg). +2. Click **Plugged In**. +3. Set the time to lock screen. + +#### Power button settings + +1. On the homepage of Control Center, click ![](./figures/icon107-o.svg). +2. Click **Plugged In**. +3. You can select **Shut down, Suspend, Hibernate, Turn off the monitor, Do nothing** from the drop-down list after **When pressing the power button**. + +Any operation done here will take effect immediately. At the same time, the system will notify the user that the power button setting is changed. + +### Mouse + +Mouse is common computer input device. Using the mouse, you can make the operation easier and faster. + +![](./figures/53.png) + +#### General Settings + +1. On the homepage of Control Center, click ![](./figures/icon94-o.svg). +2. Click **General**. +3. Switch on **Left Hand**, and adjust **Scrolling Speed**, **Double-click Speed**. + +> ![](./figures/icon99-o.svg)Notes: *If "Left Hand" is enabled, left-click and right-click of the mouse exchange.* + +#### Mouse + +After inserting or connecting the mouse, make relevant settings in the Control Center to make it more in line with your usage habits. + +1. On the homepage of Control Center, click ![](./figures/icon94-o.svg). +2. Click **Mouse**. +3. Adjust **Pointer Speed**, which helps you to control the speed at which the pointer moves as the mouse moves. +4. Switch on **Natural Scrolling**/**Mouse Acceleration** if you want. + +> ![](./figures/icon99-o.svg)Notes: +> +> - *Turn on the mouse acceleration to improve the accuracy of the pointer. The moving distance of the mouse pointer on the screen will increase according to the acceleration of the moving speed. It can be turned on or off according to the usage.* +> - *If Natural Scrolling is enabled, when you scroll down, the page will scroll down, when you scroll up, the page will scroll up as well.* + +### Keyboard and Language + +Set keyboard properties and select your keyboard layout to keep your typing habit. You can also adjust the keyboard layout according to the country and language, change system language, and customize shortcuts here. + +![](./figures/59.png) + +#### Keyboard Properties + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **General**. +3. Adjust **Repeat Delay**/**Repeat Rate**. +4. Click "Test here" and hold down a key to test the repeat rate. +5. Switch on **Numeric Keypad** and **Caps Lock Prompt** if you want. + +#### Keyboard Layout + +Set the keyboard layout to customize the keyboard for the current language. When you press a key on the keyboard, the keyboard layout controls which characters are displayed on the screen. After changing the keyboard layout, the characters on the screen may not match the characters on the keyboard keys. + +You have set a keyboard layout during system installation, but you can add more for other purposes. + +![](./figures/50.png) + +##### Add Keyboard Layout + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **Keyboard Layout**. +3. Click ![](./figures/icon50-o.svg). Click a keyboard layout to add it. + +##### Delete Keyboard Layout + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **Keyboard Layout**. +3. Click **Edit**. +4. Click ![](./figures/icon71-o.svg) to delete keyboard layout. + +##### Switch Keyboard Layout + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **Keyboard Layout**. +3. Click the layout you want to switch to. +4. After successful switching, the layout will be marked with a check. + +> ![](./figures/icon125-o.svg)Tips: *You can also select one or more shortcuts to switch the keyboard layouts in order. Select **Applies to** to make the keyboard layout after switching be applied to the whole system or current application.* + +#### System Language + +The system language is the language you selected when you installed the system by default, which can be changed at any time. + +##### Add System Language + +Add multiple languages into the list to change language conveniently. + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **System Language**. +3. Click ![](./figures/icon50-o.svg) to enter the language list. +4. Select the language you want, and it will be added into system language list automatically. + +##### Change System Language + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **System Language**. +3. Select the language you want to switch to, and the language package will be installed automatically. +4. After being successfully installed, log out and log in again to view the changes. + +> ![](./figures/icon52-o.svg)Attention: *The keyboard layout may also be changed in the process of switching the system language. Please make sure that you select a correct keyboard layout to enter the login password.* + +#### Shortcuts + +The shortcut list includes all shortcuts in the system. View, modify and customize the shortcuts here as you want. + +![](./figures/59.png) + +##### View Shortcuts + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **Shortcuts**. +3. You can search or view the default shortcuts for system, window and workspace. + +##### Modify Shortcuts + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **Shortcuts**. +3. Click the shortcut you want to modify. +4. Press new shortcut to change it. + +> ![](./figures/icon125-o.svg)Tips: *To disable a shortcut, please press ![](./figures/icon54-o.svg) on the keyboard. To cancel modifying, press **Esc** or click Restore Defaults at the bottom.* + +##### Customize Shortcuts + +1. On the homepage of Control Center, click ![](./figures/icon86-o.svg). +2. Click **Shortcuts**. +3. Click ![](./figures/icon50-o.svg). +4. Enter the name, command and shortcut. +5. Click **Add**. +6. After being successfully added, click **Edit**. +7. Click ![](./figures/icon71-o.svg) to delete the custom shortcut. + +> ![](./figures/icon125-o.svg)Tips: *To change the shortcut, click it and press a new shortcut to change it directly. To edit the name and command of the custom shortcut, click **Edit** > ![](./figures/icon75-o.svg) near the shortcut name to enter the shortcut settings.* + +### System Info + +You can view system version, authorization info, hardware info, and the agreements here. + +![](./figures/48.png) + +#### About This PC + +1. On the homepage of Control Center, click ![](./figures/icon120-o.svg). +2. Under **About This PC**, you can view system version, authorization and hardware information. +3. If the system has not been activated, click **Activate** to activate the system. + +#### Edition License + +1. On the homepage of Control Center, click ![](./figures/icon120-o.svg). +2. View the system edition license under **Edition License**. + +#### End User License Agreement + +1. On the homepage of Control Center, click ![](./figures/icon120-o.svg). +2. View the End User License Agreement under **End User License Agreement**. + +## Keyboard Interaction + +You can use the keyboard to switch between various interface areas, select objects and perform operations. + +| Key | Function | +| :----------------------------------------------------------- | :----------------------------------------------------------- | +| **Tab** | Switch between different areas or dialog buttons. | +| ![](./figures/icon127-o.svg) ![](./figures/icon73-o.svg) ![](./figures/icon88-o.svg) ![](./figures/icon111-o.svg) | Used to select different objects in the same area. Press ![](./figures/icon111-o.svg) to enter the lower menu and ![](./figures/icon88-o.svg) to return to the upper menu. Press![](./figures/icon127-o.svg)and ![](./figures/icon73-o.svg) to switch between up and down. | +| **Enter** | Execute the selected operation. | +| **Space** | Preview the selected object in File Manager; start and pause the playback in Music and Movie; expand the drop-down options in the drop-down list (The enter key is also available.). | +| **Ctrl**+**M** | Open the right-click menu. | diff --git a/docs/en/tools/desktop/dde/figures/.keep b/docs/en/tools/desktop/dde/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/tools/desktop/dde/figures/1.png b/docs/en/tools/desktop/dde/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/1.png differ diff --git a/docs/en/tools/desktop/dde/figures/10.png b/docs/en/tools/desktop/dde/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/10.png differ diff --git a/docs/en/tools/desktop/dde/figures/11.png b/docs/en/tools/desktop/dde/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/11.png differ diff --git a/docs/en/tools/desktop/dde/figures/12.png b/docs/en/tools/desktop/dde/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/12.png differ diff --git a/docs/en/tools/desktop/dde/figures/13.png b/docs/en/tools/desktop/dde/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/13.png differ diff --git a/docs/en/tools/desktop/dde/figures/14.png b/docs/en/tools/desktop/dde/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/14.png differ diff --git a/docs/en/tools/desktop/dde/figures/15.png b/docs/en/tools/desktop/dde/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/15.png differ diff --git a/docs/en/tools/desktop/dde/figures/16.png b/docs/en/tools/desktop/dde/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/16.png differ diff --git a/docs/en/tools/desktop/dde/figures/17.png b/docs/en/tools/desktop/dde/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/17.png differ diff --git a/docs/en/tools/desktop/dde/figures/18.png b/docs/en/tools/desktop/dde/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/18.png differ diff --git a/docs/en/tools/desktop/dde/figures/19.png b/docs/en/tools/desktop/dde/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/19.png differ diff --git a/docs/en/tools/desktop/dde/figures/2.png b/docs/en/tools/desktop/dde/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/2.png differ diff --git a/docs/en/tools/desktop/dde/figures/20.png b/docs/en/tools/desktop/dde/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/20.png differ diff --git a/docs/en/tools/desktop/dde/figures/21.png b/docs/en/tools/desktop/dde/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/21.png differ diff --git a/docs/en/tools/desktop/dde/figures/22.png b/docs/en/tools/desktop/dde/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/22.png differ diff --git a/docs/en/tools/desktop/dde/figures/23.png b/docs/en/tools/desktop/dde/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/23.png differ diff --git a/docs/en/tools/desktop/dde/figures/24.png b/docs/en/tools/desktop/dde/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/24.png differ diff --git a/docs/en/tools/desktop/dde/figures/25.png b/docs/en/tools/desktop/dde/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/25.png differ diff --git a/docs/en/tools/desktop/dde/figures/26.png b/docs/en/tools/desktop/dde/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/26.png differ diff --git a/docs/en/tools/desktop/dde/figures/27.png b/docs/en/tools/desktop/dde/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/27.png differ diff --git a/docs/en/tools/desktop/dde/figures/28.png b/docs/en/tools/desktop/dde/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/28.png differ diff --git a/docs/en/tools/desktop/dde/figures/29.png b/docs/en/tools/desktop/dde/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/29.png differ diff --git a/docs/en/tools/desktop/dde/figures/3.png b/docs/en/tools/desktop/dde/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/3.png differ diff --git a/docs/en/tools/desktop/dde/figures/30.png b/docs/en/tools/desktop/dde/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/30.png differ diff --git a/docs/en/tools/desktop/dde/figures/31.png b/docs/en/tools/desktop/dde/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/31.png differ diff --git a/docs/en/tools/desktop/dde/figures/32.png b/docs/en/tools/desktop/dde/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/32.png differ diff --git a/docs/en/tools/desktop/dde/figures/33.png b/docs/en/tools/desktop/dde/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/33.png differ diff --git a/docs/en/tools/desktop/dde/figures/34.png b/docs/en/tools/desktop/dde/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/34.png differ diff --git a/docs/en/tools/desktop/dde/figures/35.png b/docs/en/tools/desktop/dde/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/35.png differ diff --git a/docs/en/tools/desktop/dde/figures/36.png b/docs/en/tools/desktop/dde/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/36.png differ diff --git a/docs/en/tools/desktop/dde/figures/37.png b/docs/en/tools/desktop/dde/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/37.png differ diff --git a/docs/en/tools/desktop/dde/figures/38.png b/docs/en/tools/desktop/dde/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/38.png differ diff --git a/docs/en/tools/desktop/dde/figures/39.png b/docs/en/tools/desktop/dde/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/39.png differ diff --git a/docs/en/tools/desktop/dde/figures/4.png b/docs/en/tools/desktop/dde/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/4.png differ diff --git a/docs/en/tools/desktop/dde/figures/40.png b/docs/en/tools/desktop/dde/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/40.png differ diff --git a/docs/en/tools/desktop/dde/figures/41.png b/docs/en/tools/desktop/dde/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/41.png differ diff --git a/docs/en/tools/desktop/dde/figures/42.png b/docs/en/tools/desktop/dde/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/42.png differ diff --git a/docs/en/tools/desktop/dde/figures/43.jpg b/docs/en/tools/desktop/dde/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/43.jpg differ diff --git a/docs/en/tools/desktop/dde/figures/44.png b/docs/en/tools/desktop/dde/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/44.png differ diff --git a/docs/en/tools/desktop/dde/figures/45.png b/docs/en/tools/desktop/dde/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/45.png differ diff --git a/docs/en/tools/desktop/dde/figures/46.png b/docs/en/tools/desktop/dde/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/46.png differ diff --git a/docs/en/tools/desktop/dde/figures/47.jpg b/docs/en/tools/desktop/dde/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/47.jpg differ diff --git a/docs/en/tools/desktop/dde/figures/48.png b/docs/en/tools/desktop/dde/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/48.png differ diff --git a/docs/en/tools/desktop/dde/figures/49.png b/docs/en/tools/desktop/dde/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/49.png differ diff --git a/docs/en/tools/desktop/dde/figures/5.png b/docs/en/tools/desktop/dde/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/5.png differ diff --git a/docs/en/tools/desktop/dde/figures/50.png b/docs/en/tools/desktop/dde/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/50.png differ diff --git a/docs/en/tools/desktop/dde/figures/51.png b/docs/en/tools/desktop/dde/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/51.png differ diff --git a/docs/en/tools/desktop/dde/figures/52.png b/docs/en/tools/desktop/dde/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/52.png differ diff --git a/docs/en/tools/desktop/dde/figures/53.png b/docs/en/tools/desktop/dde/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/53.png differ diff --git a/docs/en/tools/desktop/dde/figures/54.png b/docs/en/tools/desktop/dde/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/54.png differ diff --git a/docs/en/tools/desktop/dde/figures/56.png b/docs/en/tools/desktop/dde/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/56.png differ diff --git a/docs/en/tools/desktop/dde/figures/57.png b/docs/en/tools/desktop/dde/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/57.png differ diff --git a/docs/en/tools/desktop/dde/figures/58.png b/docs/en/tools/desktop/dde/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/58.png differ diff --git a/docs/en/tools/desktop/dde/figures/59.png b/docs/en/tools/desktop/dde/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/59.png differ diff --git a/docs/en/tools/desktop/dde/figures/6.png b/docs/en/tools/desktop/dde/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/6.png differ diff --git a/docs/en/tools/desktop/dde/figures/60.jpg b/docs/en/tools/desktop/dde/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/60.jpg differ diff --git a/docs/en/tools/desktop/dde/figures/61.png b/docs/en/tools/desktop/dde/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/61.png differ diff --git a/docs/en/tools/desktop/dde/figures/62.png b/docs/en/tools/desktop/dde/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/62.png differ diff --git a/docs/en/tools/desktop/dde/figures/63.jpg b/docs/en/tools/desktop/dde/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/63.jpg differ diff --git a/docs/en/tools/desktop/dde/figures/63.png b/docs/en/tools/desktop/dde/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/63.png differ diff --git a/docs/en/tools/desktop/dde/figures/64.png b/docs/en/tools/desktop/dde/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/64.png differ diff --git a/docs/en/tools/desktop/dde/figures/7.png b/docs/en/tools/desktop/dde/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/7.png differ diff --git a/docs/en/tools/desktop/dde/figures/8.png b/docs/en/tools/desktop/dde/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/8.png differ diff --git a/docs/en/tools/desktop/dde/figures/9.png b/docs/en/tools/desktop/dde/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/9.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-01.png b/docs/en/tools/desktop/dde/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-01.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-02.png b/docs/en/tools/desktop/dde/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-02.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-03.png b/docs/en/tools/desktop/dde/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-03.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-04.png b/docs/en/tools/desktop/dde/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-04.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-05.png b/docs/en/tools/desktop/dde/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-05.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-06.png b/docs/en/tools/desktop/dde/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-06.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-07.png b/docs/en/tools/desktop/dde/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-07.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-08.png b/docs/en/tools/desktop/dde/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-08.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-09.png b/docs/en/tools/desktop/dde/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-09.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-10.png b/docs/en/tools/desktop/dde/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-10.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-11.png b/docs/en/tools/desktop/dde/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-11.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-12.png b/docs/en/tools/desktop/dde/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-12.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-13.png b/docs/en/tools/desktop/dde/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-13.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-14.png b/docs/en/tools/desktop/dde/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-14.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-15.png b/docs/en/tools/desktop/dde/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-15.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-16.png b/docs/en/tools/desktop/dde/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-16.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-17.png b/docs/en/tools/desktop/dde/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-17.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-18.png b/docs/en/tools/desktop/dde/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-18.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-19.png b/docs/en/tools/desktop/dde/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-19.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-20.png b/docs/en/tools/desktop/dde/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-20.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-21.png b/docs/en/tools/desktop/dde/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-21.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-22.png b/docs/en/tools/desktop/dde/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-22.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-23.png b/docs/en/tools/desktop/dde/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-23.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-24.png b/docs/en/tools/desktop/dde/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-24.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-25.png b/docs/en/tools/desktop/dde/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-25.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-26.png b/docs/en/tools/desktop/dde/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-26.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-27.png b/docs/en/tools/desktop/dde/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-27.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-28.png b/docs/en/tools/desktop/dde/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-28.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-29.png b/docs/en/tools/desktop/dde/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-29.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-30-0.png b/docs/en/tools/desktop/dde/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-30-0.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-30-1.png b/docs/en/tools/desktop/dde/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-30-1.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-31.png b/docs/en/tools/desktop/dde/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-31.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-32.png b/docs/en/tools/desktop/dde/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-32.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-33.png b/docs/en/tools/desktop/dde/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-33.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-34.png b/docs/en/tools/desktop/dde/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-34.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-35-0.png b/docs/en/tools/desktop/dde/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-35-0.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-35-1.png b/docs/en/tools/desktop/dde/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-35-1.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-36.png b/docs/en/tools/desktop/dde/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-36.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-37.png b/docs/en/tools/desktop/dde/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-37.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-38.png b/docs/en/tools/desktop/dde/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-38.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-39.png b/docs/en/tools/desktop/dde/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-39.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-40.png b/docs/en/tools/desktop/dde/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-40.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-41-0.png b/docs/en/tools/desktop/dde/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-41-0.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-41-1.png b/docs/en/tools/desktop/dde/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-41-1.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-42.png b/docs/en/tools/desktop/dde/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-42.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-43.png b/docs/en/tools/desktop/dde/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-43.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-44.png b/docs/en/tools/desktop/dde/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-44.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-45.png b/docs/en/tools/desktop/dde/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-45.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-46.png b/docs/en/tools/desktop/dde/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-46.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-47.png b/docs/en/tools/desktop/dde/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-47.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-48.png b/docs/en/tools/desktop/dde/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-48.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-49.png b/docs/en/tools/desktop/dde/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-49.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-50.png b/docs/en/tools/desktop/dde/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-50.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-51.png b/docs/en/tools/desktop/dde/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-51.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-52.png b/docs/en/tools/desktop/dde/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-52.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-53.png b/docs/en/tools/desktop/dde/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-53.png differ diff --git a/docs/en/tools/desktop/dde/figures/Cinnamon-54.png b/docs/en/tools/desktop/dde/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/Cinnamon-54.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-add-resource.png b/docs/en/tools/desktop/dde/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-add-resource.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-apache-show.png b/docs/en/tools/desktop/dde/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-apache-show.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-apache-suc.png b/docs/en/tools/desktop/dde/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-apache-suc.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-api.png b/docs/en/tools/desktop/dde/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-api.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-clone-suc.png b/docs/en/tools/desktop/dde/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-clone-suc.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-clone.png b/docs/en/tools/desktop/dde/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-clone.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-corosync.png b/docs/en/tools/desktop/dde/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-corosync.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-firstchoice-cmd.png b/docs/en/tools/desktop/dde/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-firstchoice-cmd.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-firstchoice.png b/docs/en/tools/desktop/dde/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-firstchoice.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-group-new-suc.png b/docs/en/tools/desktop/dde/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-group-new-suc.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-group-new-suc2.png b/docs/en/tools/desktop/dde/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-group-new-suc2.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-group-new.png b/docs/en/tools/desktop/dde/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-group-new.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-group-suc.png b/docs/en/tools/desktop/dde/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-group-suc.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-group.png b/docs/en/tools/desktop/dde/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-group.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-home-page.png b/docs/en/tools/desktop/dde/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-home-page.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-login.png b/docs/en/tools/desktop/dde/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-login.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-mariadb-suc.png b/docs/en/tools/desktop/dde/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-mariadb-suc.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-mariadb.png b/docs/en/tools/desktop/dde/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-mariadb.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-nfs-suc.png b/docs/en/tools/desktop/dde/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-nfs-suc.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-nfs.png b/docs/en/tools/desktop/dde/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-nfs.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-pacemaker.png b/docs/en/tools/desktop/dde/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-pacemaker.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-pcs-status.png b/docs/en/tools/desktop/dde/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-pcs-status.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-pcs.png b/docs/en/tools/desktop/dde/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-pcs.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-qdevice.png b/docs/en/tools/desktop/dde/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-qdevice.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-refresh.png b/docs/en/tools/desktop/dde/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-refresh.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-vip-suc.png b/docs/en/tools/desktop/dde/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-vip-suc.png differ diff --git a/docs/en/tools/desktop/dde/figures/HA-vip.png b/docs/en/tools/desktop/dde/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/HA-vip.png differ diff --git a/docs/en/tools/desktop/dde/figures/dde-1.png b/docs/en/tools/desktop/dde/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/dde-1.png differ diff --git a/docs/en/tools/desktop/dde/figures/dde-2.png b/docs/en/tools/desktop/dde/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/dde-2.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-1.png b/docs/en/tools/desktop/dde/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-1.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-10.png b/docs/en/tools/desktop/dde/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-10.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-11.png b/docs/en/tools/desktop/dde/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-11.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-12.png b/docs/en/tools/desktop/dde/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-12.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-13.png b/docs/en/tools/desktop/dde/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-13.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-14.png b/docs/en/tools/desktop/dde/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-14.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-15.png b/docs/en/tools/desktop/dde/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-15.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-16.png b/docs/en/tools/desktop/dde/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-16.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-17.png b/docs/en/tools/desktop/dde/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-17.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-18.png b/docs/en/tools/desktop/dde/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-18.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-19.png b/docs/en/tools/desktop/dde/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-19.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-2.png b/docs/en/tools/desktop/dde/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-2.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-20.png b/docs/en/tools/desktop/dde/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-20.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-21.png b/docs/en/tools/desktop/dde/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-21.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-22.png b/docs/en/tools/desktop/dde/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-22.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-23.png b/docs/en/tools/desktop/dde/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-23.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-24.png b/docs/en/tools/desktop/dde/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-24.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-25.png b/docs/en/tools/desktop/dde/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-25.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-26.png b/docs/en/tools/desktop/dde/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-26.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-27.png b/docs/en/tools/desktop/dde/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-27.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-28.png b/docs/en/tools/desktop/dde/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-28.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-29.png b/docs/en/tools/desktop/dde/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-29.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-3.png b/docs/en/tools/desktop/dde/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-3.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-30.png b/docs/en/tools/desktop/dde/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-30.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-31.png b/docs/en/tools/desktop/dde/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-31.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-32.png b/docs/en/tools/desktop/dde/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-32.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-33.png b/docs/en/tools/desktop/dde/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-33.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-34.png b/docs/en/tools/desktop/dde/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-34.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-35.png b/docs/en/tools/desktop/dde/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-35.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-36.png b/docs/en/tools/desktop/dde/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-36.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-37.png b/docs/en/tools/desktop/dde/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-37.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-38.png b/docs/en/tools/desktop/dde/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-38.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-39.png b/docs/en/tools/desktop/dde/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-39.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-4.png b/docs/en/tools/desktop/dde/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-4.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-40.png b/docs/en/tools/desktop/dde/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-40.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-41.png b/docs/en/tools/desktop/dde/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-41.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-42.png b/docs/en/tools/desktop/dde/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-42.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-43.png b/docs/en/tools/desktop/dde/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-43.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-44.png b/docs/en/tools/desktop/dde/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-44.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-45.png b/docs/en/tools/desktop/dde/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-45.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-46.png b/docs/en/tools/desktop/dde/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-46.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-47.png b/docs/en/tools/desktop/dde/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-47.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-48.png b/docs/en/tools/desktop/dde/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-48.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-49.png b/docs/en/tools/desktop/dde/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-49.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-5.png b/docs/en/tools/desktop/dde/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-5.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-50.png b/docs/en/tools/desktop/dde/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-50.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-51.png b/docs/en/tools/desktop/dde/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-51.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-52.png b/docs/en/tools/desktop/dde/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-52.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-53.png b/docs/en/tools/desktop/dde/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-53.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-54.png b/docs/en/tools/desktop/dde/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-54.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-55.png b/docs/en/tools/desktop/dde/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-55.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-56.png b/docs/en/tools/desktop/dde/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-56.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-57.png b/docs/en/tools/desktop/dde/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-57.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-58.png b/docs/en/tools/desktop/dde/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-58.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-59.png b/docs/en/tools/desktop/dde/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-59.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-6.png b/docs/en/tools/desktop/dde/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-6.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-7.png b/docs/en/tools/desktop/dde/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-7.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-8.png b/docs/en/tools/desktop/dde/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-8.png differ diff --git a/docs/en/tools/desktop/dde/figures/gnome-9.png b/docs/en/tools/desktop/dde/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/gnome-9.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon1.png b/docs/en/tools/desktop/dde/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon1.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon10-o.png b/docs/en/tools/desktop/dde/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon10-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon101-o.svg b/docs/en/tools/desktop/dde/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/dde/figures/icon103-o.svg b/docs/en/tools/desktop/dde/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon105-o.svg b/docs/en/tools/desktop/dde/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon107-o.svg b/docs/en/tools/desktop/dde/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon11-o.png b/docs/en/tools/desktop/dde/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon11-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon110-o.svg b/docs/en/tools/desktop/dde/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon111-o.svg b/docs/en/tools/desktop/dde/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon112-o.svg b/docs/en/tools/desktop/dde/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon116-o.svg b/docs/en/tools/desktop/dde/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon12-o.png b/docs/en/tools/desktop/dde/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon12-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon120-o.svg b/docs/en/tools/desktop/dde/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon122-o.svg b/docs/en/tools/desktop/dde/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/dde/figures/icon124-o.svg b/docs/en/tools/desktop/dde/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon125-o.svg b/docs/en/tools/desktop/dde/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon126-o.svg b/docs/en/tools/desktop/dde/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon127-o.svg b/docs/en/tools/desktop/dde/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon128-o.svg b/docs/en/tools/desktop/dde/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon13-o.png b/docs/en/tools/desktop/dde/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon13-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon132-o.svg b/docs/en/tools/desktop/dde/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon133-o.svg b/docs/en/tools/desktop/dde/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon134-o.svg b/docs/en/tools/desktop/dde/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon135-o.svg b/docs/en/tools/desktop/dde/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon136-o.svg b/docs/en/tools/desktop/dde/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon14-o.png b/docs/en/tools/desktop/dde/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon14-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon15-o.png b/docs/en/tools/desktop/dde/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon15-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon16.png b/docs/en/tools/desktop/dde/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon16.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon17.png b/docs/en/tools/desktop/dde/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon17.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon18.png b/docs/en/tools/desktop/dde/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon18.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon19-o.png b/docs/en/tools/desktop/dde/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon19-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon2.png b/docs/en/tools/desktop/dde/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon2.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon20.png b/docs/en/tools/desktop/dde/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon20.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon21.png b/docs/en/tools/desktop/dde/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon21.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon22.png b/docs/en/tools/desktop/dde/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon22.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon23.png b/docs/en/tools/desktop/dde/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon23.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon24.png b/docs/en/tools/desktop/dde/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon24.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon25.png b/docs/en/tools/desktop/dde/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon25.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon26-o.png b/docs/en/tools/desktop/dde/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon26-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon27-o.png b/docs/en/tools/desktop/dde/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon27-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon28-o.png b/docs/en/tools/desktop/dde/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon28-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon29-o.png b/docs/en/tools/desktop/dde/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon29-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon3.png b/docs/en/tools/desktop/dde/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon3.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon30-o.png b/docs/en/tools/desktop/dde/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon30-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon31-o.png b/docs/en/tools/desktop/dde/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon31-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon32.png b/docs/en/tools/desktop/dde/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon32.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon33.png b/docs/en/tools/desktop/dde/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon33.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon34.png b/docs/en/tools/desktop/dde/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon34.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon35.png b/docs/en/tools/desktop/dde/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon35.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon36.png b/docs/en/tools/desktop/dde/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon36.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon37.png b/docs/en/tools/desktop/dde/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon37.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon38.png b/docs/en/tools/desktop/dde/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon38.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon39.png b/docs/en/tools/desktop/dde/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon39.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon4.png b/docs/en/tools/desktop/dde/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon4.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon40.png b/docs/en/tools/desktop/dde/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon40.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon41.png b/docs/en/tools/desktop/dde/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon41.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon42-o.png b/docs/en/tools/desktop/dde/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon42-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon42.png b/docs/en/tools/desktop/dde/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon42.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon43-o.png b/docs/en/tools/desktop/dde/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon43-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon44-o.png b/docs/en/tools/desktop/dde/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon44-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon45-o.png b/docs/en/tools/desktop/dde/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon45-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon46-o.png b/docs/en/tools/desktop/dde/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon46-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon47-o.png b/docs/en/tools/desktop/dde/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon47-o.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon49-o.svg b/docs/en/tools/desktop/dde/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon5.png b/docs/en/tools/desktop/dde/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon5.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon50-o.svg b/docs/en/tools/desktop/dde/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon52-o.svg b/docs/en/tools/desktop/dde/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon53-o.svg b/docs/en/tools/desktop/dde/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon54-o.svg b/docs/en/tools/desktop/dde/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon56-o.svg b/docs/en/tools/desktop/dde/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon57-o.svg b/docs/en/tools/desktop/dde/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon58-o.svg b/docs/en/tools/desktop/dde/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon6.png b/docs/en/tools/desktop/dde/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon6.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon62-o.svg b/docs/en/tools/desktop/dde/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon63-o.svg b/docs/en/tools/desktop/dde/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon66-o.svg b/docs/en/tools/desktop/dde/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon68-o.svg b/docs/en/tools/desktop/dde/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon69-o.svg b/docs/en/tools/desktop/dde/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon7.png b/docs/en/tools/desktop/dde/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon7.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon70-o.svg b/docs/en/tools/desktop/dde/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon71-o.svg b/docs/en/tools/desktop/dde/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon72-o.svg b/docs/en/tools/desktop/dde/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon73-o.svg b/docs/en/tools/desktop/dde/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon75-o.svg b/docs/en/tools/desktop/dde/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/dde/figures/icon8.png b/docs/en/tools/desktop/dde/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon8.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon83-o.svg b/docs/en/tools/desktop/dde/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon84-o.svg b/docs/en/tools/desktop/dde/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon86-o.svg b/docs/en/tools/desktop/dde/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon88-o.svg b/docs/en/tools/desktop/dde/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon9.png b/docs/en/tools/desktop/dde/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/icon9.png differ diff --git a/docs/en/tools/desktop/dde/figures/icon90-o.svg b/docs/en/tools/desktop/dde/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon92-o.svg b/docs/en/tools/desktop/dde/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/icon94-o.svg b/docs/en/tools/desktop/dde/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon97-o.svg b/docs/en/tools/desktop/dde/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/dde/figures/icon99-o.svg b/docs/en/tools/desktop/dde/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/en/tools/desktop/dde/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/dde/figures/kiran-1.png b/docs/en/tools/desktop/dde/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-1.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-10.png b/docs/en/tools/desktop/dde/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-10.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-11.png b/docs/en/tools/desktop/dde/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-11.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-12.png b/docs/en/tools/desktop/dde/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-12.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-13.png b/docs/en/tools/desktop/dde/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-13.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-14.png b/docs/en/tools/desktop/dde/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-14.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-15.png b/docs/en/tools/desktop/dde/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-15.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-16.png b/docs/en/tools/desktop/dde/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-16.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-17.png b/docs/en/tools/desktop/dde/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-17.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-18.png b/docs/en/tools/desktop/dde/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-18.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-19.png b/docs/en/tools/desktop/dde/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-19.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-2.png b/docs/en/tools/desktop/dde/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-2.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-20.png b/docs/en/tools/desktop/dde/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-20.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-21.png b/docs/en/tools/desktop/dde/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-21.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-22.png b/docs/en/tools/desktop/dde/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-22.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-23.png b/docs/en/tools/desktop/dde/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-23.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-24.png b/docs/en/tools/desktop/dde/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-24.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-25.png b/docs/en/tools/desktop/dde/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-25.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-26.png b/docs/en/tools/desktop/dde/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-26.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-27.png b/docs/en/tools/desktop/dde/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-27.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-28.png b/docs/en/tools/desktop/dde/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-28.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-29.png b/docs/en/tools/desktop/dde/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-29.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-3.png b/docs/en/tools/desktop/dde/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-3.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-30.png b/docs/en/tools/desktop/dde/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-30.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-31.png b/docs/en/tools/desktop/dde/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-31.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-32.png b/docs/en/tools/desktop/dde/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-32.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-33.png b/docs/en/tools/desktop/dde/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-33.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-34.png b/docs/en/tools/desktop/dde/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-34.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-35.png b/docs/en/tools/desktop/dde/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-35.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-36.png b/docs/en/tools/desktop/dde/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-36.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-37.png b/docs/en/tools/desktop/dde/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-37.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-38.png b/docs/en/tools/desktop/dde/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-38.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-39.png b/docs/en/tools/desktop/dde/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-39.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-4.png b/docs/en/tools/desktop/dde/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-4.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-40.png b/docs/en/tools/desktop/dde/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-40.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-41.png b/docs/en/tools/desktop/dde/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-41.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-42.png b/docs/en/tools/desktop/dde/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-42.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-43.png b/docs/en/tools/desktop/dde/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-43.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-44.png b/docs/en/tools/desktop/dde/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-44.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-45.png b/docs/en/tools/desktop/dde/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-45.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-46.png b/docs/en/tools/desktop/dde/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-46.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-47.png b/docs/en/tools/desktop/dde/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-47.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-48.png b/docs/en/tools/desktop/dde/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-48.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-49.png b/docs/en/tools/desktop/dde/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-49.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-5.png b/docs/en/tools/desktop/dde/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-5.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-50.png b/docs/en/tools/desktop/dde/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-50.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-6.png b/docs/en/tools/desktop/dde/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-6.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-7.png b/docs/en/tools/desktop/dde/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-7.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-8.png b/docs/en/tools/desktop/dde/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-8.png differ diff --git a/docs/en/tools/desktop/dde/figures/kiran-9.png b/docs/en/tools/desktop/dde/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kiran-9.png differ diff --git a/docs/en/tools/desktop/dde/figures/kubesphere-console.png b/docs/en/tools/desktop/dde/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kubesphere-console.png differ diff --git a/docs/en/tools/desktop/dde/figures/kubesphere.png b/docs/en/tools/desktop/dde/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/kubesphere.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-1.png b/docs/en/tools/desktop/dde/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-1.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-2.png b/docs/en/tools/desktop/dde/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-2.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-3.png b/docs/en/tools/desktop/dde/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-3.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-4.png b/docs/en/tools/desktop/dde/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-4.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-5.png b/docs/en/tools/desktop/dde/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-5.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-6.png b/docs/en/tools/desktop/dde/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-6.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-7.png b/docs/en/tools/desktop/dde/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-7.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-71.png b/docs/en/tools/desktop/dde/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-71.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-8.png b/docs/en/tools/desktop/dde/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-8.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-81.png b/docs/en/tools/desktop/dde/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-81.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-811.png b/docs/en/tools/desktop/dde/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-811.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-812.png b/docs/en/tools/desktop/dde/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-812.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-813.png b/docs/en/tools/desktop/dde/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-813.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-814.png b/docs/en/tools/desktop/dde/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-814.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-82.png b/docs/en/tools/desktop/dde/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-82.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-821.png b/docs/en/tools/desktop/dde/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-821.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-83.png b/docs/en/tools/desktop/dde/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-83.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-831.png b/docs/en/tools/desktop/dde/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-831.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-832.png b/docs/en/tools/desktop/dde/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-832.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-84.png b/docs/en/tools/desktop/dde/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-84.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-841.png b/docs/en/tools/desktop/dde/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-841.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-842.png b/docs/en/tools/desktop/dde/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-842.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-85.png b/docs/en/tools/desktop/dde/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-85.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-851.png b/docs/en/tools/desktop/dde/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-851.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-86.png b/docs/en/tools/desktop/dde/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-86.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-861.png b/docs/en/tools/desktop/dde/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-861.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-87.png b/docs/en/tools/desktop/dde/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-87.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-9.png b/docs/en/tools/desktop/dde/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-9.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-91.png b/docs/en/tools/desktop/dde/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-91.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-911.png b/docs/en/tools/desktop/dde/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-911.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-92.png b/docs/en/tools/desktop/dde/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-92.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-921.png b/docs/en/tools/desktop/dde/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-921.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-93.png b/docs/en/tools/desktop/dde/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-93.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-931.png b/docs/en/tools/desktop/dde/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-931.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-94.png b/docs/en/tools/desktop/dde/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-94.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-941.png b/docs/en/tools/desktop/dde/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-941.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-95.png b/docs/en/tools/desktop/dde/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-95.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-951.png b/docs/en/tools/desktop/dde/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-951.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-96.png b/docs/en/tools/desktop/dde/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-96.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-961.png b/docs/en/tools/desktop/dde/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-961.png differ diff --git a/docs/en/tools/desktop/dde/figures/xfce-962.png b/docs/en/tools/desktop/dde/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/en/tools/desktop/dde/figures/xfce-962.png differ diff --git a/docs/en/tools/desktop/gnome/_toc.yaml b/docs/en/tools/desktop/gnome/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c8a203fc5b2b4f6dc7ad11544b6c6d6693e273f6 --- /dev/null +++ b/docs/en/tools/desktop/gnome/_toc.yaml @@ -0,0 +1,10 @@ +label: GNOME User Guide +isManual: true +description: Install and use GNOME. +sections: + - label: GNOME + href: ./gnome.md + - label: GNOME Installation + href: ./gnome_installation.md + - label: GNOME User Guide + href: ./gnome_userguide.md diff --git a/docs/en/tools/desktop/gnome/figures/.keep b/docs/en/tools/desktop/gnome/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/tools/desktop/gnome/figures/1.png b/docs/en/tools/desktop/gnome/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/10.png b/docs/en/tools/desktop/gnome/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/10.png differ diff --git a/docs/en/tools/desktop/gnome/figures/11.png b/docs/en/tools/desktop/gnome/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/11.png differ diff --git a/docs/en/tools/desktop/gnome/figures/12.png b/docs/en/tools/desktop/gnome/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/12.png differ diff --git a/docs/en/tools/desktop/gnome/figures/13.png b/docs/en/tools/desktop/gnome/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/13.png differ diff --git a/docs/en/tools/desktop/gnome/figures/14.png b/docs/en/tools/desktop/gnome/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/14.png differ diff --git a/docs/en/tools/desktop/gnome/figures/15.png b/docs/en/tools/desktop/gnome/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/15.png differ diff --git a/docs/en/tools/desktop/gnome/figures/16.png b/docs/en/tools/desktop/gnome/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/16.png differ diff --git a/docs/en/tools/desktop/gnome/figures/17.png b/docs/en/tools/desktop/gnome/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/17.png differ diff --git a/docs/en/tools/desktop/gnome/figures/18.png b/docs/en/tools/desktop/gnome/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/18.png differ diff --git a/docs/en/tools/desktop/gnome/figures/19.png b/docs/en/tools/desktop/gnome/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/19.png differ diff --git a/docs/en/tools/desktop/gnome/figures/2.png b/docs/en/tools/desktop/gnome/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/2.png differ diff --git a/docs/en/tools/desktop/gnome/figures/20.png b/docs/en/tools/desktop/gnome/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/20.png differ diff --git a/docs/en/tools/desktop/gnome/figures/21.png b/docs/en/tools/desktop/gnome/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/21.png differ diff --git a/docs/en/tools/desktop/gnome/figures/22.png b/docs/en/tools/desktop/gnome/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/22.png differ diff --git a/docs/en/tools/desktop/gnome/figures/23.png b/docs/en/tools/desktop/gnome/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/23.png differ diff --git a/docs/en/tools/desktop/gnome/figures/24.png b/docs/en/tools/desktop/gnome/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/24.png differ diff --git a/docs/en/tools/desktop/gnome/figures/25.png b/docs/en/tools/desktop/gnome/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/25.png differ diff --git a/docs/en/tools/desktop/gnome/figures/26.png b/docs/en/tools/desktop/gnome/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/26.png differ diff --git a/docs/en/tools/desktop/gnome/figures/27.png b/docs/en/tools/desktop/gnome/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/27.png differ diff --git a/docs/en/tools/desktop/gnome/figures/28.png b/docs/en/tools/desktop/gnome/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/28.png differ diff --git a/docs/en/tools/desktop/gnome/figures/29.png b/docs/en/tools/desktop/gnome/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/29.png differ diff --git a/docs/en/tools/desktop/gnome/figures/3.png b/docs/en/tools/desktop/gnome/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/3.png differ diff --git a/docs/en/tools/desktop/gnome/figures/30.png b/docs/en/tools/desktop/gnome/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/30.png differ diff --git a/docs/en/tools/desktop/gnome/figures/31.png b/docs/en/tools/desktop/gnome/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/31.png differ diff --git a/docs/en/tools/desktop/gnome/figures/32.png b/docs/en/tools/desktop/gnome/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/32.png differ diff --git a/docs/en/tools/desktop/gnome/figures/33.png b/docs/en/tools/desktop/gnome/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/33.png differ diff --git a/docs/en/tools/desktop/gnome/figures/34.png b/docs/en/tools/desktop/gnome/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/34.png differ diff --git a/docs/en/tools/desktop/gnome/figures/35.png b/docs/en/tools/desktop/gnome/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/35.png differ diff --git a/docs/en/tools/desktop/gnome/figures/36.png b/docs/en/tools/desktop/gnome/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/36.png differ diff --git a/docs/en/tools/desktop/gnome/figures/37.png b/docs/en/tools/desktop/gnome/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/37.png differ diff --git a/docs/en/tools/desktop/gnome/figures/38.png b/docs/en/tools/desktop/gnome/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/38.png differ diff --git a/docs/en/tools/desktop/gnome/figures/39.png b/docs/en/tools/desktop/gnome/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/39.png differ diff --git a/docs/en/tools/desktop/gnome/figures/4.png b/docs/en/tools/desktop/gnome/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/4.png differ diff --git a/docs/en/tools/desktop/gnome/figures/40.png b/docs/en/tools/desktop/gnome/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/40.png differ diff --git a/docs/en/tools/desktop/gnome/figures/41.png b/docs/en/tools/desktop/gnome/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/41.png differ diff --git a/docs/en/tools/desktop/gnome/figures/42.png b/docs/en/tools/desktop/gnome/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/42.png differ diff --git a/docs/en/tools/desktop/gnome/figures/43.jpg b/docs/en/tools/desktop/gnome/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/43.jpg differ diff --git a/docs/en/tools/desktop/gnome/figures/44.png b/docs/en/tools/desktop/gnome/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/44.png differ diff --git a/docs/en/tools/desktop/gnome/figures/45.png b/docs/en/tools/desktop/gnome/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/45.png differ diff --git a/docs/en/tools/desktop/gnome/figures/46.png b/docs/en/tools/desktop/gnome/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/46.png differ diff --git a/docs/en/tools/desktop/gnome/figures/47.jpg b/docs/en/tools/desktop/gnome/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/47.jpg differ diff --git a/docs/en/tools/desktop/gnome/figures/48.png b/docs/en/tools/desktop/gnome/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/48.png differ diff --git a/docs/en/tools/desktop/gnome/figures/49.png b/docs/en/tools/desktop/gnome/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/49.png differ diff --git a/docs/en/tools/desktop/gnome/figures/5.png b/docs/en/tools/desktop/gnome/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/5.png differ diff --git a/docs/en/tools/desktop/gnome/figures/50.png b/docs/en/tools/desktop/gnome/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/50.png differ diff --git a/docs/en/tools/desktop/gnome/figures/51.png b/docs/en/tools/desktop/gnome/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/51.png differ diff --git a/docs/en/tools/desktop/gnome/figures/52.png b/docs/en/tools/desktop/gnome/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/52.png differ diff --git a/docs/en/tools/desktop/gnome/figures/53.png b/docs/en/tools/desktop/gnome/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/53.png differ diff --git a/docs/en/tools/desktop/gnome/figures/54.png b/docs/en/tools/desktop/gnome/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/54.png differ diff --git a/docs/en/tools/desktop/gnome/figures/56.png b/docs/en/tools/desktop/gnome/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/56.png differ diff --git a/docs/en/tools/desktop/gnome/figures/57.png b/docs/en/tools/desktop/gnome/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/57.png differ diff --git a/docs/en/tools/desktop/gnome/figures/58.png b/docs/en/tools/desktop/gnome/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/58.png differ diff --git a/docs/en/tools/desktop/gnome/figures/59.png b/docs/en/tools/desktop/gnome/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/59.png differ diff --git a/docs/en/tools/desktop/gnome/figures/6.png b/docs/en/tools/desktop/gnome/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/6.png differ diff --git a/docs/en/tools/desktop/gnome/figures/60.jpg b/docs/en/tools/desktop/gnome/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/60.jpg differ diff --git a/docs/en/tools/desktop/gnome/figures/61.png b/docs/en/tools/desktop/gnome/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/61.png differ diff --git a/docs/en/tools/desktop/gnome/figures/62.png b/docs/en/tools/desktop/gnome/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/62.png differ diff --git a/docs/en/tools/desktop/gnome/figures/63.jpg b/docs/en/tools/desktop/gnome/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/63.jpg differ diff --git a/docs/en/tools/desktop/gnome/figures/63.png b/docs/en/tools/desktop/gnome/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/63.png differ diff --git a/docs/en/tools/desktop/gnome/figures/64.png b/docs/en/tools/desktop/gnome/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/64.png differ diff --git a/docs/en/tools/desktop/gnome/figures/7.png b/docs/en/tools/desktop/gnome/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/7.png differ diff --git a/docs/en/tools/desktop/gnome/figures/8.png b/docs/en/tools/desktop/gnome/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/8.png differ diff --git a/docs/en/tools/desktop/gnome/figures/9.png b/docs/en/tools/desktop/gnome/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/9.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-01.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-01.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-02.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-02.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-03.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-03.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-04.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-04.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-05.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-05.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-06.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-06.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-07.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-07.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-08.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-08.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-09.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-09.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-10.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-10.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-11.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-11.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-12.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-12.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-13.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-13.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-14.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-14.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-15.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-15.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-16.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-16.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-17.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-17.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-18.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-18.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-19.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-19.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-20.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-20.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-21.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-21.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-22.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-22.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-23.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-23.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-24.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-24.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-25.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-25.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-26.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-26.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-27.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-27.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-28.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-28.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-29.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-29.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-30-0.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-30-0.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-30-1.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-30-1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-31.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-31.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-32.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-32.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-33.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-33.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-34.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-34.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-35-0.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-35-0.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-35-1.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-35-1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-36.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-36.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-37.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-37.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-38.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-38.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-39.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-39.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-40.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-40.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-41-0.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-41-0.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-41-1.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-41-1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-42.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-42.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-43.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-43.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-44.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-44.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-45.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-45.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-46.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-46.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-47.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-47.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-48.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-48.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-49.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-49.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-50.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-50.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-51.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-51.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-52.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-52.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-53.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-53.png differ diff --git a/docs/en/tools/desktop/gnome/figures/Cinnamon-54.png b/docs/en/tools/desktop/gnome/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/Cinnamon-54.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-add-resource.png b/docs/en/tools/desktop/gnome/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-add-resource.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-apache-show.png b/docs/en/tools/desktop/gnome/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-apache-show.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-apache-suc.png b/docs/en/tools/desktop/gnome/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-apache-suc.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-api.png b/docs/en/tools/desktop/gnome/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-api.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-clone-suc.png b/docs/en/tools/desktop/gnome/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-clone-suc.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-clone.png b/docs/en/tools/desktop/gnome/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-clone.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-corosync.png b/docs/en/tools/desktop/gnome/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-corosync.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-firstchoice-cmd.png b/docs/en/tools/desktop/gnome/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-firstchoice-cmd.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-firstchoice.png b/docs/en/tools/desktop/gnome/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-firstchoice.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-group-new-suc.png b/docs/en/tools/desktop/gnome/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-group-new-suc.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-group-new-suc2.png b/docs/en/tools/desktop/gnome/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-group-new-suc2.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-group-new.png b/docs/en/tools/desktop/gnome/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-group-new.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-group-suc.png b/docs/en/tools/desktop/gnome/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-group-suc.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-group.png b/docs/en/tools/desktop/gnome/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-group.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-home-page.png b/docs/en/tools/desktop/gnome/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-home-page.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-login.png b/docs/en/tools/desktop/gnome/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-login.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-mariadb-suc.png b/docs/en/tools/desktop/gnome/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-mariadb-suc.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-mariadb.png b/docs/en/tools/desktop/gnome/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-mariadb.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-nfs-suc.png b/docs/en/tools/desktop/gnome/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-nfs-suc.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-nfs.png b/docs/en/tools/desktop/gnome/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-nfs.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-pacemaker.png b/docs/en/tools/desktop/gnome/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-pacemaker.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-pcs-status.png b/docs/en/tools/desktop/gnome/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-pcs-status.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-pcs.png b/docs/en/tools/desktop/gnome/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-pcs.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-qdevice.png b/docs/en/tools/desktop/gnome/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-qdevice.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-refresh.png b/docs/en/tools/desktop/gnome/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-refresh.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-vip-suc.png b/docs/en/tools/desktop/gnome/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-vip-suc.png differ diff --git a/docs/en/tools/desktop/gnome/figures/HA-vip.png b/docs/en/tools/desktop/gnome/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/HA-vip.png differ diff --git a/docs/en/tools/desktop/gnome/figures/dde-1.png b/docs/en/tools/desktop/gnome/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/dde-1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/dde-2.png b/docs/en/tools/desktop/gnome/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/dde-2.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-1.png b/docs/en/tools/desktop/gnome/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-10.png b/docs/en/tools/desktop/gnome/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-10.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-11.png b/docs/en/tools/desktop/gnome/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-11.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-12.png b/docs/en/tools/desktop/gnome/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-12.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-13.png b/docs/en/tools/desktop/gnome/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-13.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-14.png b/docs/en/tools/desktop/gnome/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-14.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-15.png b/docs/en/tools/desktop/gnome/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-15.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-16.png b/docs/en/tools/desktop/gnome/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-16.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-17.png b/docs/en/tools/desktop/gnome/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-17.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-18.png b/docs/en/tools/desktop/gnome/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-18.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-19.png b/docs/en/tools/desktop/gnome/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-19.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-2.png b/docs/en/tools/desktop/gnome/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-2.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-20.png b/docs/en/tools/desktop/gnome/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-20.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-21.png b/docs/en/tools/desktop/gnome/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-21.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-22.png b/docs/en/tools/desktop/gnome/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-22.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-23.png b/docs/en/tools/desktop/gnome/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-23.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-24.png b/docs/en/tools/desktop/gnome/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-24.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-25.png b/docs/en/tools/desktop/gnome/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-25.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-26.png b/docs/en/tools/desktop/gnome/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-26.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-27.png b/docs/en/tools/desktop/gnome/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-27.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-28.png b/docs/en/tools/desktop/gnome/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-28.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-29.png b/docs/en/tools/desktop/gnome/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-29.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-3.png b/docs/en/tools/desktop/gnome/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-3.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-30.png b/docs/en/tools/desktop/gnome/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-30.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-31.png b/docs/en/tools/desktop/gnome/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-31.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-32.png b/docs/en/tools/desktop/gnome/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-32.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-33.png b/docs/en/tools/desktop/gnome/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-33.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-34.png b/docs/en/tools/desktop/gnome/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-34.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-35.png b/docs/en/tools/desktop/gnome/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-35.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-36.png b/docs/en/tools/desktop/gnome/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-36.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-37.png b/docs/en/tools/desktop/gnome/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-37.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-38.png b/docs/en/tools/desktop/gnome/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-38.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-39.png b/docs/en/tools/desktop/gnome/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-39.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-4.png b/docs/en/tools/desktop/gnome/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-4.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-40.png b/docs/en/tools/desktop/gnome/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-40.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-41.png b/docs/en/tools/desktop/gnome/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-41.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-42.png b/docs/en/tools/desktop/gnome/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-42.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-43.png b/docs/en/tools/desktop/gnome/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-43.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-44.png b/docs/en/tools/desktop/gnome/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-44.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-45.png b/docs/en/tools/desktop/gnome/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-45.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-46.png b/docs/en/tools/desktop/gnome/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-46.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-47.png b/docs/en/tools/desktop/gnome/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-47.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-48.png b/docs/en/tools/desktop/gnome/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-48.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-49.png b/docs/en/tools/desktop/gnome/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-49.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-5.png b/docs/en/tools/desktop/gnome/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-5.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-50.png b/docs/en/tools/desktop/gnome/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-50.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-51.png b/docs/en/tools/desktop/gnome/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-51.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-52.png b/docs/en/tools/desktop/gnome/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-52.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-53.png b/docs/en/tools/desktop/gnome/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-53.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-54.png b/docs/en/tools/desktop/gnome/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-54.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-55.png b/docs/en/tools/desktop/gnome/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-55.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-56.png b/docs/en/tools/desktop/gnome/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-56.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-57.png b/docs/en/tools/desktop/gnome/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-57.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-58.png b/docs/en/tools/desktop/gnome/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-58.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-59.png b/docs/en/tools/desktop/gnome/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-59.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-6.png b/docs/en/tools/desktop/gnome/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-6.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-7.png b/docs/en/tools/desktop/gnome/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-7.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-8.png b/docs/en/tools/desktop/gnome/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-8.png differ diff --git a/docs/en/tools/desktop/gnome/figures/gnome-9.png b/docs/en/tools/desktop/gnome/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/gnome-9.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon1.png b/docs/en/tools/desktop/gnome/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon10-o.png b/docs/en/tools/desktop/gnome/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon10-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon101-o.svg b/docs/en/tools/desktop/gnome/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon103-o.svg b/docs/en/tools/desktop/gnome/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon105-o.svg b/docs/en/tools/desktop/gnome/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon107-o.svg b/docs/en/tools/desktop/gnome/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon11-o.png b/docs/en/tools/desktop/gnome/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon11-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon110-o.svg b/docs/en/tools/desktop/gnome/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon111-o.svg b/docs/en/tools/desktop/gnome/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon112-o.svg b/docs/en/tools/desktop/gnome/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon116-o.svg b/docs/en/tools/desktop/gnome/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon12-o.png b/docs/en/tools/desktop/gnome/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon12-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon120-o.svg b/docs/en/tools/desktop/gnome/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon122-o.svg b/docs/en/tools/desktop/gnome/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon124-o.svg b/docs/en/tools/desktop/gnome/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon125-o.svg b/docs/en/tools/desktop/gnome/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon126-o.svg b/docs/en/tools/desktop/gnome/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon127-o.svg b/docs/en/tools/desktop/gnome/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon128-o.svg b/docs/en/tools/desktop/gnome/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon13-o.png b/docs/en/tools/desktop/gnome/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon13-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon132-o.svg b/docs/en/tools/desktop/gnome/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon133-o.svg b/docs/en/tools/desktop/gnome/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon134-o.svg b/docs/en/tools/desktop/gnome/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon135-o.svg b/docs/en/tools/desktop/gnome/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon136-o.svg b/docs/en/tools/desktop/gnome/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon14-o.png b/docs/en/tools/desktop/gnome/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon14-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon15-o.png b/docs/en/tools/desktop/gnome/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon15-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon16.png b/docs/en/tools/desktop/gnome/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon16.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon17.png b/docs/en/tools/desktop/gnome/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon17.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon18.png b/docs/en/tools/desktop/gnome/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon18.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon19-o.png b/docs/en/tools/desktop/gnome/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon19-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon2.png b/docs/en/tools/desktop/gnome/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon2.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon20.png b/docs/en/tools/desktop/gnome/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon20.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon21.png b/docs/en/tools/desktop/gnome/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon21.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon22.png b/docs/en/tools/desktop/gnome/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon22.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon23.png b/docs/en/tools/desktop/gnome/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon23.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon24.png b/docs/en/tools/desktop/gnome/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon24.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon25.png b/docs/en/tools/desktop/gnome/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon25.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon26-o.png b/docs/en/tools/desktop/gnome/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon26-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon27-o.png b/docs/en/tools/desktop/gnome/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon27-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon28-o.png b/docs/en/tools/desktop/gnome/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon28-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon29-o.png b/docs/en/tools/desktop/gnome/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon29-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon3.png b/docs/en/tools/desktop/gnome/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon3.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon30-o.png b/docs/en/tools/desktop/gnome/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon30-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon31-o.png b/docs/en/tools/desktop/gnome/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon31-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon32.png b/docs/en/tools/desktop/gnome/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon32.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon33.png b/docs/en/tools/desktop/gnome/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon33.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon34.png b/docs/en/tools/desktop/gnome/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon34.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon35.png b/docs/en/tools/desktop/gnome/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon35.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon36.png b/docs/en/tools/desktop/gnome/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon36.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon37.png b/docs/en/tools/desktop/gnome/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon37.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon38.png b/docs/en/tools/desktop/gnome/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon38.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon39.png b/docs/en/tools/desktop/gnome/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon39.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon4.png b/docs/en/tools/desktop/gnome/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon4.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon40.png b/docs/en/tools/desktop/gnome/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon40.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon41.png b/docs/en/tools/desktop/gnome/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon41.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon42-o.png b/docs/en/tools/desktop/gnome/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon42-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon42.png b/docs/en/tools/desktop/gnome/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon42.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon43-o.png b/docs/en/tools/desktop/gnome/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon43-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon44-o.png b/docs/en/tools/desktop/gnome/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon44-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon45-o.png b/docs/en/tools/desktop/gnome/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon45-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon46-o.png b/docs/en/tools/desktop/gnome/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon46-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon47-o.png b/docs/en/tools/desktop/gnome/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon47-o.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon49-o.svg b/docs/en/tools/desktop/gnome/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon5.png b/docs/en/tools/desktop/gnome/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon5.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon50-o.svg b/docs/en/tools/desktop/gnome/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon52-o.svg b/docs/en/tools/desktop/gnome/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon53-o.svg b/docs/en/tools/desktop/gnome/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon54-o.svg b/docs/en/tools/desktop/gnome/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon56-o.svg b/docs/en/tools/desktop/gnome/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon57-o.svg b/docs/en/tools/desktop/gnome/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon58-o.svg b/docs/en/tools/desktop/gnome/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon6.png b/docs/en/tools/desktop/gnome/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon6.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon62-o.svg b/docs/en/tools/desktop/gnome/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon63-o.svg b/docs/en/tools/desktop/gnome/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon66-o.svg b/docs/en/tools/desktop/gnome/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon68-o.svg b/docs/en/tools/desktop/gnome/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon69-o.svg b/docs/en/tools/desktop/gnome/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon7.png b/docs/en/tools/desktop/gnome/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon7.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon70-o.svg b/docs/en/tools/desktop/gnome/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon71-o.svg b/docs/en/tools/desktop/gnome/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon72-o.svg b/docs/en/tools/desktop/gnome/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon73-o.svg b/docs/en/tools/desktop/gnome/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon75-o.svg b/docs/en/tools/desktop/gnome/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon8.png b/docs/en/tools/desktop/gnome/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon8.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon83-o.svg b/docs/en/tools/desktop/gnome/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon84-o.svg b/docs/en/tools/desktop/gnome/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon86-o.svg b/docs/en/tools/desktop/gnome/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon88-o.svg b/docs/en/tools/desktop/gnome/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon9.png b/docs/en/tools/desktop/gnome/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/icon9.png differ diff --git a/docs/en/tools/desktop/gnome/figures/icon90-o.svg b/docs/en/tools/desktop/gnome/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon92-o.svg b/docs/en/tools/desktop/gnome/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/icon94-o.svg b/docs/en/tools/desktop/gnome/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon97-o.svg b/docs/en/tools/desktop/gnome/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/gnome/figures/icon99-o.svg b/docs/en/tools/desktop/gnome/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/en/tools/desktop/gnome/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/gnome/figures/kiran-1.png b/docs/en/tools/desktop/gnome/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-10.png b/docs/en/tools/desktop/gnome/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-10.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-11.png b/docs/en/tools/desktop/gnome/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-11.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-12.png b/docs/en/tools/desktop/gnome/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-12.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-13.png b/docs/en/tools/desktop/gnome/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-13.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-14.png b/docs/en/tools/desktop/gnome/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-14.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-15.png b/docs/en/tools/desktop/gnome/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-15.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-16.png b/docs/en/tools/desktop/gnome/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-16.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-17.png b/docs/en/tools/desktop/gnome/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-17.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-18.png b/docs/en/tools/desktop/gnome/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-18.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-19.png b/docs/en/tools/desktop/gnome/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-19.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-2.png b/docs/en/tools/desktop/gnome/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-2.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-20.png b/docs/en/tools/desktop/gnome/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-20.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-21.png b/docs/en/tools/desktop/gnome/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-21.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-22.png b/docs/en/tools/desktop/gnome/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-22.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-23.png b/docs/en/tools/desktop/gnome/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-23.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-24.png b/docs/en/tools/desktop/gnome/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-24.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-25.png b/docs/en/tools/desktop/gnome/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-25.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-26.png b/docs/en/tools/desktop/gnome/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-26.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-27.png b/docs/en/tools/desktop/gnome/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-27.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-28.png b/docs/en/tools/desktop/gnome/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-28.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-29.png b/docs/en/tools/desktop/gnome/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-29.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-3.png b/docs/en/tools/desktop/gnome/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-3.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-30.png b/docs/en/tools/desktop/gnome/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-30.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-31.png b/docs/en/tools/desktop/gnome/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-31.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-32.png b/docs/en/tools/desktop/gnome/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-32.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-33.png b/docs/en/tools/desktop/gnome/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-33.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-34.png b/docs/en/tools/desktop/gnome/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-34.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-35.png b/docs/en/tools/desktop/gnome/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-35.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-36.png b/docs/en/tools/desktop/gnome/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-36.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-37.png b/docs/en/tools/desktop/gnome/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-37.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-38.png b/docs/en/tools/desktop/gnome/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-38.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-39.png b/docs/en/tools/desktop/gnome/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-39.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-4.png b/docs/en/tools/desktop/gnome/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-4.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-40.png b/docs/en/tools/desktop/gnome/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-40.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-41.png b/docs/en/tools/desktop/gnome/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-41.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-42.png b/docs/en/tools/desktop/gnome/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-42.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-43.png b/docs/en/tools/desktop/gnome/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-43.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-44.png b/docs/en/tools/desktop/gnome/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-44.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-45.png b/docs/en/tools/desktop/gnome/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-45.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-46.png b/docs/en/tools/desktop/gnome/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-46.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-47.png b/docs/en/tools/desktop/gnome/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-47.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-48.png b/docs/en/tools/desktop/gnome/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-48.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-49.png b/docs/en/tools/desktop/gnome/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-49.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-5.png b/docs/en/tools/desktop/gnome/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-5.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-50.png b/docs/en/tools/desktop/gnome/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-50.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-6.png b/docs/en/tools/desktop/gnome/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-6.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-7.png b/docs/en/tools/desktop/gnome/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-7.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-8.png b/docs/en/tools/desktop/gnome/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-8.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kiran-9.png b/docs/en/tools/desktop/gnome/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kiran-9.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kubesphere-console.png b/docs/en/tools/desktop/gnome/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kubesphere-console.png differ diff --git a/docs/en/tools/desktop/gnome/figures/kubesphere.png b/docs/en/tools/desktop/gnome/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/kubesphere.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-1.png b/docs/en/tools/desktop/gnome/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-1.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-2.png b/docs/en/tools/desktop/gnome/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-2.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-3.png b/docs/en/tools/desktop/gnome/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-3.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-4.png b/docs/en/tools/desktop/gnome/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-4.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-5.png b/docs/en/tools/desktop/gnome/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-5.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-6.png b/docs/en/tools/desktop/gnome/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-6.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-7.png b/docs/en/tools/desktop/gnome/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-7.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-71.png b/docs/en/tools/desktop/gnome/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-71.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-8.png b/docs/en/tools/desktop/gnome/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-8.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-81.png b/docs/en/tools/desktop/gnome/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-81.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-811.png b/docs/en/tools/desktop/gnome/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-811.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-812.png b/docs/en/tools/desktop/gnome/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-812.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-813.png b/docs/en/tools/desktop/gnome/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-813.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-814.png b/docs/en/tools/desktop/gnome/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-814.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-82.png b/docs/en/tools/desktop/gnome/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-82.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-821.png b/docs/en/tools/desktop/gnome/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-821.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-83.png b/docs/en/tools/desktop/gnome/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-83.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-831.png b/docs/en/tools/desktop/gnome/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-831.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-832.png b/docs/en/tools/desktop/gnome/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-832.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-84.png b/docs/en/tools/desktop/gnome/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-84.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-841.png b/docs/en/tools/desktop/gnome/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-841.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-842.png b/docs/en/tools/desktop/gnome/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-842.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-85.png b/docs/en/tools/desktop/gnome/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-85.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-851.png b/docs/en/tools/desktop/gnome/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-851.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-86.png b/docs/en/tools/desktop/gnome/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-86.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-861.png b/docs/en/tools/desktop/gnome/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-861.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-87.png b/docs/en/tools/desktop/gnome/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-87.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-9.png b/docs/en/tools/desktop/gnome/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-9.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-91.png b/docs/en/tools/desktop/gnome/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-91.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-911.png b/docs/en/tools/desktop/gnome/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-911.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-92.png b/docs/en/tools/desktop/gnome/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-92.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-921.png b/docs/en/tools/desktop/gnome/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-921.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-93.png b/docs/en/tools/desktop/gnome/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-93.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-931.png b/docs/en/tools/desktop/gnome/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-931.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-94.png b/docs/en/tools/desktop/gnome/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-94.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-941.png b/docs/en/tools/desktop/gnome/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-941.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-95.png b/docs/en/tools/desktop/gnome/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-95.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-951.png b/docs/en/tools/desktop/gnome/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-951.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-96.png b/docs/en/tools/desktop/gnome/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-96.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-961.png b/docs/en/tools/desktop/gnome/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-961.png differ diff --git a/docs/en/tools/desktop/gnome/figures/xfce-962.png b/docs/en/tools/desktop/gnome/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/en/tools/desktop/gnome/figures/xfce-962.png differ diff --git a/docs/en/tools/desktop/gnome/gnome.md b/docs/en/tools/desktop/gnome/gnome.md new file mode 100644 index 0000000000000000000000000000000000000000..e620de95b58cd2c8bd4b46dc925d7b393a2ff00b --- /dev/null +++ b/docs/en/tools/desktop/gnome/gnome.md @@ -0,0 +1,3 @@ +# GNOME User Guide + +This chapter describes how to install and use the GNOME desktop environment. diff --git a/docs/en/tools/desktop/gnome/gnome_installation.md b/docs/en/tools/desktop/gnome/gnome_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..d0d79345e8c0bfe4b0d0b4c196b35697157be026 --- /dev/null +++ b/docs/en/tools/desktop/gnome/gnome_installation.md @@ -0,0 +1,123 @@ +# Installing GNOME on openEuler + +GNOME is a desktop environment for Unix-like operating systems. As the officially released desktop of GNU Project, GNOME provides a comprehensive, easy-to-use, and user-friendly desktop environment for application usage and development. + +For users, GNOME is a suite that integrates the desktop environment and applications. For developers, GNOME is an application development framework, consisting of a large number of function libraries. Applications written in GNOME can run properly even if users do not run the GNOME desktop environment. + +GNOME includes basic software such as the file manager, app store, and text editor, and advanced applications and tools such as system sampling analysis, system logs, software engineering IDE, web browser, simple VM monitor, and developer document browser. + +You are advised to create an administrator during the installation. + +1. [Download](https://www.openeuler.org/en/) the openEuler ISO image, install the system, and update the software source. The Everything and EPOL sources need to be configured. The following command is used to install GNOME in minimum installation mode. + + ```shell + sudo dnf update + ``` + +2. Install font libraries. + + ```shell + sudo dnf install dejavu-fonts liberation-fonts gnu-*-fonts google-*-fonts + ``` + +3. Install Xorg. + + ```shell + sudo dnf install xorg-* + ``` + + In this case, many unnecessary packages may be installed. You can run the following commands to install the required Xorg packages: + + ```shell + sudo dnf install xorg-x11-apps xorg-x11-drivers xorg-x11-drv-ati \ + xorg-x11-drv-dummy xorg-x11-drv-evdev xorg-x11-drv-fbdev xorg-x11-drv-intel \ + xorg-x11-drv-libinput xorg-x11-drv-nouveau xorg-x11-drv-qxl \ + xorg-x11-drv-synaptics-legacy xorg-x11-drv-v4l xorg-x11-drv-vesa \ + xorg-x11-drv-vmware xorg-x11-drv-wacom xorg-x11-fonts xorg-x11-fonts-others \ + xorg-x11-font-utils xorg-x11-server xorg-x11-server-utils xorg-x11-server-Xephyr \ + xorg-x11-server-Xspice xorg-x11-util-macros xorg-x11-utils xorg-x11-xauth \ + xorg-x11-xbitmaps xorg-x11-xinit xorg-x11-xkb-utils + ``` + +4. Install GNOME and it components. + + ```shell + sudo dnf install adwaita-icon-theme atk atkmm at-spi2-atk at-spi2-core baobab \ + abattis-cantarell-fonts cheese clutter clutter-gst3 clutter-gtk cogl dconf \ + dconf-editor devhelp eog epiphany evince evolution-data-server file-roller folks \ + gcab gcr gdk-pixbuf2 gdm gedit geocode-glib gfbgraph gjs glib2 glibmm24 \ + glib-networking gmime30 gnome-autoar gnome-backgrounds gnome-bluetooth \ + gnome-boxes gnome-builder gnome-calculator gnome-calendar gnome-characters \ + gnome-clocks gnome-color-manager gnome-contacts gnome-control-center \ + gnome-desktop3 gnome-disk-utility gnome-font-viewer gnome-getting-started-docs \ + gnome-initial-setup gnome-keyring gnome-logs gnome-menus gnome-music \ + gnome-online-accounts gnome-online-miners gnome-photos gnome-remote-desktop \ + gnome-screenshot gnome-session gnome-settings-daemon gnome-shell \ + gnome-shell-extensions gnome-software gnome-system-monitor gnome-terminal \ + gnome-tour gnome-user-docs gnome-user-share gnome-video-effects \ + gnome-weather gobject-introspection gom grilo grilo-plugins \ + gsettings-desktop-schemas gsound gspell gssdp gtk3 gtk4 gtk-doc gtkmm30 \ + gtksourceview4 gtk-vnc2 gupnp gupnp-av gupnp-dlna gvfs json-glib libchamplain \ + libdazzle libgdata libgee libgnomekbd libgsf libgtop2 libgweather libgxps libhandy \ + libmediaart libnma libnotify libpeas librsvg2 libsecret libsigc++20 libsoup \ + mm-common mutter nautilus orca pango pangomm libphodav python3-pyatspi \ + python3-gobject rest rygel simple-scan sushi sysprof tepl totem totem-pl-parser \ + tracker3 tracker3-miners vala vte291 yelp yelp-tools \ + yelp-xsl zenity + ``` + +5. Enable GNOME Display Manager (GDM). + + ```shell + sudo systemctl enable gdm + ``` + +6. Set the default login mode to GUI. + + ```shell + sudo systemctl set-default graphical.target + ``` + + Reboot the device for configuration verification. + + ```shell + sudo reboot + ``` + +7. If GDM cannot work: + +Disable GDM if it is installed by default. + +```shell +sudo systemctl disable gdm +``` + +Install LightDM instead. + +```shell +sudo dnf install lightdm lightdm-gtk +``` + +Set the default desktop to GNOME as the root user. + +```shell +echo 'user-session=gnome' >> /etc/lightdm/lightdm.conf.d/60-lightdm-gtk-greeter.conf +``` + +Enable LightDM. + +```shell +sudo systemctl enable lightdm +``` + +Set the default login mode to GUI. + +```shell +sudo systemctl set-default graphical.target +``` + +Reboot the device for configuration verification. + +```shell +sudo reboot +``` diff --git a/docs/en/tools/desktop/gnome/gnome_userguide.md b/docs/en/tools/desktop/gnome/gnome_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..9e3ce4ed07ace5d9956eb7eff8ffad01768dc3fb --- /dev/null +++ b/docs/en/tools/desktop/gnome/gnome_userguide.md @@ -0,0 +1,384 @@ +# GNOME User Guide + +## 1. Overview + +GNOME is a desktop environment for Unix-like operating systems. As the officially desktop of GNU Project, GNOME aims to build a comprehensive, easy-to-use, and user-friendly desktop environment for Unix or Unix-like operating systems based on free software. + +GNOME provides the following functional components: + +ATK: accessibility toolkit. + +Bonobo: component framework to compound documents. + +GObject: object-oriented framework in C language. + +GConf: system for storing configuration settings of apps. + +GNOME VFS: virtual file system. + +GNOME Keyring: security system. + +GNOME Print: software for printing documents. + +GStreamer: multimedia framework of GNOME. + +GTK+: building toolkit. + +Cairo: complex 2D graphics library. + +Human Interface Guidelines: software development documents provided by Sun Microsystems to facilitate GNOME usage. + +LibXML: XML library designed for GNOME. + +ORBit: CORBA Object Request Broker (ORB) that makes software componentized. + +Pango: library for i18n text arrangement and transformation. + +Metacity: window manager. + +This document describes how to use GNOME. + +The following figure shows the GUI. + +![](./figures/gnome-1.png) + +## 2. Desktop + +### 2.1 Desktop + +The GNOME desktop is clean because it does not display any files or directories. Only the left, middle, and right parts of the top bar on the desktop have entry options. They are the activity entry, message notification entry, and system status entry. + +![](./figures/gnome-2.png) + +### 2.2 Shortcut Menu + +After you right-click in the blank area on the desktop, a shortcut menu shown in the following figure is displayed, providing users with some shortcut functions. + +![](./figures/gnome-3.png) + +The following table describes the shortcuts. + +| Shortcut| Description| +| :------------ | :------------ | +| Change Background| Changes the image displayed on the desktop.| +| Display Settings| Sets the resolution, screen rotation, and night light.| +| Settings| Navigates to system settings.| + +## 3. Top Bar on the Desktop + +### 3.1 Activities + +The **Activities** entry is located in the upper left corner of the desktop. It contains app favorites, lists of all apps and active apps, a multi-view switchover function, and an indicator to the current active app. + +#### 3.1.1 App Favorites + +![](./figures/gnome-4.png) + +You can right-click an app icon in **Favorites** and choose **Remove from Favorites** from the shortcut menu to remove the app from **Favorites**. + +#### 3.1.2 List of All Apps + +To display the list of all apps, click the ![](./figures/gnome-5.png) icon under the app favorites folder. + +![](./figures/gnome-6.png) + +Similarly, you can right-click an app icon in the app list and choose **Add to Favorites** from the shortcut menu to add the app to **Favorites**. + +If there are so many apps and you know their names, you can enter an app name in the search box to search for it. + +![](./figures/gnome-7.png) + +#### 3.1.3 List of Active Apps + +Active apps, that is, running apps are displayed one by one after the last app in **Favorites**. There is a white dot under the icon of each active app. + +![](./figures/gnome-8.png) + +If you right-click an active app, operations that can be performed on the app are displayed. The operations vary with apps. Take **Screenshot** as an example. See the following figure. + +![](./figures/gnome-9.png) + +#### 3.1.4 Multi-View Switchover + +As you view the active app list, the active apps are displayed on the right of the list in multi-view mode. + +![](./figures/gnome-10.png) + +When you move the cursor to the right of the multi-view page, the vertical bar on the right becomes wider to display the window and desktop of the current active app. You can click the desktop image to switch back to the desktop. + +![Figure 10 Multi-view switch 2-big](./figures/gnome-11.png) + +If you click another app, it will be displayed on the top of the vertical bar. + +#### 3.1.5 Indicator to the Current Active App + +The indicator to the current active app is displayed on the right of **Activities**. You can click the indicator to display the operations that can be performed on the app. The operations vary with the apps. Take **Terminal** as an example. See the following figure. + +![](./figures/gnome-12.png) + +You can click **Preferences** to set the terminal preferences. + +### 3.2 Message Notification + +The message notification entry is located in the middle of the top bar on the desktop, including message notification, calendar, clock, and weather. + +![](./figures/gnome-13.png) + +#### 3.2.1 Message Notification + +If you set an alarm or countdown timer in **Clocks**, messages will be displayed on the left of the notification pane when the timer expires. The detailed information about the to-do items set in **Calendar** are also displayed on the left of the notification pane, and the summary information is displayed below the calendar on the right. + +![](./figures/gnome-14.png) + +You can click **Do Not Disturb** to close pop-up notifications on the desktop. + +#### 3.2.2 Calendar + +As shown in the preceding figure, the calendar is displayed on the right, and there is a dot under the date of a to-do item. You can click the date to view the summary about a to-do item at the bottom of the calendar. + +#### 3.2.3 Clock and Weather + +You can also add the clock and weather to areas under the calendar. Clicking the **World Clocks** area will invoke the **Clocks** app, and clicking the **Weather** area will invoke the **Weather** app. + +![](./figures/gnome-15.png) + +### 3.3 System Status + +The system status entry is located in the upper right corner of the desktop. It contains multiple options, as described in the following table. + +| Option| Description| +| :------------ | :------------ | +| Sound| Volume slider| +| Ethernet| Ethernet cards and their connections| +| Location In Use| Location of the system| +| Settings| System settings| +| Lock| Immediate screen lock. A password is required to unlock the screen.| +| Power Off/Log Out| Suspension, shutdown, restart, and logout| + +![](./figures/gnome-16.png) + +The system status displayed here varies according to different settings and system configurations, such as Wi-Fi, Bluetooth, and battery. System statuses can also be appended to the left of the upper right corner by other apps, such as the input source display in the preceding figure. + +#### 3.3.1 Sound + +Quickly adjust the volume. To further set the sound, open the system settings. + +#### 3.3.2 Network + +Quickly enable or disable the network. To further configure the network, open the system settings. + +![](./figures/gnome-17.png) + +#### 3.3.3 Location Service + +Quick enable or disable the location service. To further set the location, open the system settings. + +![](./figures/gnome-18.png) + +#### 3.3.4 Settings + +It is one of the convenient entries to system settings. + +![](./figures/gnome-19.png) + +You can set a large number of system-related options in the **Settings** window, which are shown in the left pane of the preceding and following figures. + +![](./figures/gnome-20.png) + +The settings are also dynamically extended. For example, if the hardware where the system is located has Wi-Fi, the Wi-Fi item is displayed. Some important settings are described in the following sections. + +#### 3.3.4 Lock + +If you click **Lock**, the screen is locked and turns black. When you move the cursor, the screen turns on immediately. You can press any key to access the login page and enter the password to log in to the system again. The following figure shows the lock screen. + +![](./figures/gnome-21.png) + +#### 3.3.4 Power-off/Logout + +The actions include suspension, power-off, restart, and logout. The difference between suspension and locking is that a black screen is directly displayed after suspension. You need to use the keyboard to wake up the login page, which takes a longer time than screen locking. Logout is to log out the current user and return to the login page without a black screen. You can use the same or another user account to log in again. + +![](./figures/gnome-22.png) + +The following figure shows the user login page. + +![](./figures/gnome-23.png) + +After the locking and suspension is waked up, the lock screen is displayed first. You need to press a key or click the screen to enter the user login page. The login page is directly displayed after the logout and restart. + +## 4. Common System Settings and App Examples + +### 4.1 Examples of System Settings + +There are four entries to system settings: + +Right-click on the desktop and choose **Settings**. + +Click the system status entry in the upper right corner and choose **Settings**. + +Click the **Activities** entry in the upper left corner and choose **Settings**. + +On the **Terminal**, run the **gnome-control-center** command. + +#### 4.1.1 Network + +![](./figures/gnome-19.png) + +Wired networks are displayed here. You can click the button to enable or disable a network. You can also set the VPN and network proxy. + +Click the gear icon on the right of an Ethernet connection to view details, and modify or remove the connection. + +![](./figures/gnome-24.png) + +Change the connection name. + +![](./figures/gnome-25.png) + +Change the IP address obtaining mode (**Automatic** or **Manual**), and add the DNS and a route. + +![](./figures/gnome-26.png) + +You can also click the plus sign (+) above the gear icon to create a connection. The settings of the new connection are similar to those shown in preceding figures. The prerequisite is that the Ethernet port exists. + +#### 4.1.2 Displays + +You can set the fixed resolution on the **Displays** tab page. If the resolution of your hardware system is not included, set it on the command line. Then, the newly set resolution will be displayed here. + +![](./figures/gnome-27.png) + +Select a resolution and click **Keep Changes** to make the settings take effect. + +![](./figures/gnome-28.png) + +Some displays allow you to rotate the screen vertically, for example, to view the text at the bottom of the screen at a time. The **Orientation** here also provides such support. + +![](./figures/gnome-29.png) + +#### 4.1.3 Keyboard Shortcuts + +You can set keyboard shortcuts to perform shortcut operations, such as quickly opening the home folder, camera, or browser. GNOME does not provide a shortcut for starting the **Terminal**. You can set a default one. + +View existing shortcut settings in scrolling mode or search for shortcuts. + +![](./figures/gnome-30.png) + +Clicking a disabled item, such as the home folder and web browser, triggers shortcut settings. + +![](./figures/gnome-31.png) + +![](./figures/gnome-32.png) + +Effect after the setting is successful. + +![](./figures/gnome-33.png) + +Scroll the keyboard shortcuts page to the bottom and click + to add a shortcut for opening the **Terminal**. + +![](./figures/gnome-34.png) + +![](./figures/gnome-35.png) + +![](./figures/gnome-36.png) + +![](./figures/gnome-37.png) + +Now, you can press **Ctrl+Alt+T** to open the **Terminal**. Settings of the home folder and web browser are similar. + +![](./figures/gnome-38.png) + +#### 4.1.4 Region and Language + +The system can be switched between multiple languages, even if a language is not selected during system installation. + +![](./figures/gnome-39.png) + +You can click **Language** and **Formats** to change the language from Chinese to English, and click **Restart**. You need to log in to the system again and restart the session for the language settings to take effect. + +![](./figures/gnome-40.png) + +![](./figures/gnome-41.png) + +![](./figures/gnome-42.png) + +Click the gear icon on the right of **Input Sources** to view the keyboard shortcuts and input source options. You can click the plus sign (+) to add an input source. + +![](./figures/gnome-43.png) + +When you use the shortcut to switch the input method, you can view the change in the system status area in the upper right corner. + +![](./figures/gnome-44.png) + +#### 4.1.5 Users + +You can add and delete users on the **Users** GUI. For a non-root user, you need to click **Unlock** and enter the password of the super user to display the complete information. + +![](./figures/gnome-45.png) + +Click **Password** to change the password of the current user. + +![](./figures/gnome-46.png) + +Click **Account Activity** to view the login status of the user in this week. + +![](./figures/gnome-47.png) + +Click **Add User** in the upper right corner to add a user and set the password when adding the user or when logging in to the system as the new user. To log in to the system as a new user, log out of the system and then log in as the new user. The new user can be removed by clicking **Remove User**. The current login user cannot be removed. + +![](./figures/gnome-48.png) + +### 4.2 Application Examples + +#### 4.2.1 Files + +The binary file name of the **Files** app is **nautilus**. You can create, modify, move, save, and delete files in the file system displayed in **Files**. + +![](./figures/gnome-49.png) + +#### 4.2.2 Terminal + +The running **Terminal** is a special process under the GNOME login session. It functions as a console and is a new session in essence. It can perform almost all the tasks that the console can do, and it is what Linux would be without a graphical interface. + +![](./figures/gnome-50.png) + +In the **Preferences** dialog box, you can set the font, character spacing, and theme background. + +#### 4.2.3 Software + +In **Software**, you can search for and install many free open source apps, and view and uninstall installed apps. + +![](./figures/gnome-51.png) + +![](./figures/gnome-52.png) + +#### 4.2.4 Browser + +GNOME has a built-in browser named **Web**. Its interface and functions are simpler than those of Chrome or Firefox, but supports common functions, such as bookmarks, search engine settings, history, and file download. + +![](./figures/gnome-53.png) + +#### 4.2.5 System Monitor + +It is similar to the Task Manager in Windows operating systems, on which you can view the process name, user, and usage of CPU and memory resources. This monitor is dynamic, but its change effect is much worse than that of running the top command. + +![](./figures/gnome-54.png) + +You can also view the usage trend of important components such as the CPU, memory, and network. + +![](./figures/gnome-55.png) + +#### 4.2.6 Text Editor + +A text editor is required for creating, modifying, and saving files. In its **Preferences** dialog box, you can set the font, tab width, theme, and plug-ins. + +![](./figures/gnome-56.png) + +#### 4.2.7 Sysprof + +Sysprof samples and presents a system, including the software and hardware, and is used to locate system performance problems, for example, app startup freezing and system response delay. You can select the project to be traced and click **Record** to start sampling. + +![](./figures/gnome-57.png) + +![](./figures/gnome-58.png) + +After the sampling is stopped, the result provides abundant information for diagnosis and analysis. + +![](./figures/gnome-59.png) diff --git a/docs/en/tools/desktop/kiran/_toc.yaml b/docs/en/tools/desktop/kiran/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..91a3ca13b899de961a8d1ccfa9b933fa511a90d7 --- /dev/null +++ b/docs/en/tools/desktop/kiran/_toc.yaml @@ -0,0 +1,10 @@ +label: Kiran User Guide +isManual: true +description: Install and use Kiran. +sections: + - label: Kiran + href: ./kiran.md + - label: Installing Kiran + href: ./kiran_installation.md + - label: Using Kiran + href: ./kiran_userguide.md diff --git a/docs/en/tools/desktop/kiran/figures/.keep b/docs/en/tools/desktop/kiran/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/tools/desktop/kiran/figures/1.png b/docs/en/tools/desktop/kiran/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/10.png b/docs/en/tools/desktop/kiran/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/10.png differ diff --git a/docs/en/tools/desktop/kiran/figures/11.png b/docs/en/tools/desktop/kiran/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/11.png differ diff --git a/docs/en/tools/desktop/kiran/figures/12.png b/docs/en/tools/desktop/kiran/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/12.png differ diff --git a/docs/en/tools/desktop/kiran/figures/13.png b/docs/en/tools/desktop/kiran/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/13.png differ diff --git a/docs/en/tools/desktop/kiran/figures/14.png b/docs/en/tools/desktop/kiran/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/14.png differ diff --git a/docs/en/tools/desktop/kiran/figures/15.png b/docs/en/tools/desktop/kiran/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/15.png differ diff --git a/docs/en/tools/desktop/kiran/figures/16.png b/docs/en/tools/desktop/kiran/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/16.png differ diff --git a/docs/en/tools/desktop/kiran/figures/17.png b/docs/en/tools/desktop/kiran/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/17.png differ diff --git a/docs/en/tools/desktop/kiran/figures/18.png b/docs/en/tools/desktop/kiran/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/18.png differ diff --git a/docs/en/tools/desktop/kiran/figures/19.png b/docs/en/tools/desktop/kiran/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/19.png differ diff --git a/docs/en/tools/desktop/kiran/figures/2.png b/docs/en/tools/desktop/kiran/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/2.png differ diff --git a/docs/en/tools/desktop/kiran/figures/20.png b/docs/en/tools/desktop/kiran/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/20.png differ diff --git a/docs/en/tools/desktop/kiran/figures/21.png b/docs/en/tools/desktop/kiran/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/21.png differ diff --git a/docs/en/tools/desktop/kiran/figures/22.png b/docs/en/tools/desktop/kiran/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/22.png differ diff --git a/docs/en/tools/desktop/kiran/figures/23.png b/docs/en/tools/desktop/kiran/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/23.png differ diff --git a/docs/en/tools/desktop/kiran/figures/24.png b/docs/en/tools/desktop/kiran/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/24.png differ diff --git a/docs/en/tools/desktop/kiran/figures/25.png b/docs/en/tools/desktop/kiran/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/25.png differ diff --git a/docs/en/tools/desktop/kiran/figures/26.png b/docs/en/tools/desktop/kiran/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/26.png differ diff --git a/docs/en/tools/desktop/kiran/figures/27.png b/docs/en/tools/desktop/kiran/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/27.png differ diff --git a/docs/en/tools/desktop/kiran/figures/28.png b/docs/en/tools/desktop/kiran/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/28.png differ diff --git a/docs/en/tools/desktop/kiran/figures/29.png b/docs/en/tools/desktop/kiran/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/29.png differ diff --git a/docs/en/tools/desktop/kiran/figures/3.png b/docs/en/tools/desktop/kiran/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/3.png differ diff --git a/docs/en/tools/desktop/kiran/figures/30.png b/docs/en/tools/desktop/kiran/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/30.png differ diff --git a/docs/en/tools/desktop/kiran/figures/31.png b/docs/en/tools/desktop/kiran/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/31.png differ diff --git a/docs/en/tools/desktop/kiran/figures/32.png b/docs/en/tools/desktop/kiran/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/32.png differ diff --git a/docs/en/tools/desktop/kiran/figures/33.png b/docs/en/tools/desktop/kiran/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/33.png differ diff --git a/docs/en/tools/desktop/kiran/figures/34.png b/docs/en/tools/desktop/kiran/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/34.png differ diff --git a/docs/en/tools/desktop/kiran/figures/35.png b/docs/en/tools/desktop/kiran/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/35.png differ diff --git a/docs/en/tools/desktop/kiran/figures/36.png b/docs/en/tools/desktop/kiran/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/36.png differ diff --git a/docs/en/tools/desktop/kiran/figures/37.png b/docs/en/tools/desktop/kiran/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/37.png differ diff --git a/docs/en/tools/desktop/kiran/figures/38.png b/docs/en/tools/desktop/kiran/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/38.png differ diff --git a/docs/en/tools/desktop/kiran/figures/39.png b/docs/en/tools/desktop/kiran/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/39.png differ diff --git a/docs/en/tools/desktop/kiran/figures/4.png b/docs/en/tools/desktop/kiran/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/4.png differ diff --git a/docs/en/tools/desktop/kiran/figures/40.png b/docs/en/tools/desktop/kiran/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/40.png differ diff --git a/docs/en/tools/desktop/kiran/figures/41.png b/docs/en/tools/desktop/kiran/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/41.png differ diff --git a/docs/en/tools/desktop/kiran/figures/42.png b/docs/en/tools/desktop/kiran/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/42.png differ diff --git a/docs/en/tools/desktop/kiran/figures/43.jpg b/docs/en/tools/desktop/kiran/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/43.jpg differ diff --git a/docs/en/tools/desktop/kiran/figures/44.png b/docs/en/tools/desktop/kiran/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/44.png differ diff --git a/docs/en/tools/desktop/kiran/figures/45.png b/docs/en/tools/desktop/kiran/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/45.png differ diff --git a/docs/en/tools/desktop/kiran/figures/46.png b/docs/en/tools/desktop/kiran/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/46.png differ diff --git a/docs/en/tools/desktop/kiran/figures/47.jpg b/docs/en/tools/desktop/kiran/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/47.jpg differ diff --git a/docs/en/tools/desktop/kiran/figures/48.png b/docs/en/tools/desktop/kiran/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/48.png differ diff --git a/docs/en/tools/desktop/kiran/figures/49.png b/docs/en/tools/desktop/kiran/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/49.png differ diff --git a/docs/en/tools/desktop/kiran/figures/5.png b/docs/en/tools/desktop/kiran/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/5.png differ diff --git a/docs/en/tools/desktop/kiran/figures/50.png b/docs/en/tools/desktop/kiran/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/50.png differ diff --git a/docs/en/tools/desktop/kiran/figures/51.png b/docs/en/tools/desktop/kiran/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/51.png differ diff --git a/docs/en/tools/desktop/kiran/figures/52.png b/docs/en/tools/desktop/kiran/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/52.png differ diff --git a/docs/en/tools/desktop/kiran/figures/53.png b/docs/en/tools/desktop/kiran/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/53.png differ diff --git a/docs/en/tools/desktop/kiran/figures/54.png b/docs/en/tools/desktop/kiran/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/54.png differ diff --git a/docs/en/tools/desktop/kiran/figures/56.png b/docs/en/tools/desktop/kiran/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/56.png differ diff --git a/docs/en/tools/desktop/kiran/figures/57.png b/docs/en/tools/desktop/kiran/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/57.png differ diff --git a/docs/en/tools/desktop/kiran/figures/58.png b/docs/en/tools/desktop/kiran/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/58.png differ diff --git a/docs/en/tools/desktop/kiran/figures/59.png b/docs/en/tools/desktop/kiran/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/59.png differ diff --git a/docs/en/tools/desktop/kiran/figures/6.png b/docs/en/tools/desktop/kiran/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/6.png differ diff --git a/docs/en/tools/desktop/kiran/figures/60.jpg b/docs/en/tools/desktop/kiran/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/60.jpg differ diff --git a/docs/en/tools/desktop/kiran/figures/61.png b/docs/en/tools/desktop/kiran/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/61.png differ diff --git a/docs/en/tools/desktop/kiran/figures/62.png b/docs/en/tools/desktop/kiran/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/62.png differ diff --git a/docs/en/tools/desktop/kiran/figures/63.jpg b/docs/en/tools/desktop/kiran/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/63.jpg differ diff --git a/docs/en/tools/desktop/kiran/figures/63.png b/docs/en/tools/desktop/kiran/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/63.png differ diff --git a/docs/en/tools/desktop/kiran/figures/64.png b/docs/en/tools/desktop/kiran/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/64.png differ diff --git a/docs/en/tools/desktop/kiran/figures/7.png b/docs/en/tools/desktop/kiran/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/7.png differ diff --git a/docs/en/tools/desktop/kiran/figures/8.png b/docs/en/tools/desktop/kiran/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/8.png differ diff --git a/docs/en/tools/desktop/kiran/figures/9.png b/docs/en/tools/desktop/kiran/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/9.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-01.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-01.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-02.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-02.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-03.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-03.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-04.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-04.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-05.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-05.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-06.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-06.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-07.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-07.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-08.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-08.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-09.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-09.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-10.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-10.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-11.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-11.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-12.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-12.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-13.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-13.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-14.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-14.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-15.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-15.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-16.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-16.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-17.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-17.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-18.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-18.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-19.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-19.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-20.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-20.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-21.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-21.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-22.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-22.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-23.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-23.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-24.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-24.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-25.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-25.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-26.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-26.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-27.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-27.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-28.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-28.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-29.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-29.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-30-0.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-30-0.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-30-1.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-30-1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-31.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-31.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-32.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-32.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-33.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-33.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-34.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-34.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-35-0.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-35-0.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-35-1.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-35-1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-36.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-36.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-37.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-37.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-38.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-38.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-39.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-39.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-40.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-40.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-41-0.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-41-0.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-41-1.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-41-1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-42.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-42.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-43.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-43.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-44.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-44.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-45.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-45.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-46.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-46.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-47.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-47.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-48.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-48.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-49.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-49.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-50.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-50.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-51.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-51.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-52.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-52.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-53.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-53.png differ diff --git a/docs/en/tools/desktop/kiran/figures/Cinnamon-54.png b/docs/en/tools/desktop/kiran/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/Cinnamon-54.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-add-resource.png b/docs/en/tools/desktop/kiran/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-add-resource.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-apache-show.png b/docs/en/tools/desktop/kiran/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-apache-show.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-apache-suc.png b/docs/en/tools/desktop/kiran/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-apache-suc.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-api.png b/docs/en/tools/desktop/kiran/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-api.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-clone-suc.png b/docs/en/tools/desktop/kiran/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-clone-suc.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-clone.png b/docs/en/tools/desktop/kiran/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-clone.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-corosync.png b/docs/en/tools/desktop/kiran/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-corosync.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-firstchoice-cmd.png b/docs/en/tools/desktop/kiran/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-firstchoice-cmd.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-firstchoice.png b/docs/en/tools/desktop/kiran/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-firstchoice.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-group-new-suc.png b/docs/en/tools/desktop/kiran/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-group-new-suc.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-group-new-suc2.png b/docs/en/tools/desktop/kiran/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-group-new-suc2.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-group-new.png b/docs/en/tools/desktop/kiran/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-group-new.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-group-suc.png b/docs/en/tools/desktop/kiran/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-group-suc.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-group.png b/docs/en/tools/desktop/kiran/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-group.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-home-page.png b/docs/en/tools/desktop/kiran/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-home-page.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-login.png b/docs/en/tools/desktop/kiran/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-login.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-mariadb-suc.png b/docs/en/tools/desktop/kiran/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-mariadb-suc.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-mariadb.png b/docs/en/tools/desktop/kiran/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-mariadb.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-nfs-suc.png b/docs/en/tools/desktop/kiran/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-nfs-suc.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-nfs.png b/docs/en/tools/desktop/kiran/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-nfs.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-pacemaker.png b/docs/en/tools/desktop/kiran/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-pacemaker.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-pcs-status.png b/docs/en/tools/desktop/kiran/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-pcs-status.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-pcs.png b/docs/en/tools/desktop/kiran/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-pcs.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-qdevice.png b/docs/en/tools/desktop/kiran/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-qdevice.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-refresh.png b/docs/en/tools/desktop/kiran/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-refresh.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-vip-suc.png b/docs/en/tools/desktop/kiran/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-vip-suc.png differ diff --git a/docs/en/tools/desktop/kiran/figures/HA-vip.png b/docs/en/tools/desktop/kiran/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/HA-vip.png differ diff --git a/docs/en/tools/desktop/kiran/figures/dde-1.png b/docs/en/tools/desktop/kiran/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/dde-1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/dde-2.png b/docs/en/tools/desktop/kiran/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/dde-2.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-1.png b/docs/en/tools/desktop/kiran/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-10.png b/docs/en/tools/desktop/kiran/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-10.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-11.png b/docs/en/tools/desktop/kiran/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-11.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-12.png b/docs/en/tools/desktop/kiran/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-12.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-13.png b/docs/en/tools/desktop/kiran/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-13.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-14.png b/docs/en/tools/desktop/kiran/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-14.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-15.png b/docs/en/tools/desktop/kiran/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-15.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-16.png b/docs/en/tools/desktop/kiran/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-16.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-17.png b/docs/en/tools/desktop/kiran/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-17.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-18.png b/docs/en/tools/desktop/kiran/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-18.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-19.png b/docs/en/tools/desktop/kiran/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-19.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-2.png b/docs/en/tools/desktop/kiran/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-2.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-20.png b/docs/en/tools/desktop/kiran/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-20.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-21.png b/docs/en/tools/desktop/kiran/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-21.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-22.png b/docs/en/tools/desktop/kiran/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-22.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-23.png b/docs/en/tools/desktop/kiran/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-23.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-24.png b/docs/en/tools/desktop/kiran/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-24.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-25.png b/docs/en/tools/desktop/kiran/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-25.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-26.png b/docs/en/tools/desktop/kiran/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-26.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-27.png b/docs/en/tools/desktop/kiran/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-27.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-28.png b/docs/en/tools/desktop/kiran/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-28.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-29.png b/docs/en/tools/desktop/kiran/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-29.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-3.png b/docs/en/tools/desktop/kiran/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-3.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-30.png b/docs/en/tools/desktop/kiran/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-30.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-31.png b/docs/en/tools/desktop/kiran/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-31.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-32.png b/docs/en/tools/desktop/kiran/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-32.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-33.png b/docs/en/tools/desktop/kiran/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-33.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-34.png b/docs/en/tools/desktop/kiran/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-34.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-35.png b/docs/en/tools/desktop/kiran/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-35.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-36.png b/docs/en/tools/desktop/kiran/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-36.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-37.png b/docs/en/tools/desktop/kiran/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-37.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-38.png b/docs/en/tools/desktop/kiran/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-38.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-39.png b/docs/en/tools/desktop/kiran/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-39.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-4.png b/docs/en/tools/desktop/kiran/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-4.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-40.png b/docs/en/tools/desktop/kiran/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-40.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-41.png b/docs/en/tools/desktop/kiran/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-41.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-42.png b/docs/en/tools/desktop/kiran/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-42.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-43.png b/docs/en/tools/desktop/kiran/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-43.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-44.png b/docs/en/tools/desktop/kiran/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-44.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-45.png b/docs/en/tools/desktop/kiran/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-45.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-46.png b/docs/en/tools/desktop/kiran/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-46.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-47.png b/docs/en/tools/desktop/kiran/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-47.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-48.png b/docs/en/tools/desktop/kiran/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-48.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-49.png b/docs/en/tools/desktop/kiran/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-49.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-5.png b/docs/en/tools/desktop/kiran/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-5.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-50.png b/docs/en/tools/desktop/kiran/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-50.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-51.png b/docs/en/tools/desktop/kiran/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-51.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-52.png b/docs/en/tools/desktop/kiran/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-52.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-53.png b/docs/en/tools/desktop/kiran/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-53.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-54.png b/docs/en/tools/desktop/kiran/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-54.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-55.png b/docs/en/tools/desktop/kiran/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-55.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-56.png b/docs/en/tools/desktop/kiran/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-56.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-57.png b/docs/en/tools/desktop/kiran/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-57.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-58.png b/docs/en/tools/desktop/kiran/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-58.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-59.png b/docs/en/tools/desktop/kiran/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-59.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-6.png b/docs/en/tools/desktop/kiran/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-6.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-7.png b/docs/en/tools/desktop/kiran/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-7.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-8.png b/docs/en/tools/desktop/kiran/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-8.png differ diff --git a/docs/en/tools/desktop/kiran/figures/gnome-9.png b/docs/en/tools/desktop/kiran/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/gnome-9.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon1.png b/docs/en/tools/desktop/kiran/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon10-o.png b/docs/en/tools/desktop/kiran/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon10-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon101-o.svg b/docs/en/tools/desktop/kiran/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon103-o.svg b/docs/en/tools/desktop/kiran/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon105-o.svg b/docs/en/tools/desktop/kiran/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon107-o.svg b/docs/en/tools/desktop/kiran/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon11-o.png b/docs/en/tools/desktop/kiran/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon11-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon110-o.svg b/docs/en/tools/desktop/kiran/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon111-o.svg b/docs/en/tools/desktop/kiran/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon112-o.svg b/docs/en/tools/desktop/kiran/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon116-o.svg b/docs/en/tools/desktop/kiran/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon12-o.png b/docs/en/tools/desktop/kiran/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon12-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon120-o.svg b/docs/en/tools/desktop/kiran/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon122-o.svg b/docs/en/tools/desktop/kiran/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon124-o.svg b/docs/en/tools/desktop/kiran/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon125-o.svg b/docs/en/tools/desktop/kiran/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon126-o.svg b/docs/en/tools/desktop/kiran/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon127-o.svg b/docs/en/tools/desktop/kiran/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon128-o.svg b/docs/en/tools/desktop/kiran/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon13-o.png b/docs/en/tools/desktop/kiran/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon13-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon132-o.svg b/docs/en/tools/desktop/kiran/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon133-o.svg b/docs/en/tools/desktop/kiran/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon134-o.svg b/docs/en/tools/desktop/kiran/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon135-o.svg b/docs/en/tools/desktop/kiran/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon136-o.svg b/docs/en/tools/desktop/kiran/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon14-o.png b/docs/en/tools/desktop/kiran/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon14-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon15-o.png b/docs/en/tools/desktop/kiran/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon15-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon16.png b/docs/en/tools/desktop/kiran/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon16.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon17.png b/docs/en/tools/desktop/kiran/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon17.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon18.png b/docs/en/tools/desktop/kiran/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon18.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon19-o.png b/docs/en/tools/desktop/kiran/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon19-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon2.png b/docs/en/tools/desktop/kiran/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon2.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon20.png b/docs/en/tools/desktop/kiran/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon20.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon21.png b/docs/en/tools/desktop/kiran/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon21.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon22.png b/docs/en/tools/desktop/kiran/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon22.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon23.png b/docs/en/tools/desktop/kiran/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon23.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon24.png b/docs/en/tools/desktop/kiran/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon24.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon25.png b/docs/en/tools/desktop/kiran/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon25.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon26-o.png b/docs/en/tools/desktop/kiran/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon26-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon27-o.png b/docs/en/tools/desktop/kiran/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon27-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon28-o.png b/docs/en/tools/desktop/kiran/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon28-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon29-o.png b/docs/en/tools/desktop/kiran/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon29-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon3.png b/docs/en/tools/desktop/kiran/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon3.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon30-o.png b/docs/en/tools/desktop/kiran/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon30-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon31-o.png b/docs/en/tools/desktop/kiran/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon31-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon32.png b/docs/en/tools/desktop/kiran/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon32.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon33.png b/docs/en/tools/desktop/kiran/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon33.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon34.png b/docs/en/tools/desktop/kiran/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon34.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon35.png b/docs/en/tools/desktop/kiran/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon35.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon36.png b/docs/en/tools/desktop/kiran/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon36.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon37.png b/docs/en/tools/desktop/kiran/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon37.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon38.png b/docs/en/tools/desktop/kiran/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon38.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon39.png b/docs/en/tools/desktop/kiran/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon39.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon4.png b/docs/en/tools/desktop/kiran/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon4.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon40.png b/docs/en/tools/desktop/kiran/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon40.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon41.png b/docs/en/tools/desktop/kiran/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon41.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon42-o.png b/docs/en/tools/desktop/kiran/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon42-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon42.png b/docs/en/tools/desktop/kiran/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon42.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon43-o.png b/docs/en/tools/desktop/kiran/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon43-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon44-o.png b/docs/en/tools/desktop/kiran/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon44-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon45-o.png b/docs/en/tools/desktop/kiran/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon45-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon46-o.png b/docs/en/tools/desktop/kiran/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon46-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon47-o.png b/docs/en/tools/desktop/kiran/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon47-o.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon49-o.svg b/docs/en/tools/desktop/kiran/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon5.png b/docs/en/tools/desktop/kiran/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon5.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon50-o.svg b/docs/en/tools/desktop/kiran/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon52-o.svg b/docs/en/tools/desktop/kiran/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon53-o.svg b/docs/en/tools/desktop/kiran/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon54-o.svg b/docs/en/tools/desktop/kiran/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon56-o.svg b/docs/en/tools/desktop/kiran/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon57-o.svg b/docs/en/tools/desktop/kiran/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon58-o.svg b/docs/en/tools/desktop/kiran/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon6.png b/docs/en/tools/desktop/kiran/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon6.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon62-o.svg b/docs/en/tools/desktop/kiran/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon63-o.svg b/docs/en/tools/desktop/kiran/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon66-o.svg b/docs/en/tools/desktop/kiran/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon68-o.svg b/docs/en/tools/desktop/kiran/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon69-o.svg b/docs/en/tools/desktop/kiran/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon7.png b/docs/en/tools/desktop/kiran/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon7.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon70-o.svg b/docs/en/tools/desktop/kiran/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon71-o.svg b/docs/en/tools/desktop/kiran/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon72-o.svg b/docs/en/tools/desktop/kiran/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon73-o.svg b/docs/en/tools/desktop/kiran/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon75-o.svg b/docs/en/tools/desktop/kiran/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon8.png b/docs/en/tools/desktop/kiran/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon8.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon83-o.svg b/docs/en/tools/desktop/kiran/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon84-o.svg b/docs/en/tools/desktop/kiran/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon86-o.svg b/docs/en/tools/desktop/kiran/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon88-o.svg b/docs/en/tools/desktop/kiran/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon9.png b/docs/en/tools/desktop/kiran/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/icon9.png differ diff --git a/docs/en/tools/desktop/kiran/figures/icon90-o.svg b/docs/en/tools/desktop/kiran/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon92-o.svg b/docs/en/tools/desktop/kiran/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/icon94-o.svg b/docs/en/tools/desktop/kiran/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon97-o.svg b/docs/en/tools/desktop/kiran/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/kiran/figures/icon99-o.svg b/docs/en/tools/desktop/kiran/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/en/tools/desktop/kiran/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/kiran/figures/kiran-1.png b/docs/en/tools/desktop/kiran/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-10.png b/docs/en/tools/desktop/kiran/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-10.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-11.png b/docs/en/tools/desktop/kiran/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-11.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-12.png b/docs/en/tools/desktop/kiran/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-12.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-13.png b/docs/en/tools/desktop/kiran/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-13.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-14.png b/docs/en/tools/desktop/kiran/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-14.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-15.png b/docs/en/tools/desktop/kiran/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-15.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-16.png b/docs/en/tools/desktop/kiran/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-16.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-17.png b/docs/en/tools/desktop/kiran/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-17.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-18.png b/docs/en/tools/desktop/kiran/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-18.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-19.png b/docs/en/tools/desktop/kiran/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-19.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-2.png b/docs/en/tools/desktop/kiran/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-2.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-20.png b/docs/en/tools/desktop/kiran/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-20.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-21.png b/docs/en/tools/desktop/kiran/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-21.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-22.png b/docs/en/tools/desktop/kiran/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-22.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-23.png b/docs/en/tools/desktop/kiran/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-23.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-24.png b/docs/en/tools/desktop/kiran/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-24.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-25.png b/docs/en/tools/desktop/kiran/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-25.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-26.png b/docs/en/tools/desktop/kiran/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-26.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-27.png b/docs/en/tools/desktop/kiran/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-27.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-28.png b/docs/en/tools/desktop/kiran/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-28.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-29.png b/docs/en/tools/desktop/kiran/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-29.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-3.png b/docs/en/tools/desktop/kiran/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-3.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-30.png b/docs/en/tools/desktop/kiran/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-30.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-31.png b/docs/en/tools/desktop/kiran/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-31.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-32.png b/docs/en/tools/desktop/kiran/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-32.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-33.png b/docs/en/tools/desktop/kiran/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-33.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-34.png b/docs/en/tools/desktop/kiran/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-34.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-35.png b/docs/en/tools/desktop/kiran/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-35.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-36.png b/docs/en/tools/desktop/kiran/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-36.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-37.png b/docs/en/tools/desktop/kiran/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-37.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-38.png b/docs/en/tools/desktop/kiran/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-38.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-39.png b/docs/en/tools/desktop/kiran/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-39.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-4.png b/docs/en/tools/desktop/kiran/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-4.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-40.png b/docs/en/tools/desktop/kiran/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-40.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-41.png b/docs/en/tools/desktop/kiran/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-41.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-42.png b/docs/en/tools/desktop/kiran/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-42.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-43.png b/docs/en/tools/desktop/kiran/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-43.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-44.png b/docs/en/tools/desktop/kiran/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-44.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-45.png b/docs/en/tools/desktop/kiran/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-45.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-46.png b/docs/en/tools/desktop/kiran/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-46.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-47.png b/docs/en/tools/desktop/kiran/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-47.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-48.png b/docs/en/tools/desktop/kiran/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-48.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-49.png b/docs/en/tools/desktop/kiran/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-49.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-5.png b/docs/en/tools/desktop/kiran/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-5.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-50.png b/docs/en/tools/desktop/kiran/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-50.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-6.png b/docs/en/tools/desktop/kiran/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-6.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-7.png b/docs/en/tools/desktop/kiran/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-7.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-8.png b/docs/en/tools/desktop/kiran/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-8.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kiran-9.png b/docs/en/tools/desktop/kiran/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kiran-9.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kubesphere-console.png b/docs/en/tools/desktop/kiran/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kubesphere-console.png differ diff --git a/docs/en/tools/desktop/kiran/figures/kubesphere.png b/docs/en/tools/desktop/kiran/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/kubesphere.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-1.png b/docs/en/tools/desktop/kiran/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-1.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-2.png b/docs/en/tools/desktop/kiran/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-2.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-3.png b/docs/en/tools/desktop/kiran/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-3.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-4.png b/docs/en/tools/desktop/kiran/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-4.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-5.png b/docs/en/tools/desktop/kiran/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-5.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-6.png b/docs/en/tools/desktop/kiran/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-6.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-7.png b/docs/en/tools/desktop/kiran/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-7.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-71.png b/docs/en/tools/desktop/kiran/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-71.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-8.png b/docs/en/tools/desktop/kiran/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-8.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-81.png b/docs/en/tools/desktop/kiran/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-81.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-811.png b/docs/en/tools/desktop/kiran/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-811.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-812.png b/docs/en/tools/desktop/kiran/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-812.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-813.png b/docs/en/tools/desktop/kiran/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-813.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-814.png b/docs/en/tools/desktop/kiran/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-814.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-82.png b/docs/en/tools/desktop/kiran/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-82.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-821.png b/docs/en/tools/desktop/kiran/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-821.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-83.png b/docs/en/tools/desktop/kiran/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-83.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-831.png b/docs/en/tools/desktop/kiran/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-831.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-832.png b/docs/en/tools/desktop/kiran/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-832.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-84.png b/docs/en/tools/desktop/kiran/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-84.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-841.png b/docs/en/tools/desktop/kiran/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-841.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-842.png b/docs/en/tools/desktop/kiran/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-842.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-85.png b/docs/en/tools/desktop/kiran/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-85.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-851.png b/docs/en/tools/desktop/kiran/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-851.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-86.png b/docs/en/tools/desktop/kiran/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-86.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-861.png b/docs/en/tools/desktop/kiran/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-861.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-87.png b/docs/en/tools/desktop/kiran/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-87.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-9.png b/docs/en/tools/desktop/kiran/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-9.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-91.png b/docs/en/tools/desktop/kiran/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-91.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-911.png b/docs/en/tools/desktop/kiran/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-911.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-92.png b/docs/en/tools/desktop/kiran/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-92.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-921.png b/docs/en/tools/desktop/kiran/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-921.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-93.png b/docs/en/tools/desktop/kiran/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-93.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-931.png b/docs/en/tools/desktop/kiran/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-931.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-94.png b/docs/en/tools/desktop/kiran/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-94.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-941.png b/docs/en/tools/desktop/kiran/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-941.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-95.png b/docs/en/tools/desktop/kiran/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-95.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-951.png b/docs/en/tools/desktop/kiran/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-951.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-96.png b/docs/en/tools/desktop/kiran/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-96.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-961.png b/docs/en/tools/desktop/kiran/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-961.png differ diff --git a/docs/en/tools/desktop/kiran/figures/xfce-962.png b/docs/en/tools/desktop/kiran/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/en/tools/desktop/kiran/figures/xfce-962.png differ diff --git a/docs/en/tools/desktop/kiran/kiran.md b/docs/en/tools/desktop/kiran/kiran.md new file mode 100644 index 0000000000000000000000000000000000000000..b9da8f9fda119724e97d0f45f62a3b32ea80bbb8 --- /dev/null +++ b/docs/en/tools/desktop/kiran/kiran.md @@ -0,0 +1,3 @@ +# Kiran User Guide + +This chapter describes how to install and use the Kiran desktop environment. diff --git a/docs/en/tools/desktop/kiran/kiran_installation.md b/docs/en/tools/desktop/kiran/kiran_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..4aab96decb8c766339c2913d7c671e27d81c61c9 --- /dev/null +++ b/docs/en/tools/desktop/kiran/kiran_installation.md @@ -0,0 +1,31 @@ +# Kiran Installation + +## Introduction + +Kiran desktop environment, developed by Kylinsec, is a stable, efficient, and easy-to-use desktop environment oriented towards user and market requirements. Kiran supports x86 and AArch64 architectures. + +## Procedure + +You are advised to install Kiran as the **root** user or a newly created administrator. + +1. Download the openEuler 22.09 ISO file and install the OS. + +2. Update the software repository. + +```shell +sudo dnf update +``` + +1. Install kiran-desktop. + +```shell +sudo dnf -y install kiran-desktop +``` + +1. Set the system to start with the graphical interface, and then restart the system using the `reboot` command. + +```shell +systemctl set-default graphical.target +``` + +After the reboot is complete, log in to the Kiran desktop. diff --git a/docs/en/tools/desktop/kiran/kiran_userguide.md b/docs/en/tools/desktop/kiran/kiran_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..7780aa7b5621ec35fa8976c19bb4fafa3cb6dd6a --- /dev/null +++ b/docs/en/tools/desktop/kiran/kiran_userguide.md @@ -0,0 +1,298 @@ +# Kiran Desktop Environment + +## 1. Overview + +Kiran desktop environment is a stable, efficient, and easy-to-use desktop environment oriented towards user and market requirements. It consists of the desktop, taskbar, tray, control center, and window management components. This document describes how to use the Kiran desktop. + +## 2. Desktop + +### 2.1. Login Screen + +After the installation is complete, restart the system. After the system is started, enter the user name and password to log in to the system. The login screen displays the time, date, power button, and soft keyboard button. The adaptive UI supports screen zooming and multi-screen display. The login dialog box can be switched between screens following the mouse pointer. + +![Figure 1 Login screen](figures/kiran-1.png) + +### 2.2. Main Screen + +Enter the correct user name and password to log in to the system. The main screen is displayed, as shown in the following figure: + +![Figure 2-Main screen ](figures/kiran-2.png) + +Several icons are displayed on the desktop, such as **Computer**, **Home** folder, and **Trash**. The panel, located at the bottom of the screen, allows you to launch applications and switch between virtual desktops. +A desktop is a working area of a user. You will perform operations and run applications on the desktop. You can place the files and applications on the desktop for easy access. Double-click the icons to run the corresponding applications or open the files. You can drag, add, or delete desktop icons. Desktop icons allow you to complete your work more conveniently. + +![Figure 3-Computer](figures/kiran-3.png) **Computer**: Double-click to display all the local and remote disks and folders accessed from this computer. + +![Figure 4-Home folder](figures/kiran-4.png) **Home** folder: Double-click to display the contents in the home directory of the current user. + +![Figure 5- Trash](figures/kiran-5.png) **Trash**: Deleted files are temporarily stored in Trash. + +Shortcut menu: Right-click on the desktop to display the shortcut menu, which provides shortcuts for icon management, folder creation, document creation, desktop background settings, and theme settings. + +**Create Folder**: Creates a folder. + +**Create Launcher...**: Creates a launcher. + +**Create Document**: Creates an empty plain-text file. + +**Open Terminal...**: Opens the terminal application. + +**Organize Desktop by Name**: Sorts desktop files by name. + +**Keep Aligned**: If this option is selected, the desktop icons are aligned to the grid. + +**Change Desktop Background**: Opens Background to change the background picture of the desktop or lock screen. + +### 2.3 Panel + +The panel is usually located at the bottom of the screen and includes the start menu button, quick launch area, icons of frequently used applications and desktop applets, and taskbar that displays the currently running application. +When you hover the mouse pointer over an icon for several seconds, a white dialog box is displayed, describing the function of the icon. + +![Figure 6-System panel](figures/kiran-6.png) + +## 3. Taskbar + +Taskbar: displays running applications or opened documents. You can click an item on the taskbar to maximize or minimize the selected application window. You can right-click an item and choose Maximize, Minimize, or Close the application window from the shortcut menu. + +| Component | Description | +| :------------------------------------------------------ | :------------------------------------------------------------------------------------------------------------------ | +| ![Figure 7-Start Menu](figures/kiran-7.png) | Start Menu button: Similar to the Start button in Windows. When you click it, the cascaded start menu is displayed. | +| ![Figure 8 Workspace button](figures/kiran-8.png) | Click to display the workspaces. | +| ![Figure 9 File browser button](figures/kiran-9.png) | Click to start the file browser to view and manage files. | +| ![Figure 10 Terminal button](figures/kiran-10.png) | Click to start the terminal. | +| ![Figure 11 Web browser button](figures/kiran-11.png) | Click to start the Firefox browser. | +| ![Figure 12 Network control icon](figures/kiran-12.png) | Displays the current network status. Click to modify the network configuration. | +| ![Figure 13-Clock button](figures/kiran-13.png) | Displays the current date and time. You can customize the display style as required. | + +## 4. Control Center + +### 4.1. Start Menu Settings + +Choose **Start Menu** > **Control Center** > **Start Menu** Settings. +You can set the display mode and opacity of the start menu, as shown in the following figure: + +![Figure 14-Start Menu Settings](figures/kiran-14.png) + +The appearance start menu changes based on the opacity and display mode, as shown in the following figure: + +![Figure 15-Start menu](figures/kiran-15.png) + +### 4.2. Greeter Settings + +Choose **Start Menu** > **Control Center** > **Greeter Settings**. +In the Kiran desktop, you can set the login screen appearance by choosing **Greeter Settings** in **Control Center**, including the background image of the login screen, whether to enable automatic login, zoom ratio, whether to allow login by entering the user name, and whether to display the user list, as shown in the following figure: + +![Figure 16-Greeter Settings](figures/kiran-16.png) + +You can also set automatic login. Set the user name and delay for automatic login. After the system is restarted, the user automatically logs in without entering the password. + +![Figure 17 Autologin settings](figures/kiran-17.png) + +### 4.3 Display Settings + +Display attribute customization is required for every desktop environment. The Kiran desktop provides a powerful tool for customizing display attributes. You can choose **Start Menu** > **Control Center** > **Display Settings** to open the **Display Settings** window, as shown in the following figure: + +![Figure 18-Display Settings](figures/kiran-18.png) + +You can set the screen rotation, resolution, refresh rate, zoom rate, and flip. After the settings are complete, click **Apply**. + +### 4.4 Mouse Settings + +Configure the mouse by selecting **Kiran Cpanel Mouse** in **Control Center**. You can select left-hand or right-hand mode, adjust the mouse pointer speed, set whether to scroll naturally, and set whether to enable the middle button emulation by pressing the left and right button simultaneously. The following figure shows the normal mouse setting window: + +![Figure 19-Kiran Cpanel Mouse](figures/kiran-19.png) + +### 4.5. Account Manager + +Account Manager is an easy-to-use tool for managing users and user groups. You can use this tool to: + +1. Add users and set user attributes. +2. Modify user attributes. +3. View user attributes. +4. Delete users. + +User attributes include the user name, password, and login shell. User group attribute indicates the users in the user group. + +#### 4.5.1 Starting Account Manager + +In **Control Center**, choose **Account Manager** to start the account management tool, as shown in the following figure: + +![Figure 20 Account Manager](figures/kiran-20.png) + +In the window, you can see the user list on the left and the detailed information on the right. Currently, all users in the system except the root user are listed. Click a user on the left. The detailed information about the user is displayed, including the user ID and user type. +Click **Create new user**. On the page that is displayed on the right, enter the user name, user type, and password, and change the avatar as required. After setting the attributes, click **Confirm**. + +![Figure 21 Creating an account](figures/kiran-21.png) + +**Note**: If you have set the minimum length of a password (for example, four digits), you must enter a password of at least four digits. Otherwise, the system will not accept the password. + +Click the avatar area to change the avatar. The system has built-in avatars for you to select. You can also add your own avatar and click Confirm to save the settings. + +![Figure 22-Change avatar](figures/kiran-22.png) + +#### 4.5.2. Deleting a User + +Click the user to be deleted in the left area and click **Delete** on the toolbar on the right, as shown in the following figures: + +![Figure 23 Deleting a user](figures/kiran-23.png) +![Figure 24-Confirming the deletion](figures/kiran-24.png) + +In the displayed dialog box, click **No** to cancel the deletion, or click **Yes** to confirm the deletion. + +#### 4.5.3. Advanced Settings + +Choose **Create new user**, enter the user name and password, and then choose **Advanced Settings**. In the displayed dialog box, set the login shell, user ID, and user home directory. + +![Figure 25-Advanced Settings](figures/kiran-25.png) + +### 4.6. Appearance + +Display attribute customization is required for every desktop environment. The Kiran desktop provides a powerful tool for customizing display attributes. Appearance is a tool that provides unified configuration and management for the desktop background, theme, and font of the system. +Choose **Start Menu** > **Control Center** > **Appearance**. The **Appearance** window is displayed, as shown in the following figure: + +![Figure 26-Appearance Preferences](figures/kiran-26.png) + +#### 4.6.1. Theme + +Theme can be used to set the style of the dialog boxes, menus, system panels, and icons in a unified manner or separately according to your preference. + +1. Theme Settings + The system provides multiple themes by default. You can view the theme information in the **Theme** tab page. Click the theme in the **Theme** tab page to set the system theme, as shown in the following figure: + + ![Figure 27 Theme settings](figures/kiran-27.png) + +2. Customizing a Theme + You can click Customize... to customize a theme based on your preferences, as shown in the following figure. Customization options include controls, color, window border, icons, and pointer. + + ![Figure 28-Customize theme](figures/kiran-28.png) + +#### 4.6.2. Background + +You can set the desktop background, including the color and style. + +1. Background image settings + As shown in the following figure, click a wallpaper in the wallpaper area to set it as the desktop wallpaper. + + ![Figure 29-Background Settings](figures/kiran-29.png) + +2. Style + You can choose how the wallpaper fits the screen by choosing a style from the drop-down list. The styles include tile, zoom, center, scale, stretch, and span. + +3. Adding and removing wallpapers + You can click **Add...** to add your own wallpaper, as shown in the following figure: + + ![Figure 30-Add wallpaper](figures/kiran-30.png) + + Click **Open** to add the wallpaper. + You can also click **Remove** to remove wallpapers that you do not like. Simply select a wallpaper and click **Remove**. + +4. Desktop background color filling settings + You can set a color as the background. In the wallpaper tab page, choose **No Desktop Background** to use a color as the background. + The color filling styles include solid color, horizontal gradient, and vertical gradient. + + ![Figure 31-Background color filling](figures/kiran-31.png) + +#### 4.6.3. Font + +1. Font Settings + +You can set the fonts of the GUI of the system. The font styles include application, document, desktop, window title, and fixed width fonts. + +![Figure 32-Font settings](figures/kiran-32.png) + +1. Font rendering and details settings + +Font rendering settings: You can choose one of the following font rendering styles: monochrome, best shapes, best contrast, and subpixel smoothing. +By default, **best shapes** is used, as shown in the following figure: + +![Figure 33 Font rendering settings](figures/kiran-33.png) + +1. Font Details Settings + You can click **Details...** to set the font details. Details settings include resolution, smoothing, hinting, and subpixel order. + +![Figure 34-Font details setting](figures/kiran-34.png) + +You can choose whether to display icons in menus and on buttons. + +![Figure 35-Icon display settings](figures/kiran-35.png) + +## 5. Desktop Applications + +### 5.1. Text Editor + +To launch the text editor, click **Start Menu**> **All applications** > **Utilities**> **Pluma**. You can also start the text editor by entering **pluma** in the shell prompt. +A text editor is one of the most commonly used tools in all computer systems. Whether to you are creating a plain text file, data file, or source program, you need to use an editor. The text editor is used to view and modify plain text files. Plain text files, such as system logs and configuration files, are common text files that do not contain fonts or style formats. + +![Figure 36-Text editor](figures/kiran-36.png) + +### 5.2. Terminal + +In the desktop environment, you can use the Terminal application to enter the command line interface. To start Terminal, choose **Start Menu** > **All applications** > **Utilities** > **Terminal**, or click the icon on the desktop panel. + +![Figure 37-Terminal](figures/kiran-37.png) + +### 5.3. Firefox + +To launch Firefox, click **Start Menu** > **All applications** > **Network** > **Firefox**. +Firefox is a free and open source web browser. It uses the Gecko rendering engine and supports multiple operating systems, such as Windows, Mac OS X, and GNU/Linux. Firefox is small in size, fast in speed, and has other advanced features, such as tabbed browsing, faster loading speed, pop-up blocker, customizable toolbar, extension management, better search features, and a convenient sidebar. + +![Figure 38 Firefox](figures/kiran-38.png) + +### 5.4 Screenshot Tool + +Choose **Start Menu** > **All applications** > **Graphics** > **Screenshot tool** to start the screenshot tool. +Screenshot tool is a small and flexible screenshot software of the Kiran desktop. The operation UI is simple and easy to use. When the software is started, the icon of the screenshot tool is added to the tray. + +![Figure 39-Screenshot icon in the tray](figures/kiran-39.png) + +Click the icon to display the screenshot interface. You can select the screenshot area. You can right-click the icon and choose Open Launcher to set the capture area and delay. + +![Figure 40-Screenshot UI](figures/kiran-40.png) +![Figure 41-Launcher UI](figures/kiran-41.png) + +In the displayed dialog box, click **√** to save the file to the desktop, or choose Options and select a custom save location, as shown in the following figure: + +![Figure 42-Screenshot process](figures/kiran-42.png) + +### 5.5 Network Settings + +The Kiran desktop uses NetworkManager as the network configuration tool. NetworkManager can set, configure, and manage various network types, and provides advanced support for mobile broadband devices, Bluetooth, and IPv6 protocol. Choose Start Menu > **Control Center** > **Advanced Network Configuration**, or right-click the network icon in the lower right corner of the desktop and choose **Edit Connections...**, as shown in the following figure: + +![Figure 43-NetworkManager](figures/kiran-43.png) + +Wired connection settings: +Select the current NIC. For example, **ens33** is the NIC of the current system. Select the NIC and click the edit button. The NIC editing dialog box is displayed: + +![Figure 44 Editing an NIC](figures/kiran-44.png) + +IPv4 Settings are frequently used. In this example, DHCP is selected to obtain the IP address and DNS server. The system automatically obtains an IP address for the user. +When you need to manually enter the IP address, select **Manual** from the **Method** drop-down list, as shown in the following figure: + +![Figure 45 IPv4 settings](figures/kiran-45.png) + +Click **Add**, enter the IP address, subnet mask, gateway, and DNS server, as shown in the following figure: + +![Figure 46 Setting the network IP address and DNS](figures/kiran-46.png) + +Enter the IP address, subnet mask, gateway, and DNS, and Click **Save**. Click the network icon in the lower right corner of the desktop, choose **Disconnect** to disconnect from the network, and then reconnect to the network. + +--- + +### 5.6. Time and Date Manager + +To set the date and time, select **Time And Date Manager** in **Control Center**, or click the date area in the lower right corner of the desktop. The following window is displayed: + +![Figure 47 Time And Date Manager](figures/kiran-47.png) + +Automatic synchronization: Enable **Automatic synchronization** and connect to the Internet to automatically synchronize the date and time. +Time zone settings: Click **Change Time Zone**, select a time zone from the list on the right, and then click **Save**. + +![Figure 48 Change Time Zone](figures/kiran-48.png) + +Manually set the time: Disable **Automatic synchronization** and click **Set Time Manually** to manually set the year, month, day, and time. After the modification is complete, click **Save**. + +![Figure 49 Set Time Manually](figures/kiran-49.png) + +Modifying the date format: Click **Time date format setting** to modify the date format. You can set the long and short date display formats, time format, and whether to display seconds. + +![Figure 50 Time date format setting](figures/kiran-50.png) diff --git a/docs/en/tools/desktop/ukui/_toc.yaml b/docs/en/tools/desktop/ukui/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..16134a0760d117da519e465b1ea69c129d28e38d --- /dev/null +++ b/docs/en/tools/desktop/ukui/_toc.yaml @@ -0,0 +1,10 @@ +label: UKUI User Guide +isManual: true +description: Install and use UKUI. +sections: + - label: UKUI + href: ./ukui.md + - label: Installing UKUI + href: ./ukui_installation.md + - label: Using UKUI + href: ./ukui_userguide.md diff --git a/docs/en/tools/desktop/ukui/figures/.keep b/docs/en/tools/desktop/ukui/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/tools/desktop/ukui/figures/1.png b/docs/en/tools/desktop/ukui/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/10.png b/docs/en/tools/desktop/ukui/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/10.png differ diff --git a/docs/en/tools/desktop/ukui/figures/11.png b/docs/en/tools/desktop/ukui/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/11.png differ diff --git a/docs/en/tools/desktop/ukui/figures/12.png b/docs/en/tools/desktop/ukui/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/12.png differ diff --git a/docs/en/tools/desktop/ukui/figures/13.png b/docs/en/tools/desktop/ukui/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/13.png differ diff --git a/docs/en/tools/desktop/ukui/figures/14.png b/docs/en/tools/desktop/ukui/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/14.png differ diff --git a/docs/en/tools/desktop/ukui/figures/15.png b/docs/en/tools/desktop/ukui/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/15.png differ diff --git a/docs/en/tools/desktop/ukui/figures/16.png b/docs/en/tools/desktop/ukui/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/16.png differ diff --git a/docs/en/tools/desktop/ukui/figures/17.png b/docs/en/tools/desktop/ukui/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/17.png differ diff --git a/docs/en/tools/desktop/ukui/figures/18.png b/docs/en/tools/desktop/ukui/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/18.png differ diff --git a/docs/en/tools/desktop/ukui/figures/19.png b/docs/en/tools/desktop/ukui/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/19.png differ diff --git a/docs/en/tools/desktop/ukui/figures/2.png b/docs/en/tools/desktop/ukui/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/2.png differ diff --git a/docs/en/tools/desktop/ukui/figures/20.png b/docs/en/tools/desktop/ukui/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/20.png differ diff --git a/docs/en/tools/desktop/ukui/figures/21.png b/docs/en/tools/desktop/ukui/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/21.png differ diff --git a/docs/en/tools/desktop/ukui/figures/22.png b/docs/en/tools/desktop/ukui/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/22.png differ diff --git a/docs/en/tools/desktop/ukui/figures/23.png b/docs/en/tools/desktop/ukui/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/23.png differ diff --git a/docs/en/tools/desktop/ukui/figures/24.png b/docs/en/tools/desktop/ukui/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/24.png differ diff --git a/docs/en/tools/desktop/ukui/figures/25.png b/docs/en/tools/desktop/ukui/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/25.png differ diff --git a/docs/en/tools/desktop/ukui/figures/26.png b/docs/en/tools/desktop/ukui/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/26.png differ diff --git a/docs/en/tools/desktop/ukui/figures/27.png b/docs/en/tools/desktop/ukui/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/27.png differ diff --git a/docs/en/tools/desktop/ukui/figures/28.png b/docs/en/tools/desktop/ukui/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/28.png differ diff --git a/docs/en/tools/desktop/ukui/figures/29.png b/docs/en/tools/desktop/ukui/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/29.png differ diff --git a/docs/en/tools/desktop/ukui/figures/3.png b/docs/en/tools/desktop/ukui/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/3.png differ diff --git a/docs/en/tools/desktop/ukui/figures/30.png b/docs/en/tools/desktop/ukui/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/30.png differ diff --git a/docs/en/tools/desktop/ukui/figures/31.png b/docs/en/tools/desktop/ukui/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/31.png differ diff --git a/docs/en/tools/desktop/ukui/figures/32.png b/docs/en/tools/desktop/ukui/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/32.png differ diff --git a/docs/en/tools/desktop/ukui/figures/33.png b/docs/en/tools/desktop/ukui/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/33.png differ diff --git a/docs/en/tools/desktop/ukui/figures/34.png b/docs/en/tools/desktop/ukui/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/34.png differ diff --git a/docs/en/tools/desktop/ukui/figures/35.png b/docs/en/tools/desktop/ukui/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/35.png differ diff --git a/docs/en/tools/desktop/ukui/figures/36.png b/docs/en/tools/desktop/ukui/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/36.png differ diff --git a/docs/en/tools/desktop/ukui/figures/37.png b/docs/en/tools/desktop/ukui/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/37.png differ diff --git a/docs/en/tools/desktop/ukui/figures/38.png b/docs/en/tools/desktop/ukui/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/38.png differ diff --git a/docs/en/tools/desktop/ukui/figures/39.png b/docs/en/tools/desktop/ukui/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/39.png differ diff --git a/docs/en/tools/desktop/ukui/figures/4.png b/docs/en/tools/desktop/ukui/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/4.png differ diff --git a/docs/en/tools/desktop/ukui/figures/40.png b/docs/en/tools/desktop/ukui/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/40.png differ diff --git a/docs/en/tools/desktop/ukui/figures/41.png b/docs/en/tools/desktop/ukui/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/41.png differ diff --git a/docs/en/tools/desktop/ukui/figures/42.png b/docs/en/tools/desktop/ukui/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/42.png differ diff --git a/docs/en/tools/desktop/ukui/figures/43.jpg b/docs/en/tools/desktop/ukui/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/43.jpg differ diff --git a/docs/en/tools/desktop/ukui/figures/44.png b/docs/en/tools/desktop/ukui/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/44.png differ diff --git a/docs/en/tools/desktop/ukui/figures/45.png b/docs/en/tools/desktop/ukui/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/45.png differ diff --git a/docs/en/tools/desktop/ukui/figures/46.png b/docs/en/tools/desktop/ukui/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/46.png differ diff --git a/docs/en/tools/desktop/ukui/figures/47.jpg b/docs/en/tools/desktop/ukui/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/47.jpg differ diff --git a/docs/en/tools/desktop/ukui/figures/48.png b/docs/en/tools/desktop/ukui/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/48.png differ diff --git a/docs/en/tools/desktop/ukui/figures/49.png b/docs/en/tools/desktop/ukui/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/49.png differ diff --git a/docs/en/tools/desktop/ukui/figures/5.png b/docs/en/tools/desktop/ukui/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/5.png differ diff --git a/docs/en/tools/desktop/ukui/figures/50.png b/docs/en/tools/desktop/ukui/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/50.png differ diff --git a/docs/en/tools/desktop/ukui/figures/51.png b/docs/en/tools/desktop/ukui/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/51.png differ diff --git a/docs/en/tools/desktop/ukui/figures/52.png b/docs/en/tools/desktop/ukui/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/52.png differ diff --git a/docs/en/tools/desktop/ukui/figures/53.png b/docs/en/tools/desktop/ukui/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/53.png differ diff --git a/docs/en/tools/desktop/ukui/figures/54.png b/docs/en/tools/desktop/ukui/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/54.png differ diff --git a/docs/en/tools/desktop/ukui/figures/56.png b/docs/en/tools/desktop/ukui/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/56.png differ diff --git a/docs/en/tools/desktop/ukui/figures/57.png b/docs/en/tools/desktop/ukui/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/57.png differ diff --git a/docs/en/tools/desktop/ukui/figures/58.png b/docs/en/tools/desktop/ukui/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/58.png differ diff --git a/docs/en/tools/desktop/ukui/figures/59.png b/docs/en/tools/desktop/ukui/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/59.png differ diff --git a/docs/en/tools/desktop/ukui/figures/6.png b/docs/en/tools/desktop/ukui/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/6.png differ diff --git a/docs/en/tools/desktop/ukui/figures/60.jpg b/docs/en/tools/desktop/ukui/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/60.jpg differ diff --git a/docs/en/tools/desktop/ukui/figures/61.png b/docs/en/tools/desktop/ukui/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/61.png differ diff --git a/docs/en/tools/desktop/ukui/figures/62.png b/docs/en/tools/desktop/ukui/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/62.png differ diff --git a/docs/en/tools/desktop/ukui/figures/63.jpg b/docs/en/tools/desktop/ukui/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/63.jpg differ diff --git a/docs/en/tools/desktop/ukui/figures/63.png b/docs/en/tools/desktop/ukui/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/63.png differ diff --git a/docs/en/tools/desktop/ukui/figures/64.png b/docs/en/tools/desktop/ukui/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/64.png differ diff --git a/docs/en/tools/desktop/ukui/figures/7.png b/docs/en/tools/desktop/ukui/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/7.png differ diff --git a/docs/en/tools/desktop/ukui/figures/8.png b/docs/en/tools/desktop/ukui/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/8.png differ diff --git a/docs/en/tools/desktop/ukui/figures/9.png b/docs/en/tools/desktop/ukui/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/9.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-01.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-01.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-02.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-02.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-03.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-03.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-04.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-04.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-05.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-05.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-06.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-06.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-07.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-07.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-08.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-08.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-09.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-09.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-10.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-10.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-11.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-11.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-12.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-12.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-13.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-13.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-14.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-14.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-15.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-15.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-16.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-16.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-17.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-17.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-18.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-18.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-19.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-19.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-20.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-20.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-21.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-21.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-22.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-22.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-23.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-23.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-24.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-24.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-25.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-25.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-26.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-26.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-27.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-27.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-28.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-28.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-29.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-29.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-30-0.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-30-0.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-30-1.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-30-1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-31.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-31.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-32.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-32.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-33.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-33.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-34.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-34.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-35-0.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-35-0.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-35-1.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-35-1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-36.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-36.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-37.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-37.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-38.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-38.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-39.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-39.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-40.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-40.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-41-0.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-41-0.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-41-1.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-41-1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-42.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-42.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-43.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-43.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-44.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-44.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-45.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-45.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-46.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-46.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-47.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-47.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-48.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-48.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-49.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-49.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-50.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-50.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-51.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-51.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-52.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-52.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-53.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-53.png differ diff --git a/docs/en/tools/desktop/ukui/figures/Cinnamon-54.png b/docs/en/tools/desktop/ukui/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/Cinnamon-54.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-add-resource.png b/docs/en/tools/desktop/ukui/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-add-resource.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-apache-show.png b/docs/en/tools/desktop/ukui/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-apache-show.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-apache-suc.png b/docs/en/tools/desktop/ukui/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-apache-suc.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-api.png b/docs/en/tools/desktop/ukui/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-api.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-clone-suc.png b/docs/en/tools/desktop/ukui/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-clone-suc.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-clone.png b/docs/en/tools/desktop/ukui/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-clone.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-corosync.png b/docs/en/tools/desktop/ukui/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-corosync.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-firstchoice-cmd.png b/docs/en/tools/desktop/ukui/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-firstchoice-cmd.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-firstchoice.png b/docs/en/tools/desktop/ukui/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-firstchoice.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-group-new-suc.png b/docs/en/tools/desktop/ukui/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-group-new-suc.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-group-new-suc2.png b/docs/en/tools/desktop/ukui/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-group-new-suc2.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-group-new.png b/docs/en/tools/desktop/ukui/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-group-new.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-group-suc.png b/docs/en/tools/desktop/ukui/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-group-suc.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-group.png b/docs/en/tools/desktop/ukui/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-group.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-home-page.png b/docs/en/tools/desktop/ukui/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-home-page.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-login.png b/docs/en/tools/desktop/ukui/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-login.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-mariadb-suc.png b/docs/en/tools/desktop/ukui/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-mariadb-suc.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-mariadb.png b/docs/en/tools/desktop/ukui/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-mariadb.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-nfs-suc.png b/docs/en/tools/desktop/ukui/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-nfs-suc.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-nfs.png b/docs/en/tools/desktop/ukui/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-nfs.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-pacemaker.png b/docs/en/tools/desktop/ukui/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-pacemaker.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-pcs-status.png b/docs/en/tools/desktop/ukui/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-pcs-status.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-pcs.png b/docs/en/tools/desktop/ukui/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-pcs.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-qdevice.png b/docs/en/tools/desktop/ukui/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-qdevice.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-refresh.png b/docs/en/tools/desktop/ukui/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-refresh.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-vip-suc.png b/docs/en/tools/desktop/ukui/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-vip-suc.png differ diff --git a/docs/en/tools/desktop/ukui/figures/HA-vip.png b/docs/en/tools/desktop/ukui/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/HA-vip.png differ diff --git a/docs/en/tools/desktop/ukui/figures/dde-1.png b/docs/en/tools/desktop/ukui/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/dde-1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/dde-2.png b/docs/en/tools/desktop/ukui/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/dde-2.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-1.png b/docs/en/tools/desktop/ukui/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-10.png b/docs/en/tools/desktop/ukui/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-10.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-11.png b/docs/en/tools/desktop/ukui/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-11.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-12.png b/docs/en/tools/desktop/ukui/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-12.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-13.png b/docs/en/tools/desktop/ukui/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-13.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-14.png b/docs/en/tools/desktop/ukui/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-14.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-15.png b/docs/en/tools/desktop/ukui/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-15.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-16.png b/docs/en/tools/desktop/ukui/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-16.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-17.png b/docs/en/tools/desktop/ukui/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-17.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-18.png b/docs/en/tools/desktop/ukui/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-18.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-19.png b/docs/en/tools/desktop/ukui/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-19.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-2.png b/docs/en/tools/desktop/ukui/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-2.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-20.png b/docs/en/tools/desktop/ukui/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-20.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-21.png b/docs/en/tools/desktop/ukui/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-21.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-22.png b/docs/en/tools/desktop/ukui/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-22.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-23.png b/docs/en/tools/desktop/ukui/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-23.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-24.png b/docs/en/tools/desktop/ukui/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-24.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-25.png b/docs/en/tools/desktop/ukui/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-25.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-26.png b/docs/en/tools/desktop/ukui/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-26.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-27.png b/docs/en/tools/desktop/ukui/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-27.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-28.png b/docs/en/tools/desktop/ukui/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-28.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-29.png b/docs/en/tools/desktop/ukui/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-29.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-3.png b/docs/en/tools/desktop/ukui/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-3.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-30.png b/docs/en/tools/desktop/ukui/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-30.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-31.png b/docs/en/tools/desktop/ukui/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-31.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-32.png b/docs/en/tools/desktop/ukui/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-32.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-33.png b/docs/en/tools/desktop/ukui/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-33.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-34.png b/docs/en/tools/desktop/ukui/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-34.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-35.png b/docs/en/tools/desktop/ukui/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-35.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-36.png b/docs/en/tools/desktop/ukui/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-36.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-37.png b/docs/en/tools/desktop/ukui/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-37.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-38.png b/docs/en/tools/desktop/ukui/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-38.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-39.png b/docs/en/tools/desktop/ukui/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-39.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-4.png b/docs/en/tools/desktop/ukui/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-4.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-40.png b/docs/en/tools/desktop/ukui/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-40.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-41.png b/docs/en/tools/desktop/ukui/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-41.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-42.png b/docs/en/tools/desktop/ukui/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-42.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-43.png b/docs/en/tools/desktop/ukui/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-43.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-44.png b/docs/en/tools/desktop/ukui/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-44.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-45.png b/docs/en/tools/desktop/ukui/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-45.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-46.png b/docs/en/tools/desktop/ukui/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-46.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-47.png b/docs/en/tools/desktop/ukui/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-47.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-48.png b/docs/en/tools/desktop/ukui/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-48.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-49.png b/docs/en/tools/desktop/ukui/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-49.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-5.png b/docs/en/tools/desktop/ukui/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-5.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-50.png b/docs/en/tools/desktop/ukui/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-50.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-51.png b/docs/en/tools/desktop/ukui/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-51.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-52.png b/docs/en/tools/desktop/ukui/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-52.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-53.png b/docs/en/tools/desktop/ukui/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-53.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-54.png b/docs/en/tools/desktop/ukui/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-54.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-55.png b/docs/en/tools/desktop/ukui/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-55.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-56.png b/docs/en/tools/desktop/ukui/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-56.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-57.png b/docs/en/tools/desktop/ukui/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-57.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-58.png b/docs/en/tools/desktop/ukui/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-58.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-59.png b/docs/en/tools/desktop/ukui/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-59.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-6.png b/docs/en/tools/desktop/ukui/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-6.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-7.png b/docs/en/tools/desktop/ukui/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-7.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-8.png b/docs/en/tools/desktop/ukui/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-8.png differ diff --git a/docs/en/tools/desktop/ukui/figures/gnome-9.png b/docs/en/tools/desktop/ukui/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/gnome-9.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon1.png b/docs/en/tools/desktop/ukui/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon10-o.png b/docs/en/tools/desktop/ukui/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon10-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon101-o.svg b/docs/en/tools/desktop/ukui/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon103-o.svg b/docs/en/tools/desktop/ukui/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon105-o.svg b/docs/en/tools/desktop/ukui/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon107-o.svg b/docs/en/tools/desktop/ukui/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon11-o.png b/docs/en/tools/desktop/ukui/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon11-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon110-o.svg b/docs/en/tools/desktop/ukui/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon111-o.svg b/docs/en/tools/desktop/ukui/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon112-o.svg b/docs/en/tools/desktop/ukui/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon116-o.svg b/docs/en/tools/desktop/ukui/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon12-o.png b/docs/en/tools/desktop/ukui/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon12-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon120-o.svg b/docs/en/tools/desktop/ukui/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon122-o.svg b/docs/en/tools/desktop/ukui/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon124-o.svg b/docs/en/tools/desktop/ukui/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon125-o.svg b/docs/en/tools/desktop/ukui/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon126-o.svg b/docs/en/tools/desktop/ukui/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon127-o.svg b/docs/en/tools/desktop/ukui/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon128-o.svg b/docs/en/tools/desktop/ukui/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon13-o.png b/docs/en/tools/desktop/ukui/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon13-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon132-o.svg b/docs/en/tools/desktop/ukui/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon133-o.svg b/docs/en/tools/desktop/ukui/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon134-o.svg b/docs/en/tools/desktop/ukui/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon135-o.svg b/docs/en/tools/desktop/ukui/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon136-o.svg b/docs/en/tools/desktop/ukui/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon14-o.png b/docs/en/tools/desktop/ukui/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon14-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon15-o.png b/docs/en/tools/desktop/ukui/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon15-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon16.png b/docs/en/tools/desktop/ukui/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon16.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon17.png b/docs/en/tools/desktop/ukui/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon17.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon18.png b/docs/en/tools/desktop/ukui/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon18.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon19-o.png b/docs/en/tools/desktop/ukui/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon19-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon2.png b/docs/en/tools/desktop/ukui/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon2.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon20.png b/docs/en/tools/desktop/ukui/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon20.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon21.png b/docs/en/tools/desktop/ukui/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon21.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon22.png b/docs/en/tools/desktop/ukui/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon22.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon23.png b/docs/en/tools/desktop/ukui/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon23.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon24.png b/docs/en/tools/desktop/ukui/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon24.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon25.png b/docs/en/tools/desktop/ukui/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon25.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon26-o.png b/docs/en/tools/desktop/ukui/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon26-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon27-o.png b/docs/en/tools/desktop/ukui/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon27-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon28-o.png b/docs/en/tools/desktop/ukui/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon28-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon29-o.png b/docs/en/tools/desktop/ukui/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon29-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon3.png b/docs/en/tools/desktop/ukui/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon3.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon30-o.png b/docs/en/tools/desktop/ukui/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon30-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon31-o.png b/docs/en/tools/desktop/ukui/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon31-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon32.png b/docs/en/tools/desktop/ukui/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon32.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon33.png b/docs/en/tools/desktop/ukui/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon33.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon34.png b/docs/en/tools/desktop/ukui/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon34.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon35.png b/docs/en/tools/desktop/ukui/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon35.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon36.png b/docs/en/tools/desktop/ukui/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon36.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon37.png b/docs/en/tools/desktop/ukui/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon37.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon38.png b/docs/en/tools/desktop/ukui/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon38.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon39.png b/docs/en/tools/desktop/ukui/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon39.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon4.png b/docs/en/tools/desktop/ukui/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon4.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon40.png b/docs/en/tools/desktop/ukui/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon40.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon41.png b/docs/en/tools/desktop/ukui/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon41.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon42-o.png b/docs/en/tools/desktop/ukui/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon42-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon42.png b/docs/en/tools/desktop/ukui/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon42.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon43-o.png b/docs/en/tools/desktop/ukui/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon43-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon44-o.png b/docs/en/tools/desktop/ukui/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon44-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon45-o.png b/docs/en/tools/desktop/ukui/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon45-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon46-o.png b/docs/en/tools/desktop/ukui/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon46-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon47-o.png b/docs/en/tools/desktop/ukui/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon47-o.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon49-o.svg b/docs/en/tools/desktop/ukui/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon5.png b/docs/en/tools/desktop/ukui/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon5.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon50-o.svg b/docs/en/tools/desktop/ukui/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon52-o.svg b/docs/en/tools/desktop/ukui/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon53-o.svg b/docs/en/tools/desktop/ukui/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon54-o.svg b/docs/en/tools/desktop/ukui/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon56-o.svg b/docs/en/tools/desktop/ukui/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon57-o.svg b/docs/en/tools/desktop/ukui/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon58-o.svg b/docs/en/tools/desktop/ukui/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon6.png b/docs/en/tools/desktop/ukui/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon6.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon62-o.svg b/docs/en/tools/desktop/ukui/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon63-o.svg b/docs/en/tools/desktop/ukui/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon66-o.svg b/docs/en/tools/desktop/ukui/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon68-o.svg b/docs/en/tools/desktop/ukui/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon69-o.svg b/docs/en/tools/desktop/ukui/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon7.png b/docs/en/tools/desktop/ukui/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon7.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon70-o.svg b/docs/en/tools/desktop/ukui/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon71-o.svg b/docs/en/tools/desktop/ukui/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon72-o.svg b/docs/en/tools/desktop/ukui/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon73-o.svg b/docs/en/tools/desktop/ukui/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon75-o.svg b/docs/en/tools/desktop/ukui/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon8.png b/docs/en/tools/desktop/ukui/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon8.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon83-o.svg b/docs/en/tools/desktop/ukui/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon84-o.svg b/docs/en/tools/desktop/ukui/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon86-o.svg b/docs/en/tools/desktop/ukui/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon88-o.svg b/docs/en/tools/desktop/ukui/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon9.png b/docs/en/tools/desktop/ukui/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/icon9.png differ diff --git a/docs/en/tools/desktop/ukui/figures/icon90-o.svg b/docs/en/tools/desktop/ukui/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon92-o.svg b/docs/en/tools/desktop/ukui/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/icon94-o.svg b/docs/en/tools/desktop/ukui/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon97-o.svg b/docs/en/tools/desktop/ukui/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/tools/desktop/ukui/figures/icon99-o.svg b/docs/en/tools/desktop/ukui/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/en/tools/desktop/ukui/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/en/tools/desktop/ukui/figures/kiran-1.png b/docs/en/tools/desktop/ukui/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-10.png b/docs/en/tools/desktop/ukui/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-10.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-11.png b/docs/en/tools/desktop/ukui/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-11.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-12.png b/docs/en/tools/desktop/ukui/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-12.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-13.png b/docs/en/tools/desktop/ukui/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-13.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-14.png b/docs/en/tools/desktop/ukui/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-14.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-15.png b/docs/en/tools/desktop/ukui/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-15.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-16.png b/docs/en/tools/desktop/ukui/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-16.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-17.png b/docs/en/tools/desktop/ukui/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-17.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-18.png b/docs/en/tools/desktop/ukui/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-18.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-19.png b/docs/en/tools/desktop/ukui/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-19.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-2.png b/docs/en/tools/desktop/ukui/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-2.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-20.png b/docs/en/tools/desktop/ukui/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-20.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-21.png b/docs/en/tools/desktop/ukui/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-21.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-22.png b/docs/en/tools/desktop/ukui/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-22.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-23.png b/docs/en/tools/desktop/ukui/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-23.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-24.png b/docs/en/tools/desktop/ukui/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-24.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-25.png b/docs/en/tools/desktop/ukui/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-25.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-26.png b/docs/en/tools/desktop/ukui/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-26.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-27.png b/docs/en/tools/desktop/ukui/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-27.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-28.png b/docs/en/tools/desktop/ukui/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-28.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-29.png b/docs/en/tools/desktop/ukui/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-29.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-3.png b/docs/en/tools/desktop/ukui/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-3.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-30.png b/docs/en/tools/desktop/ukui/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-30.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-31.png b/docs/en/tools/desktop/ukui/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-31.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-32.png b/docs/en/tools/desktop/ukui/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-32.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-33.png b/docs/en/tools/desktop/ukui/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-33.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-34.png b/docs/en/tools/desktop/ukui/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-34.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-35.png b/docs/en/tools/desktop/ukui/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-35.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-36.png b/docs/en/tools/desktop/ukui/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-36.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-37.png b/docs/en/tools/desktop/ukui/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-37.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-38.png b/docs/en/tools/desktop/ukui/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-38.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-39.png b/docs/en/tools/desktop/ukui/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-39.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-4.png b/docs/en/tools/desktop/ukui/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-4.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-40.png b/docs/en/tools/desktop/ukui/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-40.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-41.png b/docs/en/tools/desktop/ukui/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-41.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-42.png b/docs/en/tools/desktop/ukui/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-42.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-43.png b/docs/en/tools/desktop/ukui/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-43.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-44.png b/docs/en/tools/desktop/ukui/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-44.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-45.png b/docs/en/tools/desktop/ukui/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-45.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-46.png b/docs/en/tools/desktop/ukui/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-46.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-47.png b/docs/en/tools/desktop/ukui/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-47.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-48.png b/docs/en/tools/desktop/ukui/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-48.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-49.png b/docs/en/tools/desktop/ukui/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-49.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-5.png b/docs/en/tools/desktop/ukui/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-5.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-50.png b/docs/en/tools/desktop/ukui/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-50.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-6.png b/docs/en/tools/desktop/ukui/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-6.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-7.png b/docs/en/tools/desktop/ukui/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-7.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-8.png b/docs/en/tools/desktop/ukui/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-8.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kiran-9.png b/docs/en/tools/desktop/ukui/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kiran-9.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kubesphere-console.png b/docs/en/tools/desktop/ukui/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kubesphere-console.png differ diff --git a/docs/en/tools/desktop/ukui/figures/kubesphere.png b/docs/en/tools/desktop/ukui/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/kubesphere.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-1.png b/docs/en/tools/desktop/ukui/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-1.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-2.png b/docs/en/tools/desktop/ukui/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-2.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-3.png b/docs/en/tools/desktop/ukui/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-3.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-4.png b/docs/en/tools/desktop/ukui/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-4.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-5.png b/docs/en/tools/desktop/ukui/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-5.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-6.png b/docs/en/tools/desktop/ukui/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-6.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-7.png b/docs/en/tools/desktop/ukui/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-7.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-71.png b/docs/en/tools/desktop/ukui/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-71.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-8.png b/docs/en/tools/desktop/ukui/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-8.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-81.png b/docs/en/tools/desktop/ukui/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-81.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-811.png b/docs/en/tools/desktop/ukui/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-811.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-812.png b/docs/en/tools/desktop/ukui/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-812.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-813.png b/docs/en/tools/desktop/ukui/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-813.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-814.png b/docs/en/tools/desktop/ukui/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-814.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-82.png b/docs/en/tools/desktop/ukui/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-82.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-821.png b/docs/en/tools/desktop/ukui/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-821.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-83.png b/docs/en/tools/desktop/ukui/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-83.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-831.png b/docs/en/tools/desktop/ukui/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-831.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-832.png b/docs/en/tools/desktop/ukui/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-832.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-84.png b/docs/en/tools/desktop/ukui/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-84.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-841.png b/docs/en/tools/desktop/ukui/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-841.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-842.png b/docs/en/tools/desktop/ukui/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-842.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-85.png b/docs/en/tools/desktop/ukui/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-85.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-851.png b/docs/en/tools/desktop/ukui/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-851.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-86.png b/docs/en/tools/desktop/ukui/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-86.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-861.png b/docs/en/tools/desktop/ukui/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-861.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-87.png b/docs/en/tools/desktop/ukui/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-87.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-9.png b/docs/en/tools/desktop/ukui/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-9.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-91.png b/docs/en/tools/desktop/ukui/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-91.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-911.png b/docs/en/tools/desktop/ukui/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-911.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-92.png b/docs/en/tools/desktop/ukui/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-92.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-921.png b/docs/en/tools/desktop/ukui/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-921.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-93.png b/docs/en/tools/desktop/ukui/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-93.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-931.png b/docs/en/tools/desktop/ukui/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-931.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-94.png b/docs/en/tools/desktop/ukui/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-94.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-941.png b/docs/en/tools/desktop/ukui/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-941.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-95.png b/docs/en/tools/desktop/ukui/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-95.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-951.png b/docs/en/tools/desktop/ukui/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-951.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-96.png b/docs/en/tools/desktop/ukui/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-96.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-961.png b/docs/en/tools/desktop/ukui/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-961.png differ diff --git a/docs/en/tools/desktop/ukui/figures/xfce-962.png b/docs/en/tools/desktop/ukui/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/en/tools/desktop/ukui/figures/xfce-962.png differ diff --git a/docs/en/tools/desktop/ukui/ukui.md b/docs/en/tools/desktop/ukui/ukui.md new file mode 100644 index 0000000000000000000000000000000000000000..91fd9e42a5f32afea46998115147498fcc06d024 --- /dev/null +++ b/docs/en/tools/desktop/ukui/ukui.md @@ -0,0 +1,3 @@ +# UKUI User Guide + +This chapter describes how to install and use the UKUI desktop environment. diff --git a/docs/en/tools/desktop/ukui/ukui_installation.md b/docs/en/tools/desktop/ukui/ukui_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..df992cb81e772eeecd010ad4bb5e9ef3040e9a4f --- /dev/null +++ b/docs/en/tools/desktop/ukui/ukui_installation.md @@ -0,0 +1,28 @@ +# UKUI Installation + +UKUI is a Linux desktop built by the KylinSoft software team over the years, primarily based on GTK and QT. Compared to other UI interfaces, UKUI is easy to use. The components of UKUI are small and low coupling, can run alone without relying on other suites. It can provide user a friendly and efficient experience. + +UKUI supports both x86_64 and aarch64 architectures. + +You are advised to create an administrator user before installing UKUI. + +1. Download openEuler ISO and update the software source. + + ```shell + sudo dnf update + ``` + +2. Install UKUI. + + ```shell + sudo dnf install ukui + ``` + +3. If you want to set the system to start with the graphical interface after confirming the installation, run the following command and reboot the system (`reboot`). + + ```shell + systemctl set-default graphical.target + ``` + +UKUI is constantly updated. Please check the latest installation method: +[https://gitee.com/openeuler/ukui](https://gitee.com/openeuler/ukui) diff --git a/docs/en/tools/desktop/ukui/ukui_userguide.md b/docs/en/tools/desktop/ukui/ukui_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..b83ee3007186d46635695105c1c407887cd4c65f --- /dev/null +++ b/docs/en/tools/desktop/ukui/ukui_userguide.md @@ -0,0 +1,380 @@ +# UKUI Desktop Environment + +## Overview + +Desktop Environment is the basis for the user's operation on the graphical interface, and provides multiple functions including taskbar, start menu, etc. The main interface is shown in figure below. + +![Fig. 1 Desktop main interface-big](./figures/1.png) + +## Desktop + +### Desktop Icons + +The system places three icons Computer, Recycle Bin and Personal by default, and double click the left mouse button to open the page. The functions are shown in table below. + +| Icon | Description | +| :------------ | :------------ | +| ![](./figures/icon1.png) | Computer: Show the drives and hardwares connected to the machine| +| ![](./figures/icon2.png) | Recycle Bin: Show documents that have been diverted| +| ![](./figures/icon3.png) | Personal: Show personal home directory| + +In addition, right-clicking "Computer" and selecting "Properties", it can show the current system version, kernel version, activation and other related information. + +![Fig. 2 "Computer" - "Properties"-big](./figures/2.png) + +### Right-click Menu + +Right-click on the desktop blank and a menu appears as shown in figure below, providing the users with some shortcut features. + +![Fig. 3 Right-click Menu](./figures/3.png) + +Some of the options are described in table below. + +| Option | Description | +| :------------ | :------------ | +| New | Create new folders, text documents, WPS files | +| View type | Four view types are available: small icon, medium icon, large icon, super large icon | +| Sort by | Four ways to arrange documents according to name, type of document, size and date of modification | + +## Taskbar + +### Basic Function + +Taskbar is located at the bottom and includes the Start Menu, Multi View Switch, File Browser, Firefox Web Browser, WPS, and Tray Menu. + +![Fig. 4 Taskbar](./figures/4.png) + +| Component | Description | +| :------------ | :------------ | +|![](./figures/icon4.png)| Start menu: Open the system menu to find applications and files | +|![](./figures/icon5.png)| Multi View Switch: Operate in multiple workspaces without interfering with each other | +|![](./figures/icon6.png)| File Browser: Browse and manage documents in the system | +|![](./figures/icon7.png)| Firefox Web Browser: Provide a convenient and safe way to access the Internet | +|![](./figures/icon8.png)| WPS: Realize the most common functions of office software such as text, forms, presentations, and more | +|Window Display Area| The blank part in the middle of the horizontal bar. Display running programs, opened documents, and allow users to close the windows, top the windows, etc | +|![](./figures/icon9.png)| Tray Menu: Include settings for voice, Kylin weather,input method, internet connection, notification center, date, and night mode | +|Show Desktop| The button is on the far right. Minimize all windows on the desktop and return to the desktop; Clicking again will restore the windows | + +#### Multi View Switch + +Click the icon "![](./figures/icon10-o.png)" on the taskbar to enter the interface shown in figure below, and select the operation area that users need to work on at the moment in multiple work areas. + +![Fig. 5 Multi View Switch-big](./figures/5.png) + +#### Preview Window + +Users move the mouse over the app icon in the taskbar, and then a small preview window will be shown if this app has already been opened. + +Hover over the specified window as shown below for hover state, the window will be slightly fuzzy glass effect (left), the rest of the window as default Status (right). + +![Fig. 6 Taskbar - Preview Window](./figures/6.png) + +Users can close the application by right-clicking on the app icon in the taskbar. + +![Fig. 7 Taskbar - Right-click Preview](./figures/7.png) + +#### Sidebar + +The sidebar is located at the right of the entire desktop. Click the icon "![](./figures/icon11-o.png)" in the taskbar tray menu to open the storage menu, and click the icon "![](./figures/icon12-o.png)" in Sidebar to pop up the sidebar as shown in figure below. + +The sidebar consists of two parts: Notification Center, Clipboard and Widget. + +![Fig. 8 Sidebar without message status-big](./figures/8.png) + +##### Notification Center + +Notification center will display a list of recent important and newest information. + +Select "Clear" in the upper right corner to clear the list of information; Select "Setting" in the upper right corner to go to the notification settings in the control center, and users can set which applications can show information and the quantity of information. + +![Fig. 9 Notification Center-big](./figures/9.png) + +Workspace at right side can be set to fold by applications. + +![Fig. 10 Fold messages by applications-big](./figures/10.png) + +Icon "![](./figures/icon13-o.png)" at the top right corner of the sidebar can store unimportant information. When the messages are more than 999+, it will be shown as the form of ![](./figures/icon14-o.png) which means limitless. + +![Fig. 11 Message Organizer](./figures/11.png) + +##### Clipboard + +Clipboard can save the contents those were recently selected to copy or cut, and users can operate them by using the icons in Table. + +![Fig. 12 Clipboard](./figures/12.png) + +Clicking "![](./figures/icon15-o.png)", users can edit the the contents of the clipboard. + +![Fig. 13 edit the content](./figures/13.png) + +| Icon | Description | Icon | Description | +| :------------------------ | :----------------- | :------------------------ | :--------------- | +| ![](./figures/icon16.png) | Copy the content | ![](./figures/icon18.png) | Edit the content | +| ![](./figures/icon17.png) | Delete the content | | | + +The second label of the clipboard is the small plug-in that contains alarm clock, notebook, user feedback. + +![Fig. 14 Plug-in](./figures/14.png) + +#### Tray Menu + +##### Storage Menu + +Click "![](./figures/icon19-o.png)" at the tray menu to open the storage menu. + +It contains Kylin Weather, Input Method, Bluetooth, USB, etc. + +![Fig. 15 Storage Menu](./figures/15.png) + +##### Input Method + +The taskbar input method defaults to Sogou input method. Use the shortcut key "Ctrl+Space" to switch it out, and the "Shift" key to switch between Chinese and English modes. + +![Fig. 16 Input Method](./figures/16.png) + +##### USB + +When the USB is inserted into the computer, it will be automatically read the data inside. + +Click "![](./figures/icon26-o.png)" to open the window as shown in figure below. + +When users need to umount the USB, please click the icon "![](./figures/icon27-o.png)". + +![Fig. 17 The status of USB](./figures/17.png) + +##### Power Supply + +Click the icon "![](./figures/icon28-o.png)": + +When no power supply is detected. + +![Fig. 18 No Power Supply](./figures/18.png) + +When power supply is detected. + +![Fig. 19 Have Power Supply](./figures/19.png) + +Users right-click the icon "![](./figures/icon30-o.png)" of power manager to open the power setting menu. + +It provides two setting options: adjust screen brightness, and set power and sleep. + +![Fig. 20 Power Manager](./figures/20.png) + +If the power manager pops up a"low battery" window, users can click to turn on the power save mode, and the power manager will set the machine to run in this mode immediately. + +![Fig. 21 Power Saving Mode](./figures/21.png) + +##### Network + +Users can choose wired or wireless network connections by clicking the icon "![](./figures/icon31-o.png)" of network manager. + +| Icon | Description | Icon | Description | +| :------------------------ | :----------------- | :------------------------ | :--------------------- | +| ![](./figures/icon32.png) | Connected | ![](./figures/icon37.png) | Unconnected | +| ![](./figures/icon33.png) | Connection limited | ![](./figures/icon38.png) | Locked | +| ![](./figures/icon34.png) | Connecting | ![](./figures/icon39.png) | Wifi connected | +| ![](./figures/icon35.png) | Wifi unconnected | ![](./figures/icon40.png) | Wificonnection limited | +| ![](./figures/icon36.png) | Wifi locked | ![](./figures/icon41.png) | Wifi connecting | + +![Fig. 22 Network Connection](./figures/22.png) + +- Wired Network + In the wired network connection interface, click on the wired network plan to expand. Details of the network. + + ![Fig. 23 Wired Network](./figures/23.png) + +- Wireless Network + Click the switch button in the upper right corner to turn on the wireless network connection, and select the WiFi from the list of available wireless networks. Enter the password to access the Internet. + + ![Fig. 24 Wireless Network](./figures/24.png) + +- Network Setting + Right-click the icon "![](./figures/icon42-o.png)" of network manager to pop up the setting menu. + + ![Fig. 25 Wired Network Setting](./figures/25.png) + + Click network setting to go to the setting window immediately. + + ![Fig. 26 Network Setting](./figures/26.png) + +##### Volume + +Click the icon "![](./figures/icon43-o.png)" to open the volume window, and there provides three modes. + +- Mini Mode + It only displays the volume of the speaker. + + ![Fig. 27 Mini Mode](./figures/27.png) + +- According to Equipment + It contains input equipment and output equipment. + + ![Fig. 28 According to Equipment List](./figures/28.png) + +- According to Application + It contains system volume and other applications' volume. + + ![Fig. 29 According to Application List](./figures/29.png) + +##### Calendar + +Click the date&time on the taskbar to open the calendar window. + +Users can view the day's information by filtering the year, month, day. The date will be displayed in large letters, with the time, the week, the festival,and the lunar calendar. Taboos can be seen by checking. + +![Fig. 30 Calendar-big](./figures/30.png) + +##### Night Mode + +Click the icon "![](./figures/icon44-o.png)" on the Taskbar and then the system changes to the night mode. + +#### Advanced Setting + +Right-click the Taskbar to open the menu. + +![Fig. 31 Right-Clicking Menu](./figures/31.png) + +Users can set the lauserst of taskbar according to "Taskbar Settings". + +## Window + +### Window Manager + +The functions provided as shown in Table. + +| Function | Description | +| :--------| :----------| +| Title Bar | Show the title name of current window | +| Minimize/Maximize/Close | The three icon buttons at the right of the title bar correspond to minimize, maximize and close respectively | +| Side Sliding | Users can scroll up and down to view the page by the slider at the right of the window | +| Stack | Allow overlap among windows | +| Drag and Drop | Long press the left mouse button at the title bar to move the window to any position | +| Resize | Move the mouse to the corner of the window and long press the left button to resize the window | + +### Window Switch + +There are three ways to switch windows: + +- Click the window title on the Taskbar. + +- Click the different window at the desktop. + +- Use shortcut keys **Alt + Tab**. + +## Start Menu + +### Basic Function + +Click the button to open the "Start Menu". + +It provides sliding bar. + +![Fig. 32 Start Menu](./figures/32.png) + +#### Category Menu at right side + +When the mouse is over the right side of the start menu, it will appear a pre-expanded cue bar. Clicking to expand, and then three categories are showing at the right side by default: "Common Software", "Alphabetical Category", and "Functional category". + +- All Software: List all software, recently used software will be displayed on the top of this page. + +- Alphabetical Category: List all software by first letter. + +- Functional category: List all software by their functions. + +Users can click the button at top right corner to view fullscreen menu mode. + +![Fig. 33 Fullscreen Menu-big](./figures/33.png) + +#### Function Button at right side + +It provides User Avatar, Computer, Control Center and Shutdown four options. + +##### User Avatar + +Click "![](./figures/icon45-o.png)" to view user's information. + +##### Computer + +Click "![](./figures/icon46-o.png)" to open personal home folder + +##### Control Center + +Click "![](./figures/icon47-o.png)" to go to the control center. + +##### Shutdown + +###### Lock Screen + +When users do not need to use the computer temporarily, the lock screen can be selected (without affecting the current running state of the system) to prevent misoperations. And input the password to re-enter the system. + + The system will automatically lock the screen after a period of idle time by default. + +![Fig. 34 Lock Screen-big](./figures/34.png) + +###### Switch Users & Log Out + +When users want to select another user to log in using the computer, users can select "Log out" or "Switch user". + +At this point, the system will close all running applications; Therefore, please save the current jobs before performing this action. + +###### Shutdown & Reboot + +There are two ways: + +1)"Start Menu" > "Power" > "Shutdown" + +It will pop up a dialog box, and users can choose shutdown or reboot as needed. + +![Fig. 35 Shutdown Dialog Box-big](./figures/35.png) + +2)"Start Menu" > right side menu of the "Shutdown" button > "Shutdown"/"Reboot" + +The system will shutdown or reboot immediately without popping up the dialog box. + +### Advanced Setting + +Right-clicking Start Menu, it provides lock screen, switch user, log out, reboot, and shutdown five shortcut options. + +### Applications + +Users can search apps in the search box by key words. As shown in figure below, the result will show up automatically with the input. + +![Fig. 36 Search Apps](./figures/36.png) + +Right-clicking one app in the Start Menu, the right-click menu popping up. + +![Fig. 37 Right-click Menu](./figures/37.png) + +The options are described in table below. + +| Option | Description | +| :------| :--------| +| Attach to "All Software" |Add the selected software to the top of the list of All Software| +| Attach to Taskbar |Generate icon for the application on the Taskbar| +| Add to Desktop Shortcut |Generate shortcut icon for the application on the desktop| +| Uninstall |Remove the application| + +## FAQ + +### Failed to Login to the System after Locking the Screen + +- Switch to character terminal by **Ctrl + Alt + F2**. + +- Input the user-name and passwd to login to the system. + +- Do "sudo rm -rf ~/.Xauthority". + +- Switch to graphical interface by **Ctrl + Alt + F1**, and input the passwd. + +## Appendix + +### Shortcut Key + +| Shortcut Key | Function | +| :------------------ | :------------------ | +| F5 | Refresh the desktop | +| F1 | Open the user-guide | +| Alt + Tab | Switch the window | +| win | Open the Start Menu | +| Ctrl + Alt + L | Lock Screen | +| Ctrl + Alt + Delete | Log out | diff --git a/docs/en/tools/devops/_toc.yaml b/docs/en/tools/devops/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e92504c1f363d1af4e35f402ed514c58c46ef612 --- /dev/null +++ b/docs/en/tools/devops/_toc.yaml @@ -0,0 +1,14 @@ +label: Community Services +sections: + - label: Source Code Management + sections: + - href: ./patch_tracking/_toc.yaml + - label: Package Management + sections: + - href: ./pkgship/_toc.yaml + - label: EulerMaker + sections: + - href: ./eulermaker/_toc.yaml + - label: EulerPipeline + sections: + - href: ./eulerpipeline/_toc.yaml \ No newline at end of file diff --git a/docs/en/tools/devops/eulermaker/_toc.yaml b/docs/en/tools/devops/eulermaker/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cb0cb2b1cc94a7b040ac09a85ab4050122ca36f6 --- /dev/null +++ b/docs/en/tools/devops/eulermaker/_toc.yaml @@ -0,0 +1,8 @@ +label: EulerMaker +isManual: true +description: EulerMaker +sections: + - label: EulerMaker Quick Start + href: ./eulermaker_user_guide.md + - label: EulerMaker Usage + href: ./merge_configs.md diff --git a/docs/en/tools/devops/eulermaker/eulermaker_user_guide.md b/docs/en/tools/devops/eulermaker/eulermaker_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..aaa0196eaa86ae4535b2f9e5a4823b79d281fe76 --- /dev/null +++ b/docs/en/tools/devops/eulermaker/eulermaker_user_guide.md @@ -0,0 +1,3 @@ +# Introduction + +This document is currently not available in English. diff --git a/docs/en/tools/devops/eulermaker/figures/1686189862936_image.png b/docs/en/tools/devops/eulermaker/figures/1686189862936_image.png new file mode 100644 index 0000000000000000000000000000000000000000..25d9365f454d8ac950673c8c89ff5abcf7fb4157 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686189862936_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/1686190779219_image.png b/docs/en/tools/devops/eulermaker/figures/1686190779219_image.png new file mode 100644 index 0000000000000000000000000000000000000000..c94d01cd9057cdb9e3a51eefb7f389ceab72c3ee Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686190779219_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/1686190839529_image.png b/docs/en/tools/devops/eulermaker/figures/1686190839529_image.png new file mode 100644 index 0000000000000000000000000000000000000000..146eedad4cd02978bfb18ee5f4aa6bb05092cda8 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686190839529_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/1686193530087_image.png b/docs/en/tools/devops/eulermaker/figures/1686193530087_image.png new file mode 100644 index 0000000000000000000000000000000000000000..e89f4e78266e7dcb4ea320d74f73610438d500b0 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686193530087_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/1686193606679_image.png b/docs/en/tools/devops/eulermaker/figures/1686193606679_image.png new file mode 100644 index 0000000000000000000000000000000000000000..3070dddbbcd1dca259bef95d62e5ec18dcc44499 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686193606679_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/1686193747460_image.png b/docs/en/tools/devops/eulermaker/figures/1686193747460_image.png new file mode 100644 index 0000000000000000000000000000000000000000..76c8c5fd75b6ed406737f6c3445559c355fd21c0 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686193747460_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/1686194008501_image.png b/docs/en/tools/devops/eulermaker/figures/1686194008501_image.png new file mode 100644 index 0000000000000000000000000000000000000000..82134424e83f72f6c3aba04077d34f555149015d Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686194008501_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/1686194042686_image.png b/docs/en/tools/devops/eulermaker/figures/1686194042686_image.png new file mode 100644 index 0000000000000000000000000000000000000000..60f00d2b818b75b0778caacefcf7de0dae1e6663 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/1686194042686_image.png differ diff --git a/docs/en/tools/devops/eulermaker/figures/image.png b/docs/en/tools/devops/eulermaker/figures/image.png new file mode 100644 index 0000000000000000000000000000000000000000..1051e6fc1a7068898108b862aea1835b43799030 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/figures/image.png differ diff --git a/docs/en/tools/devops/eulermaker/images/.keep b/docs/en/tools/devops/eulermaker/images/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/tools/devops/eulermaker/images/add_file.png b/docs/en/tools/devops/eulermaker/images/add_file.png new file mode 100644 index 0000000000000000000000000000000000000000..6fc4c5b089237ecbb5dabdae6954093c5234c380 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/add_file.png differ diff --git a/docs/en/tools/devops/eulermaker/images/add_package.png b/docs/en/tools/devops/eulermaker/images/add_package.png new file mode 100644 index 0000000000000000000000000000000000000000..1c58f18f4781f6c34c995d56dee131149b835df8 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/add_package.png differ diff --git a/docs/en/tools/devops/eulermaker/images/add_rpms.png b/docs/en/tools/devops/eulermaker/images/add_rpms.png new file mode 100644 index 0000000000000000000000000000000000000000..1bb748b49523bfa1b328f4bd9fbf2bf45fcf9bf2 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/add_rpms.png differ diff --git a/docs/en/tools/devops/eulermaker/images/add_rpms_2.png b/docs/en/tools/devops/eulermaker/images/add_rpms_2.png new file mode 100644 index 0000000000000000000000000000000000000000..25c845415c8ce1fdedac308b777422405502bffa Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/add_rpms_2.png differ diff --git a/docs/en/tools/devops/eulermaker/images/brach_package.png b/docs/en/tools/devops/eulermaker/images/brach_package.png new file mode 100644 index 0000000000000000000000000000000000000000..ab72263596c18b2e4a11d69c68cde4f775dcc1c5 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/brach_package.png differ diff --git a/docs/en/tools/devops/eulermaker/images/branch_package.png b/docs/en/tools/devops/eulermaker/images/branch_package.png new file mode 100644 index 0000000000000000000000000000000000000000..d9230ffbfc6b9bd006fdf6268537a8b70b43a8f4 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/branch_package.png differ diff --git a/docs/en/tools/devops/eulermaker/images/build_detail.png b/docs/en/tools/devops/eulermaker/images/build_detail.png new file mode 100644 index 0000000000000000000000000000000000000000..52a49744799e5387ba0dc76dfce3e0d4ebeb1c2f Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/build_detail.png differ diff --git a/docs/en/tools/devops/eulermaker/images/build_history.png b/docs/en/tools/devops/eulermaker/images/build_history.png new file mode 100644 index 0000000000000000000000000000000000000000..b413f18a53409a3ba6fb0891e887a9a6a10c001a Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/build_history.png differ diff --git a/docs/en/tools/devops/eulermaker/images/certification.png b/docs/en/tools/devops/eulermaker/images/certification.png new file mode 100644 index 0000000000000000000000000000000000000000..3bd145b7070b8fd2a1f5c29e762214540f747f8b Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/certification.png differ diff --git a/docs/en/tools/devops/eulermaker/images/config.png b/docs/en/tools/devops/eulermaker/images/config.png new file mode 100644 index 0000000000000000000000000000000000000000..2042e3bb09a98d34429586322de51e398ed99a20 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/config.png differ diff --git a/docs/en/tools/devops/eulermaker/images/config_net.png b/docs/en/tools/devops/eulermaker/images/config_net.png new file mode 100644 index 0000000000000000000000000000000000000000..64f514ded1a9575708c1a379e118b5297d0ee580 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/config_net.png differ diff --git a/docs/en/tools/devops/eulermaker/images/config_partition.png b/docs/en/tools/devops/eulermaker/images/config_partition.png new file mode 100644 index 0000000000000000000000000000000000000000..8f63e16cd6c9c07795ad3174a6f4de621ba6bb37 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/config_partition.png differ diff --git a/docs/en/tools/devops/eulermaker/images/config_passwd.png b/docs/en/tools/devops/eulermaker/images/config_passwd.png new file mode 100644 index 0000000000000000000000000000000000000000..e9947adc07c9147faae1ec5ad58c327b703ae86c Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/config_passwd.png differ diff --git a/docs/en/tools/devops/eulermaker/images/config_system.png b/docs/en/tools/devops/eulermaker/images/config_system.png new file mode 100644 index 0000000000000000000000000000000000000000..147fc5ba087113ec34ec4b73bc615b5d5c222d16 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/config_system.png differ diff --git a/docs/en/tools/devops/eulermaker/images/create-project.png b/docs/en/tools/devops/eulermaker/images/create-project.png new file mode 100644 index 0000000000000000000000000000000000000000..e4c80324bf81eb3a9c54d300ae2795a693959898 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/create-project.png differ diff --git a/docs/en/tools/devops/eulermaker/images/create_project.png b/docs/en/tools/devops/eulermaker/images/create_project.png new file mode 100644 index 0000000000000000000000000000000000000000..22f369f3558657c5287bb62bbe344880ea530034 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/create_project.png differ diff --git a/docs/en/tools/devops/eulermaker/images/custom_package.png b/docs/en/tools/devops/eulermaker/images/custom_package.png new file mode 100644 index 0000000000000000000000000000000000000000..7f89731a1734e9426099ad26cd9a6ac85528adf6 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/custom_package.png differ diff --git a/docs/en/tools/devops/eulermaker/images/custom_package_2.png b/docs/en/tools/devops/eulermaker/images/custom_package_2.png new file mode 100644 index 0000000000000000000000000000000000000000..612a003bd902b6e50ddc51bf94aebb6e3e08a49e Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/custom_package_2.png differ diff --git a/docs/en/tools/devops/eulermaker/images/dag_relation.PNG b/docs/en/tools/devops/eulermaker/images/dag_relation.PNG new file mode 100644 index 0000000000000000000000000000000000000000..64bc551096b0978d20dabdaee1a69bb4cfcf14fb Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/dag_relation.PNG differ diff --git a/docs/en/tools/devops/eulermaker/images/dag_relationships.png b/docs/en/tools/devops/eulermaker/images/dag_relationships.png new file mode 100644 index 0000000000000000000000000000000000000000..acfca3666f7937105337b57e1b4305c7af0681c7 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/dag_relationships.png differ diff --git a/docs/en/tools/devops/eulermaker/images/download.png b/docs/en/tools/devops/eulermaker/images/download.png new file mode 100644 index 0000000000000000000000000000000000000000..40e4d418f2f8a57fb730dec03960f995cf255ca4 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/download.png differ diff --git a/docs/en/tools/devops/eulermaker/images/enter_pipeline.png b/docs/en/tools/devops/eulermaker/images/enter_pipeline.png new file mode 100644 index 0000000000000000000000000000000000000000..bf41d190deed529ec11d7fce0c929fb914360cc2 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/enter_pipeline.png differ diff --git a/docs/en/tools/devops/eulermaker/images/fork_backlight.png b/docs/en/tools/devops/eulermaker/images/fork_backlight.png new file mode 100644 index 0000000000000000000000000000000000000000..0000eff2d35e972bf61fd2af1a7d0ae01f6d0122 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/fork_backlight.png differ diff --git a/docs/en/tools/devops/eulermaker/images/full_build.png b/docs/en/tools/devops/eulermaker/images/full_build.png new file mode 100644 index 0000000000000000000000000000000000000000..cdc25c7a4be1b2a6ea2e744086e9c31f4a5d9346 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/full_build.png differ diff --git a/docs/en/tools/devops/eulermaker/images/home.png b/docs/en/tools/devops/eulermaker/images/home.png new file mode 100644 index 0000000000000000000000000000000000000000..32d301ac9c3edea498c5445c732cbdf87c1056a8 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/home.png differ diff --git a/docs/en/tools/devops/eulermaker/images/host_parameters.png b/docs/en/tools/devops/eulermaker/images/host_parameters.png new file mode 100644 index 0000000000000000000000000000000000000000..dd13cee631c0ef793cc529f702f5de239f1a2b39 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/host_parameters.png differ diff --git a/docs/en/tools/devops/eulermaker/images/image-build-1.png b/docs/en/tools/devops/eulermaker/images/image-build-1.png new file mode 100644 index 0000000000000000000000000000000000000000..1cf2b33f2141144ffbd4164cd307f8fa81e67568 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/image-build-1.png differ diff --git a/docs/en/tools/devops/eulermaker/images/image-build-2.png b/docs/en/tools/devops/eulermaker/images/image-build-2.png new file mode 100644 index 0000000000000000000000000000000000000000..54a99f7d29965db62522f55370b1fbc3ebcced3b Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/image-build-2.png differ diff --git a/docs/en/tools/devops/eulermaker/images/image-build.png b/docs/en/tools/devops/eulermaker/images/image-build.png new file mode 100644 index 0000000000000000000000000000000000000000..71238d92d6c08fda87c4c900d68ba4cfd1f81f77 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/image-build.png differ diff --git a/docs/en/tools/devops/eulermaker/images/image-his-2.png b/docs/en/tools/devops/eulermaker/images/image-his-2.png new file mode 100644 index 0000000000000000000000000000000000000000..23956c3506f782175e920feb70c2a1d958e5818a Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/image-his-2.png differ diff --git a/docs/en/tools/devops/eulermaker/images/image-his.png b/docs/en/tools/devops/eulermaker/images/image-his.png new file mode 100644 index 0000000000000000000000000000000000000000..43dcee777c89c499efd250d8adb6c9377e18a3f9 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/image-his.png differ diff --git a/docs/en/tools/devops/eulermaker/images/image_details.png b/docs/en/tools/devops/eulermaker/images/image_details.png new file mode 100644 index 0000000000000000000000000000000000000000..9e05e11da1f2265c2f5101b247cfd980f1e250e7 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/image_details.png differ diff --git a/docs/en/tools/devops/eulermaker/images/incremental_build.png b/docs/en/tools/devops/eulermaker/images/incremental_build.png new file mode 100644 index 0000000000000000000000000000000000000000..1550b4025eb2bd7b55b9b9391e8f8130cd546a99 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/incremental_build.png differ diff --git a/docs/en/tools/devops/eulermaker/images/inherit_project.png b/docs/en/tools/devops/eulermaker/images/inherit_project.png new file mode 100644 index 0000000000000000000000000000000000000000..6faee2fa96a4ec76fb32a5acd43c469c28dbd0d3 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/inherit_project.png differ diff --git a/docs/en/tools/devops/eulermaker/images/jobs.png b/docs/en/tools/devops/eulermaker/images/jobs.png new file mode 100644 index 0000000000000000000000000000000000000000..0469194c994e0b022463b43cea7f2c92e7c74cbd Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/jobs.png differ diff --git a/docs/en/tools/devops/eulermaker/images/login.png b/docs/en/tools/devops/eulermaker/images/login.png new file mode 100644 index 0000000000000000000000000000000000000000..32383e5176d5f691fdbd079df2546385e7ce0aac Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/login.png differ diff --git a/docs/en/tools/devops/eulermaker/images/openeuler-community-login.png b/docs/en/tools/devops/eulermaker/images/openeuler-community-login.png new file mode 100644 index 0000000000000000000000000000000000000000..9e9bede08d8dba2ce9c0bd32644a42746bff48f4 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/openeuler-community-login.png differ diff --git a/docs/en/tools/devops/eulermaker/images/package_overview.png b/docs/en/tools/devops/eulermaker/images/package_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..0242c985fec75ef004d1aaec46c675ac486b3412 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/package_overview.png differ diff --git a/docs/en/tools/devops/eulermaker/images/pipeline_add.png b/docs/en/tools/devops/eulermaker/images/pipeline_add.png new file mode 100644 index 0000000000000000000000000000000000000000..2a7464d743a7a243311d7be10d32f0e75532233c Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/pipeline_add.png differ diff --git a/docs/en/tools/devops/eulermaker/images/pipeline_clone.png b/docs/en/tools/devops/eulermaker/images/pipeline_clone.png new file mode 100644 index 0000000000000000000000000000000000000000..111ba197509d71436d52734da73f4c6882b43df6 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/pipeline_clone.png differ diff --git a/docs/en/tools/devops/eulermaker/images/pipeline_delete.png b/docs/en/tools/devops/eulermaker/images/pipeline_delete.png new file mode 100644 index 0000000000000000000000000000000000000000..2a5d91c407d99a98561dbaae9c0f73e6a6700d60 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/pipeline_delete.png differ diff --git a/docs/en/tools/devops/eulermaker/images/pipeline_list.png b/docs/en/tools/devops/eulermaker/images/pipeline_list.png new file mode 100644 index 0000000000000000000000000000000000000000..01722cdbc16f3a7de8998978aea227168ebbfe50 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/pipeline_list.png differ diff --git a/docs/en/tools/devops/eulermaker/images/pipeline_param.png b/docs/en/tools/devops/eulermaker/images/pipeline_param.png new file mode 100644 index 0000000000000000000000000000000000000000..70852e6d7112e08b54c1741b74c4923e15b6a128 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/pipeline_param.png differ diff --git a/docs/en/tools/devops/eulermaker/images/pipeline_start.png b/docs/en/tools/devops/eulermaker/images/pipeline_start.png new file mode 100644 index 0000000000000000000000000000000000000000..1f4d7ba885bb08cde3c523f7e23c0751d42f516f Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/pipeline_start.png differ diff --git a/docs/en/tools/devops/eulermaker/images/regist.png b/docs/en/tools/devops/eulermaker/images/regist.png new file mode 100644 index 0000000000000000000000000000000000000000..32c00ccebee78b4652ac57b9507d107d31f24f6a Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/regist.png differ diff --git a/docs/en/tools/devops/eulermaker/images/release-image_build.png b/docs/en/tools/devops/eulermaker/images/release-image_build.png new file mode 100644 index 0000000000000000000000000000000000000000..56d7c636cdce03e226efd57f3c8127a579fd06be Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/release-image_build.png differ diff --git a/docs/en/tools/devops/eulermaker/images/run-job.png b/docs/en/tools/devops/eulermaker/images/run-job.png new file mode 100644 index 0000000000000000000000000000000000000000..744e674f6eed82525d60fe4c6ce6f383852c7db9 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/run-job.png differ diff --git a/docs/en/tools/devops/eulermaker/images/sign-up-local-account.png b/docs/en/tools/devops/eulermaker/images/sign-up-local-account.png new file mode 100644 index 0000000000000000000000000000000000000000..7f7ebb44d2314cab3939c57b1871d4f8b1063acf Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/sign-up-local-account.png differ diff --git a/docs/en/tools/devops/eulermaker/images/single_build.png b/docs/en/tools/devops/eulermaker/images/single_build.png new file mode 100644 index 0000000000000000000000000000000000000000..76d92fdd9c95afb984720de169712d9a5e402dcb Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/single_build.png differ diff --git a/docs/en/tools/devops/eulermaker/images/user_add.png b/docs/en/tools/devops/eulermaker/images/user_add.png new file mode 100644 index 0000000000000000000000000000000000000000..644d014f9561a7bccdc7f92cd494e38f42f20435 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/user_add.png differ diff --git a/docs/en/tools/devops/eulermaker/images/user_manager.png b/docs/en/tools/devops/eulermaker/images/user_manager.png new file mode 100644 index 0000000000000000000000000000000000000000..fd44cb94dedea095eba93a5110e8ac1a973e2b0d Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/user_manager.png differ diff --git a/docs/en/tools/devops/eulermaker/images/web-project.PNG b/docs/en/tools/devops/eulermaker/images/web-project.PNG new file mode 100644 index 0000000000000000000000000000000000000000..4f53c375d41eb3a0481dc8ad192cb7c139248311 Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/web-project.PNG differ diff --git a/docs/en/tools/devops/eulermaker/images/wgcloud-web.PNG b/docs/en/tools/devops/eulermaker/images/wgcloud-web.PNG new file mode 100644 index 0000000000000000000000000000000000000000..3ed2a07058365b5609cf923926171df8a9b11e0f Binary files /dev/null and b/docs/en/tools/devops/eulermaker/images/wgcloud-web.PNG differ diff --git a/docs/en/tools/devops/eulermaker/merge_configs.md b/docs/en/tools/devops/eulermaker/merge_configs.md new file mode 100644 index 0000000000000000000000000000000000000000..22af82fb7ac9eb1ee411585d9472932952738a0e --- /dev/null +++ b/docs/en/tools/devops/eulermaker/merge_configs.md @@ -0,0 +1,123 @@ +# Overview + +This feature allows users to modify, customize, and iterate build files of software packages to manage macro definition differences between build files of different versions and packages. + +## Installation and Uninstallation + +### Installation + +```shell +pip install merge_configs-0.0.6-py3-none-any.whl +``` + +### Uninstallation + +```shell +pip uninstall merge-configs +``` + +## Usage + +### Command Options + +```shell +merge-configs --help +-p PACKAGES, --packages PACKAGES: Specifies the software packages to be merged. Separate multiple software packages by spaces. +-The c CONFIG_FILE, --config_file CONFIG_FILE: Sets the hierarchical root directory file config.yaml. +-o OUTPUT, --output OUTPUT: Sets the output file path. +-d --debug: Indicates whether to set the log mode to debug. +-l LIST_FEATURES, --list-features LIST_FEATURES: If not empty, displays the user configuration information and sets the software packages in the value of -p. Use commas (,) to separate multiple software packages. +-a TARGET_ARCH, --arch TARGET_ARCH: Sets the target architecture for merge, for example, x86_64 or aarch64. +``` + +Frequently used command: + +```shell +merge-configs -p \${package} -c \${config_path}/config.yaml -o \${output_path} -a \${target_arch_name} -l \${package} +``` + +The common YAML structure is as follows: + +![](./figures/image.png) + +After the conversion: + +![](./figures/1686189862936_image.png) + +### Software Package Tailoring + +The software package compilation information is stored separately in a hierarchical architecture, including the main YAML configuration, **files.yaml** file configuration, compilation execution script, runtime execution script, and changelog. The customized content in each file is parsed and converted by `merge-configs` and takes effect during compilation. + +#### Parameter Customization + +1. Parameter name customization: The parameter name can be modified. Generally, change only the source and patch numbers. A random parameter name may conflict with the SPEC file syntax. + +2. Parameter value customization: The customization scope of parameter values is large. You can modify the content as required. However, do not change the value type. For example, if the value type is changed from string to list, conversion errors may occur. + +Patch number and value modification: + +![](./figures/1686190779219_image.png) + +After the conversion: + +![](./figures/1686190839529_image.png) + +#### Conditional Customization + +Add **when** conditions to the keys at the YAML configuration layer to add conditional customization. + +```text +Source: + 0: http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.xz +source when arch in aarch64: + 100: libtool-aarch-%{version}.tar.xz +``` + +There are three customization modes: + +1. Architecture customization + + ```text + buildRequires: + - "gcc" + buildRequires when arch in x86_64: + - "gcc-c++" + buildRequires when arch not in x86_64: + - "gzip" + ``` + +2. Flag customization: + + The **defineFlags** field will be converted to **bcond_with** or **bcond_without**. + + ```text + defineFlags: + +auto_compile: "" + patchset when +auto_compile: + 1001: libtool-0.0.1-auto_compile.patch + ``` + +3. Macro customization: + + **%%{rpmGlobal.}** indicates the macro defined in the package information, and **%%%{rpmGlobal.}** indicates the macro defined in the RPM system. + + ```text + rpmGloal: + posttest: 0 + source when %%{rpmGlobal.posttest}: + 1: posttest.sh + source when %%%{rpmGlobal._debugsource_packages}: + 2: openEuler_setup.py + ``` + +After customization: + +![](./figures/1686194042686_image.png) + +After customization and conversion: + +![](./figures/1686194008501_image.png) + +### Conversion + +Currently, EulerMaker supports only conversion YAML to SPEC and supports only RPM package build using `rpmbuild`. diff --git a/docs/en/tools/devops/eulerpipeline/_toc.yaml b/docs/en/tools/devops/eulerpipeline/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0df29f94fa6b1ef03575c39c1ebddaa7f966d16f --- /dev/null +++ b/docs/en/tools/devops/eulerpipeline/_toc.yaml @@ -0,0 +1,12 @@ +label: EulerPipeline +isManual: true +description: EulerPipeline +sections: + - label: EulerPipeline User Guide + href: ./eulerpipeline_user_guide.md + - label: v1.0 Syntax Description + href: ./v1.0_grammar.md + - label: v1.1 Syntax Description + href: ./v1.1_grammar.md + - label: kernel-ci + href: ./kernel_ci_guide.md diff --git a/docs/en/tools/devops/eulerpipeline/eulerpipeline_user_guide.md b/docs/en/tools/devops/eulerpipeline/eulerpipeline_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..9123155f8a8d203c94c0872b186392e25b1d74f3 --- /dev/null +++ b/docs/en/tools/devops/eulerpipeline/eulerpipeline_user_guide.md @@ -0,0 +1,3 @@ +# EulerPipeline Service User Guide + +This document is currently not available in English. diff --git "a/docs/en/tools/devops/eulerpipeline/image/UI\347\274\226\346\216\222.jpg" "b/docs/en/tools/devops/eulerpipeline/image/UI\347\274\226\346\216\222.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c0ed1c60374edba909ca898bf82ed48b9228bc4a Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/UI\347\274\226\346\216\222.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/YAML\347\274\226\346\216\222.jpg" "b/docs/en/tools/devops/eulerpipeline/image/YAML\347\274\226\346\216\222.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..782c9cd987712f9087990a5159971d2a05358f7f Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/YAML\347\274\226\346\216\222.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\346\263\250\345\206\214.jpg" "b/docs/en/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\346\263\250\345\206\214.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..ca163e10f3198b5aa120aea410e4a25c6fb3ffe2 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\346\263\250\345\206\214.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\347\273\221\345\256\232.jpg" "b/docs/en/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\347\273\221\345\256\232.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..8cb9da2ba91a75aae8a6b112753c64d1e6f4c76e Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\347\273\221\345\256\232.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/kernel-ci_yaml\347\274\226\346\216\222.png" "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci_yaml\347\274\226\346\216\222.png" new file mode 100644 index 0000000000000000000000000000000000000000..5f59337191719c1ea87e02b24d40beed409002fa Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci_yaml\347\274\226\346\216\222.png" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/kernel-ci\346\250\241\346\235\277.png" "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci\346\250\241\346\235\277.png" new file mode 100644 index 0000000000000000000000000000000000000000..27c425ab668412629c63c987c48c553b233d648c Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci\346\250\241\346\235\277.png" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/kernel-ci\350\257\204\350\256\272.png" "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..14603629f0cefb0fd7b40bc6b4f7872eae9e8dd9 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci\350\257\204\350\256\272.png" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/kernel-ci\351\224\231\350\257\257\350\257\246\346\203\205.png" "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci\351\224\231\350\257\257\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..cf7be977043a924e2de8b036d09861f6ad56ef99 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/kernel-ci\351\224\231\350\257\257\350\257\246\346\203\205.png" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/matrix\346\200\273\350\247\210.jpg" "b/docs/en/tools/devops/eulerpipeline/image/matrix\346\200\273\350\247\210.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1244aa6147af43a67fd000855b66ba11711e27fe Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/matrix\346\200\273\350\247\210.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/webhook\350\257\267\346\261\202\347\273\223\346\236\234.png" "b/docs/en/tools/devops/eulerpipeline/image/webhook\350\257\267\346\261\202\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..88811a4793c61f011dd182a13bfd0d839b27f538 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/webhook\350\257\267\346\261\202\347\273\223\346\236\234.png" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook1.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook1.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..8900f78845be8b45e3f677e9fc255b9f4d092f6d Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook1.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook2.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook2.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1f3d4d7cb390b1a04377da0d5a1426a174b7ba79 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook2.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\350\257\246\346\203\205.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1e7f99e6b83371ad665df0353129ae4cf45c5be6 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\351\207\215\350\257\225.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\351\207\215\350\257\225.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..7ad1ce1b8b1013b89096607bed6ce132c796015c Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\351\207\215\350\257\225.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..0487c824d31c50be7edf0f4f80859c14c3fe5951 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2201.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..dfcc830a5a734a12c73af9f37819b950ec520163 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2201.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2202.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2202.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..abfbe32c67022f385250f73fed14153118f88ffa Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2202.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\345\210\240\351\231\244\346\265\201\346\260\264\347\272\277.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\345\210\240\351\231\244\346\265\201\346\260\264\347\272\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..cdac7a7a2649e82b0eea40a51104a5adbf4f83c1 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\345\210\240\351\231\244\346\265\201\346\260\264\347\272\277.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\345\216\206\345\217\262\350\277\220\350\241\214.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\345\216\206\345\217\262\350\277\220\350\241\214.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..a0e6d7558e2b853921646a4882dd0c93b1d7c5b0 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\345\216\206\345\217\262\350\277\220\350\241\214.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\345\217\230\346\233\264\346\265\201\346\260\264\347\272\277\347\261\273\345\236\213.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\345\217\230\346\233\264\346\265\201\346\260\264\347\272\277\347\261\273\345\236\213.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..3fad8fbb1d1176cde38329d16f1c1004eb18bea0 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\345\217\230\346\233\264\346\265\201\346\260\264\347\272\277\347\261\273\345\236\213.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\346\210\220\345\221\230\347\256\241\347\220\206.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\346\210\220\345\221\230\347\256\241\347\220\206.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c1f73666826bbf68f8a9a6ffcc9c3b298c52fe5f Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\346\210\220\345\221\230\347\256\241\347\220\206.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\346\226\260\345\273\272\346\265\201\346\260\264\347\272\277.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\346\226\260\345\273\272\346\265\201\346\260\264\347\272\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..451793dc756d3de06559bb15ba343a61bcc9925b Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\346\226\260\345\273\272\346\265\201\346\260\264\347\272\277.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\346\237\245\347\234\213\346\234\200\346\226\260\350\277\220\350\241\214\350\257\246\346\203\205.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\346\237\245\347\234\213\346\234\200\346\226\260\350\277\220\350\241\214\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5edd5100c1aa78a58c3b466c806bb4ef7d393b09 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\346\237\245\347\234\213\346\234\200\346\226\260\350\277\220\350\241\214\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\346\267\273\345\212\240webhook\350\247\246\345\217\221\346\235\241\344\273\266.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\346\267\273\345\212\240webhook\350\247\246\345\217\221\346\235\241\344\273\266.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..168a7e480f8a4b6f01e3339305d30bd11c29db96 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\346\267\273\345\212\240webhook\350\247\246\345\217\221\346\235\241\344\273\266.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\346\267\273\345\212\240\346\210\220\345\221\230.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\346\267\273\345\212\240\346\210\220\345\221\230.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..b7bf76af38091df75ed1954d55eaa3f698c12270 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\346\267\273\345\212\240\346\210\220\345\221\230.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\347\231\273\345\275\225.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\347\231\273\345\275\225.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..defa329929d065e39ef27fd7cf65d33117ed49f2 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\347\231\273\345\275\225.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\347\244\276\345\214\272\351\211\264\346\235\203.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\347\244\276\345\214\272\351\211\264\346\235\203.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..d1a665f670873ed8e9538c784a8d00afad8f1925 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\347\244\276\345\214\272\351\211\264\346\235\203.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5a393bed7116cc0c959398480c447e80ed35a257 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260\350\260\203\350\257\225.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260\350\260\203\350\257\225.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..3436e7bedd5cda5dad5e55966db94ba576e1b97f Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260\350\260\203\350\257\225.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\347\274\226\346\216\222\347\233\256\346\240\207\346\265\201\346\260\264\347\272\277.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\347\274\226\346\216\222\347\233\256\346\240\207\346\265\201\346\260\264\347\272\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c4aae306bec750f9a3121bcfac2014846d9adeeb Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\347\274\226\346\216\222\347\233\256\346\240\207\346\265\201\346\260\264\347\272\277.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\350\256\276\347\275\256\346\265\201\346\260\264\347\272\277\346\235\203\351\231\220.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\350\256\276\347\275\256\346\265\201\346\260\264\347\272\277\346\235\203\351\231\220.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c4d2f21e6051000969295c3011c22500a12daed2 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\350\256\276\347\275\256\346\265\201\346\260\264\347\272\277\346\235\203\351\231\220.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2771.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2771.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..e9d48f17fb05a5ed9966973e212fbea83081a2c5 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2771.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2772.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2772.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..4c00631e6d785cfca1493748a9f529f9b73c469a Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2772.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\350\257\246\346\203\205.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..db831e2baa85e04f65a5ca9565885ef7fe2016ee Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\350\257\246\346\203\205.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\244\215\347\216\260\346\226\271\345\274\217.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\244\215\347\216\260\346\226\271\345\274\217.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..d746819f65486e9ba0f98250d95e926b6ea0aa6d Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\244\215\347\216\260\346\226\271\345\274\217.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\256\242\346\210\267\347\253\257.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\256\242\346\210\267\347\253\257.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..675f30fcf1dd480cf3e6a1f6202d4912596444fc Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\256\242\346\210\267\347\253\257.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\346\250\241\346\235\277.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\346\250\241\346\235\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..ebde36c2b8ae3f30aff0d9519208bc5b41651108 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\346\250\241\346\235\277.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\345\256\232\346\227\266\350\247\246\345\217\221\346\235\241\344\273\266.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\345\256\232\346\227\266\350\247\246\345\217\221\346\235\241\344\273\266.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..990d99a5ffa13bfdabdcd05ab73428eaca278e68 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\345\256\232\346\227\266\350\247\246\345\217\221\346\235\241\344\273\266.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\346\265\201\346\260\264\347\272\277\345\217\230\351\207\217.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\346\265\201\346\260\264\347\272\277\345\217\230\351\207\217.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5c58a5ada93c8260daf2ff4cbe5af4659b45badd Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\346\265\201\346\260\264\347\272\277\345\217\230\351\207\217.jpg" differ diff --git "a/docs/en/tools/devops/eulerpipeline/image/\351\207\215\350\257\225\346\265\201\346\260\264\347\272\2771.jpg" "b/docs/en/tools/devops/eulerpipeline/image/\351\207\215\350\257\225\346\265\201\346\260\264\347\272\2771.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..91cdb6a6b06855c1293602665080c41cebfba301 Binary files /dev/null and "b/docs/en/tools/devops/eulerpipeline/image/\351\207\215\350\257\225\346\265\201\346\260\264\347\272\2771.jpg" differ diff --git a/docs/en/tools/devops/eulerpipeline/kernel_ci_guide.md b/docs/en/tools/devops/eulerpipeline/kernel_ci_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..1ee62fe1aed142208b34d969a89481801d22e68c --- /dev/null +++ b/docs/en/tools/devops/eulerpipeline/kernel_ci_guide.md @@ -0,0 +1,3 @@ +# kernel-ci + +This document is currently not available in English. diff --git a/docs/en/tools/devops/eulerpipeline/v1.0_grammar.md b/docs/en/tools/devops/eulerpipeline/v1.0_grammar.md new file mode 100644 index 0000000000000000000000000000000000000000..73b91d6016fba261b2aa8ada10b2c825c3e921cf --- /dev/null +++ b/docs/en/tools/devops/eulerpipeline/v1.0_grammar.md @@ -0,0 +1,3 @@ +# v1.0 Syntax Description + +This document is currently not available in English. diff --git a/docs/en/tools/devops/eulerpipeline/v1.1_grammar.md b/docs/en/tools/devops/eulerpipeline/v1.1_grammar.md new file mode 100644 index 0000000000000000000000000000000000000000..17a595dfb2e9465cffd0fd98d2b5482ce382b714 --- /dev/null +++ b/docs/en/tools/devops/eulerpipeline/v1.1_grammar.md @@ -0,0 +1,3 @@ +# v1.1 Syntax Description + +This document is currently not available in English. diff --git a/docs/en/tools/devops/patch_tracking/_toc.yaml b/docs/en/tools/devops/patch_tracking/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..02d12bdd568f8605a69d9d973c5a7c39b5cbe30a --- /dev/null +++ b/docs/en/tools/devops/patch_tracking/_toc.yaml @@ -0,0 +1,7 @@ +label: patch-tracking +isManual: true +description: Manage software package patches. +sections: + - label: patch-tracking + href: ./patch_tracking.md + diff --git a/docs/en/tools/devops/patch_tracking/images/Maintainer.jpg b/docs/en/tools/devops/patch_tracking/images/Maintainer.jpg new file mode 100644 index 0000000000000000000000000000000000000000..45912da4e7915715df0f598b9429f63bc8695667 Binary files /dev/null and b/docs/en/tools/devops/patch_tracking/images/Maintainer.jpg differ diff --git a/docs/en/tools/devops/patch_tracking/images/PatchTracking.jpg b/docs/en/tools/devops/patch_tracking/images/PatchTracking.jpg new file mode 100644 index 0000000000000000000000000000000000000000..3bac7d2f1b4a228da8d273cdaef55f2d33792fab Binary files /dev/null and b/docs/en/tools/devops/patch_tracking/images/PatchTracking.jpg differ diff --git a/docs/en/tools/devops/patch_tracking/images/packagemanagement.png b/docs/en/tools/devops/patch_tracking/images/packagemanagement.png new file mode 100644 index 0000000000000000000000000000000000000000..6d314e2c6ad6bafd321d9f76cd6aa5f17a8cb394 Binary files /dev/null and b/docs/en/tools/devops/patch_tracking/images/packagemanagement.png differ diff --git a/docs/en/tools/devops/patch_tracking/images/panel.png b/docs/en/tools/devops/patch_tracking/images/panel.png new file mode 100644 index 0000000000000000000000000000000000000000..150eb8c8229f9e8cb47706f3b82f07516a505076 Binary files /dev/null and b/docs/en/tools/devops/patch_tracking/images/panel.png differ diff --git a/docs/en/tools/devops/patch_tracking/patch_tracking.md b/docs/en/tools/devops/patch_tracking/patch_tracking.md new file mode 100644 index 0000000000000000000000000000000000000000..33d902e4aa75d8ee9e371d6f67a8863aa4df1265 --- /dev/null +++ b/docs/en/tools/devops/patch_tracking/patch_tracking.md @@ -0,0 +1,318 @@ +# patch-tracking + +## Overview + +During the development of the openEuler release, the latest code of each software package in the upstream community needs to be updated in a timely manner to fix function bugs and security issues, preventing the openEuler release from defects and vulnerabilities. + +This tool manages the patches for software packages, proactively monitors the patches submitted by the upstream community, automatically generates patches, submits issues to the corresponding Maintainer, and verifies basic patch functions to reduce the verification workload and help the Maintainer make decisions quickly. + +## Architecture + +### C/S Architecture + +The patch-tracking uses the C/S architecture. + +The patch-tracking is located in the server. It executes patch tracking tasks, including maintaining tracking items, identifying branch code changes in the upstream repository and generating patch files, and submitting issues and PRs to Gitee. In addition, the patch-tracking provides RESTful APIs for adding, deleting, modifying, and querying tracking items. + +The patch-tracking-cli is a command line tool located in the client. It invokes the RESTful APIs of the patch-tracking to add, delete, modify, and query tracking items. + +### Core Procedure + +I. Patch tracking service procedure + +The procedure for handling the submitted patch is as follows: + +1. Add the tracking item using the command line tool. +2. Automatically obtain patch files from the upstream repository (for example, GitHub) that is configured for the tracking item. +3. Create a temporary branch and submit the obtained patch file to the temporary branch. +4. Automatically submit an issue to the corresponding repository and generate the PR associated with the issue. + +![PatchTracking](./images/PatchTracking.jpg) + +II. Procedure for the Maintainer to handle the submitted patch + +The procedure for handling the submitted patch is as follows: + +1. The Maintainer analyzes the PR. +2. Execute the continuous integration (CI). After the CI is successfully executed, determine whether to merge the PR. + +![Maintainer](./images/Maintainer.jpg) + +### Data structure + +- Tracking table + +| No. | Name | Description | Type | Key | Is Null Allowed | +| :--: | --------------- | ------------------------------------------------------------ | ------- | ------- | --------------- | +| 1 | id | Sequence number of the tracking item of the self-added patch | int | - | No | +| 2 | version_control | Version control system type of the upstream SCM | String | - | No | +| 3 | scm_repo | Upstream SCM repository address | String | - | No | +| 4 | scm_branch | Upstream SCM tracking branch | String | - | No | +| 5 | scm_commit | Latest Commit ID processed by the upstream code | String | - | Yes | +| 6 | repo | Address of the Gitee repository where the package source code is stored | String | Primary | No | +| 7 | branch | Branch of the Gitee repository where the package source code is stored | String | Primary | No | +| 8 | enabled | Indicating whether to start tracking | Boolean | - | No | + +- Issue table + +| No. | Name | Description | Type | Key | Is Null Allowed | +| :--: | ------ | ------------------------------------------------------------ | ------ | ------- | --------------- | +| 1 | issue | Issue No. | String | Primary | No | +| 2 | repo | Address of the Gitee repository where the package source code is stored | String | - | No | +| 3 | branch | Branch of the Gitee repository where the package source code is stored | String | - | No | + +## Tool Deployment + +### Downloading Software + +The repo source is officially released at [https://repo.openeuler.org/](https://repo.openeuler.org/). + +The RPM package can be obtained from [https://build.openeuler.org/package/show/openEuler:22.03:LTS/patch](https://build.openeuler.org/package/show/openEuler:22.03:LTS/patch). + +### Installing the Tool + +Method 1: Install the patch-tracking from the repo source. + +1. Use DNF to mount the repo source (The repo source of 22.03 LTS SP3 or later is required. For details, see the [Application Development Guide](../../../server/development/application_dev/application_development.md)). Run the following command to download and install the patch-tracking and its dependencies. + +2. Run the following command to install the `patch-tracking`: + + ```shell + dnf install patch-tracking + ``` + +Method 2: Install the patch-tracking using the RPM package. + +1. Install the required dependencies. + + ```shell + dnf install python3-uWSGI python3-flask python3-Flask-SQLAlchemy python3-Flask-APScheduler python3-Flask-HTTPAuth python3-requests python3-pandas + ``` + +2. `patch-tracking-1.0.0-1.oe1.noarch.rpm` is used as an example. Run the following command to install the patch-tracking. + + ```shell + rpm -ivh patch-tracking-1.0.0-1.oe1.noarch.rpm + ``` + +### Generating a Certificate + +Run the following command to generate a certificate: + +```shell +openssl req -x509 -days 3650 -subj "/CN=self-signed" \ +-nodes -newkey rsa:4096 -keyout self-signed.key -out self-signed.crt +``` + +Copy the generated `self-signed.key` and `self-signed.crt` files to the **/etc/patch-tracking** directory. + +### Configuring Parameters + +Configure the corresponding parameters in the configuration file. The path of the configuration file is `/etc/patch-tracking/settings.conf`. + +1. Configure the service listening address. + + ```text + LISTEN = "127.0.0.1:5001" + ``` + +2. GitHub Token is used to access the repository information hosted in the upstream open source software repository of GitHub. For details about how to create a GitHub token, see [Creating a personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token). + + ```text + GITHUB_ACCESS_TOKEN = "" + ``` + +3. For a repository that is hosted on Gitee and needs to be tracked, configure a Gitee Token with the repository permission to submit patch files, issues, and PRs. + + ```text + GITEE_ACCESS_TOKEN = "" + ``` + +4. Scan the database as scheduled to detect whether new or modified tracking items exist and obtain upstream patches for the detected tracking items. Set the interval of scanning and the unit is second. + + ```text + SCAN_DB_INTERVAL = 3600 + ``` + +5. When the command line tool is running, you need to enter the user name and password hash value for the authentication for the POST interface. + + ```text + USER = "admin" + + PASSWORD = "" + ``` + +> The default value of `USER` is `admin`. + +Run the following command to obtain the password hash value. **Test@123** is the configured password. + +```shell +$ generate_password Test@123 +pbkdf2:sha256:150000$w38eLeRm$ebb5069ba3b4dda39a698bd1d9d7f5f848af3bd93b11e0cde2b28e9e34bfbbae +``` + +> The password hash value must meet the following complexity requirements: +> +> - The length is more than or equal to 6 bytes. +> - The password must contain uppercase letters, lowercase letters, digits, and special characters (~!@#%\^\*-\_=+). + +Add the password hash value `pbkdf2:sha256:150000$w38eLeRm$ebb5069ba3b4dda39a698bd1d9d7f5f848af3bd93b11e0cde2b28e9e34bfbbae` to the quotation marks of `PASSWORD = ""`. + +### Starting the Patch Tracking Service + +You can use either of the following methods to start the service: + +- Use the systemd mode. + + ```shell + systemctl start patch-tracking + ``` + +- Run the executable program. + + ```shell + /usr/bin/patch-tracking + ``` + +## Tool Usage + +### Adding a Tracking Item + +You can associate the software repository and branch to be tracked with the corresponding upstream open source software repository and branch in any of the following ways: + +- Using the CLI + + Parameter description: + + > --user: User name to be authenticated for the POST interface. It is the same as the USER parameter in the **settings.conf** file. + > --password: Password to be authenticated for the POST interface. It is the password string corresponding to the PASSWORD hash value in the **settings.conf** file. + > --server: URL for starting the patch tracking service, for example, 127.0.0.1:5001. + > --version\_control: Control tool of the upstream repository version. Only GitHub is supported. + > --repo: Name of the repository to be tracked, in the format of organization/repository. + > + > --branch: Branch name of the repository to be tracked. + > --scm\_repo: Name of the upstream repository to be tracked, in the GitHub format of organization/repository. + > --scm\_branch: Branch of the upstream repository to be tracked. + > + > --enabled: Indicates whether to automatically track the repository. + + For example: + + ```shell + patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --version_control github --repo testPatchTrack/testPatch1 --branch master --scm_repo BJMX/testPatch01 --scm_branch test --enabled true + ``` + +- Using a specified file + + Parameter description: + + > --server: URL for starting the patch tracking service, for example, 127.0.0.1:5001. + > --user: User name to be authenticated for the POST interface. It is the same as the USER parameter in the **settings.conf** file. + > --password: Password to be authenticated for the POST interface. It is the password string corresponding to the PASSWORD hash value in the **settings.conf** file. + > --file: YAML file path. + + Add the information about the repository, branch, version management tool, and whether to enable monitoring to the YAML file (for example, **tracking.yaml**). The file path is used as the command of the `--file` to invoke the input parameters. + + For example: + + ```shell + patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --file tracking.yaml + ``` + + The format of the YAML file is as follows. The content on the left of the colon (:) cannot be modified, and the content on the right of the colon (:) needs to be set based on the site requirements. + + ```shell + version_control: github + scm_repo: xxx/xxx + scm_branch: master + repo: xxx/xxx + branch: master + enabled: true + ``` + + > version\_control: Control tool of the upstream repository version. Only GitHub is supported. + > scm\_repo: Name of the upstream repository to be tracked, in the GitHub format of organization/repository. + > scm\_branch: Branch of the upstream repository to be tracked. + > repo: Name of the repository to be tracked, in the format of organization/repository. + > branch: Branch name of the repository to be tracked. + > enabled: Indicates whether to automatically track the repository. + +- Using a specified directory + + Place multiple `xxx.yaml` files in a specified directory, such as the `test_yaml`, and run the following command to record the tracking items of all YAML files in the specified directory. + + Parameter description: + + > --user: User name to be authenticated for the POST interface. It is the same as the USER parameter in the **settings.conf** file. + > --password: Password to be authenticated for the POST interface. It is the password string corresponding to the PASSWORD hash value in the **settings.conf** file. + > --server: URL for starting the patch tracking service, for example, 127.0.0.1:5001. + > --dir: Path where the YAML file is stored. + + ```shell + patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --dir /home/Work/test_yaml/ + ``` + +### Querying a Tracking Item + +Parameter description: + +> --server: (Mandatory) URL for starting the patch tracking service, for example, 127.0.0.1:5001. +> --table: (Mandatory) Table to be queried. +> --Repo: (Optional) repo to be queried. Query all content in the table if this parameter is not configured. +> --branch: (Optional) Branch to be queried. + +```shell +patch-tracking-cli query --server --table tracking +``` + +The website can be accessed properly. + +```shell +patch-tracking-cli query --server 127.0.0.1:5001 --table tracking +``` + +### Querying the Generated Issue + +```shell +patch-tracking-cli query --server --table issue +``` + +For example: + +```shell +patch-tracking-cli query --server 127.0.0.1:5001 --table issue +``` + +### Deleting a Tracking Item + +```shell +patch-tracking-cli delete --server SERVER --user USER --password PWD --repo REPO [--branch BRANCH] +``` + +For example: + +```shell +patch-tracking-cli delete --server 127.0.0.1:5001 --user admin --password Test@123 --repo testPatchTrack/testPatch1 --branch master +``` + +> You can delete a single piece of data from a specified repo or branch. You can also delete data of all branches in a specified repo. + +### Checking Issues and PRs on Gitee + +Log in to Gitee and check the software project to be tracked. On the Issues and Pull Requests tab pages of the project, you can see the item named in `[patch tracking] TIME`, for example, the `[patch tracking] 20200713101548`. This item is the issue and PR of the patch file that is just generated. + +## FAQ + +### When I Access api.github.com, the Connection Is Refused + +#### Symptom + +During the operation of the patch-tracking, the following error message may occur: + +```text + Sep 21 22:00:10 localhost.localdomain patch-tracking[36358]: 2020-09-21 22:00:10,812 - patch_tracking.util.github_api - WARNING - HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /user (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) +``` + +#### Possible Cause + +The preceding problem is caused by the unstable network access between the patch-tracking and GitHub API. Ensure that the patch-tracking is operating in a stable network environment (for example, Huawei Cloud Hong Kong). diff --git a/docs/en/tools/devops/pkgship/_toc.yaml b/docs/en/tools/devops/pkgship/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d4e67f6b840affe96109fea515cdbaa74a7933cc --- /dev/null +++ b/docs/en/tools/devops/pkgship/_toc.yaml @@ -0,0 +1,6 @@ +label: pkgship +isManual: true +description: Software packages dependency lookup, lifecycle management, patch tracking, and more. +sections: + - label: pkgship + href: ./pkgship.md diff --git a/docs/en/tools/devops/pkgship/images/Maintainer.jpg b/docs/en/tools/devops/pkgship/images/Maintainer.jpg new file mode 100644 index 0000000000000000000000000000000000000000..45912da4e7915715df0f598b9429f63bc8695667 Binary files /dev/null and b/docs/en/tools/devops/pkgship/images/Maintainer.jpg differ diff --git a/docs/en/tools/devops/pkgship/images/PatchTracking.jpg b/docs/en/tools/devops/pkgship/images/PatchTracking.jpg new file mode 100644 index 0000000000000000000000000000000000000000..3bac7d2f1b4a228da8d273cdaef55f2d33792fab Binary files /dev/null and b/docs/en/tools/devops/pkgship/images/PatchTracking.jpg differ diff --git a/docs/en/tools/devops/pkgship/images/packagemanagement.png b/docs/en/tools/devops/pkgship/images/packagemanagement.png new file mode 100644 index 0000000000000000000000000000000000000000..6d314e2c6ad6bafd321d9f76cd6aa5f17a8cb394 Binary files /dev/null and b/docs/en/tools/devops/pkgship/images/packagemanagement.png differ diff --git a/docs/en/tools/devops/pkgship/images/panel.png b/docs/en/tools/devops/pkgship/images/panel.png new file mode 100644 index 0000000000000000000000000000000000000000..150eb8c8229f9e8cb47706f3b82f07516a505076 Binary files /dev/null and b/docs/en/tools/devops/pkgship/images/panel.png differ diff --git a/docs/en/tools/devops/pkgship/images/pkgship.png b/docs/en/tools/devops/pkgship/images/pkgship.png new file mode 100644 index 0000000000000000000000000000000000000000..20808309c820d9d732dd4f25d6b882e5d802afdb Binary files /dev/null and b/docs/en/tools/devops/pkgship/images/pkgship.png differ diff --git a/docs/en/tools/devops/pkgship/images/pkgship_outline.png b/docs/en/tools/devops/pkgship/images/pkgship_outline.png new file mode 100644 index 0000000000000000000000000000000000000000..6fe1247c22c6b12a83aa01a5812c444f1667b952 Binary files /dev/null and b/docs/en/tools/devops/pkgship/images/pkgship_outline.png differ diff --git a/docs/en/tools/devops/pkgship/pkgship.md b/docs/en/tools/devops/pkgship/pkgship.md new file mode 100644 index 0000000000000000000000000000000000000000..2e781e3d1e56d0155fc71b202b4c9930fa801283 --- /dev/null +++ b/docs/en/tools/devops/pkgship/pkgship.md @@ -0,0 +1,418 @@ +# pkgship + +## Introduction + +The pkgship is a query tool used to manage the dependency of OS software packages and provide a complete dependency graph. The pkgship provides functions such as software package dependency query and lifecycle management. + +1. Software package basic information query: Allow community personnel to quickly obtain information about the name, version, and description of the software package. +2. Software package dependency query: Allow community personnel to understand the impact on software when software packages are introduced, updated, or deleted. + +## Architecture + +The system uses the Flask-RESTful development mode. The following figure shows the architecture: + +![avatar](./images/packagemanagement.png) + +## Using the Software Online + +pkgship provides a [public online service](https://pkgmanage.openeuler.org/Packagemanagement). You can directly use pkgship online if you do not need to customize your query. + +To use a custom data source, install, configure, and use pkgship by referring to the following sections. + +## Downloading the Software + +- The repo source is officially released at: +- You can obtain the source code at: +- You can obtain the RPM package at: + +## Operating Environment + +- Hardware configuration: + +| Item| Recommended Specification| +|----------|----------| +| CPU| 8 cores| +| Memory| 32 GB (minimum: 4 GB)| +| Dive space| 20 GB| +| Network bandwidth| 300 Mbit/s| +| I/O| 375 MB/s| + +- Software configuration: + +| Name| Specifications| +|----------|----------| +| Elasticsearch| 7.10.1. Single-node and cluster deployment is available.| +| Redis| 5.0.4 or later is recommended. You are advised to set the size to 3/4 of the memory.| +| Python| 3.8 or later.| + +## Installing the Tool + +>Note: The software can run in Docker. In openEuler 21.09, due to environment restrictions, use the **--privileged** parameter when creating a Docker. Otherwise, the software fails to be started. This document will be updated after the adaptation. + +**1. Installing the pkgship** + +You can use either of the following methods to install the pkgship: + +- Method 1: Mount the repo source using DNF. + + Use DNF to mount the repo source where the pkgship is located (for details, see the [Application Development Guide](../../../server/development/application_dev/application_development.md)). Then run the following command to download and install the pkgship and its dependencies: + + ```bash + dnf install pkgship + ``` + +- Method 2: Install the RPM package. Download the RPM package of the pkgship and run the following command to install the pkgship (x.x-x indicates the version number and needs to be replaced with the actual one): + + ```bash + rpm -ivh pkgship-x.x-x.oe1.noarch.rpm + ``` + + Or + + ```bash + dnf install pkgship-x.x-x.oe1.noarch.rpm + ``` + +**2. Installing Elasticsearch and Redis** + +If Elasticsearch or Redis is not installed in the environment, you can execute the automatic installation script after the pkgship is installed. + +The default script path is as follows: + +```bash +/etc/pkgship/auto_install_pkgship_requires.sh +``` + +Run the following command: + +```bash +/bin/bash auto_install_pkgship_requires.sh elasticsearch +``` + +Or + +```bash +/bin/bash auto_install_pkgship_requires.sh redis +``` + +**3. Adding a User After the Installation** + +After the pkgship software is installed, the system automatically creates a user named **pkgshipuser** and a user group named **pkgshipuser**. They will be used when the service is started and running. + +## Configuring Parameters + +1. Configure the parameters in the configuration file. The default configuration file of the system is stored in **/etc/pkgship/package.ini**. Modify the configuration file as required. + + ```bash + vim /etc/pkgship/package.ini + ``` + + ```ini + [SYSTEM-System Configuration] + ; Path for storing the .yaml file imported during database initialization. The .yaml file records the location of the imported .sqlite file. + init_conf_path=/etc/pkgship/conf.yaml + + ; Service query port + query_port=8090 + + ; Service query IP address + query_ip_addr=127.0.0.1 + + ; Address of the remote service. The command line can directly call the remote service to complete the data request. + remote_host=https://api.openeuler.org/pkgmanage + + ; Directory for storing temporary files during initialization and download. The directory will not be occupied for a long time. It is recommended that the available space be at least 1 GB. + temporary_directory=/opt/pkgship/tmp/ + + [LOG-Logs] + ; Service log storage path + log_path=/var/log/pkgship/ + + ; Log level. The options are as follows: + ; INFO DEBUG WARNING ERROR CRITICAL + log_level=INFO + + ; Maximum size of a service log file. If the size of a service log file exceeds the value of this parameter, the file is automatically compressed and dumped. The default value is 30 MB. + max_bytes=31457280 + + ; Maximum number of backup log files. The default value is 30. + backup_count=30 + + [UWSGI-Web Server Configuration] + ; Operation log path + daemonize=/var/log/pkgship-operation/uwsgi.log + ; Size of data transmitted between the front end and back end + buffer-size=65536 + ; Network connection timeout interval + http-timeout=600 + ; Service response time + harakiri=600 + + [REDIS-Cache Configuration] + ; The address of the Redis cache server can be the released domain or IP address that can be accessed. + ; The default link address is 127.0.0.1. + redis_host=127.0.0.1 + + ; Port number of the Redis cache server. The default value is 6379. + redis_port=6379 + + ; Maximum number of connections allowed by the Redis server at a time. + redis_max_connections=10 + + [DATABASE-Database] + ; Database access address. The default value is the IP address of the local host. + database_host=127.0.0.1 + + ; Database access port. The default value is 9200. + database_port=9200 + ``` + +2. Create a YAML configuration file to initialize the database. The **conf.yaml** file is stored in the **/etc/pkgship/** directory by default. The pkgship reads the name of the database to be created and the SQLite file to be imported based on this configuration. You can also configure the repo address of the SQLite file. An example of the **conf.yaml** file is as follows: + + ```yaml + dbname: oe20.03 #Database name + src_db_file: /etc/pkgship/repo/openEuler-20.09/src #Local path of the source package + bin_db_file: /etc/pkgship/repo/openEuler-20.09/bin #Local path of the binary package + priority: 1 #Database priority + + dbname: oe20.09 + src_db_file: https://repo.openeuler.org/openEuler-20.09/source #Repo source of the source package + bin_db_file: https://repo.openeuler.org/openEuler-20.09/everything/aarch64 #Repo source of the binary package + priority: 2 + ``` + + > To change the storage path, change the value of **init\_conf\_path** in the **package.ini** file. + > + > The SQLite file path cannot be configured directly. + > + > The value of **dbname** can contain only lowercase letters, digits, periods (.), hyphens (-), underscores (_), and plus signs (+), and must start and end with lower case letters or digits. + +## Starting and Stopping the Service + +The pkgship can be started and stopped in two modes: systemctl mode and pkgshipd mode. In systemctl mode, the automatic startup mechanism can be stopped when an exception occurs. You can run any of the following commands: + +```bash +systemctl start pkgship.service # Start the service. + +systemctl stop pkgship.service # Stop the service. + +systemctl restart pkgship.service # Restart the service. +``` + +```bash +pkgshipd start # Start the service. + +pkgshipd stop # Stop the service. +``` + +> Only one mode is supported in each start/stop period. The two modes cannot be used at the same time. +> +> The pkgshipd startup mode can be used only by the **pkgshipuser** user. +> +> If the **systemctl** command is not supported in the Docker environment, run the **pkgshipd** command to start or stop the service. + +## Using the Tool + +1. Initialize the database. + + > Application scenario: After the service is started, to query the package information and dependency in the corresponding database (for example, oe20.03 and oe20.09), you need to import the SQLite (including the source code library and binary library) generated by the **createrepo** to the service. Then insert the generated JSON body of the package information into the corresponding database of Elasticsearch. The database name is the value of d**bname-source/binary** generated based on the value of **dbname** in the **conf.yaml** file. + + ```bash + pkgship init [-filepath path] + ``` + + > Parameter description: + > **-filepath**: (Optional) Specifies the path of the initialization configuration file **config.yaml.** You can use either a relative path or an absolute path. If no parameter is specified, the default configuration is used for initialization. + +2. Query a single package. + + You can query details about a source package or binary package (**packagename**) in the specified **database** table. + + > Application scenario: You can query the detailed information about the source package or binary package in a specified database. + + ```bash + pkgship pkginfo $packageName $database [-s] + ``` + + > Parameter description: + > **packagename**: (Mandatory) Specifies the name of the software package to be queried. + > **database**: (Mandatory) Specifies the database name. + > + > **-s**: (Optional) Specifies that the source package `src` is to be queried by `-s`. If this parameter is not specified, the binary package information of `bin` is queried by default. + +3. Query all packages. + + Query information about all packages in the database. + + > Application scenario: You can query information about all software packages in a specified database. + + ```bash + pkgship list $database [-s] + ``` + + > Parameter description: + > **database**: (Mandatory) Specifies the database name. + > **-s**: (Optional) Specifies that the source package `src` is to be queried by `-s`. If this parameter is not specified, the binary package information of `bin` is queried by default. + +4. Query the installation dependency. + + Query the installation dependency of the binary package (**binaryName**). + + > Application scenario: When you need to install the binary package A, you need to install B, the installation dependency of A, and C, the installation dependency of B, etc. A can be installed only after all the installation dependencies are installed in the system. Therefore, before installing the binary package A, you may need to query all installation dependencies of A. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority. + + ```bash + pkgship installdep [$binaryName $binaryName1 $binaryName2...] [-dbs] [db1 db2...] [-level] $level + ``` + + > Parameter description: + > **binaryName**: (Mandatory) Specifies the name of the dependent binary package to be queried. Multiple packages can be transferred. + > + > **-dbs:** (Optional) Specifies the priority of the database to be queried. If this parameter is not specified, the database is queried based on the default priority. + > + > **-level**: (Optional) Specifies the dependency level to be queried. If this parameter is not specified, the default value **0** is used, indicating that all levels are queried. + +5. Query the compilation dependency. + + Query all compilation dependencies of the source code package (**sourceName**). + + > Application scenario: To compile the source code package A, you need to install B, the compilation dependency package of A. To install B, you need to obtain all installation dependency packages of B. Therefore, before compiling the source code package A, you need to query the compilation dependencies of A and all installation dependencies of these compilation dependencies. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority. + + ```bash + pkgship builddep [$sourceName $sourceName1 $sourceName2..] -dbs [db1 db2 ..] [-level] $level + ``` + + > Parameter description: + > **sourceName**: (Mandatory) Specifies the name of the source package on which the compilation depends. Multiple packages can be queried. + > + > **-dbs:** (Optional) Specifies the priority of the database to be queried. If this parameter is not specified, the database is queried based on the default priority. + > + > **-level**: (Optional) Specifies the dependency level to be queried. If this parameter is not specified, the default value **0** is used, indicating that all levels are queried. + +6. Query the self-compilation and self-installation dependencies. + + Query the installation and compilation dependencies of a specified binary package (**binaryName**) or source package (**sourceName**). In the command, **\[pkgName]** indicates the name of the binary package or source package to be queried. When querying a binary package, you can query all installation dependencies of the binary package, and the compilation dependencies of the source package corresponding to the binary package, as well as all installation dependencies of these compilation dependencies. When querying a source package, you can query its compilation dependency, and all installation dependencies of the compilation dependency, as well as all installation dependencies of the binary packages generated by the source package. In addition, you can run this command together with the corresponding parameters to query the self-compilation dependency of a software package and the dependency of a subpackage. + + > Application scenario: If you want to introduce a new software package based on the existing version library, you need to introduce all compilation and installation dependencies of the software package. You can run this command to query these two dependency types at the same time to know the packages introduced by the new software package, and to query binary packages and source packages. + + ```bash + pkgship selfdepend [$pkgName1 $pkgName2 $pkgName3 ..] [-dbs] [db1 db2..] [-b] [-s] [-w] + ``` + + > Parameter description: + > + > **pkgName**: (Mandatory) Specifies the name of the software package on which the installation depends. Multiple software packages can be transferred. + > + > **-dbs:** (Optional) Specifies the priority of the database to be queried. If this parameter is not specified, the database is queried based on the default priority. + > + > **-b**: (Optional) Specifies that the package to be queried is a binary package. If this parameter is not specified, the source package is queried by default. + > + > **-s**: (Optional) If **-s** is specified, all installation dependencies, compilation dependencies (that is, compilation dependencies of the source package on which compilation depends), and installation dependencies of all compilation dependencies of the software package are queried. If **-s** is not added, all installation dependencies and layer-1 compilation dependencies of the software package, as well as all installation dependencies of layer-1 compilation dependencies, are queried. + > + > **-w**: (Optional) If **-w** is specified, when a binary package is introduced, the query result displays the source package corresponding to the binary package and all binary packages generated by the source package. If **-w** is not specified, only the corresponding source package is displayed in the query result when a binary package is imported. + +7. Query dependency. + Query the packages that depend on the software package (**pkgName**) in a database (**dbName**). + + > Application scenario: You can run this command to query the software packages that will be affected by the upgrade or deletion of the software source package A. This command displays the source packages (for example, B) that depend on the binary packages generated by source package A (if it is a source package or the input binary package for compilation). It also displays the binary packages (for example, C1) that depend on A for installation. Then, it queries the source package (for example, D) that depend on the binary package generated by B C1 for compilation and the binary package (for example E1) for installation. This process continues until it traverses the packages that depend on the binary packages. + + ```bash + pkgship bedepend dbName [$pkgName1 $pkgName2 $pkgName3] [-w] [-b] [-install/build] + ``` + + > Parameter description: + > + > **dbName**: (Mandatory) Specifies the name of the repository whose dependency needs to be queried. Only one repository can be queried each time. + > + > **pkgName**: (Mandatory) Specifies the name of the software package to be queried. Multiple software packages can be queried. + > + > **-w**: (Optional) If **-w** is not specified, the query result does not contain the subpackages of the corresponding source package by default. If **\[-w]** is specified after the command, not only the dependency of binary package C1 is queried, but also the dependency of other binary packages (such as C2 and C3) generated by source package C corresponding to C1 is queried. + > + > **-b**: (Optional) Specifies `-b` and indicates that the package to be queried is a binary package. By default, the source package is queried. + > + > **-install/build**: (Optional) `-install` indicates that installation dependencies are queried. `-build` indicates that build dependencies are queried. By default, all dependencies are queried. `-install` and `-build` are exclusive to each other. + +8. Query the database information. + + > Application scenario: Check which databases are initialized in Elasticsearch. This function returns the list of initialized databases based on the priority. + + `pkgship dbs` + +9. Obtain the version number. + + > Application scenario: Obtain the version number of the pkgship software. + + `pkgship -v` + +## Viewing and Dumping Logs + +**Viewing Logs** + +When the pkgship service is running, two types of logs are generated: service logs and operation logs. + +1. Service logs: + + Path: **/var/log/pkgship/log\_info.log**. You can customize the path through the **log\_path** field in the **package.ini** file. + + Function: This log records the internal running of the code to facilitate fault locating. + + Permission: The permissions on the path and the log file are 755 and 644, respectively. Common users can view the log file. + +2. Operation logs: + + Path: **/var/log/pkgship-operation/uwsgi.log**. You can customize the path through the **daemonize** field in the **package.ini** file. + + Function: This log records user operation information, including the IP address, access time, URL, and result, to facilitate subsequent queries and record attacker information. + + Permission: The permissions on the path and the log file are 700 and 644, respectively. Only the **root** and **pkgshipuser** users can view the log file. + +**Dumping Logs** + +1. Service log dumping: + + - Dumping mechanism + + Use the dumping mechanism of the logging built-in function of Python to back up logs based on the log size. + + > The items are used to configure the capacity and number of backups of each log in the **package.ini** file. + + ```ini + ; Maximum capacity of each file, the unit is byte, default is 30M + max_bytes=31457280 + + ; Number of old logs to keep;default is 30 + backup_count=30 + ``` + + - Dumping process + + After a log is written, if the size of the log file exceeds the configured log capacity, the log file is automatically compressed and dumped. The compressed file name is **log\_info.log.***x***.gz**, where *x* is a number. A smaller number indicates a later backup. + + When the number of backup log files reaches the threshold, the earliest backup log file is deleted and the latest compressed log file is backed up. + +2. Operation log dumping: + + - Dumping mechanism + + A script is used to dump data by time. Data is dumped once a day and is retained for 30 days. Customized configuration is not supported. + + > The script is stored in **/etc/pkgship/uwsgi\_logrotate.sh**. + + - Dumping process + + When the pkgship is started, the script for dumping data runs in the background. From the startup, dumping and compression are performed every other day. A total of 30 compressed files are retained. The compressed file name is **uwsgi.log-20201010*x*.zip**, where *x* indicates the hour when the file is compressed. + + After the pkgship is stopped, the script for dumping data is stopped and data is not dumped . When the pkgship is started again, the script for dumping data is executed again. + +## pkgship-panel + +### Introduction + +pkgship-panel integrates software package build information and maintenance information so that version maintenance personnel can quickly identify abnormal software packages and notify the package owners to solve the problems, ensuring build project stability and improving the OS build success rate. + +### Architecture + +![](images/panel.png) + +### Using the Tool + +The data source of pkgship-panel cannot be configured. You are advised to use the [pkgship-panel official website](https://pkgmanage.openeuler.org/Infomanagement). diff --git a/docs/en/tools/maintenance/_toc.yaml b/docs/en/tools/maintenance/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..421eba7ff2ce320be80968ce6f5ecaf3ada7fdc4 --- /dev/null +++ b/docs/en/tools/maintenance/_toc.yaml @@ -0,0 +1,8 @@ +label: O&M +sections: + - label: Hot Patch Creation + sections: + - href: ../../server/maintenance/syscare/_toc.yaml + - label: System Monitoring + sections: + - href: ../../server/maintenance/sysmonitor/_toc.yaml diff --git a/docs/en/tools/security/_toc.yaml b/docs/en/tools/security/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b6d43d6f695b429b64f2438b592febcebabe9811 --- /dev/null +++ b/docs/en/tools/security/_toc.yaml @@ -0,0 +1,5 @@ +label: Security +sections: + - href: + upstream: https://gitee.com/openeuler/secGear/blob/master/docs/en/2403_LTS_SP2/_toc.yaml + path: ./secgear diff --git a/docs/en/virtualization/_toc.yaml b/docs/en/virtualization/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..11ff5a4e4c45403d3a6a089270f91349cf517b7b --- /dev/null +++ b/docs/en/virtualization/_toc.yaml @@ -0,0 +1,14 @@ +label: Virtualization +sections: + - label: Virtualization Platforms + sections: + - href: + upstream: https://gitee.com/openeuler/Virt-docs/blob/openEuler-24.03-LTS-SP2/docs/en/virtualization_platform/virtualization/_toc.yaml + path: ./virtulization_platform/virtulization + - href: + upstream: https://gitee.com/openeuler/Virt-docs/blob/openEuler-24.03-LTS-SP2/docs/en/virtualization_platform/stratovirt/_toc.yaml + path: ./virtulization_platform/stratovirt + - label: openStack User Guide + href: >- + https://openstack-sig.readthedocs.io/zh/latest/ + description: Open source platform for cloud computing management diff --git a/docs/zh/.DS_Store b/docs/zh/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..45ccb113c4568f294fe0e27d50517b98b30ac2b3 Binary files /dev/null and b/docs/zh/.DS_Store differ diff --git a/docs/zh/_toc.yaml b/docs/zh/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..20b388584b0c262d6b581887ed8cd6c82e27eeb0 --- /dev/null +++ b/docs/zh/_toc.yaml @@ -0,0 +1,10 @@ +label: 文档中心 +sections: + - href: ./server/_toc.yaml + - href: ./virtualization/_toc.yaml + - href: ./cloud/_toc.yaml + - href: ./edge_computing/_toc.yaml + - href: ./embedded/_toc.yaml + - href: ./devstation/_toc.yaml + - href: ./tools/_toc.yaml + diff --git a/docs/zh/cloud/.DS_Store b/docs/zh/cloud/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..51e6f471b80ef74e0dafe4f8c2ad42d0ab93923b Binary files /dev/null and b/docs/zh/cloud/.DS_Store differ diff --git a/docs/zh/cloud/_toc.yaml b/docs/zh/cloud/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0c2ed4e3b34c7fe938bdf77dd8566f6db76bcf33 --- /dev/null +++ b/docs/zh/cloud/_toc.yaml @@ -0,0 +1,59 @@ +label: 云原生 +sections: + - label: 容器引擎 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/container_engine/isula_container_engine/_toc.yaml + path: ./container_engine/isula_container_engine + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/container_engine/docker_engine/_toc.yaml + path: ./container_engine/docker_engine + - label: 容器形态 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/container_form/secure_container/_toc.yaml + path: ./container_form/secure_container + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/container_form/system_container/_toc.yaml + path: ./container_form/system_container + - label: 容器运行时 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/container_runtime/kuasar/_toc.yaml + path: ./container_runtime/kuasar + - label: 容器镜像构建工具 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/image_builder/isula_build/_toc.yaml + path: ./image_builder/isula_build + - label: 云原生操作系统 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/kubeos/kubeos/_toc.yaml + path: ./kubeos/kubeos + - label: 云底座操作系统 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/nestos/nestos/_toc.yaml + path: ./nestos/nestos + - label: 混合部署 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/hybrid_deployment/rubik/_toc.yaml + path: ./hybrid_deployment/rubik + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/hybrid_deployment/oncn_bwm/_toc.yaml + path: ./hybrid_deployment/oncn_bwm + - label: 集群部署 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/cluster_deployment/kubernetes/_toc.yaml + path: ./cluster_deployment/kubernetes + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/cluster_deployment/isulad+k8s/_toc.yaml + path: ./cluster_deployment/isulad+k8s + - label: 服务网格 + sections: + - href: + upstream: https://gitee.com/openeuler/cloudnative-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/docs/kmesh/kmesh/_toc.yaml + path: ./kmesh/kmesh diff --git a/docs/zh/devstation/_toc.yaml b/docs/zh/devstation/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2d44d12585a4691a1ebcf44c6b687e6f53689c07 --- /dev/null +++ b/docs/zh/devstation/_toc.yaml @@ -0,0 +1,17 @@ +label: DevStation +sections: + - href: + upstream: https://gitee.com/src-openeuler/calamares/blob/openEuler-24.03-LTS-SP2/docs/zh/_toc.yaml + path: ./devstation/calamares + - href: + upstream: https://gitee.com/src-openeuler/oeDeploy/blob/openEuler-24.03-LTS-SP2/docs/zh/_toc.yaml + path: ./devstation/oedeploy + - href: + upstream: https://gitee.com/src-openeuler/oeGitExt/blob/openEuler-24.03-LTS-SP2/docs/zh/_toc.yaml + path: ./devstation/oeGitExt + - href: + upstream: https://gitee.com/src-openeuler/roo-code/blob/openEuler-24.03-LTS-SP2/docs/zh/_toc.yaml + path: ./devstation/roo-code + - href: + upstream: https://gitee.com/src-openeuler/oeDevPlugin/blob/openEuler-24.03-LTS-SP2/docs/zh/_toc.yaml + path: ./devstation/oeDevPlugin diff --git a/docs/zh/edge_computing/_toc.yaml b/docs/zh/edge_computing/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3a1bc0ae89fe47b293c9e2519fcaf96e987489bd --- /dev/null +++ b/docs/zh/edge_computing/_toc.yaml @@ -0,0 +1,5 @@ +label: 边缘计算 +sections: + - href: ./kube_edge/_toc.yaml + - href: ./k3s/_toc.yaml + - href: ./ros/_toc.yaml \ No newline at end of file diff --git a/docs/zh/edge_computing/k3s/_toc.yaml b/docs/zh/edge_computing/k3s/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d71b66ea9c40a9ac8ca367ab2cc95161148fcd7e --- /dev/null +++ b/docs/zh/edge_computing/k3s/_toc.yaml @@ -0,0 +1,6 @@ +label: K3s部署指南 +isManual: true +description: K3s 是一个轻量级的 Kubernetes 发行版。 +sections: + - label: K3s部署指南 + href: ./k3s_deployment_guide.md diff --git a/docs/zh/edge_computing/k3s/figures/agent-install.png b/docs/zh/edge_computing/k3s/figures/agent-install.png new file mode 100644 index 0000000000000000000000000000000000000000..dca1d64ec8aae821393bb715daf4c56b783a68e0 Binary files /dev/null and b/docs/zh/edge_computing/k3s/figures/agent-install.png differ diff --git a/docs/zh/edge_computing/k3s/figures/check-agent.png b/docs/zh/edge_computing/k3s/figures/check-agent.png new file mode 100644 index 0000000000000000000000000000000000000000..aa467713353d70ad513e8ee13ac9d8b6520b7ee0 Binary files /dev/null and b/docs/zh/edge_computing/k3s/figures/check-agent.png differ diff --git a/docs/zh/edge_computing/k3s/figures/check-server.png b/docs/zh/edge_computing/k3s/figures/check-server.png new file mode 100644 index 0000000000000000000000000000000000000000..06343de9a8b0eacb0f6194cf438b2b27af88cae4 Binary files /dev/null and b/docs/zh/edge_computing/k3s/figures/check-server.png differ diff --git a/docs/zh/edge_computing/k3s/figures/server-install.png b/docs/zh/edge_computing/k3s/figures/server-install.png new file mode 100644 index 0000000000000000000000000000000000000000..7d30c8f4f73946c8b0555186c1736492039da731 Binary files /dev/null and b/docs/zh/edge_computing/k3s/figures/server-install.png differ diff --git a/docs/zh/edge_computing/k3s/figures/set-hostname.png b/docs/zh/edge_computing/k3s/figures/set-hostname.png new file mode 100644 index 0000000000000000000000000000000000000000..32564d6159825b6d4131a6b138a493188ce88c6c Binary files /dev/null and b/docs/zh/edge_computing/k3s/figures/set-hostname.png differ diff --git a/docs/zh/edge_computing/k3s/figures/token.png b/docs/zh/edge_computing/k3s/figures/token.png new file mode 100644 index 0000000000000000000000000000000000000000..79e5313bd1d5e707659cd08d4aafdf528b9df8f0 Binary files /dev/null and b/docs/zh/edge_computing/k3s/figures/token.png differ diff --git a/docs/zh/edge_computing/k3s/figures/yum-install.png b/docs/zh/edge_computing/k3s/figures/yum-install.png new file mode 100644 index 0000000000000000000000000000000000000000..0e601a23a5a67e7927f12bc90d1a4137e1a3a567 Binary files /dev/null and b/docs/zh/edge_computing/k3s/figures/yum-install.png differ diff --git a/docs/zh/edge_computing/k3s/k3s_deployment_guide.md b/docs/zh/edge_computing/k3s/k3s_deployment_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..6671cf170d9ac19c37e8c8e8abb1bfe75e3d0166 --- /dev/null +++ b/docs/zh/edge_computing/k3s/k3s_deployment_guide.md @@ -0,0 +1,86 @@ +# K3s部署指南 + +### 什么是K3s +K3s 是一个轻量级的 Kubernetes 发行版,它针对边缘计算、物联网等场景进行了高度优化。K3s 有以下增强功能: +- 打包为单个二进制文件。 +- 使用基于 sqlite3 的轻量级存储后端作为默认存储机制。同时支持使用 etcd3、MySQL 和 PostgreSQL 作为存储机制。 +- 封装在简单的启动程序中,通过该启动程序处理很多复杂的 TLS 和选项。 +- 默认情况下是安全的,对轻量级环境有合理的默认值。 +- 添加了简单但功能强大的batteries-included功能,例如:本地存储提供程序,服务负载均衡器,Helm controller 和 Traefik Ingress controller。 +- 所有 Kubernetes control-plane 组件的操作都封装在单个二进制文件和进程中,使 K3s 具有自动化和管理包括证书分发在内的复杂集群操作的能力。 +- 最大程度减轻了外部依赖性,K3s 仅需要 kernel 和 cgroup 挂载。 + +### 适用场景 +K3s 适用于以下场景: + +- 边缘计算-Edge +- 物联网-IoT +- CI +- Development +- ARM +- 嵌入 K8s + +由于运行 K3s 所需的资源相对较少,所以 K3s 也适用于开发和测试场景。在这些场景中,如果开发或测试人员需要对某些功能进行验证,或对某些问题进行重现,那么使用 K3s 不仅能够缩短启动集群的时间,还能够减少集群需要消耗的资源。 + +### 部署K3s + +#### 准备工作: + +- 确保server节点及agent节点主机名不一致: + +可以通过 hostnamectl set-hostname “主机名” 进行主机名的修改。 + +![1661829534335](./figures/set-hostname.png) + +- 在各节点yum 安装 K3s: + + K3s官网采用下载对应架构二进制可执行文件的格式,通过install.sh脚本进行离线安装,openEuler社区将该二进制文件的编译过程移植到社区中,并编译出RPM包。此处可通过yum命令直接进行下载安装。 + +![1661830441538](./figures/yum-install.png) + +#### 部署server节点 + +如需在单个服务器上安装 K3s,可以在 server 节点上执行如下操作: +``` +INSTALL_K3S_SKIP_DOWNLOAD=true k3s-install.sh +``` + +![1661825352724](./figures/server-install.png) + +#### 检查server部署情况 + +![1661825403705](./figures/check-server.png) + +#### 部署agent节点 + +首先查询server节点的token值,该token可在server节点的/var/lib/rancher/k3s/server/node-token查到。 + +> **注意**: +> +> 后续我们只用到该token的后半部分。 + +![1661825538264](./figures/token.png) + +选择添加其他 agent,请在每个 agent 节点上执行以下操作。 + +``` +INSTALL_K3S_SKIP_DOWNLOAD=true K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken k3s-install.sh +``` + +> **注意** +> +> 将 myserver 替换为 server 的 IP 或有效的 DNS,并将 mynodetoken 替换 server 节点的 token: + +![1661829392357](./figures/agent-install.png) + +#### 检查agent节点是否部署成功 + +安装完毕后,回到 **server** 节点,执行 `kubectl get nodes`,可以看到agent节点已注册成功。 + +![1661826797319](./figures/check-agent.png) + +至此,一个基础的k3s集群搭建完成。 + +#### 更多用法 + +K3s的更多用法可以参考K3s官网,https://rancher.com/docs/k3s/latest/en/ ,https://docs.rancher.cn/k3s/ diff --git a/docs/zh/edge_computing/kube_edge/_toc.yaml b/docs/zh/edge_computing/kube_edge/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1406dabe02c89fc0bae96d8a92a30dcb00960ec1 --- /dev/null +++ b/docs/zh/edge_computing/kube_edge/_toc.yaml @@ -0,0 +1,8 @@ +label: KubeEdge 边缘计算平台用户指南 +isManual: true +description: 主要介绍了边缘计算平台 KubeEdge 的部署与使用。 +sections: + - label: KubeEdge 使用文档 + href: ./kube_edge_user_document.md + - label: KubeEdge 部署指南 + href: ./kube_edge_deployment_guide.md diff --git a/docs/zh/edge_computing/kube_edge/kube_edge_deployment_guide.md b/docs/zh/edge_computing/kube_edge/kube_edge_deployment_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..96a617910ac7180d82de4dff01513352bd42fee4 --- /dev/null +++ b/docs/zh/edge_computing/kube_edge/kube_edge_deployment_guide.md @@ -0,0 +1,224 @@ +# KubeEdge 部署指南 + +## 介绍 + +### KubeEdge + +KubeEdge 是一个致力于解决边缘场景问题的开源系统,它将容器化应用程序编排和设备管理的能力扩展到边缘设备。基于 Kubernetes、KubeEdge 为网络、应用程序部署以及云侧与边缘侧之间的元数据同步提供核心基础设施支持。KubeEdge 支持 MQTT,并允许开发人员编写自定义逻辑,在边缘上启用资源受限的设备通信。KubeEdge 由云部分和边缘部分组成,目前均已开源。 + +> + +### iSulad + +iSulad 是一个轻量级容器 runtime 守护程序,专为 IOT 和 Cloud 基础设施而设计,具有轻便、快速且不受硬件规格和体系结构限制的特性,可以被更广泛地应用在云、IoT、边缘计算等多个场景。 + +> + +## 集群概览 + +### 组件版本 + +| 组件 | 版本 | +| ---------- | --------------------------------- | +| OS | openEuler 22.03 | +| Kubernetes | 1.20.2-4 | +| iSulad | 2.0.11 | +| KubeEdge | v1.8.0 | + +### 节点规划(示例) + +| 节点名 | 位置 | 组件 | +| -------------- | ------------ | ------------------------------ | +| cloud.kubeedge | 云侧(cloud) | k8s(master)、isulad、cloudcore | +| edge.kubeedge | 边缘侧(edge) | isulad、edgecore | + +> 提示:云侧和边缘侧的主机名可以使用 `hostnamectl set-hostname [cloud,edge].kubeedge` 命令提前设置好 + +## 准备 + +### 下载工具包 + +[kubeedge-tools](https://gitee.com/Poorunga/kubeedge-tools) 工具包提供了完备的离线安装包以及部署脚本,降低了部署复杂度,并且支持在节点无法访问外网的条件下快速搭建 KubeEdge 集群。 + +```bash +# 下载 kubeedge-tools 工具包并解压(包括云侧和边缘侧) +$ wget -O kubeedge-tools.zip https://gitee.com/Poorunga/kubeedge-tools/repository/archive/master.zip +$ unzip kubeedge-tools.zip + +# 进入 kubeedge-tools 工具包目录(后续所有操作基于此目录) +$ cd kubeedge-tools-master +``` + +### 部署 k8s + +以下操作仅在云侧执行。 + +#### 初始化云侧环境 + +```bash +$ ./setup-cloud.sh +``` + +#### 安装 k8s + +k8s 的安装部署使用 openEuler 22.03 SP2 的版本。 + +#### 安装云侧容器网络 + +目前有丰富的 cni 软件可以为 k8s 节点提供容器网络功能,比如 [flannel](https://github.com/flannel-io/flannel)、[calico](https://github.com/projectcalico/calico)、[cilium](https://github.com/cilium/cilium) 等,如果你暂时不明确选用哪款 cni 软件,可以使用下方命令安装云侧容器网络: + +```bash +$ ./install-flannel-cloud.sh +``` + +#### 检查部署情况 + +```bash +# 查看节点状态(Ready 即正常) +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +cloud.kubeedge Ready control-plane,master 12m v1.20.2 + +# 查看所有 k8s 组件运行状态(Running 即正常) +$ kubectl get pods -n kube-system +NAME READY STATUS RESTARTS AGE +coredns-74ff55c5b-4ptkh 1/1 Running 0 15m +coredns-74ff55c5b-zqx5n 1/1 Running 0 15m +etcd-cloud.kubeedge 1/1 Running 0 15m +kube-apiserver-cloud.kubeedge 1/1 Running 0 15m +kube-controller-manager-cloud.kubeedge 1/1 Running 0 15m +kube-flannel-cloud-ds-lvh4n 1/1 Running 0 13m +kube-proxy-2tcnn 1/1 Running 0 15m +kube-scheduler-cloud.kubeedge 1/1 Running 0 15m +``` + +## 部署 + +### 部署 cloudcore + +以下操作仅在云侧执行 + +#### 初始化集群 + +```bash +# --advertise-address 填写云侧节点的主机 IP 地址 +$ keadm init --advertise-address="云侧IP" --kubeedge-version=1.8.0 +... +CloudCore started +``` + +#### 调整 cloudcore 配置 + +```bash +$ ./patch-cloud.sh +``` + +#### 检查部署情况 + +```bash +# active (running)即正常 +$ systemctl status cloudcore | grep running + Active: active (running) since Fri 2022-03-04 10:54:30 CST; 5min ago +``` + +至此,云侧的 cloudcore 已部署完成,接下来部署边缘侧 edgecore。 + +### 部署 edgecore + +以下命令如无特殊说明则仅在边缘侧执行 + +#### 初始化边缘侧环境 + +```bash +$ ./setup-edge.sh +``` + +#### 纳管边缘节点 + +```bash +# keadm gettoken 命令需要在云侧执行 +$ keadm gettoken +96058ab80ffbeb87fe58a79bfb19ea13f9a5a6c3076a17c00f80f01b406b4f7c.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY0NDg4NzF9.1mJegWB7SUVjgf-OvAqILgbZXeMHR9eOzMxpNFc42SI +# 记录并保存此 token 值,后续步骤需要使用 + + +# keadm join 命令在边缘侧执行 +# --cloudcore-ipport 填写云侧节点的主机 IP 地址:10000,--token 填写上方 token 值 +$ keadm join --cloudcore-ipport=云侧IP:10000 --kubeedge-version=1.8.0 --token=96058ab80ffbeb87fe58a79bfb19ea13f9a5a6c3076a17c00f80f01b406b4f7c.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDY0NDg4NzF9.1mJegWB7SUVjgf-OvAqILgbZXeMHR9eOzMxpNFc42SI +... +KubeEdge edgecore is running... +``` + +#### 调整 edgecore 配置 + +```bash +$ ./patch-edge.sh +``` + +#### 安装边缘侧容器网络 + +如果你暂时不明确选用哪款 cni 软件,可以使用下方命令安装边缘侧容器网络: + +```bash +# 下方命令需要在云侧执行 +$ ./install-flannel-edge.sh +``` + +#### 检查边缘节点是否纳管成功 + +```bash +# 下方命令需要在云侧执行(发现已经有了边缘节点) +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +cloud.kubeedge Ready control-plane,master 1h v1.20.2 +edge.kubeedge Ready agent,edge 10m v1.19.3-kubeedge-v1.8.0 +``` + +至此,KubeEdge 集群部署完成,接下来我们测试一下从云侧下发应用到边缘侧。 + +### 部署应用 + +以下命令在云侧执行 + +#### 部署nginx + +```bash +$ kubectl apply -f yamls/nginx-deployment.yaml +deployment.apps/nginx-deployment created + +# 查看应用是否部署到了边缘侧(Running 即正常) +$ kubectl get pod -owide | grep nginx +nginx-deployment-84b99f4bf-jb6sz 1/1 Running 0 30s 10.244.1.2 edge.kubeedge +``` + +#### 测试功能 + +```bash +# 进入边缘侧节点,访问 nginx 应用 +$ curl 10.244.1.2:80 + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + +``` + +至此,KubeEdge 部署已经全流程打通。 diff --git a/docs/zh/edge_computing/kube_edge/kube_edge_user_document.md b/docs/zh/edge_computing/kube_edge/kube_edge_user_document.md new file mode 100644 index 0000000000000000000000000000000000000000..2b8da61b07828cc02574cb9128c290324db90a3b --- /dev/null +++ b/docs/zh/edge_computing/kube_edge/kube_edge_user_document.md @@ -0,0 +1,224 @@ +# KubeEdge使用文档 + +KubeEdge将Kubernetes的能力延伸到了边缘场景中,为云和边缘之间的网络、应用部署和元数据同步提供基础架构支持。KubeEdge在使用上与Kubernetes保持完全一致,除此之外还扩展了对边缘设备的管理与控制。本节将通过一个简单的例子向用户演示如何通过KubeEdge完成设备边云协同任务。 + +## 1. 准备工作 + +选用示例:**KubeEdge Counter Demo** + +计数器是一个伪设备,用户无需任何额外的物理设备即可运行此演示。计数器在边缘侧运行,用户可以从云侧在Web中对其进行控制,也可以从云侧在Web中获得计数器值。原理图如下: + +详细文档参考: + +1. 本示例要求KubeEdge版本必须是v1.2.1+,此次选择最新版的KubeEdge v1.8.0 + + ```sh + [root@ke-cloud ~]# kubectl get node + NAME STATUS ROLES AGE VERSION + ke-cloud Ready master 13h v1.20.2 + ke-edge1 Ready agent,edge 64s v1.19.3-kubeedge-v1.8.0 + + 说明:本文接下来的验证将使用边缘节点ke-edge1进行,如果你参考本文进行相关验证,后续边缘节点名称的配置需要根据你的实际情况进行更改。 + ``` + +2. 确保k8s apiserver开启了以下配置: + + ```shell + --insecuret-port=8080 + --insecure-bind-address=0.0.0.0 + ``` + + 可以通过修改/etc/kubernetes/manifests/kube-apiserver.yaml文件,并重启k8s-apiserver组件的pod来进行更改。 + +3. 下载示例代码: + + ```sh + [root@ke-cloud ~]# git clone https://github.com/kubeedge/examples.git $GOPATH/src/github.com/kubeedge/examples + ``` + +## 2. 创建device model和device + +1. 创建device model + + ```sh + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# kubectl create -f kubeedge-counter-model.yaml + ``` + +2. 创建device + + 根据你的实际情况修改matchExpressions: + + ```sh + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# vim kubeedge-counter-instance.yaml + apiVersion: devices.kubeedge.io/v1alpha1 + kind: Device + metadata: + name: counter + labels: + description: 'counter' + manufacturer: 'test' + spec: + deviceModelRef: + name: counter-model + nodeSelector: + nodeSelectorTerms: + - matchExpressions: + - key: 'kubernetes.io/hostname' + operator: In + values: + - ke-edge1 + + status: + twins: + - propertyName: status + desired: + metadata: + type: string + value: 'OFF' + reported: + metadata: + type: string + value: '0' + + [root@ke-cloud crds~]# kubectl create -f kubeedge-counter-instance.yaml + ``` + +## 3. 部署云端应用 + +1. 修改代码 + + 云端应用web-controller-app用来控制边缘端的pi-counter-app应用,该程序默认监听的端口号为80,此处修改为8089,如下所示: + + ```sh + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/web-controller-app + [root@ke-cloud web-controller-app~]# vim main.go + package main + + import ( + "github.com/astaxie/beego" + "github.com/kubeedge/examples/kubeedge-counter-demo/web-controller-app/controller" + ) + + func main() { + beego.Router("/", new(controllers.TrackController), "get:Index") + beego.Router("/track/control/:trackId", new(controllers.TrackController), "get,post:ControlTrack") + + beego.Run(":8089") + } + ``` + +2. 构建镜像 + + 注意:构建镜像时,请将源码拷贝到GOPATH对应的路径下,如果开启了go mod请关闭。 + + ```sh + [root@ke-cloud web-controller-app~]# make all + [root@ke-cloud web-controller-app~]# make docker + ``` + +3. 部署web-controller-app + + ```sh + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# kubectl apply -f kubeedge-web-controller-app.yaml + ``` + +## 4. 部署边缘端应用 + +边缘端的pi-counter-app应用受云端应用控制,主要与mqtt服务器通信,进行简单的计数功能。 + +1. 修改代码与构建镜像 + + 需要将Makefile中的GOARCH修改为amd64才能运行该容器。 + + ```sh + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/counter-mapper + [root@ke-cloud counter-mapper~]# vim Makefile + .PHONY: all pi-execute-app docker clean + all: pi-execute-app + + pi-execute-app: + GOARCH=amd64 go build -o pi-counter-app main.go + + docker: + docker build . -t kubeedge/kubeedge-pi-counter:v1.0.0 + + clean: + rm -f pi-counter-app + + [root@ke-cloud counter-mapper~]# make all + [root@ke-cloud counter-mapper~]# make docker + ``` + +2. 部署Pi Counter App + + ```sh + [root@ke-cloud ~]# cd $GOPATH/src/github.com/kubeedge/examples/kubeedge-counter-demo/crds + [root@ke-cloud crds~]# kubectl apply -f kubeedge-pi-counter-app.yaml + + 说明:为了防止Pod的部署卡在`ContainerCreating`,这里直接通过docker save、scp和docker load命令将镜像发布到边缘端 + + [root@ke-cloud ~]# docker save -o kubeedge-pi-counter.tar kubeedge/kubeedge-pi-counter:v1.0.0 + [root@ke-cloud ~]# scp kubeedge-pi-counter.tar root@192.168.1.56:/root + [root@ke-edge1 ~]# docker load -i kubeedge-pi-counter.tar + ``` + +## 5. 体验Demo + +现在,KubeEdge Demo的云端部分和边缘端的部分都已经部署完毕,如下: + +```sh +[root@ke-cloud ~]# kubectl get pods -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +kubeedge-counter-app-758b9b4ffd-f8qjj 1/1 Running 0 26m 192.168.1.66 ke-cloud +kubeedge-pi-counter-c69698d6-rb4xz 1/1 Running 0 2m 192.168.1.56 ke-edge1 +``` + +我们现在开始测试一下该Demo运行效果: + +1. 执行ON命令 + + 在web页面上选择ON,并点击Execute,可以在edge节点上通过以下命令查看执行结果: + + ```sh + [root@ke-edge1 ~]# docker logs -f counter-container-id + ``` + +2. 查看counter STATUS + + 在web页面上选择STATUS,并点击Execute,会在Web页面上返回counter当前的status。 + +3. 执行OFF命令 + + 在web页面上选择OFF,并点击Execute,可以再edge节点上通过以下命令查看执行结果: + + ```sh + [root@ke-edge1 ~]# docker logs -f counter-container-id + ``` + +## 6. 其他 + +1. 更多的KubeEdge官方示例请参考 + + |Name | Description | + |---|---| + |[LED-RaspBerry-Pi](https://github.com/kubeedge/examples/blob/master/led-raspberrypi/README.md) |Controlling a LED light with Raspberry Pi using KubeEdge platform.| + |[Data Analysis @ Edge](https://github.com/kubeedge/examples/blob/master/apache-beam-analysis/README.md) | Analyzing data at edge by using Apache Beam and KubeEdge.| + |[Security@Edge](https://github.com/kubeedge/examples/blob/master/security-demo/README.md) | Security at edge using SPIRE for identity management.| + |[Bluetooth-CC2650-demo](https://github.com/kubeedge/examples/blob/master/bluetooth-CC2650-demo/README.md) |Controlling a CC2650 SensorTag bluetooth device using KubeEdge platform.| + |[Play Music @Edge through WeChat](https://github.com/kubeedge/examples/blob/master/wechat-demo/README.md) | Play music at edge based on WeChat and KubeEdge.| + |[Play Music @Edge through Web](https://github.com/kubeedge/examples/blob/master/web-demo/README.md) | Play music at edge based on Web and KubeEdge.| + |[Collecting temperature @Edge](https://github.com/kubeedge/examples/blob/master/temperature-demo/README.md) | Collecting temperature at edge based KubeEdge.| + |[Control pseudo device counter and collect data](https://github.com/kubeedge/examples/blob/master/kubeedge-counter-demo/README.md) | Control pseudo device counter and collect data based KubeEdge.| + |[Play Music @Edge through Twitter](https://github.com/kubeedge/examples/blob/master/ke-twitter-demo/README.md)| Play music at edge based on Twitter and KubeEdge.| + |[Control Zigbee @Edge through cloud](https://github.com/kubeedge/examples/blob/master/kubeedge-edge-ai-application/README.md) | Face detection at cloud using OpenCV and using it to control zigbee on edge using Kubeedge.| + +2. 使用EdgeMesh做边缘服务发现 + + + +3. 自定义云边消息路由 + + diff --git a/docs/zh/edge_computing/kube_edge/overview.md b/docs/zh/edge_computing/kube_edge/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..35ea2e30875b9b41cffb7e4e42f0a7531fd131f3 --- /dev/null +++ b/docs/zh/edge_computing/kube_edge/overview.md @@ -0,0 +1,3 @@ +# KubeEdge 边缘计算平台用户指南 + +本文档主要介绍了边缘计算平台 KubeEdge 的部署与使用,让用户了解 KubeEdge,并指导用户和管理员安装和使用 KubeEdge。 diff --git a/docs/zh/edge_computing/ros/_toc.yaml b/docs/zh/edge_computing/ros/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9763d7ab5971a32677803c361845bedbf19da456 --- /dev/null +++ b/docs/zh/edge_computing/ros/_toc.yaml @@ -0,0 +1,14 @@ +label: ROS 用户指南 +isManual: true +description: 主要介绍了 openEuler 系统上 ROS 的安装部署与使用方法。 +sections: + - label: ROS 用户指南 + href: ./ros_user_guide.md + - label: 认识ROS + href: ./getting_to_know_ros.md + - label: 安装与部署 + href: ./installation_and_deployment.md + - label: 使用方法 + href: ./usage_guide.md + - label: 附录 + href: ./appendix.md diff --git a/docs/zh/edge_computing/ros/appendix.md b/docs/zh/edge_computing/ros/appendix.md new file mode 100644 index 0000000000000000000000000000000000000000..68d9f8f1f83facefa323a5fc188d9ab090c05c4f --- /dev/null +++ b/docs/zh/edge_computing/ros/appendix.md @@ -0,0 +1,3 @@ +# 附录 + +更详细的ROS介绍可访问[ROS wiki](https://wiki.ros.org/),[ROS docs](http://docs.ros.org/)获取。 diff --git a/docs/zh/edge_computing/ros/faqs_and_solutions.md b/docs/zh/edge_computing/ros/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..5a41881407ba05eb31cc26068d821ebb4a23c0f3 --- /dev/null +++ b/docs/zh/edge_computing/ros/faqs_and_solutions.md @@ -0,0 +1,21 @@ +# 常见问题及解决方法 + +## 问题1: + +![](./figures/problem.png) + +原因:出现该警告的原因在于环境变量中同时存在ROS1、ROS2。 + +解决方法:修改环境变量,避免两个版本冲突。 + +```shell +[root@openEuler ~]# vim /opt/ros/humble/share/ros_environment/environment/1.ros_distro.sh +``` + +```shell +# generated from ros_environment/env-hooks/1.ros_distro.sh.in + +#export ROS_DISTRO=humble +``` + +将里面的内容全部注释即可。 diff --git a/docs/zh/edge_computing/ros/figures/ROS-ROS2.png b/docs/zh/edge_computing/ros/figures/ROS-ROS2.png new file mode 100644 index 0000000000000000000000000000000000000000..649c0aa93b0a3710f027ecf9df2482920f16301e Binary files /dev/null and b/docs/zh/edge_computing/ros/figures/ROS-ROS2.png differ diff --git a/docs/zh/edge_computing/ros/figures/ROS-demo.png b/docs/zh/edge_computing/ros/figures/ROS-demo.png new file mode 100644 index 0000000000000000000000000000000000000000..184ae905d022e52adbac7fcee59d956903e1ff5c Binary files /dev/null and b/docs/zh/edge_computing/ros/figures/ROS-demo.png differ diff --git a/docs/zh/edge_computing/ros/figures/ROS-release.png b/docs/zh/edge_computing/ros/figures/ROS-release.png new file mode 100644 index 0000000000000000000000000000000000000000..bf7c1cb7b2b0b60ec375613d32e09ecd0a9174d0 Binary files /dev/null and b/docs/zh/edge_computing/ros/figures/ROS-release.png differ diff --git a/docs/zh/edge_computing/ros/figures/ROS2-release.png b/docs/zh/edge_computing/ros/figures/ROS2-release.png new file mode 100644 index 0000000000000000000000000000000000000000..dc606412c467714af1d05c92b244ecfef63664f6 Binary files /dev/null and b/docs/zh/edge_computing/ros/figures/ROS2-release.png differ diff --git a/docs/zh/edge_computing/ros/figures/problem.png b/docs/zh/edge_computing/ros/figures/problem.png new file mode 100644 index 0000000000000000000000000000000000000000..9f690fb99cac9b957a6601b6eca3a011bee12273 Binary files /dev/null and b/docs/zh/edge_computing/ros/figures/problem.png differ diff --git a/docs/zh/edge_computing/ros/figures/ros-humble.png b/docs/zh/edge_computing/ros/figures/ros-humble.png new file mode 100644 index 0000000000000000000000000000000000000000..a6079358d9df9b983d82679af067a634fe5c05c3 Binary files /dev/null and b/docs/zh/edge_computing/ros/figures/ros-humble.png differ diff --git a/docs/zh/edge_computing/ros/figures/turtlesim.png b/docs/zh/edge_computing/ros/figures/turtlesim.png new file mode 100644 index 0000000000000000000000000000000000000000..ebc8368f7e8e6a4b44075ad402b492638d636181 Binary files /dev/null and b/docs/zh/edge_computing/ros/figures/turtlesim.png differ diff --git a/docs/zh/edge_computing/ros/getting_to_know_ros.md b/docs/zh/edge_computing/ros/getting_to_know_ros.md new file mode 100644 index 0000000000000000000000000000000000000000..df0ee4246d307be9155c02fa4627bc634c0af5ea --- /dev/null +++ b/docs/zh/edge_computing/ros/getting_to_know_ros.md @@ -0,0 +1,33 @@ +# 认识ROS + +## 简介 + +ROS 是一个适用于机器人的开源的元操作系统。它提供了操作系统应有的服务,包括硬件抽象,底层设备控制,常用函数的实现,进程间消息传递,以及包管理。它也提供用于获取、编译、编写、和跨计算机运行代码所需的工具和库函数。 + +ROS的运行架构是一种使用ROS通信模块实现模块间[P2P](https://zh.wikipedia.org/wiki/對等網路)的松耦合的网络连接的处理架构,它执行若干种类型的通讯,包括: + +1. 基于服务的同步[RPC](https://zh.wikipedia.org/wiki/遠程過程調用)(远程过程调用)通讯; +2. 基于Topic的异步数据流通讯,还有参数服务器上的数据存储。 + +自从2007年ROS开始以来,伴随着机器人技术的大发展,ROS的核心思想和基本软件包逐渐完善并发布了不同的ROS发行版本。下面是当前和历史的ROS发行版列表,表中以绿色标记的行是当前支持的发行版。 + +![ROS 发行版](./figures/ROS-release.png) + +ROS虽然仍是机器人领域的开发利器,但介于最初设计时的局限性,也逐渐暴露出不少问题。比如:实时性差、系统开销大、对Python3支持不友好、没有加密机制安全性不高等问题。不少开发者和研究机构还针对ROS的局限性进行了改良,但这些局部功能的改善往往很难带来整体性能的提升。在ROSCon 2014上,新一代ROS的设计架构(Next-generation ROS: Building on DDS)正式公布,2015年8月31日第一个ROS2.0的alpha版本落地,之后也发布了不同的发行版本。下面是当前和历史的ROS2发行版列表,表中以绿色标记的行是当前支持的发行版。 + +![ROS2 发行版](./figures/ROS2-release.png) + +## 架构 + +ROS总体架构如下图所示: + +![ROS 架构](./figures/ROS-ROS2.png) + +1. OS层 + - ROS1主要构建于Linux系统之上,ROS2带来了改变,支持构建的系统包括Linux、Windows、Mac、RTOS,甚至没有操作系统的裸机。 +2. 中间件 + - ROS中最重要的一个概念就是基于发布/订阅模型的“节点”,可以让开发者并行开发低耦合的功能模块,并且便于二次复用。ROS1的通讯系统基于TCPROS/UDPROS,而ROS2的通讯系统基于DDS。DDS是一种分布式实时系统中数据发布/订阅的标准解决方案,下一小节会具体讲解。ROS2内部提供了DDS的抽象层实现,用户不需要关注底层DDS的提供厂家。 + - 在ROS1的架构中Nodelet和TCPROS/UDPROS是并列的层次,为同一个进程中的多个节点提供一种更优化的数据传输方式。ROS2中也保留了这种数据传输方式,只不过换了一个名字,叫做“Intra-process”,同样也是独立于DDS。 +3. 应用层 + + - ROS1强依赖于ROS Master,可以想像一旦Master宕机,整个系统会面临如何的窘境。但是从右边ROS2的架构中我们可以发现,之前让人耿耿于怀的Master终于消失了,节点之间使用一种称为“Discovery”的发现机制来获取彼此的信息。 diff --git a/docs/zh/edge_computing/ros/installation_and_deployment.md b/docs/zh/edge_computing/ros/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..4fbe1ef85ebfd69412d0c275cc10957b17652edd --- /dev/null +++ b/docs/zh/edge_computing/ros/installation_and_deployment.md @@ -0,0 +1,67 @@ +# 安装与部署 + +## 硬件要求 + +* x86_64架构、AArch64架构 + +## 环境准备 + +* 安装 openEuler 系统,安装方法参考 《[安装指南](../../server/installation_upgrade/installation/installation_on_servers.md)》。 + +## 1. ROS2 + +### 1. ros-humble + +#### 1. 安装ros-humble + +1. 安装ros-humble 软件包 + + ```shell + [root@openEuler ~]# yum install openeuler-ros + [root@openEuler ~]# yum install ros-noetic-* + ``` + +2. 执行如下命令,查看安装是否成功。如果回显有对应软件包,表示安装成功。 + + ```shell + [root@openEuler ~]# rpm -q ros-humble + ``` + +### 2. ros-noetic + +#### 2. 安装ros-noetic + +1. 安装ros-noetic 软件包 + + ```shell + [root@openEuler ~]# yum install openeuler-ros + [root@openEuler ~]# yum install ros-noetic-* + ``` + +2. 执行如下命令,查看安装是否成功。如果回显有对应软件包,表示安装成功。 + + ```shell + [root@openEuler ~]# rpm -q ros-noetic + ``` + +#### 2. 测试 ros-humble + +##### 运行小乌龟 + +1. 启动小乌龟 + + ```shell + [root@openEuler ~]# source /opt/ros/humble/setup.bash + [root@openEuler ~]# ros2 run turtlesim turtlesim_node + ``` + +2. 打开小乌龟控制终端 + + ```shell + [root@openEuler ~]# source /opt/ros/humble/setup.bash + [root@openEuler ~]# ros2 run turtlesim turtle_teleop_key + ``` + +3. 在乌龟控制终端中使用方向键控制乌龟运动 + + ![ros-humble](./figures/ros-humble.png) diff --git a/docs/zh/edge_computing/ros/ros_user_guide.md b/docs/zh/edge_computing/ros/ros_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..9b2a72aae3dd642106c17223e52c67666bfb6ab2 --- /dev/null +++ b/docs/zh/edge_computing/ros/ros_user_guide.md @@ -0,0 +1,5 @@ +# ROS用户指南 + +本文档介绍openEuler系统上ROS(英语:Robot Operating System,一般译为机器人操作系统)的安装部署与使用方法,以指导用户快速了解并使用ROS。 + +本文档适用于使用openEuler系统并希望了解和使用ROS的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备基本的Linux操作系统知识。 \ No newline at end of file diff --git a/docs/zh/edge_computing/ros/usage_guide.md b/docs/zh/edge_computing/ros/usage_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..b3a6f25386497642ca51e62c834ed39b0d71fe1c --- /dev/null +++ b/docs/zh/edge_computing/ros/usage_guide.md @@ -0,0 +1,57 @@ +# 使用方法 + +## ROS使用 + +ROS 提供了一些实用的命令行工具,可以用于获取不同节点的各类信息,常用的命令如下: + +- rosnode : 操作节点 +- rostopic : 操作话题 +- rosservice : 操作服务 +- rosmsg : 操作msg消息 +- rossrv : 操作srv消息 +- rosparam : 操作参数 + +另请参考: + +http://wiki.ros.org/ROS/CommandLineTools + +## ROS2使用 + +```shell +# 命令help +[root@openEuler ~]# ros2 --help +usage: ros2 [-h] Call `ros2 -h` for more detailed usage. ... + +ros2 is an extensible command-line tool for ROS 2. + +optional arguments: + -h, --help show this help message and exit + +Commands: + action Various action related sub-commands + bag Various rosbag related sub-commands + component Various component related sub-commands + daemon Various daemon related sub-commands + doctor Check ROS setup and other potential issues + interface Show information about ROS interfaces + launch Run a launch file + lifecycle Various lifecycle related sub-commands + multicast Various multicast related sub-commands + node Various node related sub-commands + param Various param related sub-commands + pkg Various package related sub-commands + run Run a package specific executable + security Various security related sub-commands + service Various service related sub-commands + test Run a ROS2 launch test + topic Various topic related sub-commands + trace Trace ROS nodes to get information on their execution + wtf Use `wtf` as alias to `doctor` + + Call `ros2 -h` for more detailed usage. +``` + +## 注意事项 + +* 新打开终端需要执行“source /opt/ros/foxy/local_setup.bash”或“source /opt/ros/noetic/setup.bash”命令。 + diff --git a/docs/zh/embedded/_toc.yaml b/docs/zh/embedded/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..92b02548a952dad4d32f2c5264b3cb1fab07fb75 --- /dev/null +++ b/docs/zh/embedded/_toc.yaml @@ -0,0 +1,7 @@ +label: 嵌入式 +sections: + - label: openEuler Embedded用户指南 + href: >- + https://pages.openeuler.openatom.cn/embedded/docs/build/html/master/index.html + description: openEuler Embedded是为嵌入式场景设计的轻量、安全、实时操作系统,支持多硬件架构 + - href: ./uniproton/_toc.yaml \ No newline at end of file diff --git a/docs/zh/embedded/uniproton/_toc.yaml b/docs/zh/embedded/uniproton/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..44a46ce762dd3e07f16a1acce52f627ede2f7092 --- /dev/null +++ b/docs/zh/embedded/uniproton/_toc.yaml @@ -0,0 +1,10 @@ +label: UniProton用户指南 +isManual: true +description: UniProton是面向嵌入式场景的操作系统,支持任务和内存管理、中断处理,提供强大调试能力 +sections: + - label: 概述 + href: ./overview.md + - label: UniProton功能设计 + href: ./uniproton_functions.md + - label: UniProton接口说明 + href: ./uniproton_apis.md diff --git a/docs/zh/embedded/uniproton/figures/FCS.png b/docs/zh/embedded/uniproton/figures/FCS.png new file mode 100644 index 0000000000000000000000000000000000000000..afb47c557755c10a3f0b196b7080b16a0f86ab6a Binary files /dev/null and b/docs/zh/embedded/uniproton/figures/FCS.png differ diff --git a/docs/zh/embedded/uniproton/figures/MemoryApplication.png b/docs/zh/embedded/uniproton/figures/MemoryApplication.png new file mode 100644 index 0000000000000000000000000000000000000000..de46581c40122a82b92db8a67ae3fcd76a97041a Binary files /dev/null and b/docs/zh/embedded/uniproton/figures/MemoryApplication.png differ diff --git a/docs/zh/embedded/uniproton/figures/MemoryRelease.png b/docs/zh/embedded/uniproton/figures/MemoryRelease.png new file mode 100644 index 0000000000000000000000000000000000000000..f91c89bb02311f104949e2af42cddc4a3faaaca3 Binary files /dev/null and b/docs/zh/embedded/uniproton/figures/MemoryRelease.png differ diff --git a/docs/zh/embedded/uniproton/figures/pend_semaphore.png b/docs/zh/embedded/uniproton/figures/pend_semaphore.png new file mode 100644 index 0000000000000000000000000000000000000000..59d8159d1ff1cecb43f59cc5d7c5a9900db8e767 Binary files /dev/null and b/docs/zh/embedded/uniproton/figures/pend_semaphore.png differ diff --git a/docs/zh/embedded/uniproton/figures/post_semaphore.png b/docs/zh/embedded/uniproton/figures/post_semaphore.png new file mode 100644 index 0000000000000000000000000000000000000000..fa08d76dafd335b60838dda08db61ccadd8c6b8d Binary files /dev/null and b/docs/zh/embedded/uniproton/figures/post_semaphore.png differ diff --git a/docs/zh/embedded/uniproton/overview.md b/docs/zh/embedded/uniproton/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..84d252fa8613ce59f67818ffbbaf08544aeaed24 --- /dev/null +++ b/docs/zh/embedded/uniproton/overview.md @@ -0,0 +1,11 @@ +# UniProton用户指南 + +## 介绍 + +UniProton是基于openEuler社区面向嵌入式场景的操作系统,旨在成为一个高质量的为上层业务软件屏蔽底层硬件差异,并提供强大的调试功能的操作系统平台。使业务软件可以在不同的硬件平台之间快速移植,方便产品芯片选型,降低硬件采购成本和软件维护成本。 + +本文档主要用于介绍UniProton的基本功能和接口说明,便于开发人员了解基本的UniProton操作系统知识。 + +## 编译教程 + +相关编译教程,可参考:。 diff --git a/docs/zh/embedded/uniproton/uniproton_apis.md b/docs/zh/embedded/uniproton/uniproton_apis.md new file mode 100644 index 0000000000000000000000000000000000000000..f4f94452f273698ec42eb821d0dde97b9e32fa6f --- /dev/null +++ b/docs/zh/embedded/uniproton/uniproton_apis.md @@ -0,0 +1,6310 @@ +# UniProton接口说明 + +## 任务 + +### 创建并激活任务 + +在OS启动之前(比如在uniAppInit)中创建的任务,只是简单地加入就绪队列。 OS启动后创建的任务,如果优先级高于当前任务且未锁任务,则立即发生任务调度并被运行,否则加入就绪队列,等待执行。 + +**输入**: 任务创建参数,包括任务名、任务栈大小、任务优先级、任务处理函数等。 + +**处理**: + +1. 申请任务栈空间,初始化任务栈,置栈顶魔术字。 +2. 初始化任务上下文。 +3. 初始化任务控制块。 +4. 激活任务,任务是否马上能得到执行,取决于OS是否已经启动、优先级是否高于当前任务且没有锁任务调度、当前线程是否为硬中断。 + +**输出** : + +- 成功:任务ID,若任务具备执行条件,则直接运行任务,否则将任务挂入就绪队列。 + +- 失败:提示错误码。 + +### 删除任务 + + 删除任务并释放任务资源。 + +**输入**:任务ID。 + +**处理**: + +1. 检查任务是否具备删除条件,如锁任务调度情况下不允许删除任务。 +2. 如果任务处于阻塞状态,从对应的阻塞队列中摘除。 +3. 释放任务控制块。 +4. 释放任务栈空间。 +5. 从就绪队列中载入最高优先级的任务,若具备调度条件,则执行。 + +**输出**: + +- 成功:若具备调度条件,则执行就绪队列中的最高任务; + +- 失败:返回错误码。 + +### 挂起任务 + + 挂起任务。 + +**输入**:任务ID。 + +**处理**:将指定任务从就绪队列中摘除,若指定任务处于Running态,则会触发任务切换。 + +**输出**: + +- 成功:挂起指定任务。 + +- 失败:返回错误码。 + +### 恢复任务 + +恢复挂起的任务。 + +**输入**:任务ID。 + +**处理**:恢复挂起的任务,若任务仍处于延时、阻塞态,则只是取消挂起态,并不加入就绪队列。 + +**输出**: + +- 成功:取消任务挂起状态。 +- 失败:返回错误码。 + +### 任务延时 + +将当前任务延时指定时间。 + +**输入**:延时时间。 + +**处理**: + +1. 延时时间转换成OS的Tick数。 +2. 将当前任务从就绪队列中摘除,置成延时态。 +3. 从就绪队列中载入最高优先级的任务,并执行。 +4. Tick中断处理函数中判断任务的延时时间是否已经足够,如果足够,将任务加入就绪队列。 + +**输出**: + +- 成功:当前任务切出,就绪队列中的最高优先级任务切入。 +- 失败:返回错误码。 + +### 锁任务调度 + +禁止任务之间的切换。 + +**输入**:锁任务调度请求。 + +**处理**: + +1. 若有任务切换请求,将其清除。 +2. 锁任务调度次数依次递增。 + +**输出**: 任务之间无法切换。 + +### 恢复任务调度的锁/解锁状态 + +与锁任务调度配对使用,是否解锁任务调度,取决于最近一次锁任务调度前,是否允许任务调度。 + +**输入**:恢复任务调度的锁/解锁状态请求。 + +**处理**: + +1. 锁任务调度次数依次递减。 +2. 若锁任务调度次数等于0,则发起任务调度。 + +**输出**:若最近一次锁任务调度前,允许任务调度,则从就绪队列中载入最高优先级任务,并执行。否则,维持原状,不能发生任务切换。 + +### 任务PID合法性检查 + +检查指定任务PID是否合法。 + +**输入**:任务PID。 + +**处理**:判断输入的任务PID是否超过最大任务PID号或是否已创建。 + +**输出**: + +- TRUE :任务PID有效。 +- FALSE:任务PID无效。 + +### 任务私有数据获取 + +获取当前任务的私有数据。 + +**输入**:无。 + +**处理**:将任务TCB中记录的任务私有数据返回。 + +**输出**:任务私有数据。 + +### 查询本核指定任务正在PEND的信号量 + +查询指定任务正在PEND的信号量ID。 + +**输入**:任务PID。 + +**处理**: 根据任务状态和任务控制块,判断任务是否PEND在某个信号量上,以及PEND的信号量ID。 + +**输出**: + +- 成功:返回信号量ID。 +- 失败:返回错误码。 + +### 查询任务状态 + +获取指定任务的状态。 + +**输入**:任务PID。 + +**处理**:将指定任务的TCB中记录的任务状态字段返回。 + +**输出**: + +- 成功:返回任务状态信息。 +- 失败:返回错误码。 + +### 查询任务上下文信息 + +获取指定任务的上下文信息。 + +**输入**:任务PID。 + +**处理**: 将指定任务的TCB中记录的任务上下文信息返回。 + +**输出**: + +- 成功:返回任务上下文信息。 +- 失败:返回错误码。 + +### 查询任务基本信息 + +获取任务基本信息,包括任务切换时的PC、SP、任务状态、优先级、任务栈大小、栈顶值和任务名等。 + +**输入**:任务PID,用于存放任务基本信息查询结果的缓冲区 + +**处理**: 将指定任务的TCB中记录的任务基本信息返回。 + +**输出**: + +- 成功:返回任务基本信息。 +- 失败:返回错误码。 + +### 任务优先级获取 + +获取指定任务的优先级。 + +**输入**:任务PID + +**处理**:将指定任务的TCB中记录的优先级字段返回。 + +**输出**: + +- 成功:返回任务优先级信息。 +- 失败:返回错误码。 + +### 任务优先级设定 + +设置指定任务的优先级。 + +**输入**:任务PID、优先级值 + +**处理**:将输入的任务优先级信息存入指定任务TCB中优先级字段 + +**输出**: + +- 成功:指定任务的优先级被修改。 +- 失败:返回错误码。 + +### 调整指定优先级的任务调度顺序 + +设置指定任务的优先级以及调整调度顺序。 + +**输入**:指定的优先级、指定需要调整调度顺序的任务,用于保存被调整到队首的任务ID的缓冲。 + +**处理**:若指定要调整调度顺序的任务为TASK_NULL_ID,则优先级队列中的第一个就绪任务调整至队尾;否则,将指定要调整调度顺序的任务调整至优先级队列的队首。 + +**输出**: + +- 成功:指定优先级的任务调度顺序被修改。 +- 失败:返回错误码。 + +## 事件 + +### 写事件 + +写事件操作实现对指定任务写入指定类型的事件,可以一次同时写多个事件。 + +**输入**:任务ID、事件号。 + +**处理**: + +1. 对指定任务事件类型写上输入事件。 +2. 判断目的任务是否正在接收等待事件,且其等待的事件是否已经符合唤醒条件(唤醒条件即读取的事件已经发生)。 +3. 如果符合唤醒条件,则需清除任务读事件状态。 +4. 如果符合唤醒条件,则需清除任务读事件状态。 +5. 清除任务超时状态。 +6. 在任务没有被挂起的情况下,需要将任务加入就绪队列并尝试任务调度。 + +**输出**: + +- 成功:事件写入成功。 +- 失败:错误码。 + +### 读事件 + +读事件操作可以根据入参事件掩码类型读取单个或者多个事件。 + +**输入**:要读取的事件掩码、读取事件所采取的策略、超时时间、接收事件的指针。 + +**处理**: + +1. 根据入参事件掩码类型对自身任务输入读取事件类型。 +2. 判断事件读取模式,是读取输入的所有事件还是其中的任意一种事件。 +3. 根据读取模式,判断期望的事件是否满足读取情况。 +4. 判断事件等待模式:如果为等待事件模式则根据模式来设置相应的超时时间;如果为非等待模式则事件读取失败。 +5. 如果需要等待阻塞读取,则需要将自己的任务从就绪列表中删除,并进行任务调度。 +6. 读取成功后,清除读取的事件类型,并且把事件类型返回。 + +**输出**: + +- 成功:读事件成功,事件指针赋值。 +- 失败:错误码 + +## 队列 + +### 创建队列 + +创建一个队列,创建时可以设定队列长度和队列结点大小。 + +**输入**:队列节点个数、每个队列节点大小、队列ID指针。 + +**处理**: + +1. 申请一个空闲的队列资源。 +2. 申请队列所需内存。 +3. 初始化队列配置。 + +**输出**: + +- 成功:队列ID。 +- 失败:错误码。 + +### 读队列 + +读指定队列的数据。 + +**输入**:队列ID、缓冲区指针、长度指针、超时时间。 + +**处理**: + +1. 获取指定队列控制块。 +2. 读队列PEND标志,根据缓冲区大小填入队列数据。 +3. 修改队列头指针。 + +**输出**: + +- 成功:缓冲区内填入队列数据。 +- 失败:错误码。 + +### 写队列 + +写数据到指定队列。 + +**输入**: 队列ID、缓冲区指针、缓冲区长度、超时时间、优先级。 + +**处理**: + +1. 获取指定队列控制块。 +2. 读队列PEND标志,选取消息节点,初始化消息节点并拷贝数据。 +3. 队列读资源计数器加一。 + +**输出**: + +- 成功:写入队列数据成功。 +- 失败:错误码。 + +### 删除队列 + +删除一个消息队列,删除后队列资源被回收。 + +**输入**:队列ID。 + +**处理**: + +1. 获取指定队列控制块,确保队列未在使用中。 +2. 释放队列内存。 + +**输出**: + +- 成功:删除队列成功。 +- 失败:错误码 + +### 查询队列的历史最大使用长度 + +获取从队列创建到删除前的历史最大使用长度。 + +**输入**:队列ID、队列节点使用峰值指针。 + +**处理**: + +1. 获取指定队列控制块。 +2. 将队列节点使用峰值赋值到指针参数。 + +**输出**: + +- 成功:获取峰值成功。 +- 失败:错误码 + +### 查询指定源PID的待处理消息个数 + +从指定队列中,获取指定源PID的待处理消息个数。 + +**输入**:队列ID、线程PID、待处理的消息个数指针。 + +**处理**: + +1. 获取指定队列控制块。 +2. 遍历队列查询待处理的消息个数,赋值到指针变量。 + +**输出**: + +- 成功:获取待处理的消息个数成功。 +- 失败:错误码。 + +## 中断 + +### 创建硬中断 + +硬中断在使用前,必须先创建。 + +**输入**:硬中断的创建参数,如:硬中断号(与芯片相关)、硬中断优先级、硬中断处理函数等。 + +**处理**:根据硬中断号设置硬中断优先级、处理函数。 + +**输出**: + +- 成功:硬中断触发后,CPU能够响应该硬中断,并回调硬中断处理函数。 +- 失败:返回错误码。 + +### 硬中断属性设置 + +在创建硬中断前,需要设置硬中断的模式,包括独立型(#OS_HWI_MODE_ENGROSS)和组合型(#OS_HWI_MODE_COMBINE)两种配置模式。 + +**输入**:硬中断号、硬中断模式。 + +**处理**:根据硬中断号设置硬中断的模式; + +**输出**: + +- 成功:指定的硬中断号被设置好硬中断模式。 +- 失败:返回错误码。 + +### 删除硬中断 + +删除相应硬中断或事件,取消硬中断处理函数的注册。 + +**输入**:硬中断号。 + +**处理**:取消指定硬中断的处理函数与中断号的绑定关系。 + +**输出**:硬中断被删除,当硬中断信号触发后,CPU不会响应该中断。 + +### 使能硬中断 + +使能指定的硬中断。 + +**输入**:硬中断号。 + +**处理**:将指定硬中断的使能位置位。 + +**输出**:指定的硬中断被使能,当硬中断信号触发后,CPU会响应该中断。 + +### 屏蔽硬中断 + +屏蔽指定的硬中断。 + +**输入**:硬中断号。 + +**处理**:清除指定硬中断的使能位。 + +**输出**:指定的硬中断被屏蔽,当硬中断信号触发后,CPU不会响应该中断。 + +### 恢复指定硬中断 + +恢复指定的硬中断。 + +**输入**:硬中断号、中断使能寄存器的保存值。 + +**处理**:还原指定硬中断的使能位。 + +**输出**:指定中断的使能位恢复为指定状态。 + +### 禁止硬中断 + +禁止响应所有可屏蔽硬中断。 + +**输入**:禁止硬中断请求。 + +**处理**: + +1. 记录系统状态,用于后续返回。 +2. 禁止响应所有可屏蔽硬中断。 + +**输出**: + +- 所有可屏蔽硬中断都不能响应。 +- 禁止硬中断响应前的系统状态。 + +### 恢复硬中断 + +恢复硬中断的禁止或允许响应状态,与禁止硬中断配对使用。是否允许响应硬中断,取决于最近一次禁止硬中断前,系统是否允许响应硬中断。 + +**输入**:最近一次禁止硬中断前的系统状态。 + +**处理**:将系统状态恢复到最近一次禁止硬中断前。 + +**输出**:系统状态恢复到最近一次禁止硬中断前。 + +### 响应硬中断 + +硬中断触发后,CPU会响应硬中断。 + +**输入**:硬件触发的硬中断信号,且系统没有禁止硬中断。 + +**处理**: + +1. 保存当前上下文。 +2. 调用硬中断处理函数。 +3. 若任务被打断,则恢复最高优先级任务的上下文,该任务不一定是被中断打断的任务。 +4. 若低优先级中断被打断,则直接恢复低先级中断的上下文。 + +**输出**:硬中断被响应。 + +### 触发硬中断 + +触发指定核号的指定硬中断。 + +**输入**:核号、硬中断号。 + +**处理**: + +1. 目前只支持触发本核的硬中断,若指定的核号不为本核,则做报错处理。 +2. 目前只支持触发软件可触发的硬中断,若指定的中断无法进行软件触发,则做报错处理。 +3. 当以前两个条件都满足,则设置对应的中断触发寄存器,软件触发中断。 + +**输出**: + +- 成功:响应的硬中断被触发。 +- 失败:返回错误码。 + +### 清除中断位 + +清除所有的中断请求位或指定的中断请求位。 + +**输入**:硬中断号。 + +**处理**:清除所有的中断请求位或指定的中断请求位。 + +**输出**:所有的中断请求位或指定的中断请求位被清除。 + +## 定时器 + +### 定时器创建 + +根据定时器类型,触发模式,定时时长,处理函数等创建一个定时器。 + +**输入**: + +1. 创建参数结构体(包括定时器类型,触发模式,定时时长,处理函数等)。 +2. 用于保存输出的定时器句柄的指针。 + +**处理**:根据入参找到空闲控制块,将入参内容填入控制块中相应的字段中。 + +**输出**: + +- 成功:定时器创建成功,后续可根据得到的定时器句柄做启动、删除等操作。 +- 失败:返回错误码。 + +### 定时器删除 + +删除指定的定时器。 + +**输入**: 定时器句柄。 + +**处理**:根据传入的定时器句柄,找到定时器控制块,将其内容清空并将控制块挂接到相应的空闲链表中。 + +**输出**: + +- 成功:定时器被删除。 +- 失败:返回错误码。 + +### 定时器启动 + +指定的定时器开始计时。 + +**输入**: 定时器句柄。 + +**处理**:对于软件定时器,根据当前Tick计数以及定时器周期,计算结束时间,将此定时器控制块挂入定时器SortLink。 + +**输出**: + +- 成功:定时器开始计时。 +- 失败:返回错误码。 + +### 定时器停止 + +指定的定时器停止计时。 + +**输入**:定时器句柄。 + +**处理**:对于软件定时器,计算剩余时间并将其保存后,将此定时器控制块从定时器SortLink中摘除。 + +**输出**: + +- 成功:指定任务的信号量计数值被修改。 +- 失败:返回错误码。 + +### 定时器重启 + +指定的定时器重新开始计时。 + +**输入**:定时器句柄。 + +**处理**:对于软件定时器,根据当前Tick计数以及定时器周期,计算结束时间,将此定时器控制块挂入定时器SortLink。 + +**输出**: + +- 成功:指定任务的信号量计数值被修改。 +- 失败:返回错误码。 + +### 软件定时器组创建 + +创建一个软件定时器组,后续的软件定时器创建时需要以此为基础。 + +**输入**: + +1. 软件定时器组创建参数(主要关注时钟源类型及最大支持的定时器个数)。 +2. 用于保存输出的定时器组号的地址。 + +**处理**:根据传入的最大支持的定时器个数申请定时器控制块内存,并完成其初始化操作。 + +**输出**: + +- 成功:基于Tick的软件定时器组被成功创建。 +- 失败:返回错误码。 + +## 信号量 + +### 信号量创建 + +创建一个信号量,并设置其初始计数器数值。 + +**输入**:信号量初始计数值、用于保存创建得到句柄的地址。 + +**处理**:找到一个空闲信号量控制块,将输入的初始计数值填入后将信号量ID当做句柄返回。 + +**输出**: + +- 成功:信号量被创建。 +- 失败:返回错误码。 + +### 信号量删除 + +删除指定信号量,若有任务阻塞于该信号量,则删除失败。 + +**输入**:信号量句柄 + +**处理**:对于核内信号量,根据输入的信号量句柄找到信号量控制块,通过查看控制块中任务阻塞链表是否为空来判断是否有任务阻塞于该信号量,若有则删除失败返回,否则释放该信号量控制块。 + +**输出**: + +- 成功:信号量被删除。 +- 失败:返回错误码。 + +### Pend信号量 + +申请指定的信号量,若其计数值大于0,则直接将计数值减1返回,否则发生任务阻塞,等待时间可通过入参设定。 + +**输入**:信号量句柄、等待时间。 + +**处理**: + +![](./figures/pend_semaphore.png) + +**输出**: + +- 成功:返回0。 +- 失败:返回错误码。 + +### Post信号量 + +发布信号量,将该信号量计数值+1,若有任务阻塞于该信号量,则将其唤醒。 + +**输入**:信号量句柄。 + +**处理**: + +![](./figures/post_semaphore.png) + +**输出**: + +- 成功:信号量发布成功。 +- 失败:返回错误码。 + +### 信号量计数值重置 + +设置指定信号量计数值,如果有任务阻塞于该信号量,则设置失败。 + +**输入**:信号量句柄、信号量计数值。 + +**处理**:根据输入的信号量句柄,找到相应的信号量控制块,查看控制块中任务阻塞链表,若其不为空,则返回错误,否则将控制块中信号量计数值设为输入的计数值。 + +**输出**: + +- 成功:指定信号量的计数值被修改。 +- 失败:返回错误码。 + +### 信号量计数值获取 + + 获取指定信号量计数值。 + +**输入**: 信号量句柄。 + +**处理**:根据输入的信号量句柄,找到相应的信号量控制块,将控制块中记录的信号量计数值返回。 + +**输出**: + +- 成功:返回信号量计数值。 +- 失败:返回错误计数值标记。 + +### 信号量阻塞任务PID获取 + +获取阻塞在指定信号量上的任务个数及任务PID列表。 + +**输入**: + +1. 信号量句柄。 +2. 用于存放输出的阻塞任务个数的地址。 +3. 用于存放输出的阻塞任务PID的缓冲区首地址。 +4. 用于存放输出的阻塞任务PID的缓冲区长度。 + +**处理**:若有任务阻塞于指定信号量,则输出阻塞任务的个数及任务PID清单;否则,将阻塞任务个数置为0。 + +**输出**: + +- 成功:输出阻塞于该信号量的任务个数及任务PID清单。 +- 失败:返回错误码。 + +## 异常 + +### 用户注册异常处理钩子 + +用户注册异常处理函数类型定义的异常处理函数钩子,记录异常信息。 + +**输入**:类型为ExcProcFunc的钩子函数。 + +**处理**:将用户注册的钩子函数注册到OS框架里,发生异常时调用。 + +**输出**: + +- 成功:注册成功。 +- 失败:返回错误码。 + +## CPU占用率 + +### 获取当前cpu占用率 + +通过本接口获取当前cpu占用率。 + +**输入**:无。 + +**处理**:采用基于IDLE计数的统计算法,统计结果会有一定误差,误差不超过百分之五。 + +**输出**: + +- 成功:返回当前的cpu占用率[0,10000]。 +- 失败:返回错误码。 + +### 获取指定个数的线程的CPU占用率 + +根据用户输入的线程个数,获取指定个数的线程CPU占用率。 + +**输入**: 线程个数、缓冲区指针、实际线程个数指针。 + +**处理**: + +1. 采用基于 IDLE 计数的统计算法,统计结果会有一定误差,误差不超过百分之五。 +2. 当配置项中的采样周期值等于0时,线程级CPUP采样周期为两次调用该接口或者PRT_CpupNow之间的间隔。否则,线程级CPUP采样周期为配置项中的OS_CPUP_SAMPLE_INTERVAL大小。 +3. 输出的实际线程个数不大于系统中实际的线程个数(任务个数和一个中断线程)。 +4. 若在一个采样周期内有任务被删除,则统计的任务线程和中断线程CPUP总和小于10000。 + +**输出**: + +- 成功:在缓冲区写入cpu占用率。 +- 失败:返回错误码。 + +### 设置CPU占用率告警阈值 + +根据用户配置的 CPU 占用率告警阈值 warn 和告警恢复阈值 resume,设置告警和恢复阈值。 + +**输入**:告警阈值、恢复阈值。 + +**处理**:设置 CPUP 告警阈值和恢复阈值。 + +**输出**: + +- 成功:设置成功。 +- 失败:返回错误码。 + +### 查询CPUP告警阈值和告警恢复阈值 + +根据用户配置的告警阈值指针 warn 和告警恢复阈值指针 resume,查询告警阈值和告警恢复阈值。 + +**输入**:告警阈值指针、恢复阈值指针。 + +**处理**:获取 CPUP 告警阈值和恢复阈值,赋值指针变量。 + +**输出**: + +- 成功:获取成功。 +- 失败:返回错误码。 + +### 注册CPUP告警回调函数 + +根据用户配置的回调函数 hook,注册 CPUP 告警回调函数。 + +**输入**:类型为 CpupHookFunc 的 CPU 告警回调函数。 + +**处理**:将用户的钩子函数注册到 OS 框架。 + +**输出**: + +- 成功:注册成功。 +- 失败:错误码。 + +## OS启动 + +### main函数入口 + +二进制执行文件函数入口。 + +**输入**:无 + +**输出**: + +- 成功:返回OK。 +- 失败:错误码。 + +### 用户业务入口 + +PRT_AppInit 用户业务函数入口,在 main 函数后调用,在此函数中添加业务功能代码。 + +**输入**:无 + +**输出**: + +- 成功:返回OK。 +- 失败:错误码。 + +### 硬件驱动初始化入口 + +PRT_HardDrvInit 硬件驱动初始化函数入口,在 main 函数后调用,在此函数中添加板级驱动初始化功能代码。 + +**输入**:无 + +**输出**: + +- 成功:返回OK。 +- 失败:错误码。 + +### 硬件启动流程入口 + +PRT_HardBootInit 在 OS 启动时调用,在main函数前被调用,可以用于 BSS 初始化、随机值设置等。 + +**输入**:无 + +**输出**: + +- 成功:返回OK。 +- 失败:错误码。 + +## openamp + +### 初始化openamp资源函数 + +初始化保留内存,初始化 remoteproc、virtio、rpmsg,建立 Uniproton 与 Linux 两端配对的 endpoint,供消息收发使用。 + +**输入**:无。 + +**输出**: + +- 成功:初始化成功。 +- 失败:错误码。 + +### 消息接收函数 + +接收消息,并触发SGI中断。 + +**输入**: + +1. 类型为 unsigned char * 的存储消息的缓冲区。 +2. 类型为 int 的消息预期长度。 +3. 类型为 int *,用于获取消息实际长度。 + +**输出**: + +- 成功:消息接收成功。 +- 失败:错误码。 + +### 消息发送函数 + +发送消息和SGI中断 + +**输入**:类型为 unsigned char * 的存储消息的缓冲区、类型为 int 的消息长度。 + +**输出**: + +- 成功:消息发送成功。 +- 失败:错误码。 + +### 释放openamp资源 + +用于释放openamp资源。 + +**输入**:无 + +**输出**: + +- 成功:资源释放成功。 +- 失败:错误码。 + +## POSIX接口 + +| 接口名 | 适配情况 | +| :---: | :-----: | +| [pthread_atfork](#pthread_atfork) | 不支持 | +| [pthread_attr_destroy](#pthread_attr_destroy) | 支持 | +| [pthread_attr_getdetachstate](#pthread_attr_getdetachstate) | 支持 | +| [pthread_attr_getguardsize](#pthread_attr_getguardsize) | 不支持 | +| [pthread_attr_getinheritsched](#pthread_attr_getinheritsched) | 支持 | +| [pthread_attr_getschedparam](#pthread_attr_getschedparam) | 支持 | +| [pthread_attr_getschedpolicy](#pthread_attr_getschedpolicy) | 支持 | +| [pthread_attr_getscope](#pthread_attr_getscope) | 支持 | +| [pthread_attr_getstack](#pthread_attr_getstack) | 支持 | +| [pthread_attr_getstackaddr](#pthread_attr_getstackaddr) | 支持 | +| [pthread_attr_getstacksize](#pthread_attr_getstacksize) | 支持 | +| [pthread_attr_init](#pthread_attr_init) | 支持 | +| [pthread_attr_setdetachstate](#pthread_attr_setdetachstate) | 支持 | +| [pthread_attr_setguardsize](#pthread_attr_setguardsize) | 不支持 | +| [pthread_attr_setinheritsched](#pthread_attr_setinheritsched) | 支持 | +| [pthread_attr_setschedparam](#pthread_attr_setschedparam) | 部分支持 | +| [pthread_attr_setschedpolicy](#pthread_attr_setschedpolicy) | 部分支持 | +| [pthread_attr_setscope](#pthread_attr_setscope) | 部分支持 | +| [pthread_attr_setstack](#pthread_attr_setstack) | 支持 | +| [pthread_attr_setstackaddr](#pthread_attr_setstackaddr) | 支持 | +| [pthread_attr_setstacksize](#pthread_attr_setstacksize) | 支持 | +| [pthread_barrier_destroy](#pthread_barrier_destroy) | 支持 | +| [pthread_barrier_init](#pthread_barrier_init) | 部分支持 | +| [pthread_barrier_wait](#pthread_barrier_wait) | 支持 | +| [pthread_barrierattr_getpshared](#pthread_barrierattr_getpshared) | 支持 | +| [pthread_barrierattr_setpshared](#pthread_barrierattr_setpshared) | 部分支持 | +| [pthread_cancel](#pthread_cancel) | 支持 | +| [pthread_cond_broadcast](#pthread_cond_broadcast) | 支持 | +| [pthread_cond_destroy](#pthread_cond_destroy) | 支持 | +| [pthread_cond_init](#pthread_cond_init) | 支持 | +| [pthread_cond_signal](#pthread_cond_signal) | 支持 | +| [pthread_cond_timedwait](#pthread_cond_timedwait) | 支持 | +| [pthread_cond_wait](#pthread_cond_wait) | 支持 | +| [pthread_condattr_destroy](#pthread_condattr_destroy) | 支持 | +| [pthread_condattr_getclock](#pthread_condattr_getclock) | 支持 | +| [pthread_condattr_getpshared](#pthread_condattr_getpshared) | 支持 | +| [pthread_condattr_init](#pthread_condattr_init) | 支持 | +| [pthread_condattr_setclock](#pthread_condattr_setclock) | 部分支持 | +| [pthread_condattr_setpshared](#pthread_condattr_setpshared) | 部分支持 | +| [pthread_create](#pthread_create) | 支持 | +| [pthread_detach](#pthread_detach) | 支持 | +| [pthread_equal](#pthread_equal) | 支持 | +| [pthread_exit](#pthread_exit) | 支持 | +| [pthread_getcpuclockid](#pthread_getcpuclockid) | 不支持 | +| [pthread_getschedparam](#pthread_getschedparam) | 支持 | +| [pthread_getspecific](#pthread_getspecific) | 支持 | +| [pthread_join](#pthread_join) | 支持 | +| [pthread_key_create](#pthread_key_create) | 支持 | +| [pthread_key_delete](#pthread_key_delete) | 支持 | +| [pthread_kill](#pthread_kill) | 不支持 | +| [pthread_mutex_consistent](#pthread_mutex_consistent) | 不支持 | +| [pthread_mutex_destroy](#pthread_mutex_destroy) | 支持 | +| [pthread_mutex_getprioceiling](#pthread_mutex_getprioceiling) | 不支持 | +| [pthread_mutex_init](#pthread_mutex_init) | 支持 | +| [pthread_mutex_lock](#pthread_mutex_lock) | 支持 | +| [pthread_mutex_setprioceiling](#pthread_mutex_setprioceiling) | 不支持 | +| [pthread_mutex_timedlock](#pthread_mutex_timedlock) | 支持 | +| [pthread_mutex_trylock](#pthread_mutex_trylock) | 支持 | +| [pthread_mutex_unlock](#pthread_mutex_unlock) | 支持 | +| [pthread_mutexattr_destroy](#pthread_mutexattr_destroy) | 支持 | +| [pthread_mutexattr_getprioceiling](#pthread_mutexattr_getprioceiling) | 不支持 | +| [pthread_mutexattr_getprotocol](#pthread_mutexattr_getprotocol) | 支持 | +| [pthread_mutexattr_getpshared](#pthread_mutexattr_getpshared) | 部分支持 | +| [pthread_mutexattr_getrobust](#pthread_mutexattr_getrobust) | 部分支持 | +| [pthread_mutexattr_gettype](#pthread_mutexattr_gettype) | 支持 | +| [pthread_mutexattr_init](#pthread_mutexattr_init) | 支持 | +| [pthread_mutexattr_setprioceiling](#pthread_mutexattr_setprioceiling) | 不支持 | +| [pthread_mutexattr_setprotocol](#pthread_mutexattr_setprotocol) | 部分支持 | +| [pthread_mutexattr_setpshared](#pthread_mutexattr_setpshared) | 不支持 | +| [pthread_mutexattr_setrobust](#pthread_mutexattr_setrobust) | 部分支持 | +| [pthread_mutexattr_settype](#pthread_mutexattr_settype) | 支持 | +| [pthread_once](#pthread_once) | 部分支持 | +| [pthread_rwlock_destroy](#pthread_rwlock_destroy) | 支持 | +| [pthread_rwlock_init](#pthread_rwlock_init) | 支持 | +| [pthread_rwlock_rdlock](#pthread_rwlock_rdlock) | 支持 | +| [pthread_rwlock_timedrdlock](#pthread_rwlock_timedrdlock) | 支持 | +| [pthread_rwlock_timedwrlock](#pthread_rwlock_timedwrlock) | 支持 | +| [pthread_rwlock_tryrdlock](#pthread_rwlock_tryrdlock) | 支持 | +| [pthread_rwlock_trywrlock](#pthread_rwlock_trywrlock) | 支持 | +| [pthread_rwlock_unlock](#pthread_rwlock_unlock) | 支持 | +| [pthread_rwlock_wrlock](#pthread_rwlock_wrlock) | 支持 | +| [pthread_rwlockattr_destroy](#pthread_rwlockattr_destroy) | 不支持 | +| [pthread_rwlockattr_getpshared](#pthread_rwlockattr_getpshared) | 部分支持 | +| [pthread_rwlockattr_init](#pthread_rwlockattr_init) | 不支持 | +| [pthread_rwlockattr_setpshared](#pthread_rwlockattr_setpshared) | 部分支持 | +| [pthread_self](#pthread_self) | 支持 | +| [pthread_setcancelstate](#pthread_setcancelstate) | 支持 | +| [pthread_setcanceltype](#pthread_setcanceltype) | 支持 | +| [pthread_setschedparam](#pthread_setschedparam) | 部分支持 | +| [pthread_setschedprio](#pthread_setschedprio) | 支持 | +| [pthread_setspecific](#pthread_setspecific) | 支持 | +| [pthread_sigmask](#pthread_sigmask) | 不支持 | +| [pthread_spin_init](#pthread_spin_init) | 不支持 | +| [pthread_spin_destory](#pthread_spin_destory) | 不支持 | +| [pthread_spin_lock](#pthread_spin_lock) | 不支持 | +| [pthread_spin_trylock](#pthread_spin_trylock) | 不支持 | +| [pthread_spin_unlock](#pthread_spin_unlock) | 不支持 | +| [pthread_testcancel](#pthread_testcancel) | 支持 | +| [sem_close](#sem_close) | 支持 | +| [sem_destroy](#sem_destroy) | 支持 | +| [sem_getvalue](#sem_getvalue) | 支持 | +| [sem_init](#sem_init) | 支持 | +| [sem_open](#sem_open) | 支持 | +| [sem_post](#sem_post) | 支持 | +| [sem_timedwait](#sem_timedwait) | 支持 | +| [sem_trywait](#sem_trywait) | 支持 | +| [sem_unlink](#sem_unlink) | 部分支持 | +| [sem_wait](#sem_wait) | 支持 | +| [sched_yield](#sched_yield) | 支持 | +| [sched_get_priority_max](#sched_get_priority_max) | 支持 | +| [sched_get_priority_min](#sched_get_priority_min) | 支持 | +| [asctime](#asctime) | 支持 | +| [asctime_r](#asctime_r) | 支持 | +| [clock](#clock) | 支持 | +| [clock_getcpuclockid](#clock_getcpuclockid) | 部分支持 | +| [clock_getres](#clock_getres) | 部分支持 | +| [clock_gettime](#clock_gettime) | 支持 | +| [clock_nanosleep](#clock_nanosleep) | 部分支持 | +| [clock_settime](#clock_settime) | 支持 | +| [ctime](#ctime) | 支持 | +| [ctime_r](#ctime_r) | 支持 | +| [difftime](#difftime) | 支持 | +| [getdate](#getdate) | 不支持 | +| [gettimeofday](#gettimeofday) | 支持 | +| [gmtime](#gmtime) | 支持 | +| [gmtime_r](#gmtime_r) | 支持 | +| [localtime](#localtime) | 支持 | +| [localtime_r](#localtime_r) | 支持 | +| [mktime](#mktime) | 支持 | +| [nanosleep](#nanosleep) | 支持 | +| [strftime](#strftime) | 不支持 | +| [strftime_l](#strftime_l) | 不支持 | +| [strptime](#strptime) | 支持 | +| [time](#time) | 支持 | +| [timer_create](#timer_create) | 支持 | +| [timer_delete](#timer_delete) | 支持 | +| [timer_getoverrun](#timer_getoverrun) | 支持 | +| [timer_gettime](#timer_gettime) | 支持 | +| [timer_settime](#timer_settime) | 支持 | +| [times](#times) | 支持 | +| [timespec_get](#timespec_get) | 支持 | +| [utime](#utime) | 不支持 | +| [wcsftime](#wcsftime) | 不支持 | +| [wcsftime_l](#wcsftime_l) | 不支持 | +| [malloc](#malloc) | 支持 | +| [free](#free) | 支持 | +| [memalign](#memalign) | 支持 | +| [realloc](#realloc) | 支持 | +| [malloc_usable_size](#malloc_usable_size) | 支持 | +| [aligned_alloc](#aligned_alloc) | 支持 | +| [reallocarray](#reallocarray) | 支持 | +| [calloc](#calloc) | 支持 | +| [posix_memalign](#posix_memalign) | 支持 | +| [abort](#abort) | 支持 | +| [_Exit](#_Exit) | 支持 | +| [atexit](#atexit) | 支持 | +| [quick_exit](#quick_exit) | 支持 | +| [at_quick_exit](#at_quick_exit) | 支持 | +| [assert](#assert) | 支持 | +| [div](#div) | 支持 | +| [ldiv](#ldiv) | 支持 | +| [lldiv](#lldiv) | 支持 | +| [imaxdiv](#imaxdiv) | 支持 | +| [wcstol](#wcstol) | 支持 | +| [wcstod](#wcstod) | 支持 | +| [fcvt](#fcvt) | 支持 | +| [ecvt](#ecvt) | 支持 | +| [gcvt](#gcvt) | 支持 | +| [qsort](#qsort) | 支持 | +| [abs](#abs) | 支持 | +| [labs](#labs) | 支持 | +| [llabs](#llabs) | 支持 | +| [imaxabs](#imaxabs) | 支持 | +| [strtol](#strtol) | 支持 | +| [strtod](#strtod) | 支持 | +| [atoi](#atoi) | 支持 | +| [atol](#atol) | 支持 | +| [atoll](#atoll) | 支持 | +| [atof](#atof) | 支持 | +| [bsearch](#bsearch) | 支持 | +| [semget](#semget) | 支持 | +| [semctl](#semctl) | 部分支持 | +| [semop](#semop) | 部分支持 | +| [semtimedop](#semtimedop) | 部分支持 | +| [msgget](#msgget) | 支持 | +| [msgctl](#msgctl) | 部分支持 | +| [msgsnd](#msgsnd) | 部分支持 | +| [msgrcv](#msgrcv) | 部分支持 | +| [shmget](#shmget) | 不支持 | +| [shmctl](#shmctl) | 不支持 | +| [shmat](#shmat) | 不支持 | +| [shmdt](#shmdt) | 不支持 | +| [ftok](#ftok) | 不支持 | +| [fstatat](#fstatat) | 支持 | +| [fchmodat](#fchmodat) | 支持 | +| [mkdir](#mkdir) | 支持 | +| [chmod](#chmod) | 支持 | +| [lstat](#lstat) | 支持 | +| [utimensat](#utimensat) | 支持 | +| [mkfifo](#mkfifo) | 支持 | +| [fchmod](#fchmod) | 支持 | +| [mknod](#mknod) | 支持 | +| [statvfs](#statvfs) | 支持 | +| [mkfifoat](#mkfifoat) | 支持 | +| [umask](#umask) | 支持 | +| [mknodat](#mknodat) | 支持 | +| [futimesat](#futimesat) | 支持 | +| [lchmod](#lchmod) | 支持 | +| [futimens](#futimens) | 支持 | +| [mkdirat](#mkdirat) | 支持 | +| [fstat](#fstat) | 支持 | +| [stat](#stat) | 支持 | +| [open](#open) | 支持 | +| [creat](#creat) | 支持 | +| [posix_fadvise](#posix_fadvise) | 不支持 | +| [fcntl](#fcntl) | 支持 | +| [posix_fallocate](#posix_fallocate) | 支持 | +| [openat](#openat) | 支持 | +| [scandir](#scandir) | 不支持 | +| [seekdir](#seekdir) | 支持 | +| [readdir_r](#readdir_r) | 不支持 | +| [fdopendir](#fdopendir) | 支持 | +| [versionsort](#versionsort) | 支持 | +| [alphasort](#alphasort) | 支持 | +| [rewinddir](#rewinddir) | 支持 | +| [dirfd](#dirfd) | 支持 | +| [readdir](#readdir) | 不支持 | +| [telldir](#telldir) | 支持 | +| [closedir](#closedir) | 支持 | +| [opendir](#opendir) | 支持 | +| [putwchar](#putwchar) | 支持 | +| [fgetws](#fgetws) | 支持 | +| [vfwprintf](#vfwprintf) | 支持 | +| [fscanf](#fscanf) | 支持 | +| [snprintf](#snprintf) | 支持 | +| [sprintf](#sprintf) | 支持 | +| [fgetpos](#fgetpos) | 支持 | +| [vdprintf](#vdprintf) | 支持 | +| [gets](#gets) | 支持 | +| [ungetc](#ungetc) | 支持 | +| [ftell](#ftell) | 支持 | +| [clearerr](#clearerr) | 支持 | +| [getc_unlocked](#getc_unlocked) | 支持 | +| [fmemopen](#fmemopen) | 支持 | +| [putwc](#putwc) | 支持 | +| [getchar](#getchar) | 支持 | +| [open_wmemstream](#open_wmemstream) | 支持 | +| [asprintf](#asprintf) | 支持 | +| [funlockfile](#funlockfile) | 支持 | +| [fflush](#fflush) | 支持 | +| [vfprintf](#vfprintf) | 支持 | +| [vsscanf](#vsscanf) | 支持 | +| [vfwscanf](#vfwscanf) | 支持 | +| [puts](#puts) | 支持 | +| [getchar_unlocked](#getchar_unlocked) | 支持 | +| [setvbuf](#setvbuf) | 支持 | +| [getwchar](#getwchar) | 支持 | +| [setbuffer](#setbuffer) | 支持 | +| [vsnprintf](#vsnprintf) | 支持 | +| [freopen](#freopen) | 支持 | +| [fwide](#fwide) | 支持 | +| [sscanf](#sscanf) | 支持 | +| [fgets](#fgets) | 支持 | +| [vswscanf](#vswscanf) | 支持 | +| [vprintf](#vprintf) | 支持 | +| [fputws](#fputws) | 支持 | +| [wprintf](#wprintf) | 支持 | +| [wscanf](#wscanf) | 支持 | +| [fputc](#fputc) | 支持 | +| [putchar](#putchar) | 支持 | +| [flockfile](#flockfile) | 支持 | +| [vswprintf](#vswprintf) | 支持 | +| [fputwc](#fputwc) | 支持 | +| [fopen](#fopen) | 支持 | +| [tmpnam](#tmpnam) | 支持 | +| [ferror](#ferror) | 支持 | +| [printf](#printf) | 支持 | +| [open_memstream](#open_memstream) | 支持 | +| [fwscanf](#fwscanf) | 支持 | +| [fprintf](#fprintf) | 支持 | +| [fgetc](#fgetc) | 支持 | +| [rewind](#rewind) | 支持 | +| [getwc](#getwc) | 支持 | +| [scanf](#scanf) | 支持 | +| [perror](#perror) | 支持 | +| [vsprintf](#vsprintf) | 支持 | +| [vasprintf](#vasprintf) | 支持 | +| [getc](#getc) | 支持 | +| [dprintf](#dprintf) | 支持 | +| [popen](#popen) | 不支持 | +| [putc](#putc) | 支持 | +| [fseek](#fseek) | 支持 | +| [fgetwc](#fgetwc) | 支持 | +| [tmpfile](#tmpfile) | 支持 | +| [putw](#putw) | 支持 | +| [tempnam](#tempnam) | 支持 | +| [vwprintf](#vwprintf) | 支持 | +| [getw](#getw) | 支持 | +| [putchar_unlocked](#putchar_unlocked) | 支持 | +| [fread](#fread) | 支持 | +| [fileno](#fileno) | 支持 | +| [remove](#remove) | 支持 | +| [putc_unlocked](#putc_unlocked) | 支持 | +| [fclose](#fclose) | 支持 | +| [feof](#feof) | 支持 | +| [fwrite](#fwrite) | 支持 | +| [setbuf](#setbuf) | 支持 | +| [pclose](#pclose) | 不支持 | +| [swprintf](#swprintf) | 支持 | +| [fwprintf](#fwprintf) | 支持 | +| [swscanf](#swscanf) | 支持 | +| [rename](#rename) | 支持 | +| [getdelim](#getdelim) | 支持 | +| [vfscanf](#vfscanf) | 支持 | +| [setlinebuf](#setlinebuf) | 支持 | +| [fputs](#fputs) | 支持 | +| [fsetpos](#fsetpos) | 支持 | +| [fopencookie](#fopencookie) | 支持 | +| [fgetln](#fgetln) | 支持 | +| [vscanf](#vscanf) | 支持 | +| [ungetwc](#ungetwc) | 支持 | +| [getline](#getline) | 支持 | +| [ftrylockfile](#ftrylockfile) | 支持 | +| [vwscanf](#vwscanf) | 支持 | + +### 任务管理 + +#### pthread_attr_init + +pthread_attr_init() 函数初始化一个线程对象的属性,需要用 pthread_attr_destroy() 函数对其去除初始化。 + +**参数**:指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr,结构中的元素分别对应着新线程的运行属性。 + +**输出**: + +- 0:初始化成功。 +- ENOMEM:内存不足,无法初始化线程属性对象。 +- EBUSY:attr是以前初始化但未销毁的线程属性。 + +#### pthread_attr_destroy + +pthread_attr_destroy()函数应销毁线程属性对象。被销毁的attr属性对象可以使用pthread_attr_init()重新初始化;在对象被销毁后引用该对象的结果是未定义的。 + +**参数**:指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 + +**输出**: + +- 0:函数销毁对象成功。 +- EINVAL:attr指向的是未初始化的线程属性对象。 + +#### pthread_attr_setstackaddr + +pthread_attr_setstackaddr()函数设置attr对象中的线程创建堆栈addr属性。堆栈addr属性指定用于创建线程堆栈的存储位置。 + +**输入**:指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr、 栈地址stackaddr。 + +**输出**: + +- 0:设置成功。 +- EINVAL:attr指向的是未初始化的线程属性对象。 + +#### pthread_attr_getstackaddr + +pthread_attr_getstackaddr()如果成功,函数将堆栈地址属性值存储在堆栈地址中。 + +**参数**:指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr、栈地址stackaddr. + +**输出**: + +- 0:获取成功。 +- EINVAL:attr指向的是未初始化的线程属性对象。 + +#### pthread_attr_getstacksize + +pthread_attr_getstacksize()和pthread_attr_setstacksize()函数分别应获取和设置 attr 对象中的线程创建堆栈大小属性(以字节为单位)。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr. +2. 栈大小指针stacksize,指向设置或获取的堆栈大小。 + +**输出**: + +- 0:获取成功。 +- EINVAL:attr指向的是未初始化的线程属性对象。 + +#### pthread_attr_setstacksize + +设置attr对象中的线程创建堆栈大小属性。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 栈大小指针stacksize,指向设置或获取的堆栈大小。 + +**输出**: + +- 0:设置成功。 +- EINVAL:堆栈size小于最小值或超过限制。 + +#### pthread_attr_getinheritsched + +获取线程的继承属性。 + +**参数**: + +- 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +- 线程的继承性指针inheritsched。 + +**输出**: + +- 0:获取成功。 +- EINVAL:attr指向的是未初始化的线程属性对象。 + +#### pthread_attr_setinheritsched + +设置线程的继承属性。可设置如下参数: + +- PTHREAD_INHERIT_SCHED:指定线程调度属性应继承自创建线程,并且应忽略此attr参数中的调度属性。 +- PTHREAD_EXPLICIT_SCHED:指定线程调度属性应设置为此属性对象中的相应值。 + +**参数**: + +- 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +- 线程的继承性inheritsched。 + +**输出**: + +- 0:设置成功。 +- EINVAL:继承的值无效,或attr指向的是未初始化的线程属性对象。 +- ENOTSUP:试图将属性设置为不支持的值。 + +#### pthread_attr_getschedpolicy + +获取调度策略属性,策略支持SCHED_FIFO。当使用调度策略SCHED_FIFO执行的线程正在等待互斥体时,互斥体解锁,它们应按优先级顺序获取互斥体。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 线程的调度策略指针policy。 + +**输出**: + +- 0:获取成功。 +- EINVAL:attr指向的是未初始化的线程属性对象。 + +#### pthread_attr_setschedpolicy + +设置调度策略属性,策略支持SCHED_FIFO。当使用调度策略SCHED_FIFO执行的线程正在等待互斥体时,互斥体解锁时,它们应按优先级顺序获取互斥体。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 线程的调度策略policy。 + +**输出**: + +- 0:设置成功。 +- EINVAL:policy的值无效,或者attr指向没有初始化的线程对象。 +- ENOTSUP:试图将属性设置为不支持的值。 + +#### pthread_attr_getdetachstate + +获取线程分离属性,分离状态应设置为PTHREAD_CREATE_DETAED或PTHREAD_CREATE_JOI无BLE。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 分离属性指针detachstate。 + +**输出**: + +- 0:获取成功。 +- EINVAL:attr指向没有初始化的线程对象。 + +#### pthread_attr_setdetachstate + +设置线程分离属性。分离状态应设置为PTHREAD_CREATE_DETAED或PTHREAD_CREATE_JOINABLE。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 分离属性detachstate。 + +**输出**: + +- 0:设置成功。 +- EINVAL:attr指向没有初始化的线程对象或分离状态的值无效。 + +#### pthread_attr_setschedparam + +pthread_attr_setschedparam() 可用来设置线程属性对象的优先级属性。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 调度属性指针schedparam。 + +**输出**: + +- 0:操作成功。 +- EINVAL:参数不合法或attr未初始化。 +- ENOTSUP:schedparam的优先级属性不支持。 + +#### pthread_attr_getschedparam + +pthread_attr_getschedparam() 可用来获取线程属性对象的优先级属性。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 调度属性指针schedparam。 + +**输出**: + +- 0:操作成功。 +- EINVAL:参数不合法或attr未初始化。 + +#### pthread_attr_getscope + +pthread_attr_getscope() 可用来获取线程属性对象的作用域属性。 + +**参数**: + +- 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +- 线程的作用域属性指针scope。 + +**输出**: + +- 0:获取成功。 +- EINVAL:指针未初始化。 + +#### pthread_attr_setscope + +设置线程的作用域,支持PTHREAD_SCOPE_SYSTEM,控制线程在系统级竞争资源。 + +**参数**: + +1. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +2. 作用域scope。 + +**输出**: + +- 0:设置成功。 +- EINVAL:scope的值无效,或者attr指向没有初始化的线程对象。 +- ENOTSUP:试图将属性设置为不支持的值。 + +#### pthread_attr_getstack + +pthread_attr_getstack() 可用来获取线程属性对象的栈信息。 + +**参数**: + +- 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +- 线程的栈地址指针stackAddr。 +- 线程的栈大小指针stackSize。 + +**输出**: + +- 0:获取成功。 +- EINVAL:指针未初始化。 + +#### pthread_attr_setstack + +pthread_attr_setstack() 可用来设置线程属性对象的栈地址和栈大小。 + +**参数**: + +- 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +- 线程的栈地址stackAddr。 +- 线程的栈大小stackSize。 + +**输出**: + +- 0:获取成功。 +- EINVAL:指针未初始化或值无效。 + +#### pthread_attr_getguardsize + +暂不支持。 + +#### pthread_attr_setguardsize + +暂不支持。 + +#### pthread_atfork + +暂不支持。 + +#### pthread_create + +pthread_create()函数创建一个新线程,其属性由 attr 指定。如果 attr 为 NULL,则使用默认属性。创建成功后,pthread_create()应将创建的线程的ID存储在参数 thread 的位置。 + +**参数**: + +1. 指向线程[标识符](https://baike.baidu.com/item/标识符?fromModule=lemma_inlink)的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)thread。 +2. 指向一个线程属性结构的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)attr。 +3. 线程处理函数的起始地址 start_routine。 +4. 运行函数的参数 arg。 + +**输出**: + +- 0:创建成功。 +- EINVAL:attr指定的属性无效。 +- EAGAIN:系统缺少创建新线程所需的资源,或者将超过系统对线程总数施加的限制。 +- EPERM:调用者没有权限。 + +#### pthread_cancel + +取消线程的执行。pthread_cancel()函数应请求取消线程。目标线程的可取消状态和类型决定取消何时生效。当取消被操作时,应调用线程的取消处理程序。 + +**参数**:线程的ID thread。 + +**输出**: + +- 0:取消成功。 +- ESRCH:找不到与给定线程ID相对应的线程。 + +#### pthread_testcancel + +设置可取消状态。pthread_testcancel()函数应在调用线程中创建一个取消点。如果禁用了可取消性,pthread_testcancel()函数将无效。 + +**参数**:无 + +**输出**:无 + +#### pthread_setcancelstate + +pthread_setcancelstate() 将调用线程的可取消性状态设置为 state 中给出的值。线程以前的可取消性状态返回到oldstate所指向的缓冲区中。state状态的合法值为PTHREAD_CANCEL_E无BLE和PTHREAD_CANCEL_DISABLE。 + +**参数**: + +- 线程的可取消性状态 state。 +- 之前的可取消状态 oldstate。 + +**输出**: + +- 0:设置成功。 +- EINVAL:指定的状态不是 PTHREAD_CANCEL_E无BLE 或 PTHREAD_CANCEL_DISABLE。 + +#### pthread_setcanceltype + +pthread_setcanceltype()函数应原子地将调用线程的可取消类型设置为指定的类型,并在oldtype引用的位置返回上一个可取消类型。类型的合法值为PTHREAD_CANCEL_DEFERRED和PTHREAD_CANCEL_ASYNCHRONOUS。 + +**输入**: + +- 线程的可取消类型type。 +- 之前的可取消类型oldtype。 + +**输出**: + +- 0:设置成功。 +- EINVAL:指定的类型不是PTHREAD_CANCEL_DEFERRED或PTHREAD_CANCEL_ASYNCHRONOUS。 + +#### pthread_exit + +线程的终止可以是调用 pthread_exit 或者该线程的例程结束。由此可看出,一个线程可以隐式退出,也可以显式调用 pthread_exit 函数来退出。pthread_exit 函数唯一的参数 value_ptr 是函数的返回代码,只要 pthread_join 中的第二个参数 value_ptr 不是NULL,这个值将被传递给 value_ptr。 + +**参数**:线程退出状态value_ptr,通常传NULL。 + +**输出**:无 + +#### pthread_cleanup_push + +pthread_cleanup_push() 函数应将指定的取消处理程序推送到调用线程的取消堆栈上。pthread_cleanup_push必须和pthread_cleanup_pop同时使用。当push后,在线程退出前使用pop,便会调用清理函数。 + +**参数**: + +1. 取消处理程序入口地址 routine。 +2. 传递给处理函数的参数 arg。 + +**输出**:无 + +#### pthread_cleanup_pop + +pthread_cleanup_pop()应删除调用线程取消处理程序,并可选择调用它(如果execute非零)。 + +**参数**:执行参数execute。 + +**输出**:无 + +#### pthread_setschedprio + +pthread_setschedprio()函数应将线程 ID 指定的调度优先级设置为 prio 给出的值。如果 pthread_setschedprio()函数失败,则目标线程的调度优先级不应更改。 + +**参数**: + +1. 线程ID:thread。 +2. 优先级:prio。 + +**输出**: + +- 0,设置成功。 +- EINVAL:prio对指定线程的调度策略无效。 +- ENOTSUP:试图将优先级设置为不支持的值。 +- EPERM:调用者没有设置指定线程的调度策略的权限。 +- EPERM:不允许将优先级修改为指定的值。 +- ESRCH:thread指定的线程不存在。 + +#### pthread_self + +pthread_self()函数应返回调用线程的线程ID。 + +**参数**:无 + +**输出**:返回调用线程的线程ID。 + +#### pthread_equal + +此函数应比较线程ID t1和t2。 + +**参数**: + +1. 线程ID t1。 +2. 线程ID t2。 + +**输出**: + +- 如果t1和t2相等,pthread_equal()函数应返回非零值。 +- 如果t1和t2不相等,应返回零。 +- 如果t1或t2不是有效的线程ID,则行为未定义。 + +#### sched_yield + +sched_yield()函数应强制正在运行的线程放弃处理器,并触发线程调度。 + +**参数**:无 + +**输出**:输出0时,成功完成;否则应返回值-1。 + +#### sched_get_priority_max + +sched_get_priority_max()和 sched_get_priority_min()函数应分别返回指定调度策略的优先级最大值或最小值。 + +**参数**:调度策略policy。 + +**输出**: + +返回值: + +- -1:失败。 +- 返回优先级最大值。 + +errno: + +- EINVAL:调度策略非法。 + +#### sched_get_priority_min + +返回指定调度策略的优先级最小值 + +**参数**:调度策略policy。 + +**输出**: + +返回值: + +- -1:失败。 +- 返回优先级最小值。 + +errno: + +- EINVAL:调度策略非法。 + +#### pthread_join + +pthread_join() 函数,以阻塞的方式等待 thread 指定的线程结束。当函数返回时,被等待线程的资源被收回。如果线程已经结束,那么该函数会立即返回。并且 thread 指定的线程必须是 joi无ble 的。当 pthread_join()成功返回时,目标线程已终止。对指定同一目标线程的pthread_join()的多个同时调用的结果未定义。如果调用pthread_join()的线程被取消,则目标线程不应被分离 + +**参数**: + +1. 线程ID:thread。 +2. 退出线程:返回值value_ptr。 + +**输出**: + +- 0:成功完成。 +- ESRCH:找不到与给定ID相对应的线程。 +- EDEADLK:检测到死锁或thread的值指定调用线程。 +- EINVAL:thread指定的线程不是joinable的。 + +#### pthread_detach + +实现线程分离,即主线程与子线程分离,子线程结束后,资源自动回收。 + +**参数**:线程ID:thread。 + +**输出**: + +- 0:成功完成。 +- EINVAL:thread是分离线程。 +- ESRCH:给定线程ID指定的线程不存在。 + +#### pthread_key_create + +分配用于标识线程特定数据的键。pthread_key_create 第一个参数为指向一个键值的[指针](https://baike.baidu.com/item/指针/2878304?fromModule=lemma_inlink),第二个参数指明了一个 destructor 函数,如果这个参数不为空,那么当每个线程结束时,系统将调用这个函数来释放绑定在这个键上的内存块。 + +**参数**: + +1. 键值的[指针](https://baike.baidu.com/item/指针/2878304?fromModule=lemma_inlink)key。 +2. destructor 函数入口 destructor。 + +**输出**: + +- 0:创建成功。 +- EAGAIN:系统缺乏创建另一个特定于线程的数据密钥所需的资源,或者已超过系统对每个进程的密钥总数施加的限制。 +- ENOMEM:内存不足,无法创建密钥。 + +#### pthread_setspecific + +pthread_setspecific() 函数应将线程特定的 value 与通过先前调用 pthread_key_create()获得的 key 关联起来。不同的线程可能会将不同的值绑定到相同的键上。这些值通常是指向已保留供调用线程使用的动态分配内存块的指针。 + +**参数**: + +1. 键值key。 +2. 指针value + +**输出**: + +- 0:设置成功。 +- ENOMEM:内存不足,无法将非NULL值与键关联。 +- EINVAL:key的值不合法。 + +#### pthread_getspecific + +将与key关联的数据读出来,返回数据类型为 void *,可以指向任何类型的数据。需要注意的是,在使用此返回的指针时,需满足是 void 类型,虽指向关联的数据地址处,但并不知道指向的数据类型,所以在具体使用时,要对其进行强制类型转换。 + +**参数**:键值key。 + +**输出**: + +- 返回与给定 key 关联的线程特定数据值。 +- NULL:没有线程特定的数据值与键关联。 + +#### pthread_key_delete + +销毁线程特定数据键。 + +**参数**:需要删除的键key。 + +**输出**: + +- 0:删除成功。 +- EINVAL:key值无效。 + +#### pthread_getcpuclockid + +暂不支持。 + +#### pthread_getschedparam + +获取线程调度策略和优先级属性。 + +**参数**: + +1. 线程对象指针thread。 +2. 调度策略指针policy。 +3. 调度属性对象指针param。 + +**输出**: + +- 0:删除成功。 +- EINVAL:指针未初始化。 + +#### pthread_setschedparam + +设置线程调度策略和优先级属性。调度策略仅支持SCHED_FIFO。 + +**参数**: + +1. 线程对象指针thread。 +2. 调度策略指针policy。 +3. 调度属性对象指针param。 + +**输出**: + +- 0:删除成功。 +- EINVAL:指针未初始化。 +- ENOTSUP:设置不支持的值。 + +#### pthread_kill + +暂不支持。 + +#### pthread_once + +pthread_once() 函数使用指定once_contol变量会保证init_routine函数只执行一次。当前init_routine函数不支持被取消。 + +**参数**: + +1. 控制变量control。 +2. 执行函数init_routine。 + +**输出**: + +- 0:删除成功。 +- EINVAL:指针未初始化。 + +#### pthread_sigmask + +暂不支持。 + +#### pthread_spin_init + +暂不支持。 + +#### pthread_spin_destory + +暂不支持。 + +#### pthread_spin_lock + +暂不支持。 + +#### pthread_spin_trylock + +暂不支持。 + +#### pthread_spin_unlock + +暂不支持。 + +### 信号量管理 + +#### sem_init + +sem_init()函数应初始化 sem 引用的匿名信号量。初始化信号量的值应为 value。在成功调用 sem_init()后,信号量可用于后续调用 sem_wait()、sem_timedwait()、sem_trywait()、sem_post()和sem_destroy()。此信号量应保持可用,直到信号量被销毁。 + +**参数**: + +1. 指向信号量指针sem。 +2. 指明信号量的类型pshared。 +3. 信号量值的大小value。 + +**输出**: + +- 0:初始化成功。 +- EINVAL:值参数超过{SEM_VALUE_MAX}。 +- ENOSPC:初始化信号量所需的资源已耗尽,或已达到信号量的限制。 +- EPERM:缺乏初始化信号量的权限。 + +#### sem_destroy + +sem_destroy()函数销毁 sem 指示的匿名信号量。只有使用 sem_init()创建的信号量才能使用 sem_destroy()销毁;使用命名信号量调用 sem_destroy()的效果未定义。在 sem 被另一个对 sem_init()的调用重新初始化之前,后续使用信号量 sem 的效果是未定义的。 + +**参数**:指向信号量指针sem。 + +**输出**: + +- 0:销毁成功。 +- EINVAL:sem不是有效的信号量。 +- EBUSY:信号量上当前有线程被阻止。 + +#### sem_open + +创建并初始化有名信号量。此信号量可用于后续对 sem_wait()、sem_timedwait()、sem_trywait()、sem_post()和sem_close() 的调用。 + +**参数**: + +1. 信号量名无me指针。 + +2. oflag参数控制信号量是创建还是仅通过调用sem_open()访问。以下标志位可以在oflag中设置: + + - O_CREAT:如果信号量不存在,则此标志用于创建信号量。 + - O_EXCL:如果设置了O_EXCL和O_CREAT,且信号量名称存在,sem_open()将失败。如果设置了O_EXCL而未设置O_CREAT,则效果未定义。 + +3. 如果在oflag参数中指定了O_CREAT和O_EXCL以外的标志,则效果未指定。 + +**输出**: + +- 创建并初始化成功,返回信号量地址。 +- EACCES:创建命名信号量的权限被拒绝。 +- EEXIST:已设置O_CREAT和O_EXCL,且命名信号量已存在。 +- EINTR:sem_open()操作被信号中断。 +- EINVAL:给定名称不支持sem_open(),或在oflag中指定了O_CREAT,并且值大于最大值。 +- EMFILE:当前使用的信号量描述符或文件描述符太多。 +- ENAMETOOLONG:name参数的长度超过{PATH_MAX},或者路径名组件的长度超过{NAME_MAX}。 +- ENFILE:系统中当前打开的信号量太多。 +- ENOENT:未设置O_CREAT且命名信号量不存在。 +- ENOSPC:没有足够的空间来创建新的命名信号量。 + +#### sem_close + +关闭一个命名信号量。未命名的信号量(由sem_init() 创建的信号量)调用 sem_close() 的效果未定义。sem_close() 函数应解除系统分配给此信号量的任何系统资源。此过程后续使用sem指示的信号量的影响未定义。 + +**参数**:信号量指针sem。 + +**输出**: + +- 0: 销毁成功。 +- EINVAL:sem参数不是有效的信号量描述符。 + +#### sem_wait + +sem_wait()函数通过对 sem 引用的信号量执行信号量锁定操作来锁定该信号量。如果信号量值当前为零,则调用线程在锁定信号量或调用被信号中断之前,不会从对 sem_wait()的调用返回。 + +**参数**:信号量指针sem。 + +**输出**: + +- 0:操作成功。 +- EAGAIN:信号量已被锁定,无法立即被 sem_trywait()操作。 +- EDEADLK:检测到死锁条件。 +- EINTR:信号中断了此功能。 +- EINVAL:sem参数未引用有效的信号量。 + +#### sem_trywait + +只有当信号量当前未锁定时,即信号量值当前为正值,sem_trywait()函数才应锁定 sem 引用的信号量。否则它不应锁定信号量。 + +**参数**:信号量指针sem。 + +**输出**: + +- 0:操作成功。 +- EAGAIN:信号量已被锁定,无法立即被sem_trywait()操作。 +- EDEADLK:检测到死锁条件。 +- EINTR:信号中断了此功能。 +- EINVAL:sem参数未引用有效的信号量。 + +#### sem_timedwait + +sem_timedwait()函数应锁定 sem 引用的信号量,就像 sem_wait()函数一样。如果在不等待另一个线程执行sem_post()解锁信号量的情况下无法锁定信号量,则在指定的超时到期时,此等待将终止。 + +**参数**: + +1. 信号量指针sem。 +2. 阻塞时间指针abs_timeout。 + +**输出**: + +- 0:操作成功。 +- EINVAL:线程可能会阻塞,abs_timeout 指定的纳秒值小于0或大于等于1000 million。 +- ETIMEDOUT:在指定的超时到期之前,无法锁定信号量。 +- EDEADLK:检测到死锁条件。 +- EINTR:信号中断了此功能。 +- EINVAL:sem参数未引用有效的信号量。 + +#### sem_post + +sem_post()函数应通过对 sem 引用的信号量执行信号量解锁操作,当有线程阻塞在这个信号量上时,调用这个函数会使其中一个线程不在阻塞,选择机制是有线程的调度策略决定的。 + +**参数**:信号量指针sem。 + +**输出**: + +- 0:操作成功。 +- EINVAL:sem参数未引用有效的信号量。 + +#### sem_getvalue + +sem_getvalue()函数获取 sem 引用的信号量的值,而不影响信号量的状态。获取的 sval 值表示在调用期间某个未指定时间发生的实际信号量值。 + +**参数**: + +1. 信号量指针sem。 +2. 信号量计数值指针sval。 + +**输出**: + +- 0:操作成功。 +- EINVAL:sem参数未引用有效的信号量。 + +#### sem_unlink + +sem_unlink() 函数将删除由字符串名称命名的信号量。如果信号量当前被其他进程引用,那么sem_unlink() 将不会影响信号量的状态。如果在调用sem_unlink() 时一个或多个进程打开了信号量,则信号量的销毁将被推迟,直到信号量的所有引用都被销毁了。 + +**参数**:信号量名称name。 + +**输出**: + +- 0:操作成功。 +- -1:name参数未引用有效的信号量。 + +### 互斥量管理 + +#### pthread_mutexattr_init + +pthread_mutexattr_init()函数初始化互斥锁。如果调用 pthread_mutexattr_init()指定已初始化的attr属性对象行为未定义。 + +**参数**:互斥锁属性对象指针attr。 + +**输出**: + +- 0:操作成功。 +- ENOMEM:内存不足,无法初始化互斥属性对象。 + +#### pthread_mutexattr_destroy + + 注销一个互斥锁。销毁一个互斥锁即意味着释放它所占用的资源,且要求锁当前处于开放状态。 + +**参数**:互斥锁属性对象指针attr。 + +**输出**: + +- 0:操作成功。 +- EINVAL:attr指定的值无效。 + +#### pthread_mutexattr_settype + +pthread_mutexattr_settype()函数设置互斥 type 属性。默认值为 PTHREAD_MUTEX_DEFAULT。有效的互斥类型包括: + +PTHREAD_MUTEX_NORMAL:此类型的互斥锁不会检测死锁。 + +- 如果线程在不解除互斥锁的情况下尝试重新锁定该互斥锁,则会产生死锁。 +- 如果尝试解除由其他线程锁定的互斥锁,会产生不确定的行为。 +- 如果尝试解除锁定的互斥锁未锁定,则会产生不确定的行为。 + +PTHREAD_MUTEX_ERRORCHECK:此类型的互斥锁可提供错误检查。 + +- 如果线程在不解除锁定互斥锁的情况下尝试重新锁定该互斥锁,则会返回错误。 +- 如果线程尝试解除锁定的互斥锁已经由其他线程锁定,则会返回错误。 +- 如果线程尝试解除锁定的互斥锁未锁定,则会返回错误。 + +PTHREAD_MUTEX_RECURSIVE: + +- 如果线程在不解除锁定互斥锁的情况下尝试重新锁定该互斥锁,则可成功锁定该互斥锁。 与 PTHREAD_MUTEX_NORMAL 类型的互斥锁不同,对此类型互斥锁进行重新锁定时不会产生死锁情况。多次锁定互斥锁需要进行相同次数的解除锁定才可以释放该锁,然后其他线程才能获取该互斥锁。 +- 如果线程尝试解除锁定的互斥锁已经由其他线程锁定,则会返回错误。 +- 如果线程尝试解除锁定的互斥锁未锁定,则会返回错误。 + +PTHREAD_MUTEX_DEFAULT: + +- 如果尝试以[递归](https://baike.baidu.com/item/递归?fromModule=lemma_inlink)方式锁定此类型的互斥锁,则会产生不确定的行为。 +- 对于不是由调用线程锁定的此类型互斥锁,如果尝试对它解除锁定,则会产生不确定的行为。 +- 对于尚未锁定的此类型互斥锁,如果尝试对它解除锁定,也会产生不确定的行为。 + +**参数**: + +1. 互斥锁属性对象指针attr。 +2. 互斥锁类型type。 + +**输出**: + +- 0:操作成功。 +- EINVAL:attr指定的值无效,或type无效。 + +#### pthread_mutexattr_gettype + +pthread_mutexattr_gettype() 可用来获取由 pthread_mutexattr_settype() 设置的互斥锁的 type 属性。 + +**参数**: + +1. 互斥锁属性对象指针attr。 +2. 互斥锁类型指针type。 + +**输出**: + +- 0:操作成功。 +- EINVAL:attr指定的值无效。 + +#### pthread_mutexattr_setprotocol + +pthread_mutexattr_setprotocol() 可用来设置互斥锁属性对象的协议属性。定义的 protocol 可以为以下值之一: + +- PTHREAD_PRIO_NONE +- PTHREAD_PRIO_INHERIT +- PTHREAD_PRIO_PROTECT(当前版本暂不支持) + +**参数**: + +1. 互斥锁属性对象指针 attr。 +2. 互斥锁属性对象的协议 protocol。 + +**输出**: + +- 0:操作成功。 +- ENOTSUP:协议指定的值不支持。 +- EINVAL:attr指定的值无效。 +- EPERM:调用者没有权限。 + +#### pthread_mutexattr_getprotocol + +pthread_mutexattr_getprotocol() 获取互斥锁属性对象的协议属性。 + +**参数**: + +1. 互斥锁属性对象指针attr。 +2. 互斥锁属性对象的协议指针protocol。 + +**输出**: + +- 0:操作成功。 +- EINVAL:attr指定的值无效。 +- EPERM:调用者没有权限。 + +#### pthread_mutexattr_getprioceiling + +暂不支持。 + +#### pthread_mutexattr_setprioceiling + +暂不支持。 + +#### pthread_mutexattr_getpshared + +获取互斥锁属性对象的共享属性。当前支持PTHREAD_PROCESS_PRIVATE,互斥锁为进程内私有。 + +**参数**: + +1. 互斥锁属性对象指针attr。 +2. 共享属性指针pshared。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_mutexattr_setpshared + +暂不支持。 + +#### pthread_mutexattr_getrobust + +获取互斥锁属性对象的健壮属性。当前支持PTHREAD_MUTEX_STALLED,如果互斥锁的所有者在持有互斥锁时终止,则不会执行特殊操作。 + +**参数**: + +1. 互斥锁属性对象指针attr。 +2. 健壮属性指针robust。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_mutexattr_setrobust + +设置互斥锁属性对象的健壮属性。当前支持PTHREAD_MUTEX_STALLED。 + +**参数**: + +1. 互斥锁属性对象指针attr。 +2. 健壮属性robust。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- ENOTSUP:设置不支持的值。 + +#### pthread_mutex_init + +pthread_mutex_init()函数初始化互斥锁,属性由 attr 指定。如果 attr 为NULL,则使用默认互斥属性。 + +**参数**: + +1. 互斥锁指针mutex。 +2. 互斥锁属性对象指针attr。 + +**输出**: + +- 0:操作成功。 +- EAGAIN:缺少初始化互斥锁所需的资源(内存除外)。 +- ENOMEM:内存不足,无法初始化互斥体。 +- EPERM:没有执行操作的权限。 +- EBUSY:互斥锁已经初始化但尚未销毁。 +- EINVAL:attr指定的值无效。 + +#### pthread_mutex_destroy + +pthread_mutex_destroy() 用于注销一个互斥锁。销毁一个互斥锁即意味着释放它所占用的资源,且要求锁当前处于开放状态。 + +**参数**:互斥锁指针mutex。 + +**输出**: + +- 0:操作成功。 +- EBUSY:锁当前未处于开放状态。 +- EINVAL:mutex指定的值无效。 + +#### pthread_mutex_lock + +当pthread_mutex_lock() 返回时,该[互斥锁](https://baike.baidu.com/item/互斥锁/841823?fromModule=lemma_inlink)已被锁定。[线程](https://baike.baidu.com/item/线程/103101?fromModule=lemma_inlink)调用该函数让互斥锁上锁,如果该互斥锁已被另一个线程锁定和拥有,则调用该线程将阻塞,直到该互斥锁变为可用为止。 + +**参数**:互斥锁指针mutex。 + +**输出**: + +- 0:操作成功。 +- EINVAL:mutex指定的值未初始化。 +- EAGAIN:无法获取互斥锁。 +- EDEADLK:当前线程已经拥有互斥锁。 + +#### pthread_mutex_trylock + +pthread_mutex_trylock() 语义与 pthread_mutex_lock() 类似,不同点在于锁已经被占据时返回 EBUSY, 而非挂起等待。 + +**参数**:互斥锁指针mutex。 + +**输出**: + +- 0,操作成功。 +- EBUSY:mutex指定的锁已经被占据。 +- EINVAL:mutex指定的值未初始化。 +- EAGAIN:无法获取互斥锁。 +- EDEADLK:当前线程已经拥有互斥锁。 + +#### pthread_mutex_timedlock + +pthread_mutex_timedlock() 语义与pthread_mutex_lock() 类似,不同点在于锁已经被占据时增加一个超时时间,等待超时返回错误码。 + +**参数**: + +1. 互斥锁指针mutex。 +2. 超时时间指针abs_timeout。 + +**输出**: + +- 0:操作成功。 +- EINVAL:mutex指定的值未初始化,abs_timeout指定的纳秒值小于0或大于等于1000 million。 +- ETIMEDOUT:等待超时。 +- EAGAIN:无法获取互斥锁。 +- EDEADLK:当前线程已经拥有互斥锁。 + +#### pthread_mutex_unlock + +释放互斥锁。 + +**参数**:互斥锁指针mutex。 + +**输出**: + +- 0:操作成功。 +- EINVAL:mutex指定的值未初始化。 +- EPERM:当前线程不拥有互斥锁。 + +#### pthread_mutex_consistent + +暂不支持。 + +#### pthread_mutex_getprioceiling + +暂不支持。 + +#### pthread_mutex_setprioceiling + +暂不支持。 + +### 读写锁编程 + +#### pthread_rwlock_init + +pthread_rwlock_init()初始化读写锁。如果 attr 为 NULL,则使用默认的读写锁属性。一旦初始化,锁可以使用任何次数,而无需重新初始化。调用 pthread_rwlock_init()指定已初始化的读写锁行为未定义。如果在没有初始化的情况下使用读写锁,则结果是未定义的。 + +**参数**: + +1. 读写锁指针rwlock。 +2. 读写锁属性指针attr。 + +**输出**: + +- 0:操作成功。 +- EAGAIN:系统缺少初始化读写锁所需的资源(内存除外)。 +- ENOMEM:内存不足,无法初始化读写锁。 +- EPERM:没有执行操作的权限。 +- EBUSY:rwlock是以已初始化但尚未销毁的读写锁。 +- EINVAL:attr指定的值无效。 + +#### pthread_rwlock_destroy + +pthread_rwlock_destroy()函数应销毁 rwlock 引用的读写锁,并释放锁使用的资源。在再次调用pthread_rwlock_init()重新初始化锁之前,后续使用锁的行为未定义。如果在任何线程持有 rwlock 时调用pthread_rwlock_destroy()行为未定义。尝试销毁未初始化的读写锁行为未定义。 + +**参数**:读写锁指针rwlock。 + +**输出**: + +- 0:操作成功。 +- EBUSY: rwlock引用的对象被锁定时销毁该对象。 +- EINVAL:attr指定的值无效。 + +#### pthread_rwlock_rdlock + +pthread_rwlock_rdlock()函数应将读锁应用于rwlock引用的读写锁。 + +**参数**:读写锁指针rwlock。 + +**输出**: + +- 0:操作成功。 +- EINVAL:rwlock是未初始化的读写锁。 +- EAGAIN:无法获取读锁,因为已超过rwlock的最大读锁数。 +- EDEADLK:检测到死锁条件或当前线程已拥有写锁。 + +#### pthread_rwlock_tryrdlock + +pthread_rwlock_tryrdlock()函数语义与pthread_rwlock_rdlock()类似。在任何情况下,pthread_rwlock_tryrdlock()函数都不会阻塞;它会一直获取锁,或者失败并立即返回。 + +**参数**:读写锁指针rwlock。 + +**输出**: + +- 0:操作成功。 +- EINVAL:rwlock是未初始化的读写锁。 +- EAGAIN:无法获取读锁,因为已超过rwlock的最大读锁数。 +- EBUSY:无法获取读写锁以进行读取,因为写入程序持有该锁。 + +#### pthread_rwlock_timedrdlock + +pthread_rwlock_timedrdlock()语义与pthread_rwlock_rdlock()类似,不同的是在锁已经被占据时增加一个超时时间,等待超时返回错误码。 + +**参数**: + +1. 读写锁指针rwlock。 +2. 超时时间指针abs_timeout。 + +**输出**: + +- 0:操作成功。 +- ETIMEDOUT:在指定的超时到期之前,无法获取锁。 +- EAGAIN:无法获取读锁,超过锁的最大读锁数量。 +- EDEADLK:检测到死锁条件或调用线程已在rwlock上持有写锁。 +- EINVAL:rwlock指定的锁未初始化,或者abs_timeout纳秒值小于0或大于等于1000 million。 + +#### pthread_rwlock_wrlock + +pthread_rwlock_wrlock()函数将写锁应用于 rwlock 引用的读写锁。如果没有其他线程持有读写锁 rwlock,调用线程将获得写锁。否则,线程应阻塞,直到它能够获得锁。如果调用线程在调用时持有读写锁(无论是读锁还是写锁),则调用线程可能会死锁。 + +**参数**:读写锁指针rwlock。 + +**输出**: + +- 0:操作成功。 +- EINVAL:rwlock指定的值未初始化。 +- EDEADLK:检测到死锁情况,或者当前线程已经拥有用于写入或读取的读写锁。 + +#### pthread_rwlock_trywrlock + +pthread_rwlock_trywrlock()函数类似 pthread_rwlock_wrlock(),但如果任何线程当前持有rwlock(用于读取或写入,该函数将失败)。 + +**参数**:读写锁指针rwlock。 + +**输出**: + +- 0:操作成功。 +- EBUSY:无法获取读写锁以进行写入,因为它已被锁定以进行读取或写入。 +- EINVAL:rwlock指定的值未初始化。 + +#### pthread_rwlock_timedwrlock + +pthread_rwlock_timedwrlock()语义与pthread_rwlock_wrlock()类似,不同的是在锁已经被占据时增加一个超时时间,等待超时返回错误码。 + +**参数**: + +1. 读写锁指针rwlock。 +2. 超时时间指针abs_timeout。 + +**输出**: + +- 0:操作成功。 +- ETIMEDOUT:在指定的超时到期之前,无法获取锁。 +- EAGAIN:无法获取读锁,超过锁的最大读锁数量。 +- EDEADLK:检测到死锁条件或调用线程已在rwlock上持有写锁。 +- EINVAL;rwlock指定的锁未初始化,或者abs_timeout纳秒值小于0或大于等于1000 million。 + +#### pthread_rwlock_unlock + +pthread_rwlock_unlock()函数释放rwlock引用的读写锁上持有的锁。如果读写锁rwlock未被调用线程持有,则结果未定义。 + +**参数**:读写锁指针rwlock。 + +**输出**: + +- 0:操作成功。 +- EINVAL:rwlock指定的锁未初始化。 +- EPERM:当前线程不持有读写锁。 + +#### pthread_rwlockattr_init + +暂不支持 + +#### pthread_rwlockattr_destroy + +暂不支持 + +#### pthread_rwlockattr_getpshared + +pthread_rwlockattr_getpshared() 函数从attr引用的读写锁属性对象中获取进程共享属性的值。 + +**参数**: + +1. 读写锁属性指针attr。 +2. 共享属性指针pshared。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +### pthread_rwlockattr_setpshared + +设置读写锁属性对象中进程共享属性的值。当前支持PTHREAD_PROCESS_PRIVATE,读写锁为进程私有。 + +**参数**: + +1. 读写锁属性指针attr。 +2. 共享属性指针pshared。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- ENOTSUP:设置不支持的值。 + +### 线程屏障管理 + +#### pthread_barrier_destroy + +销毁线程屏障变量,并释放该屏障使用的任何资源。 + +**参数**:屏障变量指针b。 + +**输出**: + +- 0:操作成功。 +- EBUSY:另一个线程在使用该变量。 + +#### pthread_barrier_init + +分配线程屏障变量所需的资源,并使用attr的属性初始化屏障。如果attr为NULL,则使用默认的屏障属性。 + +**参数**: + +1. 屏障变量指针b。 +2. 屏障属性指针attr。 +3. 等待线程个数count。 + +**输出**: + +- 0:操作成功。 +- EINVAL:count为0。 +- ENOTSUP:attr指定的屏障属性不支持。 +- EAGAIN:系统缺乏初始化一个屏障所需的资源。 + +#### pthread_barrier_wait + +pthread_barrier_wait() 阻塞调用线程,直到等待的线程达到了预定的数量。 + +**参数**:屏障变量指针b。 + +**输出**: + +- 0:操作成功。 +- -1:第一个线程成功返回。 + +#### pthread_barrierattr_getpshared + +获取屏障属性的共享属性值。 + +**参数**: + +1. 屏障属性指针a。 +2. 共享属性值指针pshared。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_barrierattr_setpshared + +设置屏障属性的共享属性值。支持PTHREAD_PROCESS_PRIVATE,该屏障为进程私有的,不允许不同进程的线程访问该屏障。 + +**参数**: + +1. 屏障属性指针a。 +2. 共享属性值pshared。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- ENOTSUP:试图将属性设置为不支持的值。 + +### 条件变量管理 + +#### pthread_cond_init + +使用attr引用的属性初始化cond引用的条件变量。如果attr为NULL,则使用默认条件变量属性。 + +**参数** + +1. 条件变量指针cond。 +2. 条件变量属性指针attr。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- EAGAIN:系统缺乏初始化一个条件变量所需的资源。 + +#### pthread_cond_destroy + +销毁指定条件变量,使得该条件变量未初始化,可以使用pthread_cond_init() 重新初始化。 + +**参数**:条件变量指针cond。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- EBUSY:另一个线程在使用该变量。 + +#### pthread_cond_broadcast + +pthread_cond_broadcast()函数取消阻塞指定条件变量cond上当前阻塞的所有线程。 + +**参数**:条件变量指针cond。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_cond_signal + +pthread_cond_signal() 函数取消阻塞在指定的条件变量cond上阻塞的线程中的至少一个(如果有任何线程在cond上被阻塞)。 + +**参数**:条件变量指针cond。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_cond_timedwait + +pthread_cond_timedwait() 函数阻塞当前线程等待cond指定的条件变量,并释放互斥体指定的互斥体。只有在另一个线程使用相同的条件变量调用pthread_cond_signal() 或pthread_cond_broadcast() 后,或者如果系统时间达到指定的时间,并且当前线程重新获得互斥锁时,等待线程才会解锁。 + +**参数**: + +1. 条件变量指针cond。 +2. 互斥锁指针m。 +3. 超时时间指针ts。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- ETIMEDOUT:阻塞超时 + +#### pthread_cond_wait + +pthread_cond_wait() 函数与pthread_cond_timedwait() 类似,阻塞当前线程等待cond指定的条件变量,并释放互斥体指定的互斥体。只有在另一个线程使用相同的条件变量调用pthread_cond_signal() 或pthread_cond_broadcast() 后,并且当前线程重新获得互斥锁时,等待线程才会解锁。 + +**参数**: + +1. 条件变量指针cond。 +2. 互斥锁指针m。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_condattr_init + +使用属性的默认值初始化条件变量属性对象attr。 + +**参数**: 条件变量属性对象指针attr。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_condattr_destroy + +pthread_condattr_destroy)函数销毁条件变量属性对象,使对象变得未初始化,可以使用pthread_condattr_init() 重新初始化。 + +**参数**:条件变量属性对象指针attr。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_condattr_getclock + +从attr引用的属性对象中获取时钟属性的值。 + +**参数**: + +1. 条件变量属性对象指针attr。 +2. 时钟属性指针clk。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_condattr_setclock + +设置attr引用的属性对象中时钟属性的值。当前支持CLOCK_REALTIME,采用系统时间。 + +**参数**: + +1. 条件变量属性对象指针attr。 +2. 时钟属性clock。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- ENOTSUP:设置不支持的值。 + +#### pthread_condattr_getpshared + +从attr引用的属性对象中获取共享属性的值。 + +**参数**: + +1. 条件变量属性对象指针attr。 +2. 共享属性指针pshared。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +#### pthread_condattr_setpshared + +设置attr引用的属性对象中共享属性属性的值。当前支持PTHREAD_PROCESS_PRIVATE,该条件变量为进程私有的,不允许不同进程的线程访问。 + +**参数**: + +1. 条件变量属性对象指针attr。 +2. 共享属性pshared。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- ENOTSUP:设置不支持的值。 + +### 时钟管理 + +#### asctime + +asctime() 函数将timeptr指向的tm结构体对象转换为的字符串。 + +**参数**: tm结构体指针timeptr。 + +**输出**: + +- 成功则返回字符串指针。 +- 失败返回NULL。 + +#### asctime_r + +与asctime() 函数类似,将timeptr指向的tm结构体对象转换为的字符串。不同的是该字符串放置在用户提供的缓冲区buf(至少包含26字节)中,然后返回buf。 + +**参数**: + +1. tm结构体指针timeptr。 +2. 字符串缓冲区buf。 + +**输出**: + +- 成功则返回字符串指针。 +- 失败返回NULL。 + +#### clock + +返回该进程使用等处理器时间的最佳近似值。 + +**参数**:无 + +**输出**: + +- 成功则返回时间。 +- -1:失败。 + +#### clock_gettime + +clock_gettime()函数应返回指定时钟的当前值tp。 + +**参数**: + +1. 时钟类型clock_id。 +2. timespec结构体指针tp。 + +**输出**: + +返回值: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:clock_id不合法。 +- ENOTSUP:clock_id不支持。 + +#### clock_settime + +clock_settime()函数应将指定的clock_id设置为tp指定的值。 + +**参数**: + +1. 时钟类型clock_id。 +2. timespec结构体指针tp。 + +**输出**: + +返回值: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:clock_id不合法,或tp参数指定的纳秒值小于0或大于等于1000 million。 +- ENOTSUP:clock_id不支持。 + +#### clock_getres + +clock_getres()返回时钟的分辨率。如果参数res不为NULL,则指定时钟的分辨率应存储在res指向的位置。如果res为NULL,则不返回时钟分辨率。如果clock_settime()的时间参数不是res的倍数,则该值将被截断为res的倍数。 + +**参数**: + +1. 时钟类型clock_id。 +2. timespec结构体指针res。 + +**输出**: + +返回值: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:clock_id不合法。 +- ENOTSUP:clock_id不支持。 + +#### clock_getcpuclockid + +clock_getcpuclockid函数获取CPU时间时钟的ID,当前进程只有一个,因此无论传入的pid是什么,都返回CLOCK_PROCESS_CPUTIME_ID。 + +**参数**: + +1. 进程ID:pid。 +2. 时钟指针:clk。 + +**输出**: + +- 0:操作成功。 + +#### clock_nanosleep + +与nanosleep类似,clock_nanosleep() 允许调用线程在以纳秒精度指定的时间间隔内休眠,并可以将睡眠间隔指定为绝对值或相对值。当前支持CLOCK_REALTIME。 + +**参数**: + +1. 时钟ID:clk。 +2. 是否为绝对值:flag。 +3. 指定的时间间隔值eq。 +4. 剩余时间值:rem。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 +- EINVAL:时钟ID错误。 +- ENOTSUP:不支持的时钟ID。 + +#### nanosleep + +nanosleep()函数应导致当前线程暂停执行,直到rqtp参数指定的时间间隔过去或信号传递到调用线程。挂起时间可能比请求的长,因为参数值被四舍五入到睡眠分辨率的整数倍,或者因为系统调度了其他活动。但是,除被信号中断外,暂停时间不得小于rqtp规定的时间。 + +如果rmtp参数是非NULL,则更新其为剩余的时间量(请求的时间减去实际睡眠时间)。如果rmtp参数为NULL,则不返回剩余时间。 + +**参数**: + +1. timespec结构体指针rqtp。 +2. timespec结构体指针rmtp。 + +**输出**: + +返回值: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:rqtp参数指定的纳秒值小于0或大于等于1000 million。 +- EINTR:信号中断。 + +#### sleep + +sleep()函数应导致调用线程暂停执行,直到参数seconds指定的实时秒数过去或信号被传递到调用线程。由于系统安排了其他活动,暂停时间可能比请求的要长。 + +**参数**: 秒数seconds。 + +**输出**: + +- 0:操作成功。 +- 如果由于信号的传递而返回,则返回值应为“未睡眠”量,以秒为单位。 + +#### timer_create + +timer_create()函数使用指定的时钟clock_id作为时序基创建计时器,在timerid引用的位置返回计时器ID,用于标识计时器。在删除计时器之前,此计时器ID在调用过程中应是唯一的。 + +**参数**: + +1. 时钟类型clock_id。 +2. sigevent结构体指针evp。(仅支持SIGEV_THREAD) +3. 定时器ID指针timerid。 + +**输出**: + +- 0:操作成功。 +- EINVAL:clock_id不合法。 +- EAGAIN:系统缺少足够的资源来满足请求。 +- EINVAL:指定的时钟ID未定义。 +- ENOTSUP:不支持创建附加到clock_id时钟上的计时器。 + +#### timer_delete + +删除定时器。 + +**参数**:定时器ID指针timerid。 + +**输出**: + +- 0:操作成功。 +- EINVAL:timerid不合法。 + +#### timer_settime + +如果value的it_value成员非0,timer_settime()函数从value参数的it_value成员设置timerid指定的计时器的到期时间。如果在调用timer_settime()时指定的计时器已启用,则此调用应将下次到期的时间重置为指定的值。如果value的it_value成员为0,则应解除计时器。 + +**参数**: + +1. 定时器ID timerid。 +2. 计时器的特征flag。 +3. itimerspec结构体指针value。 +4. itimerspec结构体指针ovalue。返回上一次计时器设置超时时间。 + +**输出**: + +- 0:操作成功。 +- EINVAL:timerid不合法。 + +#### timer_gettime + +timer_gettime() 函数存储定时器 timerid 的剩余时间以及间隔。value 的 it_value 成员包含计时器到期前的时间量,如果计时器已解除,则为零。value 的 it_interval 成员将包含 timer_settime() 上次设置的间隔时间。 + +**参数**: + +1. 定时器ID timerid。 +2. itimerspec结构体指针value。 + +**输出**: + +- 0:操作成功。 +- EINVAL:timerid不合法。 + +#### timer_getoverrun + +根据指定的定时器ID,获取定时器的超时次数。 + +**参数**: + +1. 定时器ID timerid。 +2. itimerspec结构体指针value。 + +**输出**: + +- 非负数:超时次数。 +- -1:操作失败。 + +errno: + +- EINVAL:无效ID或定时器未初始化。 + +#### times + +获取进程的执行时间。由于UniProton无用户模式/内核模式且无子进程概念,出参和返回值均为进程执行总时间。 + +**参数**: + +1. tms结构体指针ts。 + +**输出**: + +- 非负数:进程的执行时间。 + +#### ctime + +ctime() 函数将tp指向的time_t结构体对象转换为的字符串。效果等同于asctime(localtime(t))。 + +**参数**: time_t结构体指针tp。 + +**输出**: + +- 成功则返回字符串指针。 +- 失败返回NULL。 + +#### ctime_r + +ctime_r() 函数将tp指向的time_t结构体对象转换为的字符串,并将字符串放入buf指向的数组中(其大小应至少为26字节)并返回buf。 + +**参数**: + +1. tm结构体指针timeptr。 +2. 字符串缓冲区buf。 + +**输出**: + +- 成功则返回字符串指针。 +- 失败返回NULL。 + +#### difftime + +计算两个日历时间之间的差值(由第一个参数减去第二个参数)。 + +**参数**: + +1. 第一个时间值t1。 +2. 第二个时间值t0。 + +**输出**: + +- 返回时间差值。 + +#### getdate + +暂不支持 + +#### gettimeofday + +gettimeofday() 函数应获取当前时间,并将其存储在tp指向的timeval结构中。如果时区结果tz不是空指针,则行为未指定。 + +**参数**: + +1. timeval结构体指针tp。 +2. 时区指针tz。 + +**输出**: + +- 返回0。 + +#### gmtime + +将time_t结构表示的日历时间转换为tm结构表示的时间,无时区转换。 + +**参数**:time_t结构体指针。 + +**输出**: + +返回值: + +- tm结构体指针。 + +errno: + +- EOVERFLOW:转换溢出。 + +#### gmtime_r + +与gmtime函数类似,不同的是gmtime_r会将结果放入在用户提供的tm结构体中。 + +**参数**: + +1. time_t结构体指针。 +2. tm结构体指针。 + +**输出**: + +返回值: + +- tm结构体指针。 + +errno: + +- EOVERFLOW:转换溢出。 + +#### localtime + +将time_t结构表示的日历时间转换为tm结构表示的本地时间,受时区的影响。 + +**参数**:time_t结构体指针。 + +**输出**: + +返回值: + +- tm结构体指针。 + +errno: + +- EOVERFLOW:转换溢出。 + +#### localtime_r + +与localtime函数类似,不同的是localtime_r会将结果放入在用户提供的tm结构体中。 + +**参数**: + +1. time_t结构体指针。 +2. tm结构体指针。 + +**输出**: + +返回值: + +- tm结构体指针。 + +errno: + +- EOVERFLOW:转换溢出。 + +#### mktime + +将已经根据时区信息计算好的tm结构表示的时间转换为time_t结构表示的时间戳,受时区的影响。 + +**参数**:tm结构体指针。 + +**输出**: + +返回值: + +- time_t结构体指针。 + +errno: + +- EOVERFLOW:转换溢出。 + +#### strftime + +暂不支持 + +#### strftime_l + +暂不支持 + +#### strptime + +使用format指定的格式,将buf指向的字符串解析转换为tm结构体的时间值。 + +**参数**: + +1. 时间字符串buf。 +2. 格式字符串format。 +3. tm结构体指针tp。 + +**输出**: + +- 成功则返回指针,指向解析的最后一个字符后面的字符。 +- 失败返回NULL。 + +#### time + +获取当前的日历时间,即从一个标准时间点到此时的时间经过的秒数。 + +**参数**:time_t结构体指针t。 + +**输出**:time_t结构体指针t。 + +#### timespec_get + +返回基于给定时基base的时间,由timespec结构体保存。时基通常为TIME_UTC。 + +**参数**: + +1. timespec结构体指针ts。 +2. 时基base。 + +**输出**: + +- 成功则返回时基的值。 +- 失败则返回0。 + +#### utime + +暂不支持。 + +#### wcsftime + +暂不支持。 + +#### wcsftime_l + +暂不支持。 + +### 内存管理 + +#### malloc + +malloc()分配大小(以字节为单位)size 的未使用的空间。 + +**参数**:大小size。 + +**输出**:分配成功时,返回指向分配空间的指针。 + +- 如果size 为0,则返回空指针或可以成功传递给 free()的唯一指针。 +- 否则它将返回一个空指针,并设置 errno 来指示错误:ENOMEM 存储空间不足。 + +#### free + +Free()函数释放ptr指向的空间,即可供进一步分配。如果ptr是空指针,则不发生任何操作。如果空间已被对free()或realloc()的调用释放,则行为未定义。 + +**参数**:指针ptr。 + +**输出**:无 + +#### memalign + +memalign()函数将分配按align大小字节对齐,大小为len的内存空间指针。 + +**参数**:align是对齐字节数,len指定分配内存的字节大小。 + +**输出**:成功完成后,空间大小为len的指针。 + +#### realloc + +realloc()函数将释放ptr所指向的旧对象,并返回一个指向新对象的指针,该对象的大小由size指定。并拷贝旧指针指向的内容到新指针,然后释放旧指针指向的空间。如果ptr是空指针,则realloc()对于指定的大小应等同于malloc()。 + +**参数**:旧指针地址;新指针的目标分配空间大小。 + +**输出**:在成功完成后,realloc()将返回一个指向分配空间的指针。如果size为0,则行为不可预测。 + +#### malloc_usable_size + +malloc_usable_size()函数返回ptr所指向的块中的可用字节数。 + +**参数**:待计算内存块大小的指针。 + +**输出**:返回ptr指向的已分配内存块中的可用字节数。如果ptr为NULL,则返回0。 + +#### aligned_alloc + +aligned_alloc()函数分配size字节未初始化的存储空间,按照alignment指定对齐。 + +**参数**:alignment指定对齐;size是分配的字节数。 + +**输出**:返回指向新分配内存的指针。 + +#### reallocarray + +reallocarray()函数将释放ptr所指向的旧对象,并返回一个指向新对象的指针,该对象的大小由size由入参m和n决定。等同于realloc(ptr, m * n); + +**参数**:ptr待释放的指针内容,m和n代表数组的长度和单个元素的字节数。 + +**输出**:在成功完成后返回一个指向分配空间的指针。如果size为0,则行为不可预测。 + +#### calloc + +calloc()函数将为一个数组分配未使用的空间,并将该空间应初始化为所有位0。 + +**参数**:m和n分别代表数组的元素个数或单个元素的大小。 + +**输出**:分配成功时,返回指向分配空间的指针。失败时则行为不可预测。 + +#### posix_memalign + +posix_memalign()函数将分配按align指定的边界对齐的大小字节,并返回指向在memptr中分配的内存的指针。对齐的值应该是sizeof(void *)的2倍幂。 + +**参数**:res分配好的内存空间的首地址,align是对齐字节数,len指定分配内存的字节大小。 + +**输出**:成功完成后,posix_memalign()将返回零;否则,将返回一个错误号来表示错误,并且不修改memptr的内容,或者将其设置为空指针。 + +### 退出管理 + +#### abort + +abort()函数触发程序的异常终止,除了信号SIGABRT没有被捕获或者返回。 + +**参数**:无 + +**输出**:无 + +#### _Exit + +_Exit()函数终止程序。 + +**参数**:入参是0,EXIT_SUCCESS, EXIT_FAILURE或任何其他值。wait()和waitpid()只能获得最低有效的8位(即status & 0377);完整的值应该可以从waitid()和siginfo_t中获得,SIGCHLD传递给信号处理程序。 + +**输出**:无 + +#### atexit + +atexit()注册一个在程终止时运行的函数。在正常的程序终止时,所有由atexit()函数注册的函数都应该按照其注册的相反顺序被调用,除非一个函数在之前注册的函数之后被调用,而这些函数在注册时已经被调用了。正常的终止发生在调用exit()或从main()返回时。 + +**参数**:函数指针,该入参函数不带参数。 + +**输出**:成功返回0;失败返回非0。 + +#### quick_exit + +quick_exit()函数触发快速程序终止,并以后进先出(LIFO)的顺序调用由at_quick_exit注册的函数。 + +**参数**:程序退出的状态码。 + +**输出**:无 + +#### at_quick_exit + +at_quick_exit()函数注册由func指向的函数,在快速程序终止时(通过quick_exit)调用。最多能注册32个函数。 + +**参数**:指向快速程序退出时要调用的函数的指针。 + +**输出**:注册成功返回0,否则为非零值。 + +#### assert + +assert()宏将在程序中插入断言,它将扩展为一个void表达式。当它被执行时,如果判断条件失败。assert()将写失败特定的调用信息,并将调用abort()退出程序。 + +**参数**:判断表达式。 + +**输出**:无 + +### stdlib接口 + +#### div + +div()函数计算int型除法的商和余数。如果余数或商不能表示,结果是未知的。 + +**参数**:int numer(分子), int denom(分母)。 + +**输出**:结构体div_t,int型的商和余数。 + +#### ldiv + +ldiv()函数将计算long型除法的商和余数。如果余数或商不能表示,结果是未知的。 + +**参数**:long numer(分子), long denom(分母)。 + +**输出**:结构体ldiv_t,long型的商和余数。 + +#### lldiv + +lldiv()函数将计算long long型除法的商和余数。如果余数或商不能表示,结果是未知的。 + +**参数**:long long numer(分子), long long denom(分母)。 + +**输出**:结构体lldiv_t,long long型的商和余数。 + +#### imaxdiv + +imaxdiv()函数将计算intmax_t型除法的商和余数。如果余数或商不能表示,结果是未知的。 + +**参数**:intmax_t numer(分子), intmax_t denom(分母)。 + +**输出**:结构体imaxdiv_t,intmax_t型的商和余数。 + +#### wcstol + +wcstol()将宽字符串转换为long型正数。输入字符串分解为三部分。 + +1. 初始的(可能为空的)空白宽字符代码序列(由iswspace()指定)。 +2. long型整数,进制的类型由base入参决定。 +3. 由一个或多个无法识别的宽字符代码组成的最终宽字符串。 + +**参数**:指向要解释的以空字符结尾的宽字符串的指针;指向宽字符的指针;解释的整数值的基数。 + +**输出**:转换后的long型数值。如果无法进行转换,则返回0,并设置errno表示错误。如果正确值在可表示的值范围之外,则返回LONG_MIN,LONG_MAX,LLONG_MIN或LLONG_MAX,并将errno设置为ERANGE。 + +#### wcstod + +wcstod()将宽字符串转换为double型浮点数。输入字符串分解为三部分。 + +1. 初始的(可能为空的)空白宽字符代码序列(由iswspace()指定)。 +2. double型浮点数、无穷大或者NaN。 +3. 由一个或多个无法识别的宽字符代码组成的最终宽字符串。 + +**参数**:指向要解释的以空字符结尾的宽字符串的指针;指向宽字符的指针; + +**输出**:转换后的double型浮点数。如果越界,则可能返回±HUGE_VAL, ±HUGE_VALF或±HUGE_VALL,并将errno设置为ERANGE。 + +#### fcvt + +fcvt()将浮点数转换为要求长度的字符串,没有小数点,如果超过value的数字长度将补零。 + +**参数**:待转换的浮点数、转换后字符串的长度、小数点所在位指针、符号位指针。 + +**输出**:转换后字符串指针。 + +#### ecvt + +ecvt()函数将浮点数转换为要求长度的字符串,没有小数点,如果超过value的数字长度不补零(与fcvt的区别)。 + +**参数**:待转换的浮点数、转换后字符串的长度、小数点所在位指针、符号位指针。 + +**输出**:转换后字符串指针。 + +#### gcvt + +gcvt()函数将double类型的值转换为要求长度的字符串,包含小数点。 + +**参数**:待转换的浮点数,转换后字符串的长度、转换后字符串指针。 + +**输出**:转换后字符串指针(等于函数成功调用后第三个入参的指针)。 + +#### qsort + +qsort()函数对数据表进行排序。 + +**参数**:qsort()函数将对nel对象数组进行排序,该数组的初始元素由base指向。每个对象的大小(以字节为单位)由width参数指定。如果nel参数的值为0,则不会调用comp所指向的比较函数,也不会进行重排。应用程序应确保compar所指向的比较函数不会改变数组的内容。实现可以在调用比较函数之间对数组元素重新排序,但不能改变任何单个元素的内容。 + +**输出**:无 + +#### abs + +abs()函数计算并返回int型数值的绝对值。 + +**参数**:int整型数值。 + +**输出**:int整型数值的绝对值。 + +#### labs + +labs()函数计算并返回long型数值的绝对值。 + +**参数**:long型数值。 + +**输出**:long型数值的绝对值。 + +#### llabs + +llabs()函数计算并返回long long型数值的绝对值。 + +**参数**:long long型数值。 + +**输出**:long long型数值的绝对值。 + +#### imaxabs + +imaxabs()函数计算并返回intmax_t型的绝对值。 + +**参数**:intmax_t型数值。 + +**输出**:intmax_t型数值的绝对值。 + +#### strtol + +strtol()函数转换字符串到long型数值。这将nptr所指向的字符串的初始部分转换为long类型的表示形式。首先,它们将输入字符串分解为三部分: + +1. 一个初始的、可能为空的空白字符序列(由isspace()函数判断)。 +2. long型整数,进制的类型由base入参决定。 +3. 由一个或多个不可识别字符组成的最后字符串,包括输入字符串的终止NUL字符。 + +**参数**:待转换的字符串的指针;指向字符的指针;解释的整数值的基数。 + +**输出**:转换后的long型。如果无法进行转换,则返回0,并设置errno表示错误。如果正确值在可表示的值范围之外,则返回LONG_MIN, LONG_MAX, LLONG_MIN或LLONG_MAX,并将errno设置为EINVAL。 + +#### strtod + +strtod()函数将字符串转换为double型。输入字符串分解为三部分。 + +1. 初始的(可能为空的)空白字符代码序列(由isspace()指定)。 +2. double型浮点数、无穷大或者NaN。 +3. 由一个或多个无法识别的字符代码组成的最终字符串。 + +**参数**:待转换的字符串的指针;指向字符的指针; + +**输出**:转换后的double型浮点数。如果越界,则可能返回±HUGE_VAL, ±HUGE_VALF或±HUGE_VALL,并将errno设置为EINVAL。 + +#### atoi + +atoi()函数将字符串转换为int型整数。 + +**参数**:待转换的字符串的指针。 + +**输出**:转换后的int型数值。如果是无法显示数值,返回值不可预测。 + +#### atol + +atol()函数将字符串转换为long型整数。 + +**参数**:待转换的字符串的指针。 + +**输出**:转换后的long型数值。如果是无法显示数值,返回值不可预测。 + +#### atoll + +atoll()函数将字符串转换为long long型整数。 + +**参数**:待转换的字符串的指针。 + +**输出**:转换后的long long型数值。如果是无法显示数值,返回值不可预测。 + +#### atof + +atof()函数将字符串转换为double型浮点数。 + +**参数**:待转换的字符串的指针。 + +**输出**:转换后的double型数值。如果是无法显示数值,返回值不可预测。 + +#### bsearch + +bsearch()函数二分查找一个已排序表.将搜索一个nel对象数组,该数组的初始元素由base指向,以查找与key指向的对象匹配的元素。数组中每个元素的大小由width指定。如果nel参数的值为0,则不会调用compar所指向的比较函数,也不会找到匹配项。 + +**参数**:依次为目标查找的元素,待查找的数组的指针,数组的元素个数,数组每个元素的size大小,两个元素的比较函数。 + +**输出**:指向数组中匹配成员的指针,如果没找到则返回空指针。 + +### SystemV IPC + +#### semget + +semget()函数返回与参数key相关联的SystemV信号量集的标识符。它可用于获得先前创建的信号量集合的标识符(当flag为0且key不为IPC_PRIVATE时)或来创建一个新的集合。最多可以支持创建SEMSET_MAX_SYS_LIMIT个信号量集合,每个集合最多支持SEMSET_MAX_SEM_NUM个信号量。 + +**参数**: + +1. 键值key。 +2. 信号量的个数nsems。 +3. 信号量的创建方式和权限flag。 + +**输出**: + +- 非负数:信号量集的标识符。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- ENOENT:信号量集不存在。 +- ENOSPC:超出最大信号量集合的限制。 +- EEXIST:flag包含了IPC_CREAT和IPC_EXCL但标识符已存在。 + +#### semctl + +semctl()函数在由semid标识的SystemV信号量集合中的第semnum个信号量上执行由cmd指定的控制操作。集合中的信号量从0开始编号。当前支持的cmd包括IPC_STAT(支持获取信号量集合中的个数)、GETALL(获取信号量集合中所有信号量的值)、GETVAL(获取单个信号量的值)和IPC_RMID(根据标识符删除信号量集合)。 + +**参数**: + +1. 信号量集合标识符semid。 +2. 信号量中的编号semnum。 +3. 要执行的操作命令cmd。 +4. 可选参数union semun结构体arg。 + +**输出**: + +- 0:操作成功。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- EIDRM:信号量集合已删除。 +- EFAULT:arg中的buf或array指针为空。 + +#### semop + +semop()函数对semid关联的信号量集合中选定的信号量进行操作,也就是使用资源或者释放资源。具体操作由struct sembuf结构体来决定。结构体包括数组索引semnum,信号量操作(支持+1或-1,表示释放资源和使用资源)op,操作方式flag(支持IPC_NOWAIT,不阻塞操作)。当前只支持单个信号量的操作。 + +**参数**: + +1. 信号量集合标识符semid。 +2. 指向struct sembuf结构体的数组sops。 +3. 数组个数nsops。 + +**输出**: + +- 0:操作成功。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- ENOTSUP:操作不支持。 +- EFAULT:数组指针sops为空。 +- E2BIG:数组个数nsops超过限制。 +- EIDRM;信号量集合已删除。 +- EFBIG:某个信号量索引超过限制。 +- EAGAIN:操作无法立即进行,如flag包含了IPC_NOWAIT或超时。 + +#### semtimedop + +semtimedop()的行为与semop()相同,不同点在于增加一个超时时间,等待超时返回错误码。 + +**参数**: + +1. 信号量集合标识符semid。 +2. 指向struct sembuf结构体的数组sops。 +3. 数组个数nsops。 +4. timespec结构体指针timeout。 + +**输出**: + +- 0:操作成功。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- ENOTSUP:操作不支持。 +- EFAULT:数组指针sops为空。 +- E2BIG:数组个数nsops超过限制。 +- EIDRM;信号量集合已删除。 +- EFBIG:某个信号量索引超过限制。 +- EAGAIN:操作无法立即进行,如flag包含了IPC_NOWAIT或超时。 + +#### msgget + +msgget()返回与参数key相关联的SystemV消息队列的标识符。它可用于获得先前创建的消息队列的标识符(当flag为0且key不为IPC_PRIVATE时)或来创建一个新的消息队列。最多支持创建MSGQUE_MAX_SYS_LIMIT个消息队列,消息队列默认大小为MSGQUE_MAX_MSG_NUM,消息大小默认为MSGQUE_MAX_MSG_SIZE。 + +**参数**: + +1. 键值key。 +2. 消息队列的创建方式和权限flag。 + +**输出**: + +- 非负数:消息队列的标识符。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- ENOENT:消息队列不存在。 +- ENOSPC:超出最大消息队列的限制。 +- EEXIST:flag包含了IPC_CREAT和IPC_EXCL但标识符已存在。 +- ENOMEM:内存不足。 + +#### msgctl + +msgctl()在标识为msgqid的SystemV消息队列上执行cmd指定的控制操作。当前支持IPC_STAT(支持获取消息队列中的消息个数和大小)、IPC_RMID(删除消息队列)。 + +**参数**: + +1. 消息队列标识符msgqid。 +2. 消息队列控制命令cmd。 +3. 消息队列信息msqid_ds结构体buf。 + +**输出**: + +- 0:操作成功。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- EFAULT:msqid_ds结构体指针为空。 +- EIDRM:消息队列已删除。 +- ENOTSUP:不支持的命令。 + +#### msgsnd + +msgsnd()将msgp指向的消息追加到msgqid指定的SystemV消息队列中,如果队列有足够空间,msgsnd立即执行。消息大小不超过MSGQUE_MAX_MSG_SIZE。当前flag支持IPC_NOWAIT,表示操作不等待。 + +**参数**: + +1. 消息队列标识符msgqid。 +2. 需要发送的消息msgp。 +3. 发送消息的大小msgsz。 +4. 发送方式flag。 + +**输出**: + +- 0:操作成功。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- EFAULT:msgp指针为空。 +- EIDRM:消息队列已删除。 +- ENOTSUP:不支持的命令。 + +#### msgrcv + +msgrcv()函数将消息从msgqid指定的消息队列中移除,并放入msgp指向的缓冲区中。参数msgsz指定了缓冲区buf的大小。当前msgtype支持的值为0,flag支持IPC_NOWAIT,表示操作不等待。 + +**参数**: + +1. 消息队列标识符msgqid。 +2. 需要接受消息的缓冲区msgp。 +3. 接受消息的大小msgsz。 +4. 接受消息的类型msgtype。 +5. 发送方式flag。 + +**输出**: + +- 0:操作成功。 +- -1: 操作失败。 + +errno: + +- EINVAL:参数错误。 +- EFAULT:msgp指针为空。 +- EIDRM:消息队列已删除。 +- ENOTSUP:不支持的命令。 +- ENOMSG:消息队列中没有请求类型的消息。 + +#### shmget + +暂不支持 + +#### shmctl + +暂不支持 + +#### shmat + +暂不支持 + +#### shmdt + +暂不支持 + +#### ftok + +暂不支持 + +#### fstatat + +fstatat()函数根据相对路径获取相关的文件统计信息。 + +**参数**: + +1. 文件描述符fd。 +2. 路径名path。 +3. 文件信息指针st。 +4. 操作标记flag。 + +**输出**: + +- 目录流指针:操作成功。 +- NULL:操作失败。 + +errno: + +- EFAULT:指针为空。 +- ENOENT:没有这样的文件。 +- ENOSYS:缺少相关函数。 + +#### fchmodat + +fchmodat()函数根据相对路径更改相关文件的访问权限。 + +**参数**: + +1. 文件描述符fd。 +2. 路径名path。 +3. 访问模式mode。 +4. 操作标记flag。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- ELOOP:符号连接的层数过多。 +- ENOSYS:缺少相关函数。 + +#### mkdir + +mkdir()函数用于参数路径名path的创建目录。 + +**参数**: + +1. 路径名path。 +2. 访问模式mode。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- ENXIO:驱动程序问题。 +- EEXIST:目录已存在。 +- ENOSYS:缺少相关函数。 + +#### chmod + +chmod()函数用来控制相关文件的权限。 + +**参数**: + +1. 路径名path。 +2. 访问模式mode。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- ELOOP:符号连接的层数过多。 + +#### lstat + +lstat()函数根据路径名path获取相关的链接文件统计信息。 + +**参数**: + +1. 路径名path。 +2. 文件信息结构体stat。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EFAULT:参数指针为空。 +- ENOENT:没有这样的文件。 +- ENOMEM:内存不足。 + +#### utimensat + +utimensat()函数根据相对目录更改相关的文件时间戳。 + +**参数**: + +1. 文件描述符fd。 +2. 路径名pathname。 +3. 时间结构体数组times。 +4. 操作标识flags。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### mkfifo + +mkfifo()函数用于在文件系统中创建一个有名管道。 + +**参数**: + +1. 路径名pathname。 +2. 访问模式mode。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EEXIST:文件已存在。 +- ENXIO:驱动程序问题。 +- ENOSYS:缺少相关函数。 + +#### fchmod + +fchmod()函数可以修改文件描述符fd相关的文件权限。 + +**参数**: + +1. 文件描述符fd。 +2. 访问模式mode。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- ELOOP:符号连接的层数过多。 +- ENOSYS:缺少相关函数。 + +#### mknod + +mknod()函数用于建立FIFO、字符设备文件以及块设备文件等。 + +**参数**: + +1. 路径名path。 +2. 访问模式mode。 +3. 设备号dev。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EEXIST:文件已存在。 +- ENXIO:驱动程序问题。 +- ENOSYS:缺少相关函数。 + +#### statvfs + +statvfs()函数根据路径名path获取磁盘信息。 + +**参数**: + +1. 路径名path。 +2. statvfs结构体指针buf。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EFAULT:错误地址。 +- ENOENT:不存在文件。 +- ENOMEM:内存不足。 + +#### mkfifoat + +mkfifoat()函数与mkfifo()函数类似,在参数fd表示的目录相关位置创建一个有名管道。 + +**参数**: + +1. 文件描述符fd。 +2. 路径名path。 +3. 访问模式mode。 +4. 设备号dev。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EEXIST:文件已存在。 +- ENXIO:驱动程序问题。 +- ENOSYS:缺少相关函数。 + +#### umask + +umask()函数设置预设的文件权限。 + +**参数**: + +1. 访问权限mode。 + +**输出**: + +- 前一个访问权限:操作成功。 + +#### mknodat + +mknodat()函数用于建立FIFO、字符设备文件以及块设备文件等,在参数fd表示的目录相关位置创建。 + +**参数**: + +1. 文件描述符fd。 +2. 路径名path。 +3. 访问模式mode。 +4. 设备号dev。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EEXIST:文件已存在。 +- ENXIO:驱动程序问题。 +- ENOSYS:缺少相关函数。 + +#### futimesat + +futimesat()函数根据目录文件描述符更改相关的文件时间戳。 + +**参数**: + +1. 文件描述符fd。 +2. 路径名pathname。 +3. 时间结构体数组times。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### lchmod + +lchmod()函数用来控制相关文件的权限。 + +**参数**: + +1. 路径名pathname。 +2. 访问模式mode。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- ELOOP:符号连接的层数过多。 +- ENOSYS:缺少相关函数。 + +#### futimens + +futimens()函数根据文件描述符fd更改相关的文件时间戳的方法。 + +**参数**: + +1. 文件描述符fd。 +2. 时间结构体数组times。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### mkdirat + +mkdirat()函数根据相对目录文件描述符创建一个新目录。 + +**参数**: + +1. 文件描述符fd。 +2. 路径名path。 +3. 访问模式mode。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- ENXIO:驱动程序问题。 +- EEXIST:目录已存在。 +- ENOSYS:缺少相关函数。 + +#### fstat + +fstat()函数根据文件描述符fd获取相关文件的信息。 + +**参数**: + +1. 文件描述符fd。 +2. stat结构体指针buf。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EBADF:无效的描述符。 +- ENOSYS:缺少相关函数。 + +#### stat + +stat()函数根据路径名获取相关文件的信息。 + +**参数**: + +1. 路径名path。 +2. stat结构体指针buf。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EFAULT:参数指针为空。 +- ENOENT:不存在文件。 +- ENOSYS:缺少相关函数。 + +#### open + +open()函数根据文件名pathname打开相关的文件。 + +**参数**: + +1. 文件名pathname。 +2. 文件访问模式mode。 +3. 可变参数。 + +**输出**: + +- 文件描述符fd:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- ELOOP:符号连接的层数过多。 +- EACCES:权限不足。 +- ENXIO:驱动程序问题。 + +#### creat + +creat()函数根据文件名pathname创建相关的文件。 + +**参数**: + +1. 文件名pathname。 +2. 文件访问模式mode。 + +**输出**: + +- 文件描述符fd:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- ELOOP:符号连接的层数过多。 +- EACCES:权限不足。 +- ENXIO:驱动程序问题。 + +#### posix_fadvise + +暂不支持。 + +#### fcntl + +fcntl()函数用来修改已经打开文件的属性的函数。操作命令目前只支持F_DUPFD、F_DUPFD_CLOEXEC、F_GETFD、F_SETFD、F_GETFL、F_SETFL、F_GETPATH。 + +**参数**: + +1. 文件描述符fd。 +2. 操作命名cmd。 +3. 可变参数。 + +**输出**: + +- 文件描述符fd:操作成功。 +- -1:操作失败。 + +errno: + +- EBADF:无效的描述符。 +- ENOSYS:缺少相关函数。 +- EINVAL:参数错误。 + +#### posix_fallocate + +posix_fallocate()函数确保为文件描述符fd引用的文件分配磁盘空间,从偏移开始,持续len字节。如果文件大小小于offset+len,则文件为增加到这个大小,否则将保留文件大小不变。 + +**参数**: + +1. 文件描述符fd。 +2. 偏移offset。 +3. 长度len。 + +**输出**: + +- 文件描述符fd:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- EFBIG:长度错误。 +- EBADF:无效的描述符。 +- EROFS:文件系统仅可读。 +- ENOSYS:缺少相关函数。 + +#### openat + +openat()函数当参数传入为绝对路径时,与open()函数一致。如果openat()函数的第一个参数fd是常量AT_FDCWD时,则其后的第二个参数路径名是以当前工作目录为基址的;否则以fd指定的目录文件描述符为基址。 + +**参数**: + +1. 文件描述符fd。 +2. 文件路径path。 +3. 打开标识oflag。 +4. 访问模式mode。 + +**输出**: + +- 文件描述符fd:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- EFBIG:长度错误。 +- EBADF:无效的描述符。 +- EROFS:文件系统仅可读。 +- ENOSYS:缺少相关函数。 + +#### scandir + +暂不支持。 + +#### seekdir + +seekdir()函数用来设置参数dir目录流当前的读取位置。 + +**参数**: + +1. 目录流指针dir。 +2. 偏移位置off。 + +**输出**:无。 + +#### readdir_r + +暂不支持。 + +#### fdopendir + +fdopendir()函数打开与目录名称相对应的目录流指针。 + +**参数**: + +1. 文件描述符fd。 + +**输出**: + +- 目录流指针dir:操作成功。 +- NULL:操作失败。 + +errno: + +- EBADF:无效的描述符。 +- ENOTDIR:不是目录。 + +#### versionsort + +versionsort()函数将dirent的名称通过strverscmp()进行比较,用于比较版本号字符串。 + +**参数**: + +1. dirent指针a。 +2. dirent指针b。 + +**输出**: + +- 小于,等于或大于零的整数:操作成功。 + +#### alphasort + +alphasort()函数将dirent的名称通过strcoll()进行比较,用于比较版本号字符串。 + +**参数**: + +1. dirent指针a。 +2. dirent指针b。 + +**输出**: + +- 小于,等于或大于零的整数:操作成功。 + +#### rewinddir + +rewinddir()函数设置参数dir目录流读取位置为原来开头的读取位置。 + +**参数**: + +1. 目录流指针dir。 + +**输出**:无。 + +#### dirfd + +dirfd()函数返回参数dir目录流相关的文件描述符fd。 + +**参数**: + +1. 目录流指针dir。 + +**输出**: + +- 整型文件描述符值:操作成功。 + +#### readdir + +暂不支持。 + +#### telldir + +telldir()函数返回一个目录流dir的当前位置。 + +**参数**: + +1. 目录流指针dir。 + +**输出**: + +- 位置整型值:操作成功。 + +#### closedir + +closedir()函数关闭一个目录流dir。 + +**参数**: + +1. 目录流指针dir。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EBADF:无效的描述符。 + +#### opendir + +opendir()函数用来打开参数name指定的目录流。 + +**参数**: + +1. 文件名name。 + +**输出**: + +- 目录流指针:操作成功。 +- NULL:操作失败。 + +errno: + +- EINVAL:参数错误。 +- ELOOP:符号连接的层数过多。 +- EACCES:权限不足。 +- ENXIO:驱动程序问题。 + +#### putwchar + +putwchar()函数将宽字符wc写入标准输出stdout。 + +**参数**: + +1. 宽字符wc。 + +**输出**: + +- wc:操作成功。 +- WEOF: 操作失败。 + +errno: + +- EILSEQ:宽字符转换错误。 + +#### fgetws + +fgetws()函数文件流中读取最多n-1个宽字符的字符串,并增加一个终结宽空字符,保存到输入字符串ws中。 + +**参数**: + +1. 宽字符串ws。 +2. 宽字符串长度n。 +3. 文件流stream。 + +**输出**: + +- ws:操作成功。 +- NULL:操作失败。 + +#### vfwprintf + +vfwprintf()函数将format指向可变参数列表中的格式化数据的字符串写入文件流stream。 + +**参数**: + +1. 文件流stream。 +2. 指向宽字符串的指针format。 + +**输出**: + +- 成功转换字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EOVERFLOW:字符串长度溢出。 +- EINVAL:参数错误。 + +#### fscanf + +fscanf()函数从文件流stream读取格式化数据到变量参数列表中。 + +**参数**: + +1. 文件流stream。 +2. 格式化输入format。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- EOF:操作失败。 + +#### snprintf + +snprintf()函数用于格式化输出字符串,并将结果写入到指定的缓冲区,并限制输出的字符数,避免缓冲区溢出。 + +**参数**: + +1. 目标字符串str。 +2. 字符数组的大小size。 +3. 格式化字符串format。 +4. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### sprintf + +sprintf()函数发送格式化输出到str所指向的字符串。 + +**参数**: + +1. 目标字符串str。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### fgetpos + +fgetpos()函数获取文件流stream的当前文件位置,并把它写入到pos。 + +**参数**: + +1. 指向文件流对象指针stream。 +2. 指向fpos_t对象的指针。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### vdprintf + +vdprintf()函数将可变参数的格式化后的字符串输出到文件描述符中。 + +**参数**: + +1. 文件描述符fd。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### gets + +gets()函数从标准输入stdin读取一行,并存储在str所指向的字符串中。 + +**参数**: + +1. 字符串指针str。 + +**输出**: + +- 字符串指针str:操作成功。 +- NULL:操作失败。 + +#### ungetc + +ungetc()函数将字符char推入到指定的文件流stream中,以便它是下一个被读取到的字符。 + +**参数**: + +1. 被推入的字符char。 +2. 文件流指针stream。 + +**输出**: + +- 字符char:操作成功。 +- EOF:操作失败。 + +#### ftell + +ftell()函数返回给定文件流stream的当前文件位置。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 当前文件位置:操作成功。 +- -1:操作失败。 + +errno: + +- EOVERFLOW:文件位置溢出。 + +#### clearerr + +clearerr()函数清除给定文件流stream的文件结束符和错误标识符。 + +**参数**: + +1. 文件流指针stream。 + +**输出**:无 + +#### getc_unlocked + +getc_unlocked()函数从文件流stream读取字符char。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 字符char:操作成功。 +- EOF:文件流结束。 + +#### fmemopen + +fmemopen()函数打开一个内存流,使其可以读取或写入由buf指定的缓冲区。 + +**参数**: + +1. 缓冲区buf。 +2. 缓冲区大小size。 +3. 操作模式mode。 + +**输出**: + +- 文件流指针:操作成功。 +- NULL:操作失败。 + +errno: + +- EINVAL:参数失败。 +- ENOMEM:内存不足。 + +#### putwc + +putwc()函数将宽字符wc写入给定的文件流stream中。 + +**参数**: + +1. 宽字符wc。 +2. 文件流stream。 + +**输出**: + +- 宽字符wc:操作成功。 +- WEOF:操作失败。 + +errno: + +- EILSEQ:宽字符转换错误。 + +#### getchar + +getchar()函数从标准输入stdin获取一个字符。 + +**参数**:无 + +**输出**: + +- 字符ch:操作成功。 +- EOF:操作失败或文件末尾。 + +#### open_wmemstream + +open_wmemstream()函数打开用于写入宽字符串缓冲区的文件流。缓冲区是动态分配的。 + +**参数**: + +1. 指向缓冲区宽字符串指针ptr。 +2. 指向缓冲区大小的指针size。 + +**输出**: + +- 文件流指针:操作成功。 +- NULL:操作失败。 + +#### asprintf + +asprintf()函数将可变参数的格式化后的数据写入字符串缓冲区buffer。 + +**参数**: + +1. 存放字符串的指针buf。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### funlockfile + +funlockfile()函数将文件流解锁。 + +**参数**: + +1. 文件流指针stream。 + +**输出**:无 + +#### fflush + +fflush()函数刷新文件流stream的输出缓冲区。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 0:操作成功。 +- EOF:操作失败。 + +#### vfprintf + +vfprintf()函数将可变参数的格式化数据输出到文件流stream中。 + +**参数**: + +1. 文件流指针stream。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EOVERFLOW:字符串长度溢出。 +- EINVAL:参数错误。 + +#### vsscanf + +vsscanf()函数从字符串中读取格式化的数据到变量参数列表中。 + +**参数**: + +1. 处理字符串的指针str。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### vfwscanf + +vfwscanf()函数从文件流中读取格式化的数据到变量参数列表中。 + +**参数**: + +1. 输入文件流stream。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### puts + +puts()函数将指定字符串写入到标准输出stdout中。 + +**参数**: + +1. 输出字符串str。 + +**输出**: + +- 字符串长度:操作成功。 +- EOF:操作失败。 + +#### getchar_unlocked + +getchar_unlocked()函数读取标准输入stdin的一个字符。 + +**参数**:无。 + +**输出**: + +- 读取字符char:操作成功。 +- EOF:操作失败。 + +#### setvbuf + +setvbuf()函数设置文件流stream的缓冲模式。当前只支持无缓冲模式。 + +**参数**: + +1. 文件流stream。 +2. 分配的缓冲区buf。 +3. 指定文件缓冲的模式mode。 +4. 缓冲区大小size。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### getwchar + +getwchar()函数从标准输入stdin获取一个宽字符。 + +**参数**:无。 + +**输出**: + +- 宽字符ch:操作成功。 +- EOF:操作失败或文件末尾。 + +#### setbuffer + +setbuffer()函数用来设置文件流stream的缓冲区。 + +**参数**: + +1. 文件流指针stream。 +2. 缓冲区buf。 +3. 缓冲区大小size。 + +**输出**:无。 + +#### vsnprintf + +vsnprintf()函数将可变参数的格式化数据输出到字符串缓冲区中。 + +**参数**: + +1. 字符串缓冲区str。 +2. 缓冲区大小size。 +3. 格式化字符串format。 +4. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### freopen + +freopen()函数将一个新的文件名filename与给定的打开的流stream关联,同时关闭流中的旧文件。 + +**参数**: + +1. 新的文件名filename。 +2. 文件访问模式mode。 +3. 文件流指针stream。 + +**输出**: + +- 文件流指针stream:操作成功。 +- NULL:操作失败。 + +#### fwide + +fwide()函数用于设置文件流的定向。 + +**参数**: + +1. 文件流fp。 +2. 设置模式mode。 + +**输出**: + +- mode:操作成功。 + +#### sscanf + +sscanf()函数从字符串中读取格式化的数据到变量列表中。 + +**参数**: + +1. 处理字符串的指针str。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### fgets + +fgets()函数从指定的流中读取数据,每次读取n-1个字符或换行符或结束,并存储在参数str所指向的字符串内。 + +**参数**: + +1. 字符串的指针str。 +2. 读取最大字符数n. +3. 文件流stream。 + +**输出**: + +- 返回相同的str参数:操作成功。 +- NULL:操作失败。 + +#### vswscanf + +vswscanf()函数从参数str读取格式化的宽字符数据到变量参数列表中。 + +**参数**: + +1. 字符串的指针str。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配数:操作成功。 +- -1:操作失败。 + +#### vprintf + +vprintf()函数将格式化字符串输出到标准输出stdout。 + +**参数**: + +1. 格式化字符串format。 +2. 可变参数。 + +**输出**: + +- 成功写入字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- EOVERFLOW:字符串溢出。 + +#### fputws + +fputws()函数将参数宽字符串str写入指定的文件流stream。 + +**参数**: + +1. 宽字符串str。 +2. 文件流指针stream。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### wprintf + +wprintf()函数将格式化字符串format写入到标准输出stdout。 + +**参数**: + +1. 格式化字符串format。 +2. 可变参数。 + +**输出**: + +- 返回写入字符数:操作成功。 +- -1:操作失败。 + +#### wscanf + +wscanf()函数从标准输入stdin读取格式化的宽字符数据到可变变量列表。 + +**参数**: + +1. 格式化字符串format。 +2. 可变参数。 + +**输出**: + +- 返回成功匹配数:操作成功。 +- -1:操作失败。 + +#### fputc + +fputc()函数将字符c写入指定的文件流stream。 + +**参数**: + +1. 输入字符c。 +2. 文件流指针stream。 + +**输出**: + +- 返回成功匹配数:操作成功。 +- EOF:操作失败。 + +#### putchar + +putchar()函数将字符c写入标准输入stdin。 + +**参数**: + +1. 输入字符c。 + +**输出**: + +- 返回成功匹配数:操作成功。 +- EOF:操作失败。 + +#### flockfile + +flockfile()函数将指定的文件流锁定。 + +**参数**: + +1. 文件流指针stream。 + +**输出**:无。 + +#### vswprintf + +vswprintf()函数将格式化字符串写入大小已设置的缓冲区中。 + +**参数**: + +1. 宽字符串ws。 +2. 宽字符串大小len。 +3. 格式化字符串format。 +4. 可变参数。 + +**输出**: + +- 返回成功匹配数:操作成功。 +- -1:操作失败。 + +errno: + +- EOVERFLOW:字符串溢出。 + +#### fputwc + +fputwc()函数将参数宽字符wc写入文件流stream。 + +**参数**: + +1. 宽字符wc。 +2. 文件流指针stream。 + +**输出**: + +- 宽字符wc:操作成功。 +- WEOF:操作失败。 + +#### fopen + +fopen()函数使用给定的模式mode打开filename所指向的文件。 + +**参数**: + +1. 文件名filename。 +2. 文件访问模式mode。 + +**输出**: + +- 文件流指针:操作成功。 +- NULL:操作失败。 + +errno: + +- EINVAL:参数错误。 + +#### tmpnam + +tmpnam()函数生成并返回一个有效的临时文件名,并存储在参数缓冲区buf中。 + +**参数**: + +1. 文件名filename。 + +**输出**: + +- 临时文件名:操作成功。 +- NULL:操作失败。 + +#### ferror + +ferror()函数测试给定文件流stream的错误标识符。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 0:文件流未出错。 +- 非零值:文件流出错。 + +#### printf + +printf()函数将格式化字符串format写入到标准输出stdout。 + +**参数**: + +1. 格式化字符串format。 +2. 可变参数。 + +**输出**: + +- 成功写入字符数:操作成功。 +- -1:操作失败。 + +#### open_memstream + +open_memstream()函数打开用于写入字符串缓冲区的文件流。缓冲区是动态分配的。 + +**参数**: + +1. 指向缓冲区宽字符串指针ptr。 +2. 指向缓冲区大小的指针size。 + +**输出**: + +- 文件流指针:操作成功。 +- NULL:操作失败。 + +#### fwscanf + +fwscanf()函数从文件流stream中读取格式化数据将值存储到可变变量列表中。 + +**参数**: + +1. 文件流指针stream。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### fprintf + +fprintf()函数将格式化字符串写入到指定文件流stream。 + +**参数**: + +1. 文件流指针stream。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EOVERFLOW:字符串长度溢出。 +- EINVAL:参数错误。 + +#### fgetc + +fgetc()函数从文件流stream中读取一个字符c。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 读取的字符c:操作成功。 +- EOF:操作失败。 + +#### rewind + +rewind()函数将文件流内部指针重新指向开头。 + +**参数**: + +1. 文件流指针stream。 + +**输出**:无。 + +#### getwc + +getwc()函数从文件流读取一个宽字符wc。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 读取的宽字符c:操作成功。 +- WEOF:操作失败。 + +#### scanf + +scanf()函数从标准输入stdin读取格式化输入到可变变量列表中。 + +**参数**: + +1. 格式化字符串format。 +2. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### perror + +perror()函数将错误提示字符串打印出来。 + +**参数**: + +1. 错误字符串msg。 + +**输出**:无。 + +#### vsprintf + +vsprintf()函数将格式化字符串输出到参数指定的字符串str。 + +**参数**: + +1. 字符串缓冲区str。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### vasprintf + +vasprintf()函数将格式化字符串写入动态分配的字符串缓冲区中。 + +**参数**: + +1. 字符串缓冲区指针str。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### getc + +getc()函数从文件流stream中读取一个字符c。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 读取的字符c:操作成功。 +- EOF:操作失败。 + +#### dprintf + +dprintf()函数将格式化字符串写入到文件描述符fd指定的文件中。 + +**参数**: + +1. 文件描述符fd。 +2. 格式化字符串format。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- EOVERFLOW:字符串溢出。 + +#### popen + +暂不支持。 + +#### putc + +putc()函数将一个字符c写入文件流stream。 + +**参数**: + +1. 文件描述符fd。 +2. 格式化字符串format。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +#### fseek + +fseek()函数设置文件流stream的位置。 + +**参数**: + +1. 文件流stream。 +2. 相对偏移量offset。 +3. 开始位置whence。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### fgetwc + +fgetwc()函数从文件流stream读取一个宽字符wc。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 宽字符wc:操作成功。 +- WEOF:操作失败。 + +errno: + +- EILSEQ:转换失败。 + +#### tmpfile + +tmpfile()函数生成一个临时文件流指针。 + +**参数**:无。 + +**输出**: + +- 临时文件流指针:操作成功。 +- NULL:操作失败。 + +#### putw + +putw()函数将一个字符c写入指定的文件流stream。 + +**参数**: + +1. 输出字符c。 +2. 文件流指针stream。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### tempnam + +tempnam()函数在指定的目录中可用于创建一个临时文件的文件名。 + +**参数**: + +1. 指定目录dir。 +2. 文件名前缀prefix。 + +**输出**: + +- 临时文件名:操作成功。 +- NULL:操作失败。 + +#### vwprintf + +vwprintf()函数将格式化宽字符串写入到标准输出stdout。 + +**参数**: + +1. 格式化字符串format。 +2. 可变参数。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- EOVERFLOW:字符串溢出。 + +#### getw + +getw()函数从指定文件流stream读取一个字符c。 + +**参数**: + +1. 文件流stream。 + +**输出**: + +- 读取的字符c:操作成功。 +- EOF:操作失败。 + +#### putchar_unlocked + +putchar_unlocked()函数将一个字符c写入标准输出stdout。 + +**参数**: + +1. 写入字符c。 + +**输出**: + +- 字符c:操作成功。 +- EOF:操作失败。 + +#### fread + +fread()函数从给定文件流stream读取最多count的字符到字符串缓冲区buf。 + +**参数**: + +1. 缓冲区指针buf。 +2. 每个元素大小size。 +3. 元素个数count。 +4. 文件流指针stream。 + +**输出**: + +- 成功匹配字符数:操作成功。 +- 0:操作失败。 + +#### fileno + +fileno()函数返回文件流stream相关的文件描述符。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 文件描述符:操作成功。 +- -1:操作失败。 + +errno: + +- EBADF:无效的描述符。 + +#### remove + +remove()函数删除给定的文件名filename。 + +**参数**: + +1. 文件名filename。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### putc_unlocked + +putc_unlocked()函数将一个字符c写入指定的文件流stream。 + +**参数**: + +1. 写入字符c。 +2. 文件流指针stream。 + +**输出**: + +- 写入字符c:操作成功。 +- EOF:操作失败。 + +#### fclose + +fclose()函数关闭文件流stream。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 0:操作成功。 +- EOF:操作失败。 + +#### feof + +feof()函数检测文件流的文件结束符。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 1:文件结束。 +- 0:文件未结束。 + +#### fwrite + +fwrite()函数将指定的字符串str写入文件流stream。 + +**参数**: + +1. 字符串str。 +2. 元素的大小size。 +3. 元素的个数count。 +4. 文件流指针stream。 + +**输出**: + +- 返回成功写入字符数:操作成功。 +- 0:操作失败。 + +#### setbuf + +setbuf()函数打开或关闭缓冲机制。 + +**参数**: + +1. 文件流指针stream。 +2. 缓冲区buf。 + +**输出**:无。 + +#### pclose + +暂不支持。 + +#### swprintf + +swprintf()函数将格式化的数据写入到指定的宽字符串中。 + +**参数**: + +1. 宽字符串缓冲区buf。 +2. 宽字符串大小size。 +3. 格式化字符串format。 +4. 可变参数。 + +**输出**: + +- 成功写入字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EOVERFLOW:字符串溢出。 + +#### fwprintf + +fwprintf()函数将格式化宽字符串写入文件流stream。 + +**参数**: + +1. 文件流stream。 +2. 格式化宽字符串format。 +3. 可变参数。 + +**输出**: + +- 成功写入字符数:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 +- EOVERFLOW:字符串溢出。 + +#### swscanf + +swscanf()函数从宽字符串中读取格式化的数据到变量列表中。 + +**参数**: + +1. 宽字符串ws。 +2. 格式化宽字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配数:操作成功。 +- -1:操作失败。 + +#### rename + +rename()函数将旧文件名old_filename重命名为新文件名new_filename。 + +**参数**: + +1. 旧文件名old_filename。 +2. 新文件名new_filename。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +errno: + +- EINVAL:参数错误。 + +#### getdelim + +getdelim()函数从文件流中读取字符串,由参数指定的delimiter的进行分隔。 + +**参数**: + +1. 字符串缓冲区buf。 +2. 字符串缓冲区大小指针n。 +3. 分隔符delimiter。 +4. 文件流指针stream。 + +**输出**: + +- 成功写入字符数:操作成功。 +- -1:操作失败。 + +#### vfscanf + +vfscanf()函数从文件流stream读取格式化的数据到变量参数列表中。 + +**参数**: + +1. 文件流指针stream。 +2. 格式化字符串format。 +3. 可变参数。 + +**输出**: + +- 成功匹配数:操作成功。 +- -1:操作失败。 + +#### setlinebuf + +setlinebuf()函数设置文件流stream的行缓冲模式。 + +**参数**: + +1. 文件流指针stream。 + +**输出**:无。 + +#### fputs + +fputs()函数将字符串str写入到指定的文件流stream。 + +**参数**: + +1. 字符串str。 +2. 文件流指针stream。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### fsetpos + +fsetpos()函数将文件指针定位在参数pos指定的位置上。 + +**参数**: + +1. 文件流指针stream。 +2. 文件位置pos。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### fopencookie + +fopencookie()函数打开一个可以自定义实现的I/O流。 + +**参数**: + +1. 结构体指针cookie。 +2. 访问模式mode。 +3. 自定义I/O流函数。 + +**输出**: + +- 文件流指针:操作成功。 +- NULL:操作失败。 + +#### fgetln + +fgetln()函数从文件流中读取一行数据,并存储在大小为*len的缓冲区中。 + +**参数**: + +1. 文件流指针stream。 +2. 缓冲区长度指针len。 + +**输出**: + +- 字符串指针:操作成功。 +- NULL:操作失败。 + +#### vscanf + +vscanf()函数从标准输入stdin将格式化的数据读入可变参数列表。 + +**参数**: + +1. 格式化字符串format。 +2. 可变参数。 + +**输出**: + +- 成功匹配数:操作成功。 +- -1:操作失败。 + +#### ungetwc + +ungetwc()函数将宽字符ch推回与文件流关联的缓冲区中,除非ch等于WEOF。 + +**参数**: + +1. 宽字符wc。 +2. 文件流指针stream。 + +**输出**: + +- 返回宽字符wc:操作成功。 +- WEOF:操作失败。 + +#### getline + +getline()函数从文件流中读取字符串,由换行符\n的进行分隔。 + +**参数**: + +1. 字符串缓冲区buf。 +2. 字符串缓冲区大小指针n。 +3. 文件流指针stream。 + +**输出**: + +- 成功写入字符数:操作成功。 +- -1:操作失败。 + +#### ftrylockfile + +ftrylockfile()函数尝试进行文件锁定。 + +**参数**: + +1. 文件流指针stream。 + +**输出**: + +- 0:操作成功。 +- -1:操作失败。 + +#### vwscanf + +vwscanf()函数从标准输入stdin中读取格式化的数据到变量参数列表中。 + +**参数**: + +1. 文件流指针stream。 +2. 可变参数。 + +**输出**: + +- 成功匹配数:操作成功。 +- -1:操作失败。 + +## C11接口 + +| 接口名 | 适配情况 | +| :---: | :-----: | +| [cnd_broadcast](#cnd_broadcast) | 支持 | +| [cnd_destroy](#cnd_destroy) | 支持 | +| [cnd_init](#cnd_init) | 支持 | +| [cnd_signal](#cnd_signal) | 支持 | +| [cnd_timedwait](#cnd_timedwait) | 支持 | +| [cnd_wait](#cnd_wait) | 支持 | +| [mtx_destroy](#mtx_destroy) | 支持 | +| [mtx_init](#mtx_init) | 支持 | +| [mtx_lock](#mtx_lock) | 支持 | +| [mtx_timedlock](#mtx_timedlock) | 支持 | +| [mtx_trylock](#mtx_trylock) | 支持 | +| [thrd_create](#thrd_create) | 支持 | +| [thrd_current](#thrd_current) | 支持 | +| [thrd_detach](#thrd_detach) | 支持 | +| [thrd_equal](#thrd_equal) | 支持 | +| [thrd_exit](#thrd_exit) | 支持 | +| [thrd_join](#thrd_join) | 支持 | +| [thrd_sleep](#thrd_sleep) | 支持 | +| [thrd_yield](#thrd_yield) | 支持 | +| [tss_create](#tss_create) | 支持 | +| [tss_delete](#tss_delete) | 支持 | +| [tss_get](#tss_get) | 支持 | +| [tss_set](#tss_set) | 支持 | + +### 条件变量管理 + +#### cnd_init + +初始化条件变量cond。同使用条件变量属性为NULL的pthread_cond_init()。 + +**参数** + +1. 条件变量指针cond。 +2. 条件变量属性指针attr。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 + +#### cnd_destroy + +销毁指定条件变量,使得该条件变量未初始化,可以使用cnd_init() 重新初始化。同pthread_cond_destory()。 + +**参数**:条件变量指针cond。 + +**输出**:无。 + +#### cnd_broadcast + +取消阻止当前等待cond所指向的条件变量的所有线程。如果没有线程被阻塞,则不执行任何操作并返回thrd_success。 + +**参数**:条件变量指针cond。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 + +#### cnd_signal + +取消阻塞在指定的条件变量cond上阻塞的线程中的至少一个(如果有任何线程在cond上被阻塞)。 + +**参数**:条件变量指针cond。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 + +#### cnd_timedwait + +阻塞当前线程等待cond指定的条件变量,并释放互斥体指定的互斥体。只有在另一个线程使用相同的条件变量调用cnd_signal() 或cnd_broadcast() 后,或者如果系统时间达到指定的时间,并且当前线程重新获得互斥锁时,等待线程才会解锁。 + +**参数**: + +1. 条件变量指针cond。 +2. 互斥锁指针m。 +3. 超时时间指针ts。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 +- thrd_timedout:阻塞超时 + +#### cnd_wait + +cnd_wait() 函数与cnd_timedwait() 类似,阻塞当前线程等待cond指定的条件变量,并释放互斥体指定的互斥体。只有在另一个线程使用相同的条件变量调用cnd_signal() 或cnd_broadcast() 后,并且当前线程重新获得互斥锁时,等待线程才会解锁。 + +**参数**: + +1. 条件变量指针cond。 +2. 互斥锁指针m。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 + +### 互斥锁管理 + +#### mtx_init + +mtx_init()函数根据属性type初始化互斥锁。 + +**参数**: + +1. 互斥锁指针mutex。 +2. 互斥锁属性type。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 + +#### mtx_destroy + +mtx_destroy() 用于注销一个互斥锁。销毁一个互斥锁即意味着释放它所占用的资源,且要求锁当前处于开放状态。 + +**参数**:互斥锁指针mutex。 + +**输出**:无。 + +#### mtx_lock + +当pthread_mutex_lock() 返回时,该[互斥锁](https://baike.baidu.com/item/互斥锁/841823?fromModule=lemma_inlink)已被锁定。[线程](https://baike.baidu.com/item/线程/103101?fromModule=lemma_inlink)调用该函数让互斥锁上锁,如果该互斥锁已被另一个线程锁定和拥有,则调用该线程将阻塞,直到该互斥锁变为可用为止。 + +**参数**:互斥锁指针mutex。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 + +#### mtx_timedlock + +mtx_timedlock() 语义与mtx_lock() 类似,不同点在于锁已经被占据时增加一个超时时间,等待超时返回错误码。 + +**参数**: + +1. 互斥锁指针mutex。 +2. 超时时间指针ts。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 +- thrd_timedout:等待超时。 + +#### mtx_trylock + +mtx_trylock() 语义与 mtx_lock() 类似,不同点在于锁已经被占据时返回 thrd_busy, 而非挂起等待。 + +**参数**:互斥锁指针mutex。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_busy:mutex指定的锁已经被占据。 +- thrd_error:操作失败。 + +### 任务管理 + +#### thrd_create + +thrd_create()函数创建一个执行函数为func的新线程,创建成功后,将创建的线程的ID存储在参数 thread 的位置。 + +**参数**: + +1. 指向线程[标识符](https://baike.baidu.com/item/标识符?fromModule=lemma_inlink)的[指针](https://baike.baidu.com/item/指针?fromModule=lemma_inlink)thread。 +2. 线程处理函数的起始地址 func。 +3. 运行函数的参数 arg。 + +**输出**: + +- thrd_success:创建成功。 +- thrd_error:attr指定的属性无效。 +- thrd_nomem:系统缺少创建新线程所需的资源。 + +#### thrd_current + +返回调用线程的线程ID。 + +**参数**:无 + +**输出**:返回调用线程的线程ID。 + +#### thrd_detach + +实现线程分离,即主线程与子线程分离,子线程结束后,资源自动回收。 + +**参数**:线程ID:thread。 + +**输出**: + +- 0:成功完成。 +- EINVAL:thread是分离线程。 +- ESRCH:给定线程ID指定的线程不存在。 + +#### thrd_equal + +此函数应比较线程ID t1和t2。 + +**参数**: + +1. 线程ID t1。 +2. 线程ID t2。 + +**输出**: + +- 如果t1和t2相等,pthread_equal()函数应返回非零值。 +- 如果t1和t2不相等,应返回零。 +- 如果t1或t2不是有效的线程ID,则行为未定义。 + +#### thrd_exit + +线程的终止可以是调用 thrd_exit 或者该线程的例程结束。由此可看出,一个线程可以隐式退出,也可以显式调用 thrd_exit 函数来退出。thrd_exit 函数唯一的参数 value_ptr 是函数的返回代码,只要 thrd_join 中的第二个参数 value_ptr 不是NULL,这个值将被传递给 value_ptr。 + +**参数**:线程退出状态value_ptr,通常传NULL。 + +**输出**:无 + +#### thrd_join + +thrd_join() 函数,以阻塞的方式等待 thread 指定的线程结束。当函数返回时,被等待线程的资源被收回。如果线程已经结束,那么该函数会立即返回。并且 thread 指定的线程必须是 joinable 的。当 thrd_join()成功返回时,目标线程已终止。对指定同一目标线程的thrd_join()的多个同时调用的结果未定义。如果调用thrd_join()的线程被取消,则目标线程不应被分离。 + +**参数**: + +1. 线程ID:thread。 +2. 退出线程:返回值value_ptr。 + +**输出**: + +- thrd_success:操作成功。 + +#### thrd_sleep + +至少在达到time_point指向的基于TIME_UTC的时间点之前,阻塞当前线程的执行。如果收到未被忽略的信号,睡眠可能会恢复。 + +**参数**: + +1. 应等待时间:req。 +2. 实际等待时间:rem。 + +**输出**: + +- 0:操作成功。 +- -2: 操作失败。 + +#### thrd_yield + +thrd_yield()函数应强制正在运行的线程放弃处理器,并触发线程调度。 + +**参数**:无 + +**输出**:输出0时,成功完成;否则应返回值-1。 + +#### tss_create + +分配用于标识线程特定数据的键。tss_create 第一个参数为指向一个键值的[指针](https://baike.baidu.com/item/指针/2878304?fromModule=lemma_inlink),第二个参数指明了一个 destructor 函数,如果这个参数不为空,那么当每个线程结束时,系统将调用这个函数来释放绑定在这个键上的内存块。 + +**参数**: + +1. 键值的[指针](https://baike.baidu.com/item/指针/2878304?fromModule=lemma_inlink)tss。 +2. destructor 函数入口 destructor。 + +**输出**: + +- thrd_success:操作成功。 +- thrd_error:操作失败。 + +#### tss_delete + +销毁线程特定数据键。 + +**参数**:需要删除的键key。 + +**输出**:无 + +#### tss_get + +将与key关联的数据读出来,返回数据类型为 void *,可以指向任何类型的数据。需要注意的是,在使用此返回的指针时,需满足是 void 类型,虽指向关联的数据地址处,但并不知道指向的数据类型,所以在具体使用时,要对其进行强制类型转换。 + +**参数**:键值key。 + +**输出**: + +- 返回与给定 key 关联的线程特定数据值。 +- NULL:没有线程特定的数据值与键关联。 + +#### tss_set + +tss_set() 函数应将线程特定的 value 与通过先前调用 tss_create()获得的 key 关联起来。不同的线程可能会将不同的值绑定到相同的键上。这些值通常是指向已保留供调用线程使用的动态分配内存块的指针。 + +**参数**: + +1. 键值key。 +2. 指针value + +**输出**: + +- 0:设置成功。 + +## 其他接口 + +| 接口名 | 适配情况 | +| :---: | :-----: | +| [pthread_getattr_default_np](#pthread_getattr_default_np) | 支持 | +| [pthread_getattr_np](#pthread_getattr_np) | 支持 | +| [pthread_getname_np](#pthread_getattr_np) | 支持 | +| [pthread_setattr_default_np](#pthread_setattr_default_np) | 支持 | +| [pthread_setname_np](#pthread_setname_np) | 支持 | +| [pthread_timedjoin_np](#pthread_timedjoin_np) | 支持 | +| [pthread_tryjoin_np](#pthread_tryjoin_np) | 支持 | +| [ftime](#ftime) | 支持 | +| [timegm](#timegm) | 支持 | + +### pthread_getattr_default_np + +pthread_getattr_default_np() 函数初始化attr引用的线程属性对象,使其包含用于创建线程的默认属性。 + +**参数**:线程属性对象attr。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +### pthread_setattr_default_np + +pthread_setattr_default_np() 函数用于设置创建新线程的默认属性,即当使用NULL的第二个参数调用pthread_create时使用的属性。 + +**参数**:线程属性对象attr。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +### pthread_getattr_np + +pthread_getattr_np() 函数初始化attr引用的线程属性对象,使其包含描述正在运行的线程线程的实际属性值。 + +**参数**: + +1. 线程ID值thread。 +2. 线程属性对象attr。 + +**输出**: + +- 0:操作成功。 +- 非0值:操作失败。 + +### pthread_getname_np + +pthread_getname_np() 函数可用于检索线程的名称。thread参数指定要检索其名称的线程。 + +**参数**: + +1. 线程ID值thread。 +2. 线程名字符串name。 +3. 字符串大小len。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +### pthread_setname_np + +pthread_setname_np() 函数可用于设置线程的名称。 + +**参数**: + +1. 线程ID值thread。 +2. 线程名字符串name。 +3. 字符串大小len。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 + +### pthread_timedjoin_np + +类似pthread_join,如果线程尚未终止,则调用将阻塞直到abstime中指定的最大时间。如果超时在线程终止之前到期,则调用将返回错误。 + +**参数**: + +1. 线程ID值thread。 +2. 线程退出状态status。 +3. 阻塞时间指针ts。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- ETIMEDOUT:阻塞超时。 + +### pthread_tryjoin_np + +类似pthread_join,但如果线程尚未终止,将立即返回EBUSY。 + +**参数**: + +1. 线程ID值thread。 +2. 线程退出状态status。 + +**输出**: + +- 0:操作成功。 +- EINVAL:指针未初始化。 +- EBUSY:调用时线程尚未终止。 + +### ftime + +取得当前的时间和日期,由一个timeb结构体返回。 + +**参数**: + +1. timeb结构体指针tp。 + +**输出**:无 + +### timegm + +将tm结构体表示的时间转换为自一个标准时间点以来的时间,不受本地时区的影响。 + +**参数**: + +1. tm结构体指针tp。 + +**输出**: + +返回值: + +- time_t结构体表示的时间值。 +- -1: 转换失败。 + +errno: + +- EOVERFLOW:转换溢出。 + +## math数学库 + +| 接口名 | 描述 | 输入参数 | 适配情况 | +| :---: | :-----: | :-----: | :-----: | +| [acos](#acos) | 计算参数x的反余弦值,参数x的取值范围[-1, +1],返回类型double | double类型的浮点数x | 支持 | +| [acosf](#acosf) | 计算参数x的反余弦值,参数x的取值范围[-1, +1],返回类型float | float类型的浮点数x | 支持 | +| [acosl](#acosl) | 计算参数x的反余弦值,参数x的取值范围[-1, +1],返回类型long double | long double类型的浮点数x | 支持 | +| [acosh](#acosh) | 计算参数x的反双曲余弦值,返回类型double | double类型的浮点数x | 支持 | +| [acoshf](#acoshf) | 计算参数x的反双曲余弦值,返回类型float | float类型的浮点数x | 支持 | +| [acoshl](#acoshl) | 计算参数x的反双曲余弦值,返回类型long double | long double类型的浮点数x | 支持 | +| [asin](#asin) | 计算参数x的反正弦值,参数x的取值范围为[-1, +1] | duoble类型的浮点数x | 支持 | +| [asinf](#asinf) | 计算参数x的反正弦值,参数x的取值范围为[-1, +1] | float类型的浮点数x | 支持 | +| [asinl](#asinl) | 计算参数x的反正弦值,参数x的取值范围为[-1, +1] | long double类型的浮点数x | 支持 | +| [asinh](#asinh) | 计算参数x的反双曲正弦值,返回类型double | double类型的浮点数x | 支持 | +| [asinhf](#asinhf) | 计算参数x的反双曲正弦值,返回类型float | float类型的浮点数x | 支持 | +| [asinhl](#asinhl) | 计算参数x的反双曲正弦值,返回类型long double | long double类型的浮点数x | 支持 | +| [atan](#atan) | 计算参数x的反正切值,返回类型double | double类型的浮点数x | 支持 | +| [atanf](#atanf) | 计算参数x的反正切值,返回类型float | float类型的浮点数x | 支持 | +| [atanl](#atanl) | 计算参数x的反正切值,返回类型long double | long double类型的浮点数x | 支持 | +| [atan2](#atan2) | 计算参数y除以x的反正切值,使用两个参数的符号确定返回值的象限 | double类型的浮点数y
double类型的浮点数x | 支持 | +| [atan2f](#atan2f) | 计算参数y除以x的反正切值,使用两个参数的符号确定返回值的象限 | float类型的浮点数y
float类型的浮点数x | 支持 | +| [atan2l](#atan2l) | 计算参数y除以x的反正切值,使用两个参数的符号确定返回值的象限 | long double类型的浮点数y
long double类型的浮点数x | 支持 | +| [atanh](#atanh) | 计算参数x的反双曲正切值,返回类型double | double类型的浮点数x | 支持 | +| [atanhf](#atanhf) | 计算参数x的反双曲正切值,返回类型float | float类型的浮点数x | 支持 | +| [atanhl](#atanhl) | 计算参数x的反双曲正切值,返回类型long double | long double类型的浮点数x | 支持 | +| [cbrt](#cbrt) | 计算参数x的立方根,返回类型double | double类型的浮点数x | 支持 | +| [cbrtf](#cbrtf) | 计算参数x的立方根,返回类型float | float类型的浮点数x | 支持 | +| [cbrtl](#cbrtl) | 计算参数x的立方根,返回类型long double | long double类型的浮点数x | 支持 | +| [ceil](#ceil) | 计算不小于参数x的最小整数值,返回类型double | duoble类型的浮点数x | 支持 | +| [ceilf](#ceilf) | 计算不小于参数x的最小整数值,返回类型float | float类型的浮点数x | 支持 | +| [ceill](#ceill) | 计算不小于参数x的最小整数值,返回类型long double | long duoble类型的浮点数x | 支持 | +| [copysign](#copysign) | 生成一个值,该值具有参数x的大小和参数y的符号 | duoble类型的浮点数x
double类型的浮点数y | 支持 | +| [copysignf](#copysignf) | 生成一个值,该值具有参数x的大小和参数y的符号 | float类型的浮点数x
float类型的浮点数y | 支持 | +| [copysignl](#copysignl) | 生成一个值,该值具有参数x的大小和参数y的符号 | long duoble类型的浮点数x
long double类型的浮点数y | 支持 | +| [cos](#cos) | 计算参数x的余弦值,参数应为弧度值,返回类型double | duoble类型的浮点数x | 支持 | +| [cosf](#cosf) | 计算参数x的余弦值,参数应为弧度值,返回类型float | float类型的浮点数x | 支持 | +| [cosl](#cosl) | 计算参数x的余弦值,参数应为弧度值,返回类型long double | long double类型的浮点数x | 支持 | +| [cosh](#cosh) | 计算参数x的双曲余弦值,返回类型double | double类型的浮点数x | 支持 | +| [coshf](#coshf) | 计算参数x的双曲余弦值,返回类型float | float类型的浮点数x | 支持 | +| [coshl](#coshl) | 计算参数x的双曲余弦值,返回类型long double | long double类型的浮点数x | 支持 | +| [erf](#erf) | 计算参数x的高斯误差函数的值 | double类型的浮点数x | 支持 | +| [erff](#erff) | 计算参数x的高斯误差函数的值 | float类型的浮点数x | 支持 | +| [erfl](#erfl) | 计算参数x的高斯误差函数的值 | long double类型的浮点数x | 支持 | +| [erfc](#erfc) | 计算参数x的高斯误差函数的值 | double类型的浮点数x | 支持 | +| [erfcf](#erfcf) | 计算参数x的互补误差函数的值 | float类型的浮点数x | 支持 | +| [erfcl](#erfcl) | 计算参数x的互补误差函数的值 | long double类型的浮点数x | 支持 | +| [exp](#exp) | 以e为基数的指数,即$e^x$的值,返回类型double | double类型的浮点数x | 支持 | +| [expf](#expf) | 以e为基数的指数,即$e^x$的值,返回类型float | float类型的浮点数x | 支持 | +| [expl](#expl) | 以e为基数的指数,即$e^x$的值,返回类型long double | long double类型的浮点数x | 支持 | +| [exp10](#exp10) | 以10为基数的指数,即$10^x$的值,返回类型double | double类型的浮点数x | 支持 | +| [exp10f](#exp10f) | 以10为基数的指数,即$10^x$的值,返回类型float | float类型的浮点数x | 支持 | +| [exp10l](#exp10l) | 以10为基数的指数,即$10^x$的值,返回类型long double | long double类型的浮点数x | 支持 | +| [exp2](#exp2) | 以2为基数的指数函数,返回类型double | double类型的浮点数x | 支持 | +| [exp2f](#exp2f) | 以2为基数的指数函数,返回类型float | float类型的浮点数x | 支持 | +| [exp2l](#exp2l) | 以2为基数的指数函数,返回类型long double | long double类型的浮点数x | 支持 | +| [expm1](#expm1) | 计算$e^x - 1$的值。如果参数x是个小值,expm1(x)函数的值比表达式$e^x - 1$更准确 | double类型的浮点数x | 支持 | +| [expm1f](#expm1f) | 计算$e^x - 1$的值。如果参数x是个小值,expm1(x)函数的值比表达式$e^x - 1$更准确 | float类型的浮点数x | 支持 | +| [expm1l](#expm1l) | 计算$e^x - 1$的值。如果参数x是个小值,expm1(x)函数的值比表达式$e^x - 1$更准确 | long double类型的浮点数x | 支持 | +| [fabs](#fabs) | 计算参数x的绝对值,返回类型double | double类型的浮点数x | 支持 | +| [fabsf](#fabsf) | 计算参数x的绝对值,返回类型float | float类型的浮点数x | 支持 | +| [fabsl](#fabsl) | 计算参数x的绝对值,返回类型long double | long double类型的浮点数x | 支持 | +| [fdim](#fdim) | 计算参数x和参数y之间的正差值 | double类型的浮点数x
double类型的浮点数y | 支持 | +| [fdimf](#fdimf) | 计算参数x和参数y之间的正差值 | float类型的浮点数x
float类型的浮点数y | 支持 | +| [fdiml](#fdiml) | 计算参数x和参数y之间的正差值 | long double类型的浮点数x
long double类型的浮点数y | 支持 | +| [finite](#finite) | 如果参数x既不是无限值也不是NaN,则返回一个非零值,否则返回0 | double类型的浮点数x | 支持 | +| [finitef](#finitef) | 如果参数x既不是无限值也不是NaN,则返回一个非零值,否则返回0 | float类型的浮点数x| 支持 | +| [floor](#floor) | 计算不大于参数x到最大整数值,返回类型double | double类型的浮点数x | 支持 | +| [floorf](#floorf) | 计算不大于参数x到最大整数值,返回类型float | float类型的浮点数x | 支持 | +| [floorl](#floorl) | 计算不大于参数x到最大整数值,返回类型long double | long double类型的浮点数x | 支持 | +| [fma](#fma) | 计算表达式$(x * y) + z$的值,返回double类型 | double类型的浮点数x
double类型的浮点数y
double类型的浮点数z | 支持 | +| [fmaf](#fmaf) | 计算表达式$(x * y) + z$的值,返回float类型 | float类型的浮点数x
float类型的浮点数y
float类型的浮点数z | 支持 | +| [fmal](#fmal) | 计算表达式$(x * y) + z$的值,返回long double类型 | long double类型的浮点数x
long double类型的浮点数y
long double类型的浮点数z | 支持 | +| [fmax](#fmax) | 确定其参数的最大数值。如果一个参数是非数值(NaN),另一个参数是数值,fmax函数将选择数值 | double类型的浮点数x
double类型的浮点数y | 支持 | +| [fmaxf](#fmaxf) | 确定其参数的最大数值。如果一个参数是非数值(NaN),另一个参数是数值,fmax函数将选择数值 | float类型的浮点数x
float类型的浮点数y | 支持 | +| [fmaxl](#fmaxl) | 确定其参数的最大数值。如果一个参数是非数值(NaN),另一个参数是数值,fmax函数将选择数值 | long double类型的浮点数x
long double类型的浮点数y | 支持 | +| [fmin](#fmin) | 返回其参数的最小数值。非数值NaN参数视为缺失数据。如果一个参数是非数值,另一个参数是数值,fmin函数将选择数值 | double类型的浮点数x
double类型的浮点数y | 支持 | +| [fminf](#fminf) | 返回其参数的最小数值。非数值NaN参数视为缺失数据。如果一个参数是非数值,另一个参数是数值,fmin函数将选择数值 | float类型的浮点数x
float类型的浮点数y | 支持 | +| [fminl](#fminl) | 返回其参数的最小数值。非数值NaN参数视为缺失数据。如果一个参数是非数值,另一个参数是数值,fmin函数将选择数值 | long double类型的浮点数x
long double类型的浮点数y | 支持 | +| [fmod](#fmod) | 计算表达式x/y的浮点余数,返回double类型 | double类型的浮点数x
double类型的浮点数y | 支持 | +| [fmodf](#fmodf) | 计算表达式x/y的浮点余数,返回float类型 | float类型的浮点数x
float类型的浮点数y | 支持 | +| [fmodl](#fmodl) | 计算表达式x/y的浮点余数,返回long double类型 | long double类型的浮点数x
long double类型的浮点数y | 支持 | +| [frexp](#frexp) | 将浮点数分解为规格化小数和2的整数幂,并将整数存入参数exp指向的对象中 | double类型的浮点数x
int *类型的浮点数y | 支持 | +| [frexpf](#frexpf) | 将浮点数分解为规格化小数和2的整数幂,并将整数存入参数exp指向的对象中 | float类型的浮点数x
int *类型的浮点数y | 支持 | +| [frexpl](#frexpl) | 将浮点数分解为规格化小数和2的整数幂,并将整数存入参数exp指向的对象中 | long double类型的浮点数x
int *类型的浮点数y | 支持 | +| [hypot](#hypot) | 计算表达式$(x^2 + y^2)^{1/2}$的值 | double类型的浮点数x
double类型的浮点数y | 支持 | +| [hypotf](#hypotf) | 计算表达式$(x^2 + y^2)^{1/2}$的值 | float类型的浮点数x
float类型的浮点数y | 支持 | +| [hypotl](#hypotl) | 计算表达式$(x^2 + y^2)^{1/2}$的值 | long double类型的浮点数x
long double类型的浮点数y | 支持 | +| [ilogb](#ilogb) | 以FLT_RADIX作为对数的底数,返回double类型x的对数的整数部分 | double类型的浮点数x | 支持 | +| [ilogbf](#ilogbf) | 以FLT_RADIX作为对数的底数,返回float类型x的对数的整数部分 | float类型的浮点数x | 支持 | +| [ilogbl](#ilogbl) | 以FLT_RADIX作为对数的底数,返回long double类型x的对数的整数部分 | long double类型的浮点数x | 支持 | +| [j0](#j0) | 计算参数x的第一类0阶贝塞尔函数 | double类型浮点数x | 支持 | +| [j0f](#j0f) | 计算参数x的第一类0阶贝塞尔函数 | float类型浮点数x | 支持 | +| [j1](#j1) | 计算参数x的第一类1阶贝塞尔函数 | double类型浮点数x | 支持 | +| [j1f](#j1f) | 计算参数x的第一类1阶贝塞尔函数 | float类型浮点数x | 支持 | +| [jn](#jn) | 计算参数x的第一类n阶贝塞尔函数 | int类型阶数
double类型浮点数x | 支持 | +| [jnf](#jnf) | 计算参数x的第一类n阶贝塞尔函数 | int类型阶数
float类型浮点数x | 支持 | +| [ldexp](#ldexp) | 计算参数x与2的exp次幂的乘积,即返回$x * 2^{exp}$的double类型值。 | double类型的浮点数x
int类型的指数exp | 支持 | +| [ldexpf](#ldexpf) | 计算参数x与2的exp次幂的乘积,即返回$x * 2^{exp}$的float类型值。 | float类型的浮点数x
int类型的指数exp | 支持 | +| [ldexpl](#ldexpl) | 计算参数x与2的exp次幂的乘积,即返回$x * 2^{exp}$的long double类型值。 | long double类型的浮点数x
int类型的指数exp | 支持 | +| [lgamma](#lgamma) | 计算参数x伽玛绝对值的自然对数,返回double类型 | double类型的浮点数x | 支持 | +| [lgammaf](#lgammaf) | 计算参数x伽玛绝对值的自然对数,返回float类型 | float类型的浮点数x | 支持 | +| [lgammal](#lgammal) | 计算参数x伽玛绝对值的自然对数,返回long double类型 | long double类型的浮点数x | 支持 | +| [lgamma_r](#lgamma_r) | 计算参数x伽玛绝对值的自然对数,与lgamma不同在于是线程安全的 | double类型的浮点数x
int *类型符号参数 | 支持 | +| [lgamma_r](#lgamma_r) | 计算参数x伽玛绝对值的自然对数,与lgamma不同在于是线程安全的 | float类型的浮点数x
int *类型符号参数 | 支持 | +| [llrint](#llrint) | 根据当前舍入模式,将参数舍入为long long int类型的最接近整数值 | double类型的浮点数x | 支持 | +| [llrintf](#llrintf) | 根据当前舍入模式,将参数舍入为long long int类型的最接近整数值 | float类型的浮点数x | 支持 | +| [llrintl](#llrintl) | 根据当前舍入模式,将参数舍入为long long int类型的最接近整数值 | long double类型的浮点数x | 支持 | +| [llround](#llround) | 将double类型x舍入为浮点形式表示的long long int型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | double类型的浮点数x | 支持 | +| [llroundf](#llroundf) | 将float类型x舍入为浮点形式表示的long long int型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | float类型的浮点数x | 支持 | +| [llroundl](#llroundl) | 将long double类型x舍入为浮点形式表示的long long int型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | long double类型的浮点数x | 支持 | +| [log](#log) | double类型x的自然对数函数 | double类型的浮点数x | 支持 | +| [logf](#logf) | float类型x的自然对数函数 | float类型的浮点数x | 支持 | +| [logl](#logl) | long double类型x的自然对数函数 | long double类型的浮点数x | 支持 | +| [log10](#log10) | double类型x以10为底数的对数函数 | double类型的浮点数x | 支持 | +| [log10f](#log10f) | float类型x以10为底数的对数函数 | float类型的浮点数x | 支持 | +| [log10l](#log10l) | long double类型x以10为底数的对数函数 | long double类型的浮点数x | 支持 | +| [log1p](#log1p) | 以e为底数的对数函数,计算$log_e(1 + x)$的值。如果参数x是个小值,表达式log1p(x)比表达式log(1 + x)更准确 | double类型的浮点数x | 支持 | +| [log1pf](#log1pf) | 以e为底数的对数函数,计算$log_e(1 + x)$的值。如果参数x是个小值,表达式log1p(x)比表达式log(1 + x)更准确 | float类型的浮点数x | 支持 | +| [log1pl](#log1pl) | 以e为底数的对数函数,计算$log_e(1 + x)$的值。如果参数x是个小值,表达式log1p(x)比表达式log(1 + x)更准确 | long double类型的浮点数x | 支持 | +| [log2](#log2) | double类型x以2为底数的对数函数 | double类型的浮点数x | 支持 | +| [log2f](#log2f) | float类型x以2为底数的对数函数 | flaot类型的浮点数x | 支持 | +| [log2l](#log2l) | long double类型x以2为底数的对数函数 | long double类型的浮点数x | 支持 | +| [logb](#logb) | double类型x以FLT_RADIX为的底数到对数函数 | double类型的浮点数x | 支持 | +| [logbf](#logbf) | float类型x以FLT_RADIX为的底数到对数函数 | float类型的浮点数x | 支持 | +| [logbl](#logbl) | double类型x以FLT_RADIX为的底数到对数函数 | double类型的浮点数x | 支持 | +| [lrint](#lrint) | 根据当前舍入模式,将参数舍入为long int类型的最接近整数值 | double类型的浮点数x | 支持 | +| [lrintf](#lrintf) | 根据当前舍入模式,将参数舍入为long int类型的最接近整数值 | float类型的浮点数x | 支持 | +| [lrintl](#lrintl) | 根据当前舍入模式,将参数舍入为long int类型的最接近整数值 | long double类型的浮点数x | 支持 | +| [lround](#lround) | 将double类型x舍入为浮点形式表示的long int型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | double类型的浮点数x | 支持 | +| [lroundf](#lroundf) | 将float类型x舍入为浮点形式表示的long int型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | float类型的浮点数x | 支持 | +| [lroundl](#lroundl) | 将long double类型x舍入为浮点形式表示的long int型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | long double类型的浮点数x | 支持 | +| [modf](#modf) | 将double类型的参数value分成整数部分和小数部分,两部分与参数value具有相同的类型和符号。整数部分以浮点形式存入参数iptr指向的对象中 | double类型的浮点数value
double *类型的指数iptr | 支持 | +| [modff](#modff) | 将float类型的参数value分成整数部分和小数部分,两部分与参数value具有相同的类型和符号。整数部分以浮点形式存入参数iptr指向的对象中 | float类型的浮点数value
float *类型的指数iptr | 支持 | +| [modfl](#modfl) | 将long double类型的参数value分成整数部分和小数部分,两部分与参数value具有相同的类型和符号。整数部分以浮点形式存入参数iptr指向的对象中 | long double类型的浮点数value
long double *类型的指数iptr | 支持 | +| [nan](#nan) | 返回一个double类型的非数值NaN,内容由参数tagp确定 | const char*类型tagp | 支持 | +| [nanf](#nanf) | 返回一个float类型的非数值NaN,内容由参数tagp确定 | const char*类型tagp | 支持 | +| [nanl](#nanl) | 返回一个long double类型的非数值NaN,内容由参数tagp确定 | const char*类型tagp | 支持 | +| [nearbyint](#nearbyint) | 根据当前舍入模式,将double型参数x舍入为浮点格式的double型整数值 | double类型x | 支持 | +| [nearbyintf](#nearbyintf) | 根据当前舍入模式,将float型参数x舍入为浮点格式的float型整数值 | float类型x | 支持 | +| [nearbyintl](#nearbyintl) | 根据当前舍入模式,将long double型参数x舍入为浮点格式的double型整数值 | long double类型x | 支持 | +| [nextafter](#nextafter) | 返回double类型参数x沿参数y方向的下一个可表示值 | double类型x
double类型y | 支持 | +| [nextafterf](#nextafterf) | 返回double类型参数x沿参数y方向的下一个可表示值 | float类型x
flaot类型y | 支持 | +| [nextafterl](#nextafterl) | 返回double类型参数x沿参数y方向的下一个可表示值 | long double类型x
long double类型y | 支持 | +| [nexttoward](#nexttoward) | 返回double类型参数x沿参数y方向的下一个可表示值,等价于nextafter,区别在于参数y为long double | double类型浮点数x
long double类型浮点数y | 支持 | +| [nexttowardf](#nexttowardf) | 返回double类型参数x沿参数y方向的下一个可表示值,等价于nextafter,区别在于参数y为long double | float类型浮点数x
long double类型浮点数y | 支持 | +| [nexttowardl](#nexttowardl) | 返回double类型参数x沿参数y方向的下一个可表示值,等价于nextafter,区别在于参数y为long double | long double类型浮点数x
long double类型浮点数y | 支持 | +| [pow](#pow) | 计算表达式$x^y$的值 | double类型浮点数x
double类型浮点数y | 支持 | +| [powf](#powf) | 计算表达式$x^y$的值 | float类型浮点数x
float类型浮点数y | 支持 | +| [powl](#powl) | 计算表达式$x^y$的值 | long double类型浮点数x
long double类型浮点数y | 支持 | +| [pow10](#pow10) | 计算表达式$10^x$的值 | double类型浮点数x | 支持 | +| [pow10f](#pow10f) | 计算表达式$10^x$的值 | float类型浮点数x| 支持 | +| [pow10l](#pow10l) | 计算表达式$10^x$的值 | long double类型浮点数x | 支持 | +| [remainder](#remainder) | 计算参数x除以y的余数,等同于drem | double类型浮点数x
double类型浮点数y | 支持 | +| [remainderf](#remainderf) | 计算参数x除以y的余数,等同于dremf | float类型浮点数x
float类型浮点数y | 支持 | +| [remainderl](#remainderl) | 计算参数x除以y的余数 | long double类型浮点数x
long double类型浮点数y | 支持 | +| [remquo](#remquo) | 计算参数x和参数y的浮点余数,并将商保存在传递的参数指针quo中 | double类型浮点数x
double类型浮点数y
int *类型商que | 支持 | +| [remquof](#remquof) | 计算参数x和参数y的浮点余数,并将商保存在传递的参数指针quo中 | float类型浮点数x
float类型浮点数y
int *类型商que | 支持 | +| [remquol](#remquol) | 计算参数x和参数y的浮点余数,并将商保存在传递的参数指针quo中 | long double类型浮点数x
long double类型浮点数y
int *类型商que | 支持 | +| [rint](#rint) | 根据当前舍入模式,将参数x舍入为浮点个数的整数值 | double类型的浮点数x | 支持 | +| [rintf](#rintf) | 根据当前舍入模式,将参数x舍入为浮点个数的整数值 | float类型的浮点数x | 支持 | +| [rintl](#rintl) | 根据当前舍入模式,将参数x舍入为浮点个数的整数值 | long double类型的浮点数x | 支持 | +| [round](#round) | 将double类型x舍入为浮点形式表示的double型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | double类型的浮点数x | 支持 | +| [roundf](#roundf) | 将float类型x舍入为浮点形式表示的float型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | float类型的浮点数x | 支持 | +| [roundl](#roundl) | 将long double类型x舍入为浮点形式表示的long double型最近整数值。如果x位于两个整数中心,将向远离0的方向舍入。 | long double类型的浮点数x | 支持 | +| [scalb](#scalb) | 计算$x * FLT\_RADIX^{exp}$的double类型值 | double类型的浮点数x
double类型的指数exp | 支持 | +| [scalbf](#scalbf) | 计算$x * FLT\_RADIX^{exp}$的float类型值 | float类型的浮点数x
float类型的指数exp | 支持 | +| [scalbln](#scalbln) | 计算$x * FLT\_RADIX^{exp}$的double类型值 | double类型的浮点数x
long类型的指数exp | 支持 | +| [scalblnf](#scalblnf) | 计算$x * FLT\_RADIX^{exp}$的float类型值 | float类型的浮点数x
long类型的指数exp | 支持 | +| [scalblnl](#scalblnl) | 计算$x * FLT\_RADIX^{exp}$的long double类型值 | long double类型的浮点数x
long类型的指数exp | 支持 | +| [scalbn](#scalbn) | 计算$x * FLT\_RADIX^{exp}$的double类型值 | double类型的浮点数x
int类型的指数exp | 支持 | +| [scalbnf](#scalbnf) | 计算$x * FLT\_RADIX^{exp}$的float类型值 | float类型的浮点数x
int类型的指数exp | 支持 | +| [scalbnl](#scalbnl) | 计算$x * FLT\_RADIX^{exp}$的long double类型值 | long double类型的浮点数x
int类型的指数exp | 支持 | +| [significand](#significand) | 用于分离浮点数x的尾数部分,返回double类型 | double类型的浮点数x | 支持 | +| [significandf](#significandf) | 用于分离浮点数x的尾数部分,返回double类型 | double类型的浮点数x | 支持 | +| [sin](#sin) | 计算参数x的正弦值,参数应为弧度值,返回double类型 | double类型的浮点数x | 支持 | +| [sinf](#sinf) | 计算参数x的正弦值,参数应为弧度值,返回float类型 | float类型的浮点数x | 支持 | +| [sinl](#sinl) | 计算参数x的正弦值,参数应为弧度值,返回long double类型 | long double类型的浮点数x | 支持 | +| [sincos](#sincos) | 同时计算参数x的正弦值和余弦值,并将结果存储在*sin和*cos,比单独调用sin和cos效率更高 | double类型的浮点数x
double*类型的浮点数sin
double*类型的浮点数cos | 支持 | +| [sincosf](#sincosf) | 同时计算参数x的正弦值和余弦值,并将结果存储在*sin和*cos,比单独调用sin和cos效率更高 | float类型的浮点数x
float*类型的浮点数sin
float*类型的浮点数cos | 支持 | +| [sincosl](#sincosl) | 同时计算参数x的正弦值和余弦值,并将结果存储在*sin和*cos,比单独调用sin和cos效率更高 | long double类型的浮点数x
long double*类型的浮点数sin
long double*类型的浮点数cos | 支持 | +| [sinh](#sinh) | 计算参数x的双曲正弦值,返回double类型 | double类型的浮点数x | 支持 | +| [sinhf](#sinhf) | 计算参数x的双曲正弦值,返回float类型 | float类型的浮点数x | 支持 | +| [sinhl](#sinhl) | 计算参数x的双曲正弦值,返回long double类型 | long double类型的浮点数x | 支持 | +| [sqrt](#sqrt) | 计算参数x的平方根,返回类型double | double类型的浮点数x | 支持 | +| [sqrtf](#sqrtf) | 计算参数x的平方根,返回类型float | float类型的浮点数x | 支持 | +| [sqrtl](#sqrtl) | 计算参数x的平方根,返回类型long double | long double类型的浮点数x | 支持 | +| [tan](#tan) | 计算参数x的正切值,参数应为弧度值,返回double类型 | double类型的浮点数x | 支持 | +| [tanf](#tanf) | 计算参数x的正切值,参数应为弧度值,返回float类型 | float类型的浮点数x | 支持 | +| [tanl](#tanl) | 计算参数x的正切值,参数应为弧度值,返回long double类型 | long double类型的浮点数x | 支持 | +| [tanh](#tanh) | 计算参数x的双曲正切值,返回double类型 | double类型的浮点数x | 支持 | +| [tanhf](#tanhf) | 计算参数x的双曲正切值,返回float类型 | float类型的浮点数x | 支持 | +| [tanhl](#tanhl) | 计算参数x的双曲正切值,返回long double类型 | long double类型的浮点数x | 支持 | +| [tgamma](#tgamma) | 计算参数x的伽马函数,返回double类型 | double类型的浮点数x | 支持 | +| [tgammaf](#tgammaf) | 计算参数x的伽马函数,返回float类型 | float类型的浮点数x | 支持 | +| [tgammal](#tgammal) | 计算参数x的伽马函数,返回long double类型 | long double类型的浮点数x | 支持 | +| [trunc](#trunc) | 截取参数x的整数部分,并将整数部分以浮点形式表示 | double类型的浮点数x | 支持 | +| [truncf](#truncf) | 截取参数x的整数部分,并将整数部分以浮点形式表示 | float类型的浮点数x | 支持 | +| [truncl](#truncl) | 截取参数x的整数部分,并将整数部分以浮点形式表示 | long double类型的浮点数x | 支持 | +| [y0](#y0) | 计算参数x的第二类0阶贝塞尔函数 | double类型的浮点数x | 支持 | +| [y0f](#y0f) | 计算参数x的第二类0阶贝塞尔函数 | float类型的浮点数x | 支持 | +| [y1](#y1) | 计算参数x的第二类1阶贝塞尔函数 | double类型的浮点数x | 支持 | +| [y1f](#y1f) | 计算参数x的第二类1阶贝塞尔函数 | float类型的浮点数x | 支持 | +| [yn](#yn) | 计算参数x的第二类n阶贝塞尔函数 | int类型阶数n
double类型的浮点数x | 支持 | +| [ynf](#ynf) | 计算参数x的第二类n阶贝塞尔函数 | int类型阶数n
float类型的浮点数x | 支持 | + +## 设备驱动 + +### register_driver + +在文件系统中注册一个字符设备驱动程序。 + +**参数**: + +1. 要创建的索引节点的路径path。 +2. file_operations结构体指针fops。 +3. 访问权限mode。 +4. 将与inode关联的私有用户数据priv。 + +**输出**: + +- 0:操作成功。 +- 负数值:操作失败。 + +#### unregister_driver + +从文件系统中删除“path”处的字符驱动程序。 + +**参数**: + +1. 要删除的索引节点的路径path。 + +**输出**: + +- 0:操作成功。 +- -EINVAL:无效的path路径。 +- -EEXIST:path中已存在inode。 +- -ENOMEM:内存不足。 + +#### register_blockdriver + +在文件系统中注册一个块设备驱动程序。 + +**参数**: + +1. 要创建的索引节点的路径path。 +2. block_operations结构体指针bops。 +3. 访问权限mode。 +4. 将与inode关联的私有用户数据priv。 + +**输出**: + +- 0:操作成功。 +- -EINVAL:无效的path路径。 +- -EEXIST:path中已存在inode。 +- -ENOMEM:内存不足。 + +#### unregister_blockdriver + +从文件系统中删除“path”处的块设备驱动程序。 + +**参数**: + +1. 要删除的索引节点的路径path。 + +**输出**: + +- 0:操作成功。 +- -EINVAL:无效的path路径。 +- -EEXIST:path中已存在inode。 +- -ENOMEM:内存不足。 + +## Shell模块 + +### SHELLCMD_ENTRY + +向Shell模块静态注册命令。 + +**参数**: + +1. 命令变量名name。 +2. 命令类型cmdType。 +3. 命令关键字cmdKey。 +4. 处理函数的入参最大个数paraNum。 +5. 命令处理函数回调cmdHook。 + +**输出**:无 + +### osCmdReg + +向Shell模块动态注册命令。 + +**参数**: + +1. 命令类型cmdType。 +2. 命令关键字cmdKey。 +3. 处理函数的入参最大个数paraNum。 +4. 命令处理函数回调cmdHook。 + +**输出**: + +- 0:操作成功。 +- OS_ERRNO_SHELL_NOT_INIT:shell模块未初始化。 +- OS_ERRNO_SHELL_CMDREG_PARA_ERROR:无效的输入参数。 +- OS_ERRNO_SHELL_CMDREG_CMD_ERROR:无效的字符串关键字。 +- OS_ERRNO_SHELL_CMDREG_CMD_EXIST:关键字已存在。 +- OS_ERRNO_SHELL_CMDREG_MEMALLOC_ERROR:内存不足。 diff --git a/docs/zh/embedded/uniproton/uniproton_functions.md b/docs/zh/embedded/uniproton/uniproton_functions.md new file mode 100644 index 0000000000000000000000000000000000000000..09a287c5dc27e2c257b613a212a5da7939c9df38 --- /dev/null +++ b/docs/zh/embedded/uniproton/uniproton_functions.md @@ -0,0 +1,157 @@ +# UniProton功能设计 + +## 支持任务管理 + +UniProton是一个单进程支持多线程的操作系统。在UniProton中,一个任务表示一个线程。UniProton中的任务为抢占式调度机制,而非时间片轮转调度方式。高优先级的任务可打断低优先级任务,低优先级任务必须在高优先级任务挂起或阻塞后才能得到调度。 + +UniProton的任务一共有32个优先级(0-31),最高优先级为0,最低优先级为31。每个优先级可以创建多个任务。 + +UniProton任务管理模块提供任务创建、任务删除、任务挂起、任务恢复、任务延时、锁任务调度、解锁任务调度、当前任务ID获取、任务私有数据获取与设置、查询指定任务正在Pending的信号量ID、查询指定任务状态、上下文信息、任务通用信息、任务优先级设定与获取、调整指定优先级的任务调度顺序、注册及取消任务创建钩子、任务删除钩子、任务切换钩子等功能。UniProton在初始化阶段,默认会创建一个最低优先级的IDLE任务,用户在没有处于运行态的任务时,IDLE任务被运行。 + +## 支持事件管理 + +事件机制可以实现线程之间的通讯。事件通讯只能是事件类型的通讯,无数据传输。 + +UniProton事件作为任务的扩展,实现任务之间的通讯。每个任务支持32种类型事件(32个 bit位,每bit代表一种事件类型)。 + +UniProton提供读取本任务事件和写指定任务事件的功能。读事件时可以同时读取多种事件,也可以只读取一种事件,写事件时也可以同时写一种或多种类型事件。 + +## 支持队列管理 + +队列(Queue),又称消息队列,是线程间实现通信的一种方式,实现了数据的存储和传递功能。根据优先级可以将数据写入到队列头或队列尾,但只能从队列的头处读取数据。 + +UniProton创建队列时,根据用户传入队列长度和消息单元大小来开辟相应的内存空间以供该队列使用。在队列控制块中维护一个头指针Head和一个尾指针Tail来表示当前队列中数据存储情况。头指针Head表示队列中被占用消息的起始地址,尾指针Tail表示队列中空闲消息的起始地址。 + +## 支持硬中断管理 + +硬中断是由硬件触发的会改变系统运行轨迹的一个电平信号,硬中断用于通知CPU某个硬件事件的发生。硬中断一般分为可屏蔽中断和不可屏蔽中断(NMI)两种。 + +硬中断的优先级高于所有任务,其内部也有不同的优先级,当同时有多个硬中断被触发时,最高优先级的硬中断总是优先得到响应。高优先级硬中断是否能打断正在执行的低优先级硬中断(即中断嵌套),视不同芯片平台而异。 + +出于任务延时、软件定时器等需要,OS会在初始化阶段,创建1个Tick硬中断,其实质是一个周期性的硬件定时器。 + +## 支持内存管理 + +内存管理主要工作是动态的划分并管理用户分配好的大片内存区间。当程序某一部分需要使用内存,可以通过操作系统的内存申请函数索取指定大小内存块,一旦使用完毕,通过内存释放函数归还所占用内存,使之可以重复使用。 + +目前UniProton提供了FSC内存算法,该算法优缺点及应用场景如下表所示: + +| 内存算法 | 优点 | 缺点 | 应用场景 | +| :----------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------ | ------------------------------------ | +| 类型私有FSC算法 | 内存控制块信息占用内存较少,支持最小4字节对齐的内存块大小申请;支持相邻内存块的快速分割合并,无内存碎片。 | 内存申请和内存释放的效率较低。 | 能够灵活适应各种产品的场景。 | + +如下简要描述一下FSC内存算法: + +### FSC内存算法 + +#### 核心思想 + +对于申请的内存大小为uwSize,如果用二进制,则表示为0b{0}1xxx,{0}表示1前面可能有0个或多个零。无论1后面xxx为何内容,如果将1变成10,xxx则全部变成0,则总会出现10yyy > 1xxx(此处yyy表示xxx的对应位全部变成0)。 + +我们可以直接得到最左边的1的下标。下标值或者从高位到低位依次为0-31(BitMap),或者从低位到高位依次为0-31(uwSize)。如果32位寄存器从高位到低位的bit位的下标依次为0-31,则0x80004000的最左边1的下标为0。于是我们可以维护一个空闲链表头数组(元素数不超过31),以内存块大小最左边的1的下标做为链表头的数组索引,即将所有最左边的1的下标相同的内存块挂接在同一个空闲链表中。 + +如:索引为2的链表可挂接的空闲块大小为4、5、6、7;索引为N的链表可挂接的空闲块大小为2^N到2^(N+1)-1。 + +![](./figures/FCS.png) + +#### 内存申请 + +当申请uwSize大小的内存时,首先利用汇编指令得到最左边的1的下标,假定为n。为确保空闲链表中的第一个空闲内存块满足uwSize,从索引为n+1开始搜索。若n+1所属空闲链表不为空,则取该链表中的第一个空闲块。若n+1链表为空,则判断n+2链表,依次类推,直到找到非空链表或索引达到31。 + +为避免for循环逐级判断空闲链表是否为空,定义一个32位的BitMap全局变量。若索引n的空闲链表非空,则BitMap的下标为n的位置1,否则清0。BitMap的下标为31的位在初始化时直接置1。于是查找从n+1开始的第一个非空闲链表,可以首先将BitMap复本的0到n位清零,然后获取复本的最左边的1的下标,若不等于31,即为第一个空闲链表非空的数组索引。 + +所有的空闲块都以双向链表形式,串接在空闲链表中。若从链表中获取的第一个空闲块比较大,即分割出一个usSize的内存块后,剩下的空间至少可做一次最小分配。则将剩余的空闲块调整到对应的空闲链表中。 + + ![](./figures/MemoryApplication.png) + +内存控制头中记录有空闲内存块的大小(包括控制头本身)。内存控制头中有一个复用成员,位于最首部时。当内存块空闲时,作为指向后一个空闲内存块的指针;当内存块占用时,存放魔术字,表示该内存块非空闲。为避免魔术字与指针冲突(与地址值相同),高低4位均为0xf。因为已分配的内存块起始地址需按4字节对齐,所以不存在冲突。 + +#### 内存释放 + +当释放内存时,需要将前后相邻的空闲块进行合并。首先,通过判断控制头中的魔术字,确认地址参数(pAddr)的合法性。通过首地址加偏移值的方式,得到后邻的内存块控制头的起始地址。若后邻内存块是空闲的,则将后邻内存块从所属空闲链表中删除,调整当前内存块的大小。 + +为了使内存释放时能迅速找到前邻的内存块控制头,及判断前邻的内存块是否空闲。内存控制头中增加一个成员,标记前邻的内存块是否空闲。可在内存申请的时,将后邻的该标记设置为占用态(若空闲内存块被分割成两块,前一块为空闲,将当前内存块的该标记设置为空闲态);在内存释放时,将后邻的该标记设置为空闲态。释放当前内存时,若前邻的内存块标记为使用,则不需要合并前邻的内存块;若前邻的内存块标记为空闲,则需要进行合并。若某个内存块为空闲时,则将其后邻控制块的标记设为到本控制块的距离值。 + + ![](./figures/MemoryRelease.png) + +## 支持定时器管理 + +定时器管理是为满足产品定时业务需要,UniProton提供了软件定时器功能。 + +对于软件定时器,是基于Tick实现,所以定时周期必须为Tick的整数倍,在Tick处理函数中进行软件定时器的超时扫描。 + +目前提供的软件定时器接口,可以完成定时器创建,启动,停止,重启,删除操作。 + +## 支持信号量管理 + +信号量(Semaphore)常用于协助一组互相竞争的任务来访问临界资源,在需要互斥的场合作为临界资源计数使用,根据临界资源使用场景分为核内信号量和核间信号量。 + +信号量对象有一个内部计数器,它支持如下两种操作: + +- 申请(Pend):Pend 操作等待指定的信号量,若其计数器值大于0,则直接减1返回成功。否则任务阻塞,等待其他线程发布该信号量,等待的容忍时间可设定。 + +- 释放(Post):Post操作发布指定的信号量,若无任务等待该信号量,则直接将计数器加1返回。否则唤醒为此信号量挂起的任务列表中的第一个任务(最早阻塞的)。 + +通常一个信号量的计数值用于对应有效的资源数,表示剩余可被占用的互斥资源数。其值的含义如下有两种情况: + +- 为0值:表示没有积累下来的Post操作,且有可能有在此信号量上阻塞的任务。 + +- 为正值:表示有一个或多个Post下来的发布操作。 + +## 支持异常管理 + +UniProton中的异常接管属于维测特性,其主要目的是在系统出现异常后,记录尽可能多的异常现场信息,便于后续问题定位。同时提供异常时的钩子函数,便于用户能够在异常发生时做一些用户化的特殊处理。其主要功能是接管内部异常处理或者外部硬件异常。 + +## 支持CPU占用率统计 + +UniProton中的系统CPU占用率(CPU Percent)是指周期时间内系统的CPU占用率,用于表示系统一段时间内的闲忙程度,也表示CPU的负载情况。系统CPU占用率的有效表示范围为0~10000,其精度为万分比。10000表示系统满负荷运转。 + +UniProton中的线程CPU占用率指单个线程的CPU占用率,用于表示单个线程在一段时间内的闲忙程度。线程CPU占用率的有效表示范围为0~10000,其精度为万分比。10000表示在一段时间内系统一直在运行该线程。单核系统所有线程(包括中断和空闲任务)的CPU之和为10000。 + +UniProton的系统级CPU占用率依赖于Tick模块,通过Tick采样IDLE任务或IDLE软中断计数来实现 + +## 支持STM32F407ZGT6开发板 + +支持开发板主要涉及OS内核外围的启动流程和单板驱动,目录结构如下: + +├─apps # 基于UniProton实时OS编程的demo程序。 + +│ └─hello_world # hello_world示例程序。 + +├─bsp # 提供的板级驱动与OS对接。 + +├─build # 提供编译脚本编译出最终镜像。 + +├─config # 配置选项,供用户调整运行时参数。 + +├─include # UniProton实时部分提供的编程接口API。 + +└─libs # UniProton实时部分的静态库,build目录中的makefile示例已经将头文件和静态库的引用准备好,应用可直接使用。 + +## 支持OpenAMP混合部署 + +OpenAMP是一个开源软件框架,旨在通过非对称多处理器的开源解决方案,来标准化异构嵌入式系统中操作环境之间的交互。OpenAMP包括如下四大组件: + +1. remoteproc:管理从核的生命周期,管理共享内存、通信使用的buffer、vring等资源,初始化rpmsg和virtio。 +2. rpmsg:实现多核通信的通道,基于virtio实现。 +3. virtio:通过一套虚拟IO实现主从核的驱动程序通信,是一种半虚拟化技术。 +4. libmetal:屏蔽操作系统实现细节,提供通用用户API访问设备,处理设备中断、内存请求。 + +## 支持POSIX标准接口 + +《[UniProton支持posix标准接口](./uniproton_apis.md)》 + +## 支持设备驱动 + +UniProton的驱动结构、风格与linux类似,将驱动设备文件化,即VFS系统,通过驱动注册接口,将驱动注册到文件系统中,应用层只需要通过标准系统调用,即可调用底层驱动。整个驱动框架代码适配自开源RTOS系统Nuttx的驱动模块,因此接口调用也与Nuttx基本一致。struct file_operations结构体保存设备文件操作的方法,定义在fs.h头文件中,通过register_driver接口将驱动设备挂到对应的struct inode节点中,struct inode描述了每个设备节点的位置和数据。当系统调用操作设备文件时,根据对应文件的inode就能索引到对应的函数。接口详细信息可以查看《[UniProton接口说明](./uniproton_apis.md)》。 + +## 支持Shell命令行 + +UniProton提供shell命令行,它能够以命令行交互的方式访问操作系统的功能或服务:它接受并解析用户输入的命令,并处理操作系统的输出结果。UniProton的shell模块代码适配自开源ROTS系统LiteOS的shell模块。因此与LiteOS一致,用户可以新增定制的命令,新增命令需重新编译烧录后才能执行。当前UniProton只支持了help命令,其他命令将在后续的版本中进行完善。Shell模块为用户提供下面几个接口。 + +| 接口名 | 描述 | +| :---: | :--: | +| SHELLCMD_ENTRY | 静态注册命令 | +| osCmdReg | 动态注册命令 | + +通常静态注册命令方式一般用于注册系统常用命令,动态注册命令方式一般用于注册用户命令。静态注册命令有5个入参,动态注册命令有4个入参。下面除去第一个入参是静态注册独有的,剩余的四个入参两个注册命令是一致的。接口详细信息可以查看[UniProton接口说明](./uniproton_apis.md)。 diff --git a/docs/zh/server/_toc.yaml b/docs/zh/server/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d2464308e5ba9b2e6a7ab175c796379a815dd294 --- /dev/null +++ b/docs/zh/server/_toc.yaml @@ -0,0 +1,89 @@ +label: 服务器 +sections: + - label: 从这里开始 + sections: + - href: ./releasenotes/releasenotes/_toc.yaml + - href: ./quickstart/quickstart/_toc.yaml + - label: 安装升级 + sections: + - href: ./installation_upgrade/installation/_toc.yaml + - href: ./installation_upgrade/upgrade/_toc.yaml + - label: 系统管理 + sections: + - href: ./administration/administrator/_toc.yaml + - href: ./administration/sysmaster/_toc.yaml + - href: ./administration/compa_command/_toc.yaml + - label: 系统运维 + sections: + - href: ./maintenance/aops/_toc.yaml + - href: ./maintenance/gala/_toc.yaml + - href: ./maintenance/sysmonitor/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/syscare/blob/openEuler-24.03-LTS-SP2/docs/zh/_toc.yaml + path: ./syscare + - href: https://gitee.com/openeuler/syscare/blob/openEuler-24.03-LTS-SP2/docs/zh/_toc.yaml + - href: ./maintenance/common_skills/_toc.yaml + - href: ./maintenance/common_tools/_toc.yaml + - href: ./maintenance/troubleshooting/_toc.yaml + - label: 安全 + sections: + - href: ./security/secharden/_toc.yaml + - href: ./security/trusted_computing/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/secGear/blob/master/docs/zh/2403_LTS_SP2/_toc.yaml + path: ./secgear + - href: ./security/cve_ease/_toc.yaml + - href: ./security/cert_signature/_toc.yaml + - href: ./security/shangmi/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/secDetector/blob/master/docs/zh/2403_LTS_SP2/_toc.yaml + path: ./secdetector + - label: 内存与存储 + sections: + - href: ./memory_storage/lvm/_toc.yaml + - href: ./memory_storage/etmem/_toc.yaml + - href: ./memory_storage/gmem/_toc.yaml + - href: ./memory_storage/hsak/_toc.yaml + - href: ./memory_storage/memory/_toc.yaml + - label: 网络 + sections: + - href: ./network/network_config/_toc.yaml + - href: ./network/gazelle/_toc.yaml + - label: 性能调优 + sections: + - label: 概述 + sections: + - href: ./performance/overall/system_resource/_toc.yaml + - label: 调优框架 + sections: + - href: + upstream: https://gitee.com/openeuler/oeAware-manager/blob/master/docs/zh/2403_lts_sp2/_toc.yaml + - label: CPU调优 + sections: + - href: ./performance/cpu_optimization/sysboost/_toc.yaml + - href: ./performance/cpu_optimization/kae/_toc.yaml + - label: 系统调优 + sections: + - href: + upstream: https://gitee.com/openeuler/A-Tune/blob/master/docs/zh/24.03_LTS_SP2/_toc.yaml + path: ./performance/system_optimization/atune + - label: 应用开发 + sections: + - href: ./development/application_dev/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/compiler-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/gcc/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/compiler-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/llvm/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/compiler-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/bisheng_autotuner/_toc.yaml + - href: ./development/ai4c/_toc.yaml + - href: ./development/fangtian/_toc.yaml + - href: ./development/annc/_toc.yaml + - href: ./development/unt/_toc.yaml + - label: HA高可用 + sections: + - href: ./high_availability/ha/_toc.yaml + - label: 多样性算力 + sections: + - href: ./diversified_computing/dpu_offload/_toc.yaml + - href: ./diversified_computing/dpu_os/_toc.yaml diff --git a/docs/zh/server/administration/administrator/_toc.yaml b/docs/zh/server/administration/administrator/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..22ba99e1b7339fc679964195a0ac3c25fe67cd93 --- /dev/null +++ b/docs/zh/server/administration/administrator/_toc.yaml @@ -0,0 +1,28 @@ +label: 管理员指南 +isManual: true +description: openEuler 系统常用的管理员操作 +sections: + - label: 查看系统信息 + href: ./viewing_system_information.md + - label: 基础配置 + href: ./basic_configuration.md + - label: 管理用户和用户组 + href: ./user_and_user_group_management.md + - label: 使用DNF管理软件包 + href: ./using_dnf_to_manage_software_packages.md + - label: 管理服务 + href: ./service_management.md + - label: 管理进程 + href: ./process_management.md + - label: 搭建服务 + href: ./configuring_services.md + sections: + - label: 搭建repo服务器 + href: ./configuring_the_repo_server.md + - label: 搭建FTP服务器 + href: ./configuring_the_ftp_server.md + - label: 搭建web服务器 + href: ./configuring_the_web_server.md + - label: 搭建数据库服务器 + href: ./setting_up_the_database_server.md + \ No newline at end of file diff --git a/docs/zh/server/administration/administrator/administration.md b/docs/zh/server/administration/administrator/administration.md new file mode 100644 index 0000000000000000000000000000000000000000..89dd0f1865325203c28439b9e89e44b99839d526 --- /dev/null +++ b/docs/zh/server/administration/administrator/administration.md @@ -0,0 +1,4 @@ +# 管理员指南 + +本文档提供了openEuler系统常用的管理员操作,方便管理员更好地使用openEuler。 +本文档适用于所有使用openEuler系统的管理员。 diff --git a/docs/zh/server/administration/administrator/basic_configuration.md b/docs/zh/server/administration/administrator/basic_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..c32a8ba76e1c46ff881b429baa46f7d403fa2734 --- /dev/null +++ b/docs/zh/server/administration/administrator/basic_configuration.md @@ -0,0 +1,521 @@ +# 基础配置 + +## 设置语言环境 + +您可以通过localectl修改系统的语言环境,对应的参数设置保存在/etc/locale.conf文件中。这些参数会在系统启动过程中被systemd的守护进程读取。 + +### 显示当前语言环境状态 + +显示当前语言环境,命令如下: + +```shell +localectl status +``` + +例如显示系统当前的设置,命令和输出如下: + +```shell +# localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: cn +``` + +### 列出可用的语言环境 + +显示当前可用的语言环境,命令如下: + +```shell +# localectl list-locales +``` + +例如显示当前系统中所有可用的中文环境,命令和输出如下: + +```shell +# localectl list-locales | grep zh +zh_CN.UTF-8 +``` + +### 设置语言环境 + +要设置语言环境,在root权限下执行如下命令,其中 _locale_ 是您要设置的语言类型,取值范围可通过**localectl list-locales**获取,请根据实际情况修改。 + +```shell +# localectl set-locale LANG=locale +``` + +例如设置为简体中文语言环境,在root权限下执行如下命令: + +```shell +# localectl set-locale LANG=zh_CN.UTF-8 +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>修改后需要重新登录或者在root权限下执行`source /etc/locale.conf`命令刷新配置文件,使修改生效。 + +## 设置键盘 + +您可以通过localectl修改系统的键盘设置,对应的参数设置保存在/etc/locale.conf文件中。这些参数,会在系统启动的早期被systemd的守护进程读取。 + +### 显示当前设置 + +显示当前键盘设置,命令如下: + +```shell +# localectl status +``` + +例如显示系统当前的设置,命令和输出如下: + +```shell +# localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: cn +``` + +### 列出可用的键盘布局 + +显示当前可用的键盘布局,命令如下: + +```shell +# localectl list-keymaps +``` + +例如显示系统当前的中文键盘布局,命令和输出如下: + +```shell +# localectl list-keymaps | grep cn +cn +``` + +### 设置键盘布局 + +设置键盘布局,在root权限下执行如下命令,其中 _map_ 是您想要设置的键盘类型,取值范围可通过**localectl list-keymaps**获取,请根据实际情况修改: + +```shell +# localectl set-keymap map +``` + +此时设置的键盘布局同样也会应用到图形界面中。 + +设置完成后,查看当前状态: + +```shell +# localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: us +``` + +## 设置日期和时间 + +本节介绍如何通过timedatectl、date、hwclock命令来设置系统的日期、时间和时区等。 + +### 使用timedatectl命令设置 + +#### 显示日期和时间 + +显示当前的日期和时间,命令如下: + +```shell +# timedatectl +``` + +例如显示系统当前的日期和时间,命令和输出如下: + +```shell +# timedatectl + Local time: Mon 2019-09-30 04:05:00 EDT + Universal time: Mon 2019-09-30 08:05:00 UTC + RTC time: Mon 2019-09-30 08:05:00 + Time zone: China Standard Time (CST), UTC +8 +System clock synchronized: no + NTP service: inactive + RTC in local TZ: no +``` + +#### 通过远程服务器进行时间同步 + +您可以启用NTP远程服务器进行系统时钟的自动同步。是否启用NTP,可在root权限下执行如下命令进行设置。其中 _boolean_ 可取值yes和no,分别表示启用和不启用NTP进行系统时钟自动同步,请根据实际情况修改。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>若启用了NTP远程服务器进行系统时钟自动同步,则不能手动修改日期和时间。若需要手动修改日期或时间,则需确保已经关闭NTP系统时钟自动同步。可执行`timedatectl set-ntp no`命令进行关闭。 + +例如开启自动远程时间同步,命令如下: + +```shell +# timedatectl set-ntp yes +``` + +#### 修改日期 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>修改日期前,请确保已经关闭NTP系统时钟自动同步。 + +修改当前的日期,在root权限下执行如下命令,其中 _YYYY_ 代表年份,_MM_ 代表月份,_DD_ 代表某天,请根据实际情况修改: + +```shell +# timedatectl set-time YYYY-MM-DD +``` + +例如修改当前的日期为2019年8月14号,命令如下: + +```shell +# timedatectl set-time '2019-08-14' +``` + +#### 修改时间 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>修改时间前,请确保已经关闭NTP系统时钟自动同步。 + +修改当前的时间,在root权限下执行如下命令,其中 _HH_ 代表小时,_MM_ 代表分钟,_SS_ 代表秒,请根据实际情况修改: + +```shell +# timedatectl set-time HH:MM:SS +``` + +例如修改当前的时间为15点57分24秒,命令如下: + +```shell +# timedatectl set-time 15:57:24 +``` + +#### 修改时区 + +显示当前可用时区,命令如下: + +```shell +timedatectl list-timezones +``` + +要修改当前的时区,在root权限下执行如下命令,其中 _time\_zone_ 是您想要设置的时区,请根据实际情况修改: + +```shell +# timedatectl set-timezone time_zone +``` + +例如修改当前的时区,首先查询所在地域的可用时区,此处以Asia为例: + +```shell +# timedatectl list-timezones | grep Asia +Asia/Aden +Asia/Almaty +Asia/Amman +Asia/Anadyr +Asia/Aqtau +Asia/Aqtobe +Asia/Ashgabat +Asia/Baghdad +Asia/Bahrain +…… + +Asia/Seoul +Asia/Shanghai +Asia/Singapore +Asia/Srednekolymsk +Asia/Taipei +Asia/Tashkent +Asia/Tbilisi +Asia/Tehran +Asia/Thimphu +Asia/Tokyo +``` + +然后修改当前的时区为“Asia/Shanghai”,命令如下: + +```shell +# timedatectl set-timezone Asia/Shanghai +``` + +### 使用date命令设置 + +#### 显示当前的日期和时间 + +显示当前的日期和时间,命令如下: + +```shell +# date +``` + +默认情况下,date命令显示本地时间。要显示UTC时间,添加\-\-utc或-u参数: + +```shell +# date --utc +``` + +要自定义对应的输出信息格式,添加 +"format" 参数: + +```shell +# date +"format" +``` + +**表 1** 参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

格式参数

+

说明

+

%H

+

小时以HH格式(例如 17)。

+

%M

+

分钟以MM格式(例如 37)。

+

%S

+

秒以SS格式(例如 25)。

+

%d

+

日期以DD格式(例如 15)。

+

%m

+

月份以MM格式(例如 07)。

+

%Y

+

年份以YYYY格式(例如 2019)。

+

%Z

+

时区缩写(例如CEST)。

+

%F

+

日期整体格式为YYYY-MM-DD(例如 2019-7-15),等同%Y-%m-%d。

+

%T

+

时间整体格式为HH:MM:SS(例如 18:30:25),等同%H:%M:%S。

+
+ +实际使用示例如下: + +- 显示当前的日期和本地时间。 + + ```shell + # date + 2019年 08月 17日 星期六 17:26:34 CST + ``` + +- 显示当前的日期和UTC时间。 + + ```shell + # date --utc + 2019年 08月 17日 星期六 09:26:18 UTC + ``` + +- 自定义date命令的输出。 + + ```shell + # date +"%Y-%m-%d %H:%M" + 2019-08-17 17:24 + ``` + +#### 修改时间 + +要修改当前的时间,添加\-\-set或者-s参数。在root权限下执行如下命令,其中 _HH_ 代表小时,_MM_ 代表分钟,_SS_ 代表秒,请根据实际情况修改: + +```shell +# date --set HH:MM:SS +``` + +默认情况下, date命令设置本地时间。要设置UTC时间,添加\-\-utc或-u参数: + +```shell +# date --set HH:MM:SS --utc +``` + +例如修改当前的时间为23点26分00秒,在root权限下执行如下命令: + +```shell +# date --set 23:26:00 +``` + +#### 修改日期 + +修改当前的日期,添加\-\-set或者-s参数。在root权限下执行如下命令,其中 _YYYY_ 代表年份,_MM_ 代表月份,_DD_ 代表某天,请根据实际情况修改: + +```shell +# date --set YYYY-MM-DD +``` + +例如修改当前的日期为2019年11月2日,命令如下: + +```shell +# date --set 2019-11-02 +``` + +### 使用hwclock命令设置 + +可以使用 hwclock 命令设置硬件时钟RTC \(Real Time Clock\) 。 + +#### 硬件时钟和系统时钟 + +Linux 将时钟分为: + +- 系统时钟 \(System Clock\) :当前Linux Kernel中的时钟。 +- 硬件时钟 RTC:主板上由电池供电的主板硬件时钟,该时钟可以在BIOS的 "Standard BIOS Feature" 项中进行设置。 + +当Linux启动时,会读取硬件时钟,并根据硬件时间来设置系统时间。 + +#### 显示日期和时间 + +显示当前硬件的日期和时间,在root权限下执行如下命令: + +```shell +# hwclock +``` + +例如显示当前硬件的日期和时间,命令和输出如下: + +```shell +# hwclock +2019-08-26 10:18:42.528948+08:00 +``` + +#### 设置日期和时间 + +修改当前硬件的日期和时间,在root权限下执行如下命令,其中 _dd_ 表示日,_mm_ 表示月份,_yyyy_ 表示年份,_HH_ 表示小时,_MM_ 表示分钟,请根据实际情况修改: + +```shell +# hwclock --set --date "yyyy-mm-dd HH:MM" +``` + +例如修改当前的时间为2019年10月21日21点17分,命令如下: + +```shell +# hwclock --set --date "2019-10-21 21:17" +``` + +## 设置kdump + +本节介绍如何设置kdump预留内存及修改kdump配置文件参数。 + +### 设置kdump预留内存 + +#### 预留内存参数格式 + +kdump预留内存参数必须添加到内核启动参数中,配置文件为/boot/efi/EFI/openEuler/grub.cfg(UEFI引导模式)或/boot/grub2/grub.cfg(legacy引导模式),openEuler发布版本中默认已经添加,可以根据实际使用情况调整。添加和修改启动参数后,重启系统生效。kdump预留内存参数格式如下: + +| 内核启动参数 | 描述 | 缺省值 | 备注 | +|--------------------|-------------------------------------------|---------------|------------------------------------------------------------| +| crashkernel=x | 在4G以下的物理内存预留x大小的内存给kdump使用。 | x86版本默认配置512M | 该配置方法只在4G以下内存预留,必须保证4G以下连续可用内存足够预留。 | +| crashkernel=x@y | 在y起始地址预留x大小的内存给kdump使用。 | 未使用 | 需要确保y起始地址的x大小的内存未被其他模块预留。 | +| crashkernel=x,high | 在4G以下的物理内存中预留256M内存,在4G以上预留x大小内存给kdump使用。 | arm64版本默认配置1024M,high | 需要确保4G以下有256M连续可用的物理内存,4G以上有连续的x大小的连续物理内存。实际预留内存大小为256M+x。 | +| crashkernel=x,low crashkernel=y,high | 在4G以下的物理内存中预留x大小,在4G以上预留y大小内存给kdump使用。 | 未使用 | 需要确保4G以下有连续的x大小物理内存,4G以上有连续的y大小物理内存。 | + +### 预留内存推荐值 + +| 推荐方案 | 预留参数 | 参数说明 | +|------|------------------------|----------------------------------------------| +| 通用方案 | crashkernel=2048M,high | 4G以下预留256M,4G以上预留2048M内存给kdump使用。共256+2048M。 | +| 经济方案 | crashkernel=1024M,high | 4G以下预留256M,4G以上预留1024M内存给kdump使用。共256+1024M。 推荐系统512M内存以内的场景,并不使用网络转储kdump文件。对于虚拟机场景,可以适当减少内存预留值,推荐虚拟机设置为crashkernel=512M或者crashkernel=256M,high | +>![](./public_sys-resources/icon-note.gif) **说明:** +>不通过网络转储kdump文件时,需要设置kdump文件系统不打包网络相关驱动。网络驱动加载需要申请较大内存,可能导致预留内存不足,kdump失败。因此建议禁用网络相关驱动。 + +### 禁用网络相关驱动 + +kdump配置文件(/etc/kdump.conf)中,dracut参数可以设置裁剪的驱动模块,可以将网络驱动配置到裁剪驱动列表中,让kdump文件系统中不加载该驱动,修改配置文件后,重启kdump服务生效。dracut参数配置如下所示: + +`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` + +## 设置磁盘调度算法 + +本节介绍如何设置磁盘调度算法。 + +### 临时修改调度策略 + +例如将所有IO调度算法修改为mq-deadline,此修改重启后会失效。 + +```shell +# echo mq-deadline > /sys/block/sd*/queue/scheduler +``` + +### 永久设置调度策略 + +可以通过在内核启动配置文件grub.cfg中的kernel行追加:elevator=mq-deadline,重启后生效。 + +```text +linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap quiet crashkernel=512M elevator=mq-deadline +``` + +## 设置NMI watchdog + +本节介绍openEuler在arm64架构上NMI watchdog方案的差异以及配置。 + +### 概述 + +NMI watchdog(Hard lockup detector)是一种用来检测系统是否出现Hard lockup(硬死锁)的机制。一般的watchdog依赖时钟中断进行挂死检测,当系统在原子上下文(中断,或者中断关闭的上下文中,etc)中出现挂死时,时钟中断处理,检测失效。NMI watchdog一般通过PMC(或者PMU)的NMI中断进行检测,NMI中断可以在原子上下文中产生并处理,因此可以用来检测原子上下文中挂死的场景。 + +NMI watchdog主线已经支持,当硬件满足以下条件时可以使能NMI watchdog: + +1. 支持NMI中断 +2. 支持PMC(PMU) + +在arm64上,openEuler基于arm64的SDEI功能实现了SDEI watchdog作为NMI watchdog。因此openEuler在arm64上存在2种NMI watchdog方案: + +1. SDEI watchdog(默认方式) +2. 基于PMC(PMU)中断的NMI watchdog + +### 注意事项 + +对于arm64机器,需要注意以下事项: + +- 默认情况下使用SDEI watchdog。当SDEI watchdog使能失败时,不会切换到NMI watchdog +- 需要使用NMI watchdog时,需要显式的在启动参数中禁用SDEI watchdog:disable_sdei_nmi_watchdog +- 当需要使用NMI watchdog时,需要保证硬件支持NMI中断: + - 当硬件支持NMI中断时,不需要额外处理 + - 当硬件不支持NMI中断,但是支持伪NMI中断时,需要显式的在启动参数中使能伪NMI中断:irqchip.gicv3_pseudo_nmi=1 + +以上事项不影响非arm64平台。 + +### 操作步骤 + +针对arm64架构配置NMI watchdog的操作步骤如下: + +1. 在OS的引导配置文件grub.cfg中添加如下参数:irqchip.gicv3_pseudo_nmi=1(仅通过Pseudo-NMI实现NMI watchdog时添加) disable_sdei_nmi_watchdog +2. 检查NMI watchdog是否加载成功,如果加载成功,内核dmesg日志打印类似如下内容 + + ``` + [ 11.361889][ T129] NMI watchdog: Enabled. Permanently consumes one hw-PMU counter. + ``` + +### 关闭NMI watchdog + +将NMI watchdog临时关闭,此修改重启后会失效;默认nmi_watchdog=1。 + +```shell +# echo 0 > /proc/sys/kernel/nmi_watchdog +``` + +在OS启动时,可以通过配置内核参数nmi_watchdog=0关闭NMI watchdog。 + +### 修改NMI watchdog阈值 + +修改NMI watchdog阈值,此修改重启后会失效;默认watchdog_thresh=10。 + +```shell +# echo 10 > /proc/sys/kernel/watchdog_thresh +``` + +在OS启动时,可以通过配置内核参数watchdog_thresh=[0-60]修改阈值。 diff --git a/docs/zh/server/administration/administrator/configuring_services.md b/docs/zh/server/administration/administrator/configuring_services.md new file mode 100644 index 0000000000000000000000000000000000000000..72cb121e1c967ead660145cd62b8819585148b63 --- /dev/null +++ b/docs/zh/server/administration/administrator/configuring_services.md @@ -0,0 +1 @@ +# 搭建服务 diff --git a/docs/zh/server/administration/administrator/configuring_the_ftp_server.md b/docs/zh/server/administration/administrator/configuring_the_ftp_server.md new file mode 100644 index 0000000000000000000000000000000000000000..132f79ba90c12b6dff2dbb0ef3d3bc33f8b49afa --- /dev/null +++ b/docs/zh/server/administration/administrator/configuring_the_ftp_server.md @@ -0,0 +1,503 @@ +# 搭建FTP服务器 + +## 总体介绍 + +### FTP简介 + +FTP(File Transfer Protocol)即文件传输协议,是互联网最早的传输协议之一,其最主要的功能是服务器和客户端之间的文件传输。FTP使用户可以通过一套标准的命令访问远程系统上的文件,而不需要直接登录远程系统。另外,FTP服务器还提供了如下主要功能: + +- 用户分类 + + 默认情况下,FTP服务器依据登录情况,将用户分为实体用户(real user)、访客(guest)、匿名用户(anonymous)三类。三类用户对系统的访问权限差异较大,实体用户具有较完整的访问权限,匿名用户仅有下载资源的权限。 + +- 命令记录和日志文件记录 + + FTP可以利用系统的syslogd记录数据,这些数据包括用户历史使用命令与用户传输数据(传输时间、文件大小等),用户可以在/var/log/中获得各项日志信息。 + +- 限制用户的访问范围 + + FTP可以将用户的工作范围限定在用户主目录。用户通过FTP登录后系统显示的根目录就是用户主目录,这种环境被称为change root,简称chroot。这种方式可以限制用户只能访问主目录,而不允许访问/etc、/home、/usr/local等系统的重要目录,从而保护系统,使系统更安全。 + +### FTP使用到的端口 + +FTP的正常工作需要使用到多个网络端口,服务器端会使用到的端口主要有: + +- 命令通道,默认端口为21 +- 数据通道,默认端口为20 + +两者的连接发起端不同,端口21主要接收来自客户端的连接,端口20则是FTP服务器主动连接至客户端。 + +### vsftpd简介 + +由于FTP历史悠久,它采用未加密的传输方式,所以被认为是一种不安全的协议。为了更安全地使用FTP,这里介绍FTP较为安全的守护进程vsftpd(Very Secure FTP Daemon)。 + +之所以说vsftpd安全,是因为它最初的发展理念就是构建一个以安全为中心的FTP服务器。它具有如下特点: + +- vsftpd服务的启动身份为一般用户,具有较低的系统权限。此外,vsftpd使用chroot改变根目录,不会误用系统工具。 +- 任何需要较高执行权限的vsftpd命令均由一个特殊的上层程序控制,该上层程序的权限较低,以不影响系统本身为准。 +- vsftpd整合了大部分FTP会使用到的额外命令(例如dir、ls、cd等),一般不需要系统提供额外命令,对系统来说比较安全。 + +## 使用vsftpd + +### 安装vsftpd + +使用vsftpd需要安装vsftpd软件,在已经配置yum源的情况下,通过root权限执行如下命令,即可完成vsftpd的安装。 + +```shell +# dnf install vsftpd +``` + +### 管理vsftpd服务 + +启动、停止和重启vsftpd服务,请在root权限下执行对应命令。 + +- 启动vsftpd服务 + + ```shell + # systemctl start vsftpd + ``` + + 可以通过netstat命令查看通信端口21是否开启,如下显示说明vsftpd已经启动。 + + ```shell + # netstat -tulnp | grep 21 + tcp6 0 0 :::21 :::* LISTEN 19716/vsftpd + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >如果没有**netstat**命令,可以执行**dnf install net-tools**命令安装后再使用**netstat**命令。 + +- 停止vsftpd服务 + + ```shell + # systemctl stop vsftpd + ``` + +- 重启vsftpd服务 + + ```shell + # systemctl restart vsftpd + ``` + +## 配置vsftpd + +### vsftpd配置文件介绍 + +用户可以通过修改vsftpd的配置文件,控制用户权限等。vsftpd的主要配置文件和含义如[表1](#table1541615718372)所示,用户可以根据需求修改配置文件的内容。更多的配置参数含义可以通过man查看。 + +**表 1** vsftpd配置文件介绍 + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

配置文件

+

含义

+

/etc/vsftpd/vsftpd.conf

+

vsftpd进程的主配置文件,配置内容格式为“参数=参数值”,且参数和参数值不能为空。

+

vsftpd.conf 的详细介绍可以使用如下命令查看:

+

man 5 vsftpd.conf

+

/etc/pam.d/vsftpd

+

PAM(Pluggable Authentication Modules)认证文件,主要用于身份认证和限制一些用户的操作。

+

/etc/vsftpd/ftpusers

+

禁止使用vsftpd的用户列表文件。默认情况下,系统帐号也在该文件中,因此系统帐号默认无法使用vsftpd。

+

/etc/vsftpd/user_list

+

禁止或允许登录vsftpd服务器的用户列表文件。该文件是否生效,取决于主配置文件vsftpd.conf中的如下参数:

+

userlist_enable:是否启用userlist机制,YES为启用,此时userlist_deny配置有效,NO为禁用。

+

userlist_deny:是否禁止user_list中的用户登录,YES为禁止名单中的用户登录,NO为允许命令中的用户登录。

+

例如userlist_enable=YES,userlist_deny=YES,则user_list中的用户都无法登录。

+

/etc/vsftpd/chroot_list

+

是否限制在主目录下的用户列表。该文件默认不存在,需要手动建立。它是主配置文件vsftpd.conf中参数chroot_list_file的参数值。

+

其作用是限制还是允许,取决于主配置文件vsftpd.conf中的如下参数:

+
  • chroot_local_user:是否将所有用户限制在主目录,YES为启用,NO禁用
  • chroot_list_enable:是否启用限制用户的名单,YES为启用,NO禁用。
+

例如chroot_local_user=YES,chroot_list_enable=YES,且指定chroot_list_file=/etc/vsftpd/chroot_list时,表示所有用户被限制在其主目录下,而chroot_list中的用户不受限制。

+

/usr/sbin/vsftpd

+

vsftpd的唯一执行文件。

+

/var/ftp/

+

匿名用户登录的默认根目录,与ftp帐户的用户主目录有关。

+
+ +### 默认配置说明 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>文档中的配置内容仅供参考,请用户根据实际情况(例如安全加固需要)进行修改。 + +openEuler系统中 ,vsftpd默认不开放匿名用户,使用vim命令查看主配置文件,其内容如下: + +```shell +# vim /etc/vsftpd/vsftpd.conf +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +listen=NO +listen_ipv6=YES +pam_service_name=vsftpd +userlist_enable=YES +``` + +其中各参数含义如[表2](#table18185162512499)所示。 + +**表 2** 参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

参数

+

含义

+

anonymous_enable

+

是否允许匿名用户登录,YES为允许匿名登录,NO为不允许。

+

local_enable

+

是否允许本地用户登入,YES 为允许本地用户登入,NO为不允许。

+

write_enable

+

是否允许登录用户有写权限,YES为启用上传写入功能,NO为禁用。

+

local_umask

+

本地用户新增档案时的umask值。

+

dirmessage_enable

+

当用户进入某个目录时,是否显示该目录需要注意的内容,YES为显示注意内容,NO为不显示。

+

xferlog_enable

+

是否记录使用者上传与下载文件的操作,YES为记录操作,NO为不记录。

+

connect_from_port_20

+

Port模式进行数据传输是否使用端口20,YES为使用端口20,NO为不使用端口20。

+

xferlog_std_format

+

传输日志文件是否以标准xferlog格式书写,YES为使用该格式书写,NO为不使用。

+

listen

+

设置vsftpd是否以stand alone的方式启动,YES为使用stand alone方式启动,NO为不使用该方式。

+

pam_service_name

+

支持PAM模块的管理,配置值为服务名称,例如vsftpd。

+

userlist_enable

+

是否支持/etc/vsftpd/user_list文件内的帐号登录控制,YES为支持,NO为不支持。

+

tcp_wrappers

+

是否支持TCP Wrappers的防火墙机制,YES为支持,NO为不支持。

+

listen_ipv6

+

是否侦听IPv6的FTP请求,YES为侦听,NO为不侦听。listen和listen_ipv6不能同时开启。

+
+ +### 配置本地时间 + +#### 概述 + +openEuler系统中,vsftpd默认使用GMT时间(格林尼治时间),可能和本地时间不一致,例如GMT时间比北京时间晚8小时,请用户改为本地时间,否则服务器和客户端时间不一致,在上传下载文件时可能引起错误。 + +#### 设置方法 + +在root权限下设置vsftpd时间为本地时间的操作步骤如下: + +1. 打开配置文件vsftpd.conf,将参数use\_localtime的参数值改为YES。命令如下: + + ```shell + # vim /etc/vsftpd/vsftpd.conf + ``` + + 配置内容如下: + + ```text + use_localtime=YES + ``` + +2. 重启vsftpd服务。 + + ```shell + # systemctl restart vsftpd + ``` + +3. 设置vsftpd服务开机启动。 + + ```shell + # systemctl enable vsftpd + ``` + +### 配置欢迎信息 + +使用vsftpd服务,建议新建欢迎信息文件(没有也不影响使用)。在root权限下设置vsftpd的欢迎信息welcome.txt文件的操作步骤如下: + +1. 打开配置文件vsftpd.conf,加入欢迎信息文件配置内容后保存退出。 + + ```shell + # vim /etc/vsftpd/vsftpd.conf + ``` + + 需要加入的配置行如下: + + ```shell + banner_file=/etc/vsftpd/welcome.txt + ``` + +2. 建立欢迎信息。即打开welcome.txt文件,写入欢迎信息后保存退出。 + + ```shell + # vim /etc/vsftpd/welcome.txt + ``` + + 欢迎信息举例如下: + + ```text + Welcome to this FTP server! + ``` + +### 配置系统帐号登录权限 + +一般情况下,用户需要限制部分帐号的登录权限。用户可根据需要进行配置。 + +vsftpd有两个默认存放用户名单的文件,来对访问FTP服务的用户身份进行管理和限制。vsftpd会分别检查两个配置文件,只要是被任何一个文件所禁止的用户,FTP访问到本机的请求都会被拒绝。 + +- /etc/vsftpd/user_list:可以作为用户白名单,或者是黑名单,或者无效名单,由userlist_enable和userlist_deny这两个参数决定。 +- /etc/vsftpd/ftpusers:只能是用户黑名单,不受任何参数限制。 + +## 验证FTP服务是否搭建成功 + +可以使用openEuler提供的FTP客户端进行验证。命令和回显如下,根据提示输入用户名(用户为系统中存在的用户)和密码。如果显示Login successful,即说明FTP服务器搭建成功。 + +```shell +# ftp localhost +Trying 127.0.0.1... +Connected to localhost (127.0.0.1). +220-Welcome to this FTP server! +220 +Name (localhost:root): USERNAME +331 Please specify the password. +Password: +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> bye +221 Goodbye. +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果没有**ftp**命令,可以在root权限下执行**dnf install ftp**命令安装后再使用**ftp**命令。 + +## 配置防火墙 + +如果要将FTP开放给Internet使用,需要在root权限下对防火墙和SElinux进行设置。 + +```shell +# firewall-cmd --add-service=ftp --permanent +success +# firewall-cmd --reload +success +# setsebool -P ftpd_full_access on +``` + +## 传输文件 + +### 概述 + +这里给出vsftpd服务启动后,如何进行文件传输的指导。 + +### 连接服务器 + +#### 命令格式 + +**ftp** \[_hostname_ | _ip-address_\] + +其中hostname为服务器名称,ip-address为服务器IP地址。 + +#### 操作说明 + +在openEuler系统的命令行终端,执行如下命令: + +```shell +# ftp ip-address +``` + +根据提示输入用户名和密码,认证通过后显示如下,说明ftp连接成功,此时进入了连接到的服务器目录。 + +```shell +ftp> +``` + +在该提示符下,可以输入不同的命令进行相关操作: + +- 显示服务器当前路径 + + ```shell + ftp>pwd + ``` + +- 显示本地路径,用户可以将该路径下的文件上传到FTP服务器对应位置 + + ```shell + ftp>lcd + ``` + +- 退出当前窗口,返回本地Linux终端 + + ```shell + ftp>! + ``` + +### 下载文件 + +通常使用get或mget命令下载文件。 + +#### get使用方法 + +- 功能说明:将文件从远端主机中传送至本地主机中 +- 命令格式:**get** \[_remote-file_\] \[_local-file_\] + + 其中 _remote-file_ 为远程文件,_local-file_ 为本地文件 + +- 示例:获取远程服务器上的/home/openEuler/openEuler.htm文件到本地/home/myopenEuler/,并改名为myopenEuler.htm,命令如下: + + ```shell + ftp> get /home/openEuler/openEuler.htm /home/myopenEuler/myopenEuler.htm + ``` + +#### mget使用方法 + +- 功能说明:从远端主机接收一批文件至本地主机 +- 命令格式:**mget** \[_remote-file_\] + + 其中 _remote-file_ 为远程文件 + +- 示例:获取服务器上/home/openEuler/目录下的所有文件,命令如下: + + ```shell + ftp> cd /home/openEuler/ + ftp> mget *.* + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >- 此时每下载一个文件,都会有提示信息。如果要屏蔽提示信息,则在 **mget \*.\*** 命令前先执行**prompt off** + >- 文件都被下载到Linux主机的当前目录下。比如,在/home/myopenEuler/下运行的ftp命令,则文件都下载到/home/myopenEuler/下。 + +### 上传文件 + +通常使用put或mput命令上传文件。 + +#### put使用方法 + +- 功能说明:将本地的一个文件传送到远端主机中 +- 命令格式:**put** \[_local-file_\] \[_remote-file_\] + + 其中 _remote-file_ 为远程文件,_local-file_ 为本地文件 + +- 示例:将本地的myopenEuler.htm传送到远端主机/home/openEuler/,并改名为openEuler.htm,命令如下: + + ```shell + ftp> put myopenEuler.htm /home/openEuler/openEuler.htm + ``` + +#### mput使用方法 + +- 功能说明:将本地主机中一批文件传送至远端主机 +- 命令格式:**mput** \[_local-file_\] + + 其中 _local-file_ 为本地文件 + +- 示例:将本地当前目录下所有htm文件上传到服务器/home/openEuler/下,命令如下: + + ```shell + ftp> cd /home/openEuler/ + ftp> mput *.htm + ``` + +### 删除文件 + +通常使用delete或mdelete命令删除文件。 + +#### delete使用方法 + +- 功能说明:删除远程服务器上的一个或多个文件 +- 命令格式:**delete** \[_remote-file_\] + + 其中 _remote-file_ 为远程文件 + +- 示例:删除远程服务器上/home/openEuler/下的openEuler.htm文件,命令如下: + + ```shell + ftp> cd /home/openEuler/ + ftp> delete openEuler.htm + ``` + +#### mdelete使用方法 + +- 功能说明:删除远程服务器上的文件,常用于批量删除 +- 命令格式:**mdelete** \[_remote-file_\] + + 其中 _remote-file_ 为远程文件 + +- 示例:删除远程服务器上/home/openEuler/下所有a开头的文件,命令如下: + + ```shell + ftp> cd /home/openEuler/ + ftp> mdelete a* + ``` + +### 断开服务器 + +断开与服务器的连接,使用bye命令,如下: + +```shell +ftp> bye +``` diff --git a/docs/zh/server/administration/administrator/configuring_the_repo_server.md b/docs/zh/server/administration/administrator/configuring_the_repo_server.md new file mode 100644 index 0000000000000000000000000000000000000000..96afeaf6e9134cd695066eed255a1aa40e958fcd --- /dev/null +++ b/docs/zh/server/administration/administrator/configuring_the_repo_server.md @@ -0,0 +1,375 @@ +# 搭建repo服务器 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](../../releasenotes/releasenotes/os_installation.md)。若用户无法在线获取openEuler repo源,则可使用openEuler提供的ISO发布包创建为本地openEuler repo源。本章节中以openEuler-{version}-aarch64-dvd.iso发布包为例,请根据实际需要的ISO发布包进行修改。 + +## 概述 + +将openEuler提供的ISO发布包openEuler-{version}-aarch64-dvd.iso创建为repo源,如下以使用nginx进行repo源部署,提供http服务为例进行说明。 + +## 创建/更新本地repo源 + +使用mount挂载,将openEuler的ISO发布包openEuler-{version}-aarch64-dvd.iso创建为repo源,并能够对repo源进行更新。 + +### 获取ISO发布包 + +请从如下网址获取openEuler的ISO发布包: + +[https://repo.openeuler.org/openEuler-{version}/ISO/](https://repo.openeuler.org/openEuler-{version}/ISO/) + +### 挂载ISO创建repo源 + +在root权限下使用mount命令挂载ISO发布包。 + +示例如下: + +```shell +# mount /home/openEuler/openEuler-{version}-aarch64-dvd.iso /mnt/ +``` + +挂载好的mnt目录如下: + +```text +. +│── boot.catalog +│── docs +│── EFI +│── images +│── Packages +│── repodata +│── TRANS.TBL +└── RPM-GPG-KEY-openEuler +``` + +其中,Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 + +### 创建本地repo源 + +可以拷贝ISO发布包中相关文件至本地目录以创建本地repo源,示例如下: + +```shell +# mount /home/openEuler/openEuler-{version}-aarch64-dvd.iso /mnt/ +# mkdir -p /home/openEuler/srv/repo/ +# cp -r /mnt/Packages /home/openEuler/srv/repo/ +# cp -r /mnt/repodata /home/openEuler/srv/repo/ +# cp -r /mnt/RPM-GPG-KEY-openEuler /home/openEuler/srv/repo/ +``` + +从而本地repo目录如下: + +```text +. +│── Packages +│── repodata +└── RPM-GPG-KEY-openEuler +``` + +Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 + +### 更新repo源 + +更新repo源有两种方式: + +- 通过新版本的ISO更新已有的repo源,与创建repo源的方式相同,即挂载ISO发布包或重新拷贝ISO发布包至本地目录。 + +- 在repo源的Packages目录下添加rpm包,然后通过createrepo命令更新repo源。 + + ```shell + # createrepo --update --workers=10 ~/srv/repo + ``` + + 其中,\-\-update表示更新,\-\-workers表示线程数,可自定义。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >若命令打印信息为“createrepo:未找到命令”,则表示未安装createrepo软件,可在root权限下执行**dnf install createrepo**进行安装。 + +## 部署远端repo源 + +安装openEuler操作系统,在openEuler上通过nginx部署repo源。 + +### nginx安装与配置 + +1. 请自行下载nginx工具并在root权限下安装nginx。 +2. 安装nginx之后,在root权限下配置/etc/nginx/nginx.conf。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >文档中的配置内容仅供参考,请用户根据实际情况(例如安全加固需要)进行配置。 + + ```text + user nginx; + worker_processes auto; # 建议设置为core-1 + error_log /var/log/nginx/error.log warn; # log存放位置 + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + sendfile on; + keepalive_timeout 65; + + server { + listen 80; + server_name localhost; # 服务器名(url) + client_max_body_size 4G; + root /usr/share/nginx/repo; # 服务默认目录 + + location / { + autoindex on; # 开启访问目录下层文件 + autoindex_exact_size on; + autoindex_localtime on; + } + + } + + } + ``` + +### 启动nginx服务 + +1. 在root权限下通过systemctl命令启动nginx服务: + + ```shell + # systemctl enable nginx + # systemctl start nginx + ``` + +2. nginx是否启动成功可通过下面命令查看: + + ```shell + # systemctl status nginx + ``` + + - [图1](#zh-cn_topic_0151920971_fd25e3f1d664b4087ae26631719990a71)表示nginx服务启动成功 + + **图 1** nginx服务启动成功 + ![](./figures/nginx_start_success.png) + + - 若nginx服务启动失败,查看错误信息: + + ```shell + # systemctl status nginx.service --full + ``` + + **图 2** nginx服务启动失败 + ![](./figures/nginx_start_failed.png) + + 如[图2](#zh-cn_topic_0151920971_f1f9f3d086e454b9cba29a7cae96a4c54)所示nginx服务创建失败,是由于目录/var/spool/nginx/tmp/client\_body创建失败,在root权限下手动进行创建,类似的问题也这样处理: + + ```shell + # mkdir -p /var/spool/nginx/tmp/client_body + # mkdir -p /var/spool/nginx/tmp/proxy + # mkdir -p /var/spool/nginx/tmp/fastcgi + # mkdir -p /usr/share/nginx/uwsgi_temp + # mkdir -p /usr/share/nginx/scgi_temp + ``` + +### repo源部署 + +1. 在root权限下创建nginx配置文件/etc/nginx/nginx.conf中指定的目录/usr/share/nginx/repo: + + ```shell + # mkdir -p /usr/share/nginx/repo + ``` + +2. 在root权限下修改目录/usr/share/nginx/repo的权限: + + ```shell + # chmod -R 755 /usr/share/nginx/repo + ``` + +3. 设置防火墙规则,开启nginx设置的端口(此处为80端口),在root权限下通过firewall设置端口开启: + + ```shell + # firewall-cmd --add-port=80/tcp --permanent + # firewall-cmd --reload + ``` + + 在root权限下查询80端口是否开启成功,输出为yes则表示80端口开启成功: + + ```shell + # firewall-cmd --query-port=80/tcp + ``` + + 也可在root权限下通过iptables来设置80端口开启: + + ```shell + # iptables -I INPUT -p tcp --dport 80 -j ACCEPT + ``` + +4. nginx服务设置好之后,即可通过ip直接访问网页,如[图3](#zh-cn_topic_0151921017_fig1880404110396): + + **图 3** nginx部署成功 + ![](./figures/nginx_deployed_success.png) + +5. 通过下面几种方式将repo源放入到/usr/share/nginx/repo下: + - 在root权限下拷贝镜像中相关文件至/usr/share/nginx/repo下,并修改目录权限。 + + ```shell + # mount /home/openEuler/openEuler-{version}-aarch64-dvd.iso /mnt/ + # cp -r /mnt/Packages /usr/share/nginx/repo + # cp -r /mnt/repodata /usr/share/nginx/repo + # cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo + # chmod -R 755 /usr/share/nginx/repo + ``` + + openEuler-{version}-aarch64-dvd.iso存放在/home/openEuler目录下。 + + - 使用root在/usr/share/nginx/repo下创建repo源的软链接。 + + ```shell + # ln -s /mnt /usr/share/nginx/repo/os + ``` + + /mnt为已经创建好的repo源,/usr/share/nginx/repo/os将指向/mnt。 + +## 使用repo源 + +repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一个Shell前端软件包管理器。基于RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软件包,无须繁琐地一次次下载和安装。 + +### repo配置为yum源(软件源) + +构建好的repo可以配置为yum源使用,在/etc/yum.repos.d/目录下使用root权限创建\*\*\*.repo的配置文件(必须以.repo为扩展名),分为本地和http服务器配置yum源两种方式: + +- 配置本地yum源 + + 在/etc/yum.repos.d目录下创建openEuler.repo文件,使用构建的本地repo源作为yum源,openEuler.repo的内容如下: + + ```text + [base] + name=base + baseurl=file:///home/openEuler/srv/repo + enabled=1 + gpgcheck=1 + gpgkey=file:///home/openEuler/srv/repo/RPM-GPG-KEY-openEuler + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**base**。 + > - name为软件仓库描述的字符串。 + > - baseurl为软件仓库的地址。 + > - enabled为是否启用该软件源仓库,可选值为1和0。缺省值为1,表示启用该软件源仓库。 + > - gpgcheck可设置为1或0,1表示进行gpg(GNU Private Guard)校验,0表示不进行gpg校验,gpgcheck可以确定rpm包的来源是有效和安全的。 + > - gpgkey为验证签名用的公钥。 + +- 配置http服务器yum源 + + 在/etc/yum.repos.d目录下创建openEuler.repo文件。 + + - 若使用用户部署的http服务端的repo源作为yum源,openEuler.repo的内容如下: + + ```text + [base] + name=base + baseurl=http://192.168.139.209/ + enabled=1 + gpgcheck=1 + gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >“192.168.139.209”为示例地址,请用户根据实际情况进行配置。 + + - 若使用openEuler提供的openEuler repo源作为yum源,以AArch64架构的OS repo源为例,openEuler.repo的内容如下: + + ```text + [base] + name=base + baseurl=http://repo.openeuler.org/openEuler-{version}/OS/aarch64/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/aarch64/RPM-GPG-KEY-openEuler + ``` + +### repo优先级 + +当有多个repo源时,可通过在.repo文件的priority参数设置repo的优先级(如果不设置,默认优先级是99,当相同优先级的源中存在相同rpm包时,会安装最新的版本)。其中,1为最高优先级,99为最低优先级,如给openEuler.repo配置优先级为2: + +```text +[base] +name=base +baseurl=http://192.168.139.209/ +enabled=1 +priority=2 +gpgcheck=1 +gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler +``` + +### dnf相关命令 + +dnf命令在安装升级时能够自动解析包的依赖关系,一般的使用方式如下: + +```shell +dnf +``` + +常用的命令如下: + +- 安装,需要在root权限下执行。 + + ```shell + # dnf install + ``` + +- 升级,需要在root权限下执行。 + + ```shell + # dnf update + ``` + +- 回退,需要在root权限下执行。 + + ```shell + # dnf downgrade + ``` + +- 检查更新 + + ```shell + # dnf check-update + ``` + +- 卸载,需要在root权限下执行。 + + ```shell + # dnf remove + ``` + +- 查询 + + ```shell + # dnf search + ``` + +- 本地安装,需要在root权限下执行。 + + ```shell + # dnf localinstall + ``` + +- 查看历史记录 + + ```shell + # dnf history + ``` + +- 清除缓存目录 + + ```shell + # dnf clean all + ``` + +- 更新缓存 + + ```shell + # dnf makecache + ``` diff --git a/docs/zh/server/administration/administrator/configuring_the_web_server.md b/docs/zh/server/administration/administrator/configuring_the_web_server.md new file mode 100644 index 0000000000000000000000000000000000000000..4f6ebf9f0698fee5ca68d09b75f0dbb8d7292445 --- /dev/null +++ b/docs/zh/server/administration/administrator/configuring_the_web_server.md @@ -0,0 +1,502 @@ +# 搭建web服务器 + +## Apache服务器 + +### 概述 + +Web(World Wide Web)是目前最常用的Internet协议之一。目前在Unix-Like系统中的web服务器主要通过Apache服务器软件实现。为了实现运营动态网站,产生了LAMP(Linux + Apache +MySQL + PHP)。web服务可以结合文字、图形、影像以及声音等多媒体,并支持超链接(Hyperlink)的方式传输信息。 + +openEuler系统中的web服务器版本是Apache HTTP服务器2.4版本,即httpd,一个由Apache软件基金会发展而来的开源web服务器。 + +### 管理httpd + +#### 概述 + +通过systemctl工具,可以对httpd服务进行管理,包括启动、停止、重启服务,以及查看服务状态等。本章介绍Apache HTTP服务的管理操作,以指导用户使用。 + +#### 前提条件 + +- 为了能够使用Apache HTTP服务,请确保您的系统中已经安装httpd服务的rpm包。在root权限下执行如下命令进行安装: + + ```shell + # dnf install httpd + ``` + + 更多关于管理服务的内容,请参见[管理服务](./service_management.md)。 + +- 启动、停止和重启httpd服务,需要使用root权限。 + +#### 启动服务 + +- 启动并运行httpd服务,命令如下: + + ```shell + # systemctl start httpd + ``` + +- 假如希望在系统启动时,httpd服务自动启动,则命令和回显如下: + + ```shell + # systemctl enable httpd + Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>假如正在运行的Apache HTTP服务器作为一个安全服务器,系统开机启动后需要密码,这个密码使用的是加密的私有SSL密钥。 + +#### 停止服务 + +- 停止运行的httpd服务,命令如下: + + ```shell + # systemctl stop httpd + ``` + +- 如果希望防止服务在系统开机阶段自动开启,命令和回显如下: + + ```shell + # systemctl disable httpd + Removed /etc/systemd/system/multi-user.target.wants/httpd.service. + ``` + +#### 重启服务 + +重启服务有三种方式: + +- 完全重启服务 + + ```shell + # systemctl restart httpd + ``` + + 该命令会停止运行的httpd服务并且立即重新启动它。一般在服务安装以后或者去除一个动态加载的模块(例如PHP)时使用这个命令。 + +- 重新加载配置 + + ```shell + # systemctl reload httpd + ``` + + 该命令会使运行的httpd服务重新加载它的配置文件。任何当前正在处理的请求将会被中断,从而造成客户端浏览器显示一个错误消息或者重新渲染部分页面。 + +- 重新加载配置而不影响激活的请求 + + ```shell + # apachectl graceful + ``` + + 该命令会使运行的httpd服务重新加载它的配置文件。任何当前正在处理的请求将会继续使用旧的配置文件。 + +#### 验证服务状态 + +验证httpd服务是否正在运行。 + +```shell +# systemctl is-active httpd +``` + +回显为“active”说明服务处于运行状态。 + +### 配置文件说明 + +当httpd服务启动后,默认情况下它会读取如[表1](#table24341012096)所示的配置文件。 + +**表 1** 配置文件说明 + + + + + + + + + + + + + +

文件

+

说明

+

/etc/httpd/conf/httpd.conf

+

主要的配置文件

+

/etc/httpd/conf.d

+

配置文件的辅助目录,这些配置文件也被包含在主配置文件当中

+

一个配置文件的辅助目录被包含在主要的配置文件中

+
+ +虽然默认配置可以适用于多数情况,但是用户至少需要熟悉里面的一些重要配置项。配置文件修改完成后,可以在root权限下使用如下命令检查配置文件可能出现的语法错误。 + +```shell +# apachectl configtest +``` + +如果回显如下,说明配置文件语法正确。 + +```text +Syntax OK +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 在修改配置文件之前,请先备份原始文件,以便出现问题时能够快速恢复配置文件。 +>- 需要重启web服务,才能使修改后的配置文件生效。 + +### 管理模块和SSL + +#### 概述 + +httpd服务是一个模块化的应用,它和许多动态共享对象DSO(Dynamic Shared Objects)一起分发。动态共享对象DSO,在必要情况下,可以在运行时被动态加载或卸载。服务器操作系统中这些模块位于/usr/lib64/httpd/modules/目录下。本节介绍如何加载和写入模块。 + +#### 加载模块 + +为了加载一个特殊的DSO模块,在配置文件中使用加载模块指示。独立软件包提供的模块一般在/etc/httpd/conf.modules.d目录下有他们自己的配置文件。 + +例如,加载asis DSO模块的操作步骤如下: + +1. 在/etc/httpd/conf.modules.d/00-optional.conf文件中,使用root权限取消注释如下配置行。 + + ```shell + LoadModule asis_module modules/mod_asis.so + ``` + +2. 加载完成后,请使用root权限重启httpd服务以便于重新加载配置文件。 + + ```shell + # systemctl restart httpd + ``` + +3. 加载完成后,在root权限下使用httpd -M的命令查看是否已经加载了asis DSO模块。 + + ```shell + # httpd -M | grep asis + ``` + + 回显如下,说明asis DSO模块加载成功。 + + ```text + asis_module (shared) + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>**httpd 的常用命令** +> +>- httpd -v : 查看httpd的版本号。 +>- httpd -l:查看编译进httpd程序的静态模块。 +>- httpd -M:查看已经编译进httpd程序的静态模块和已经加载的动态模块。 + +#### SSL介绍 + +安全套接层SSL(Secure Sockets Layer)是一个允许服务端和客户端之间进行安全通信的加密协议。其中,传输层安全性协议TLS(Transport Layer Security)为网络通信提供了安全性和数据完整性保障。openEuler支持Mozilla NSS(Network Security Services)作为安全性协议TLS进行配置。加载SSL的操作步骤如下: + +1. 在root权限下安装mod\_ssl的rpm包。 + + ```shell + # dnf install mod_ssl + ``` + +2. 安装完成后,请在root权限下重启httpd服务以便于重新加载配置文件。 + + ```shell + # systemctl restart httpd + ``` + +3. 加载完成后,在root权限下使用httpd -M的命令查看是否已经加载了SSL。 + + ```shell + # httpd -M | grep ssl + ``` + + 回显如下,说明SSL已加载成功。 + + ```text + ssl_module (shared) + ``` + +### 验证web服务是否搭建成功 + +Web服务器搭建完成后,可以通过如下方式验证是否搭建成功。 + +1. 在root权限下查看服务器的IP地址,命令如下: + + ```shell + # ip a + + ``` + +2. 在root权限下配置防火墙: + + ```shell + # firewall-cmd --add-service=http --permanent + success + # firewall-cmd --reload + success + ``` + +3. 验证web服务器是否搭建成功,用户可选择Linux或Windows系统进行验证。 + - 使用Linux系统验证 + + 执行如下命令,查看是否可以访问网页信息,服务搭建成功时,该网页可以正常访问。 + + ```shell + # curl http://192.168.1.60 + ``` + + 执行如下命令,查看命令返回值是否为0,返回值为0,说明httpd服务器搭建成功。 + + ```shell + # echo $? + ``` + + - 使用Windows系统验证 + + 打开浏览器,在地址栏输入如下地址,如果能正常访问网页,说明httpd服务器搭建成功。 + + + + 如果修改了端口号,输入地址格式如下: + + + +## Nginx服务器 + +### 概述 + +Nginx 是一款轻量级的 Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,其特点是占有内存少,并发能力强,支持FastCGI、SSL、Virtual Host、URL Rewrite、Gzip等功能,并且支持很多第三方的模块扩展。 + +### 安装 + +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./configuring_the_repo_server.md)。 + +2. 清除缓存。 + + ```shell + # dnf clean all + ``` + +3. 创建缓存。 + + ```shell + # dnf makecache + ``` + +4. 在root权限下安装nginx服务。 + + ```shell + # dnf install nginx + ``` + +5. 查看安装后的rpm包。 + + ```shell + # dnf list all | grep nginx + ``` + +### 管理nginx + +#### 概述 + +通过systemctl工具,可以对nginx服务进行管理,包括启动、停止、重启服务,以及查看服务状态等。本章介绍nginx服务的管理操作,以指导用户使用。 + +#### 前提条件 + +- 为了能够使用nginx服务,请确保您的系统中已经安装nginx服务。若未安装,可参考[安装](#安装)进行安装。 + +- 更多关于管理服务的内容,请参见[管理服务](./service_management.md)。 + +- 启动、停止和重启nginx服务,需要使用root权限。 + +#### 启动服务 + +- 启动并运行nginx服务,命令如下: + + ```shell + # systemctl start nginx + ``` + +- 假如希望在系统启动时,nginx服务自动启动,则命令和回显如下: + + ```shell + # systemctl enable nginx + Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service. + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>假如正在运行的nginx服务器作为一个安全服务器,系统开机启动后需要密码,这个密码使用的是加密的私有SSL密钥。 + +#### 停止服务 + +- 停止运行的nginx服务,命令如下: + + ```shell + # systemctl stop nginx + ``` + +- 如果希望防止服务在系统开机阶段自动开启,命令和回显如下: + + ```shell + # systemctl disable nginx + Removed /etc/systemd/system/multi-user.target.wants/nginx.service. + ``` + +#### 重启服务 + +重启服务有三种方式: + +- 完全重启服务 + + ```shell + # systemctl restart nginx + ``` + + 该命令会停止运行的nginx服务并且立即重新启动它。一般在服务安装以后或者去除一个动态加载的模块(例如PHP)时使用这个命令。 + +- 重新加载配置 + + ```shell + # systemctl reload nginx + ``` + + 该命令会使运行的nginx服务重新加载它的配置文件。任何当前正在处理的请求将会被中断,从而造成客户端浏览器显示一个错误消息或者重新渲染部分页面。 + +- 平滑重启nginx + + ```shell + # kill -HUP 主进程ID + ``` + + 该命令会使运行的nginx服务重新加载它的配置文件。任何当前正在处理的请求将会继续使用旧的配置文件。 + +#### 验证服务状态 + +验证nginx服务是否正在运行 + +```shell +# systemctl is-active nginx +``` + +回显为“active”说明服务处于运行状态。 + +### 配置文件说明 + +当nginx服务启动后,默认情况下它会读取如[表2](#table24341012096)所示的配置文件。 + +**表 2** 配置文件说明 + + + + + + + + + + + + + +

文件

+

说明

+

/etc/nginx/nginx.conf

+

主要的配置文件

+

/etc/nginx/conf.d

+

配置文件的辅助目录,这些配置文件也被包含在主配置文件当中

+

一个配置文件的辅助目录被包含在主要的配置文件中

+
+ +虽然默认配置可以适用于多数情况,但是用户至少需要熟悉里面的一些重要配置项。配置文件修改完成后,可以在root权限下使用如下命令检查配置文件可能出现的语法错误。 + +```shell +# nginx -t +``` + +如果回显信息中有“syntax is ok”,说明配置文件语法正确。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 在修改配置文件之前,请先备份原始文件,以便出现问题时能够快速恢复配置文件。 +>- 需要重启web服务,才能使修改后的配置文件生效。 + +### 管理模块 + +#### 概述 + +nginx服务是一个模块化的应用,它和许多动态共享对象DSO(Dynamic Shared Objects)一起分发。动态共享对象DSO,在必要情况下,可以在运行时被动态加载或卸载。服务器操作系统中这些模块位于/usr/lib64/nginx/modules/目录下。本节介绍如何加载和写入模块。 + +#### 加载模块 + +为了加载一个特殊的DSO模块,在配置文件中使用加载模块指示。独立软件包提供的模块一般在/usr/share/nginx/modules目录下有他们自己的配置文件。 + +openEuler操作系统中使用dnf install nginx安装nginx时会自动加载DSO。 + +### 验证web服务是否搭建成功 + +Web服务器搭建完成后,可以通过如下方式验证是否搭建成功。 + +1. 在root权限下查看服务器的IP地址,命令如下: + + ```shell + # ip a + ``` + + 回显信息如下,说明服务器IP为 192.168.1.60。 + + ```text + enp3s0: flags=4163 mtu 1500 + inet 192.168.1.60 netmask 255.255.255.0 broadcast 192.168.1.255 + inet6 fe80::5054:ff:fe95:499f prefixlen 64 scopeid 0x20 + ether 52:54:00:95:49:9f txqueuelen 1000 (Ethernet) + RX packets 150713207 bytes 49333673733 (45.9 GiB) + RX errors 0 dropped 43 overruns 0 frame 0 + TX packets 2246438 bytes 203186675 (193.7 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + + enp4s0: flags=4163 mtu 1500 + ether 52:54:00:7d:80:9e txqueuelen 1000 (Ethernet) + RX packets 149937274 bytes 44652889185 (41.5 GiB) + RX errors 0 dropped 1102561 overruns 0 frame 0 + TX packets 0 bytes 0 (0.0 B) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + + lo: flags=73 mtu 65536 + inet 127.0.0.1 netmask 255.0.0.0 + inet6 ::1 prefixlen 128 scopeid 0x10 + loop txqueuelen 1000 (Local Loopback) + RX packets 37096 bytes 3447369 (3.2 MiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 37096 bytes 3447369 (3.2 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + ``` + +2. 在root权限下配置防火墙: + + ```shell + # firewall-cmd --add-service=http --permanent + success + # firewall-cmd --reload + success + ``` + +3. 验证web服务器是否搭建成功,用户可选择Linux或Windows系统进行验证。 + - 使用Linux系统验证 + + 执行如下命令,查看是否可以访问网页信息,服务搭建成功时,该网页可以正常访问。 + + ```shell + # curl http://192.168.1.60 + ``` + + 执行如下命令,查看命令返回值是否为0,返回值为0,说明nginx服务器搭建成功。 + + ```shell + # echo $? + ``` + + - 使用Windows系统验证 + + 打开浏览器,在地址栏输入如下地址,如果能正常访问网页,说明nginx服务器搭建成功。 + + + + 如果修改了端口号,输入地址格式如下: + + diff --git a/docs/zh/server/administration/administrator/faqs_and_solutions.md b/docs/zh/server/administration/administrator/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..f3f17f289cbf600d2d64ea9a208ffe872ab7ff16 --- /dev/null +++ b/docs/zh/server/administration/administrator/faqs_and_solutions.md @@ -0,0 +1,365 @@ +# 常见问题与解决方法 + +## 问题1:使用systemctl和top命令查询libvirtd服务占用内存不同 + +### 问题描述 + +使用systemctl和systemd-cgtop命令查询libvirtd服务占用内存超1.5G,而使用top命令查询libvirtd服务占用内存仅70M左右。 + +### 原因分析 + +systemd管理的服务(包括systemctl和systemd-cgtop)中显示的内存通过查询CGroup对应的memory.usage\_in\_bytes得到。top是直接统计/proc下内存相关信息计算得出。两者的统计方法不同,不能直接比较。 + +一般来说,业务进程使用的内存主要有以下几种情况: + +- anon\_rss:用户空间的匿名映射页(Anonymous pages in User Mode address spaces),比如调用malloc分配的内存,以及使用MAP\_ANONYMOUS的mmap。当系统内存不够时,内核可以将这部分内存交换出去。 +- file\_rss:用户空间的文件映射页(Mapped pages in User Mode address spaces),包含map file和map tmpfs,前者比如指定文件的mmap,后者比如IPC共享内存。当系统内存不够时,内核可以回收这些页,但回收之前可能需要与文件同步数据。 +- file\_cache:文件缓存(page in page cache of disk file),普通读写(read/write)文件时产生的文件缓存。当系统内存不够时,内核可以回收这些页,但回收之前可能需要与文件同步数据。 +- buffer pages:属于page cache,比如读取块设备文件时的相关缓存。 + +其中anon\_rss和file\_rss属于进程的RSS,file\_cache和buffer pages属于page cache。简单来说: + +top里的RSS = anon\_rss + file\_rss,SHR = file\_rss。 + +CGroup里的memory.usage\_in\_bytes = cache + RSS + swap。 + +由上可知,syestemd相关命令和top命令的内存占用率含义不同,所以查询结果不同。 + +## 问题2:设置RAID0卷,参数stripsize设置为4时出错 + +### 问题现象 + +设置RAID0卷,参数stripsize设置为4时出错。 + +### 原因分析 + +64K页表开启只能支持64K场景。 + +### 解决方法 + +不需要修改配置文件,openEuler执行lvcreate命令时,条带化规格支持的stripesize最小值为64KB,将参数stripesize设置为64。 + +## 问题3:使用rpmbuild编译mariadb失败 + +### 问题描述 + +如果使用root帐号登录系统,并在该帐号下使用rpmbuild命令编译mariadb源代码,会出现编译失败现象,提示: + +```shell +# echo 'mysql can'\''t run test as root' +mysql can't run test as root +# exit 1 +``` + +### 原因分析 + +mariadb数据库不允许使用root权限的帐号进行测试用例执行,所以会阻止编译过程(编译过程中会自动执行测试用例)。 + +### 解决方案 + +使用vi等文本编辑工具,修改mariadb.spec文件中runtest变量的值。 + +修改前: + +```text +%global runtest 1 +``` + +修改后: + +```text +%global runtest 0 +``` + +该修改关闭了编译阶段执行测试用例的功能,但不会影响编译和编译后的RPM包内容。 + +## 问题4:使用默认配置启动SNTP服务失败 + +### 问题现象 + +默认配置情况下SNTP服务启动失败。 + +### 原因分析 + +默认配置中未添加授时服务器域名。 + +### 解决方案 + +修改/etc/sysconfig/sntp文件 ,在文件中添加中国NTP快速授时服务器域名:0.generic.pool.ntp.org。 + +## 问题5:安装时出现软件包冲突、文件冲突或缺少软件包导致安装失败 + +### 问题现象 + +安装软件包过程中,可能出现软件包冲突、文件冲突或缺少软件包,从而导致升安装被中断,最终安装失败。软件包冲突、文件冲突和缺少软件包的报错信息分别如下所示。 + +软件包冲突报错信息示例(以 libev-libevent-devel-4.24-11.oe1.aarch64与libevent-devel-2.1.11-2.oe1.aarch64冲突为例): + +```text +package libev-libevent-devel-4.24-11.oe1.aarch64 conflicts with libevent-devel provided by libevent-devel-2.1.11-2.oe1.aarch64 + - cannot install the best candidate for the job + - conflicting requests +``` + +文件冲突报错信息示例(以/usr/bin/containerd文件冲突为例): + +```text +Error: Transaction test error: + file /usr/bin/containerd from install of containerd-1.2.0-101.oe1.aarch64 conflicts with file from package docker-engine-18.09.0-100.aarch64 + file /usr/bin/containerd-shim from install of containerd-1.2.0-101.oe1.aarch64 conflicts with file from package docker-engine-18.09.0-100.aarch64 +``` + +缺少软件包的报错信息示例(以缺失blivet-data软件包为例): + +```text +Error: + Problem: cannot install both blivet-data-1:3.1.1-6.oe1.noarch and blivet-data-1:3.1.1-5.noarch + - package python2-blivet-1:3.1.1-5.noarch requires blivet-data = 1:3.1.1-5, but none of the providers can be installed + - cannot install the best update candidate for package blivet-data-1:3.1.1-5.noarch + - problem with installed package python2-blivet-1:3.1.1-5.noarch(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) +``` + +### 原因分析 + +- openEuler提供的软件包中,有些软件包虽然名称不同,但功能相同,导致两个软件包无法同时安装。 +- openEuler提供的软件包中,有些软件包虽然名称不同,但功能相同,导致安装时安装后的文件相同,从而产生了文件冲突。 +- 有些软件包,因在升级安装前被其他软件包所依赖,一旦该软件包升级后,可能导致依赖它的软件包因缺少软件包而不能安装。 + +### 解决方案 + +若为软件包冲突,则按如下步骤进行处理(以问题现象中示例的软件包冲突为例): + +1. 根据安装过程中的软件包冲突报错信息,确定与待安装的 libev-libevent-devel-4.24-11.oe1.aarch64软件包冲突的软件包为libevent-devel-2.1.11-2.oe1.aarch64。 +2. 执行**dnf remove**命令将与待安装软件包冲突的软件包单独卸载。 + + ```shell + # dnf remove libevent-devel-2.1.11-2.oe1.aarch64 + ``` + +3. 重新进行安装操作。 + +若为文件冲突,则按如下步骤进行处理(以问题现象中示例的文件冲突为例): + +1. 根据安装过程中的文件冲突报错信息,确定导致文件冲突的软件包名称为containerd-1.2.0-101.oe1.aarch64和docker-engine-18.09.0-100.aarch64。 +2. 将不需要安装的软件包名称记录下来,以不需要安装docker-engine-18.09.0-100.aarch64为例。 +3. 执行**dnf remove**命令将不需要安装的软件包单独卸载。 + + ```shell + # dnf remove docker-engine-18.09.0-100.aarch64 + ``` + +4. 重新进行安装操作。 + +若为缺少软件包,则按如下步骤进行处理(以问题现象中示例的缺少软件包为例): + +1. 根据升级安装过程中的缺少软件包报错信息,确定待升级的软件包名称blivet-data-1:3.1.1-5.noarch及依赖它的软件包名称python2-blivet-1:3.1.1-5.noarch。 +2. 执行dnf remove命令将依赖待升级包才能安装的软件包单独卸载或在升级软件包时加上\-\-allowerasing参数。 + - 执行**dnf remove**命令将依赖blivet-data-1:3.1.1-5.noarch软件包才能安装的软件包单独卸载。 + + ```shell + # dnf remove python2-blivet-1:3.1.1-5.noarch + ``` + + - 升级软件包时加上\-\-allowerasing参数。 + + ```shell + # yum update blivet-data-1:3.1.1-5.noarch -y --allowerasing + ``` + +3. 重新进行升级操作。 + +### 安装冲突实例 + +- 文件冲突 + + python3-edk2-devel.noarch 与 build.noarch 因文件名重复存在冲突。 + + ```shell + # yum install python3-edk2-devel.noarch build.noarch + ... + Error: Transaction test error: + file /usr/bin/build conflicts between attempted installs of python3-edk2-devel-202002-3.oe1.noarch and build-20191114-324.4.oe1.noarch + ``` + +## 问题6:libiscsi降级失败 + +### 问题现象 + +libiscsi-1.19.4 版本及以上降级到 libiscsi-1.19.3 及以下版本时失败。 + +```text +Error: +Problem: problem with installed package libiscsi-utils-1.19.0-4.oe1.x86_64 +- package libiscsi-utils-1.19.0-4.oe1.x86_64 requires libiscsi(x86-64) = 1.19.0-4.oe1, but none of the providers can be installed +- cannot install both libiscsi-1.19.0-3.oe1.x86_64 and libiscsi-1.19.0-4.oe1.x86_64 +- cannot install both libiscsi-1.19.0-4.oe1.x86_64 and libiscsi-1.19.0-3.oe1.x86_64 +- conflicting requests +(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) +``` + +### 原因分析 + +libiscsi-1.19.3 之前的版本把 iscsi-xxx 等二进制文件打包进了主包 libiscsi,而这些二进制文件引入了不合理的依赖 CUnit, 为了解决这种不合理的依赖,在 libiscsi-1.19.4 版本把这些二进制文件单独拆分出来一个子包 libiscsi-utils,主包弱依赖于子包,产品可以根据自己的需求在做镜像时是否集成该子包;不集成或卸载子包不会影响 libiscsi 主包的功能。 +如果系统中安装了 libiscsi-utils 子包,libiscsi-1.19.4 及以上版本降级到 libiscsi-1.19.3 及以下版本时,由于 libiscsi-1.19.3 及以下版本无法提供对应的 libiscsi-utils,因此 libiscsi-utils 不会降级,但 libiscsi-utils 依赖于降级前的 libiscsi 主包,导致依赖问题无法解决,最终导致降级失败。 + +### 解决方案 + +执行以下命令,卸载 libiscsi-utils 子包,卸载成功后再进行降级操作。 + +```text +yum remove libiscsi-utils +``` + +## 问题7:xfsprogs降级失败 + +### 问题现象 + +xfsprogs-5.6.0-2 及以上版本降级到 xfsprogs-5.6.0-1 及以下版本时失败。 + +```text +Error: +Problem: problem with installed package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 +- package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 requires xfsprogs = 5.6.0-2.oe1, but none of the providers can be installed +- cannot install both xfsprogs-5.6.0-1.oe1.x86_64 and xfsprogs-5.6.0-2.oe1.x86_64 +- cannot install both xfsprogs-5.6.0-2.oe1.x86_64 and xfsprogs-5.6.0-1.oe1.x86_64 +- conflicting requests +``` + +### 原因分析 + +在 xfsprogs-5.6.0-2 版本中,为了减少 xfsprogs 主包的不合理依赖,同时将实验性质的命令从主包中分来,我们将 xfs_scrub* 命令拆分到单独的 xfsprogs-xfs_scrub 子包中。而 xfsprogs 主包弱依赖于 xfsprogs-xfs_scrub 子包,所以产品可以根据自己的需求在做镜像时是否集成该子包,或者是否卸载该子包。不集成或卸载该子包不会影响 xfsprogs 主包功能。 + +如果系统中安装了 xfsprogs-xfs_scrub 子包,从 xfsprogs-5.6.0-2 及以上版本降级到 xfsprogs-5.6.0-1 及以下版本时,由于 xfsprogs-5.6.0-1 及以下版本无法提供对应的 xfsprogs-xfs_scrub,因此 xfsprogs-xfs_scrub 不会降级,但 xfsprogs-xfs_scrub 依赖于降级前的 xfsprogs 主包,导致依赖问题无法解决,最终导致降级失败。 + +### 解决方案 + +执行以下命令,卸载 xfsprogs-xfs_scrub 子包,卸载成功后再进行降级操作。 + +```shell +# yum remove xfsprogs-xfs_scrub +``` + +## 问题8:cpython/Lib发现CVE-2019-9674:Zip炸弹漏洞 + +### 问题现象 + +Python 3.7.2 及以下版本中的 Lib/zipfile.py 允许远程攻击者通过 zip 炸弹制造拒绝服务请求,从而导致资源消耗过大。 + +### 原因分析 + +远程攻击者通过 zip 炸弹导致拒绝服务,影响目标系统业务甚至达到使系统崩溃的结果。zip 炸弹就是一个高压缩比的 zip 文件,它本身可能只有几M或几十M的大小,但是解压缩之后会产生巨大的数据量,产生巨大的资源消耗。 + +### 解决方案 + +在 zipfile 文档中添加告警信息: + +## 问题9:不合理使用glibc正则表达式引起ReDoS攻击 + +### 问题现象 + +使用glibc的regcomp/regexec接口编程,或者grep/sed等应用glibc正则表达式的shell命令,不合理的正则表达式或输入会造成ReDoS攻击(CVE-2019-9192/CVE-2018-28796)。 +典型正则表达式pattern为“反向引用”(\1表示)与“*”(匹配零次或多次)、“+”(匹配一次或多次)、“{m,n}”(最小匹配m次,最多匹配n次)的组合,或者配合超长字符串输入,示例如下: + +```shell +# echo D | grep -E "$(printf '(\0|)(\\1\\1)*')"Segmentation fault (core dumped) +# grep -E "$(printf '(|)(\\1\\1)*')" +Segmentation fault (core dumped) +# echo A | sed '/\(\)\(\1\1\)*/p' +Segmentation fault (core dumped) +# time python -c 'print "a"*40000' | grep -E "a{1,32767}" +Segmentation fault (core dumped) +# time python -c 'print "a"*40900' | grep -E "(a)\\1" +Segmentation fault (core dumped) +``` + +### 原因分析 + +使用正则表达式的进程coredump。具体原因为glibc正则表达式的实现为NFA/DFA混合算法,内部原理是使用贪婪算法进行递归查找,目的是尽可能匹配更多的字符串,贪婪算法在处理递归正则表达式时会导致ReDoS。 + +### 解决方案 + +1. 需要对用户做严格的权限控制,减少攻击面。 +2. 用户需保证正则表达式的正确性,不输入无效正则表达式,或者超长字符串配合正则的“引用” “*”等容易触发无限递归的组合。 + + ```shell + # ()(\1\1)* + # "a"*400000 + ``` + +3. 用户程序在检测到进程异常之后,通过重启进程等手段恢复业务,提升程序的可靠性。 + +## 问题10:安装卸载httpd-devel和apr-util-devel软件包,其中的依赖包gdbm-devel安装、卸载有报错 + +### 问题现象 + +1. gdbm-devel-1.18.1-1包安装、卸载有报错; +2. 问题1修复后,gdbm和gdbm-devel包更新到1.18.1-2版本,但在安装httpd-devel、apr-util-devel等包(依赖关系中有gdbm-devel软件包)时,默认安装的gdbm-devel还是1.18.1-1旧版本,导致问题报错依然存在。 + +### 原因分析 + +1. gdbm-devel-1.18.1-1包中缺少提供info信息的help软件包,导致单独安装gdbm-devel并不能将help包引入进来,所以出现了如下告警信息。 + + ```text + install-info: 没有那个文件或目录 for /usr/share/info/gdbm.info.gz + ``` + +2. 由于系统默认安装的gdbm主包是1.18.1-1版本,而没有安装gdbm-devel包。依赖gdbm-devel包的相关软件包在安装gdbm-devel包的过程中,仍会匹配gdbm的主包版本,故而依然安装了gdbm-devel的旧版本1.18.1-1,导致警告信息依然存在。 + +### 解决方案 + +1. 单包升级gdbm,安装使用gdbm-1.18.1-2版本相关软件包后,告警信息消失; +2. 在单包升级gdbm后,再进行安装依赖的gdbm-devel软件包安装,让其依赖高版本gdbm软件包,告警信息消失。 + +## 问题11:系统reboot后,执行yum/dnf等命令报错,提示rpmdb error + +### 问题现象 + +1. reboot系统,重启后,执行rpm相关命令(yum/dnf)提示: + error: db5 error(-30973) from dbenv->open: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery + error: cannot open Packages index using db5 - (-30973) + error: cannot open Packages database in /var/lib/rpm + Error: Error: rpmdb open failed + +### 原因分析 + +1. 执行安装升级动作过程中,会对/var/lib/rpm/__db.00*文件进行读写操作,如果在运行中出现强制下电、磁盘空间满或者 ‘kill -9’ 等异常中断操作,会导致对应_db文件损坏,后续执行rpm相关命令(dnf/yum)会发生报错 + +### 解决方案 + +步骤1 执行`kill -9`停止所有正在运行的rpm命令。 +步骤2 执行`rm -rf /var/lib/rpm/__db.00*`删除所有db.00的文件。 +步骤3 执行`rpmdb --rebuilddb`命令,重建rpm db后即可。 + +## 问题12:执行 rpmrebuild -d /home/test filesystem对filesystem包rebuild时,rebuild失败 + +### 问题现象 + +执行 rpmrebuild --comment-missing=y --keep-perm -b -d /home/test filesystem-3.16-3.oe1.aarch64对filesystem包rebuild时,rebuild失败. +/usr/lib/rpmrebuild/rpmrebuild.sh:Error:(RpmBuild) Package 'filesystem-3.16-3.oe1.aarch64' build failed. +/usr/lib/rpmrebuild/rpmrebuild.sh:Error: RpmBuild + +### 原因分析 + +软件包在%pretrans -p阶段创建目录,并在%ghost阶段对该目录进行修饰,如果用户在该目录下创建目录或文件,执行rpmrebuild对该包进行打包,发现创建的目录或文件也会打包到该包中。 + +上述问题的根本原因是因为filesystem在%pretrans阶段创建了/proc目录,并在%ghost阶段对该目录进行了修饰,但是该目录在系统运行时会动态的创建一些微量进程,这些进程非目录也非文件,在执行rpmrebuild的时无法对这些进程进行打包,所以rebuild失败。 + +### 解决方案 + +暂时不使用rpmrebuild命令对filesystem进行rebuild。 + +## 问题13:带参数f执行modprobe或insmod报错 + +### 问题现象 + +执行`modprobe -f `或`insmod -f .ko.xz`报错,比如`insmod -f xfs.ko.xz`报错:`modprobe: ERROR: could not insert 'xfs': Key was rejected by service`。 + +迄今为止(2022.09.20, kmod v30),该问题尚未被kmod社区修复。Linux v5.17 [b1ae6dc](https://github.com/torvalds/linux/commit/b1ae6dc41eaaa98bb75671e0f3665bfda248c3e7)添加了对压缩内核模块的支持,kmod尚未支持该特性。 + +### 原因分析 + +对于未经压缩的ko,`{modprobe, insmod}`使用`finit_module()`系统调用,而对于压缩的ko,解压由kmod完成,使用`init_module()`系统调用。系统调用`init_module()`无法传入ignore check的flag,导致内核执行路径中`mod_verify_sig()`始终进入,并且`{modprobe, insmod} -f`参数会更改ko有关的校验信息,导致`mod_verify_sig()`校验失败。 + +### 解决方案 + +对压缩了的ko不使用`{insmod, modprobe} -f`。 diff --git a/docs/zh/server/administration/administrator/figures/1665628542704.png b/docs/zh/server/administration/administrator/figures/1665628542704.png new file mode 100644 index 0000000000000000000000000000000000000000..58907e0ed31c79b260be80480d4fd4c27e4e2e24 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/1665628542704.png differ diff --git a/docs/zh/server/administration/administrator/figures/AT_CHECK_Process.png b/docs/zh/server/administration/administrator/figures/AT_CHECK_Process.png new file mode 100644 index 0000000000000000000000000000000000000000..f32d5af3a31c740febf1a4783a1dd0daafacb0df Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/AT_CHECK_Process.png differ diff --git a/docs/zh/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/zh/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png differ diff --git a/docs/zh/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/zh/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png differ diff --git a/docs/zh/server/administration/administrator/figures/PostgreSql_architecture.png b/docs/zh/server/administration/administrator/figures/PostgreSql_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..f780ad9cb56378e7baa3497da68ca1610a6dfadb Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/PostgreSql_architecture.png differ diff --git a/docs/zh/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/zh/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png new file mode 100644 index 0000000000000000000000000000000000000000..c8f54fe96648f0c012462073a8cd118fd552483c Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png differ diff --git a/docs/zh/server/administration/administrator/figures/RA-arch-1.png b/docs/zh/server/administration/administrator/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..bc55e411637b825b0ce44a7efca08f7e52e0fa70 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/RA-arch-1.png differ diff --git a/docs/zh/server/administration/administrator/figures/RA-arch-2.png b/docs/zh/server/administration/administrator/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7effbaf881ffe42823142561b9135237989d7153 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/RA-arch-2.png differ diff --git a/docs/zh/server/administration/administrator/figures/TPCM.png b/docs/zh/server/administration/administrator/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..290bdb3471b46dca3e9f0c0907c3855367bd5b65 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/TPCM.png differ diff --git a/docs/zh/server/administration/administrator/figures/creat_datadisk.png b/docs/zh/server/administration/administrator/figures/creat_datadisk.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/creat_datadisk.png differ diff --git a/docs/zh/server/administration/administrator/figures/creat_datadisk1.png b/docs/zh/server/administration/administrator/figures/creat_datadisk1.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/creat_datadisk1.png differ diff --git a/docs/zh/server/administration/administrator/figures/dim_architecture.jpg b/docs/zh/server/administration/administrator/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a1e672d01dd7174c6f631bc0443cea5717a27bfb Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/dim_architecture.jpg differ diff --git a/docs/zh/server/administration/administrator/figures/etmem-system-architecture.png b/docs/zh/server/administration/administrator/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/etmem-system-architecture.png differ diff --git a/docs/zh/server/administration/administrator/figures/ima_digest_list_update.png b/docs/zh/server/administration/administrator/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/ima_digest_list_update.png differ diff --git a/docs/zh/server/administration/administrator/figures/ima_performance.gif b/docs/zh/server/administration/administrator/figures/ima_performance.gif new file mode 100644 index 0000000000000000000000000000000000000000..72fad8a8333f7357c64a160c1d1c174c31201eaa Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/ima_performance.gif differ diff --git a/docs/zh/server/administration/administrator/figures/ima_verification.png b/docs/zh/server/administration/administrator/figures/ima_verification.png new file mode 100644 index 0000000000000000000000000000000000000000..d022b9d4ea08d4af386c7b76ca28115ad90e5451 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/ima_verification.png differ diff --git a/docs/zh/server/administration/administrator/figures/logical_architectureofMariaDB.png b/docs/zh/server/administration/administrator/figures/logical_architectureofMariaDB.png new file mode 100644 index 0000000000000000000000000000000000000000..8caa189a6fbf37bf4e9fd863c2ebb24e25547789 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/logical_architectureofMariaDB.png differ diff --git a/docs/zh/server/administration/administrator/figures/login.png b/docs/zh/server/administration/administrator/figures/login.png new file mode 100644 index 0000000000000000000000000000000000000000..d15c2cad98fba16320d587f3c7b0c80f435c5d3a Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/login.png differ diff --git a/docs/zh/server/administration/administrator/figures/nginx_deployed_success.png b/docs/zh/server/administration/administrator/figures/nginx_deployed_success.png new file mode 100644 index 0000000000000000000000000000000000000000..9ffb2c142defbd690e5407659116bf8e5582ba73 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/nginx_deployed_success.png differ diff --git a/docs/zh/server/administration/administrator/figures/nginx_start_failed.png b/docs/zh/server/administration/administrator/figures/nginx_start_failed.png new file mode 100644 index 0000000000000000000000000000000000000000..c8b855453433796265de42d7ffd0189c7ff9be2b Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/nginx_start_failed.png differ diff --git a/docs/zh/server/administration/administrator/figures/nginx_start_success.png b/docs/zh/server/administration/administrator/figures/nginx_start_success.png new file mode 100644 index 0000000000000000000000000000000000000000..bc6929772fd98fac3494b4436f26910b09818cb7 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/nginx_start_success.png differ diff --git a/docs/zh/server/administration/administrator/figures/postgres.png b/docs/zh/server/administration/administrator/figures/postgres.png new file mode 100644 index 0000000000000000000000000000000000000000..e7fc36882718587ec949133fe9892185cb4c2158 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/postgres.png differ diff --git a/docs/zh/server/administration/administrator/figures/root_of_trust_framework.png b/docs/zh/server/administration/administrator/figures/root_of_trust_framework.png new file mode 100644 index 0000000000000000000000000000000000000000..354b40fa4c4f0ed6f7312e0ce3848ed42155732e Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/root_of_trust_framework.png differ diff --git a/docs/zh/server/administration/administrator/figures/top_display.png b/docs/zh/server/administration/administrator/figures/top_display.png new file mode 100644 index 0000000000000000000000000000000000000000..2d77d3dc2934763b5da896a827b9805da34d1c09 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/top_display.png differ diff --git a/docs/zh/server/administration/administrator/figures/trusted_chain.png b/docs/zh/server/administration/administrator/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/trusted_chain.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0229622729.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0229622729.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0229622729.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0229622789.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0229622789.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0229622789.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0230050789.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0230050789.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143176.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143176.png new file mode 100644 index 0000000000000000000000000000000000000000..300165189e6d3e8fa356f3d463cfc627c2ece0e2 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143176.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143177.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143177.png new file mode 100644 index 0000000000000000000000000000000000000000..ccafce4b0c58a4da0a9f7aece335ede24e5030c0 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143177.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143178.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143178.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143178.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143180.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143180.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143180.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143181.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143181.png new file mode 100644 index 0000000000000000000000000000000000000000..d3698e6c0e021a56be46b9f4944c858a425eb66c Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143181.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143183.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143183.png new file mode 100644 index 0000000000000000000000000000000000000000..55ffdfa2616ee259543c1539e46c3e05f9335354 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143183.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143185.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143185.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143185.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143187.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143187.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143187.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143189.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143189.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143191.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143191.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143193.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143193.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143195.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143195.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143196.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143196.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143197.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143197.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143198.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231143198.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563132.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563132.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563134.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563134.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563135.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563135.png differ diff --git a/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563136.png b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/zh/server/administration/administrator/figures/zh-cn_image_0231563136.png differ diff --git a/docs/zh/server/administration/administrator/process_management.md b/docs/zh/server/administration/administrator/process_management.md new file mode 100644 index 0000000000000000000000000000000000000000..722db815e48f226ec9ece0972907b1d18c6b92fd --- /dev/null +++ b/docs/zh/server/administration/administrator/process_management.md @@ -0,0 +1,333 @@ +# 管理进程 + +操作系统管理多个用户的请求和多个任务。大多数系统都只有一个CPU和一个主要存储,但一个系统可能有多个二级存储磁盘和多个输入/输出设备。操作系统管理这些资源并在多个用户间共享资源,当用户提出一个请求时,造成好像系统被用户独占的假象。实际上操作系统监控着一个等待执行的任务队列,这些任务包括用户任务、操作系统任务、邮件和打印任务等。本章节将从用户的角度讲述如何控制进程。 + +## 查看进程 + +Linux是一个多任务系统,经常需要对这些进程进行一些调配和管理。要进行管理,首先就要知道现在的进程情况:有哪些进程、进程的状态如何等。Linux提供了多种命令来了解进程的状况。 + +### who命令 + +who命令主要用于查看当前系统中的用户情况。如果用户想和其他用户建立即时通讯,比如使用talk命令,那么首先要确定的就是该用户确实在线上,不然talk进程就无法建立起来。又如,系统管理员希望监视每个登录的用户此时此刻的所作所为,也要使用who命令。who命令应用起来非常简单,可以比较准确地掌握用户的情况,所以使用非常广泛。 + +例如查看系统中的用户及其状态。使用如下: + +```shell +# who +admin tty1 Jul 28 15:55 +admin pts/0 Aug 5 15:46 (192.168.0.110) +admin pts/2 Jul 29 19:52 (192.168.0.110) +root pts/3 Jul 30 12:07 (192.168.0.110) +root pts/4 Jul 31 10:29 (192.168.0.144) +root pts/5 Jul 31 14:52 (192.168.0.11) +root pts/6 Aug 6 10:12 (192.168.0.234) +root pts/8 Aug 6 11:34 (192.168.0.234) +``` + +### ps命令 + +ps命令是最基本又非常强大的进程查看命令。使用该命令可以确定有哪些进程正在运行和运行的状态、进程是否结束、进程有没有僵尸、哪些进程占用了过多的资源等,大部分进程信息都是可以通过执行该命令得到的。 + +ps命令最常用的还是用来监控后台进程的工作情况,因为后台进程是不与屏幕、键盘这些标准输入/输出设备进行通信的,所以如果需要检测其状况,就可使用ps命令。ps命令的常见选项如[表1](#zh-cn_topic_0151921029_t34619d964a3d41ad8694189ec383359c)所示。 + +**表 1** 选项说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

选项

+

描述

+

-e

+

显示所有进程。

+

-f

+

全格式。

+

-h

+

不显示标题。

+

-l

+

使用长格式。

+

-w

+

宽行输出。

+

-a

+

显示终端上的所有进程,包括其他用户的进程。

+

-r

+

只显示正在运行的进程。

+

-x

+

显示没有控制终端的进程。

+
+ +例如显示系统中终端上的所有进程。命令如下: + +```shell +# ps -a + PID TTY TIME CMD +12175 pts/6 00:00:00 bash +24526 pts/0 00:00:00 vsftpd +29478 pts/5 00:00:00 ps +32461 pts/0 1-01:58:33 sh +``` + +### top命令 + +top命令和ps命令的基本作用是相同的,显示系统当前的进程和其他状况,但是top是一个动态显示过程,即可以通过用户按键来不断刷新进程的当前状态,如果在前台执行该命令,它将独占前台,直到用户终止该程序为止。其实top命令提供了实时的对系统处理器的状态监视。它将显示系统中CPU的任务列表。该命令可以按CPU使用、内存使用和执行时间对任务进行排序,而且该命令的很多特性都可以通过交互式命令或者在定制文件中进行设定。 + +top命令输出的示例如[图1](#zh-cn_topic_0151921029_f289234fcdbac453796200d80e9889cd1)所示: + +**图 1** top显示 +![](./figures/top_display.png) + +### kill命令 + +当需要中断一个前台进程的时候,通常足使用“Ctrl+c”组合键,而对于后台进程不能用组合键来终止,这时就可以使用kill命令。该命令可以终止前台和后台进程。终止后台进程的原因包括:该进程占用CPU的时间过多、该进程已经死锁等。 + +kill命令是通过向进程发送指定的信号来结束进程的。如果没有指定发送的信号,那么缺省值为TERM信号。TERM信号将终止所有不能捕获该信号的进程。至于那些可以捕获该信号的进程可能就需要使用KILL信号(它的编号为9),而该信号不能被捕捉。 + +kill命令的浯法格式有以下两种方式: + +```shell +kill [-s 信号 | -p] [-a] 进程号… +kill -l [信号] +``` + +其中进程号可以通过ps命令的输出得到。-s选项是给程序发送指定的信号,详细的信号可以用“kill -l”命令查看;-p选项只显示指定进程的ID号。 + +杀死pid为1409的进程,在root权限下执行如下命令: + +```shell +# kill -9 1409 +``` + +显示所有的信号及其编号对应关系,示例如下: + +```shell +# kill -l + 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP + 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 +11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM +16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP +21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ +26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR +31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 +38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 +43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 +48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 +53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 +58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 +63) SIGRTMAX-1 64) SIGRTMAX +``` + +## 调度启动进程 + +有时候需要对系统进行一些比较费时而且占用资源的维护工作,这些工作适合在深夜进行,这时候用户就可以事先进行调度安排,指定任务运行的时间或者场合,到时候系统会自动完成这些任务。要使用自动启动进程的功能,就需要掌握以下几个启动命令。 + +### 定时运行一批程序(at) + +#### at命令 + +用户使用at命令在指定时刻执行指定的命令序列。该命令至少需要指定一个命令和一个执行时间。at命令可以只指定时间,也可以时间和日期一起指定。 + +at命令的语法格式如下: + +```shell + at [-V] [-q 队列] [-f 文件名] [-mldbv] 时间 + at -c 作业 [作业…] +``` + +#### 设置时间 + +at允许使用一套相当复杂的时间指定方法,比如: + +- 接受在当天的hh:mm(小时:分钟)式的时间指定。如果该时间已经过去,那么就放在第二天执行。 +- 使用midnight(深夜)、noon(中午)、teatime(饮茶时间,一般是下午4点)等比较模糊的词语来指定时间。 +- 采用12小时计时制,即在时间后面加上AM(上午)或者PM(下午)来说明是上午还是下午。 +- 指定命令执行的具体日期,指定格式为month day(月日)或者mm/dd/yy(月/日/年)或者dd.mm.yy(日.月.年)。指定的日期必须跟在指定时间的后面。 + +上面介绍的都是绝对计时法,其实还可以使用相对计时法,这对于安排不久就要执行的命令是很有好处的。指定格式为now+count time-units,now就是当前时间,time-units是时间单位,这里可以是minutes(分钟)、hours(小时)、days(天)、weeks(星期)。count是时间的数量,究竟是几天,还是几小时等。还有一种计时方法就是直接使用today(今天)、tomorrow(明天)来指定完成命令的时间。下面通过一些例子来说明具体用法。 + +例如指定在今天下午4:30执行某个命令。假设现在时间是中午12:30,2019年6月7日,可用命令格式如下: + +```shell + at 4:30pm + at 16:30 + at 16:30 today + at now+4 hours + at now+ 240 minutes + at 16:30 7.6.19 + at 16:30 6/7/19 + at 16:30 Jun 7 +``` + +以上这些命令表达的意义是完全一样的,所以在安排时间的时候完全可以根据个人喜好和具体情况自由选择。一般采用绝对时间的24小时计时法可以避免由于用户自己的疏忽造成计时错误,例如上例可以写成:at 16:30 6/7/19。 + +#### 执行权限 + +对于at命令来说,需要定时执行的命令是从标准输入或者使用-f选项指定的文件中读取并执行的。如果at命令是从一个使用su命令切换到用户shell中执行的,那么当前用户被认为是执行用户,所有的错误和输出结果都会送给这个用户。但是如果有邮件送出的话,收到邮件的将是原来的用户,也就是登录时shell的所有者。 + +例如在6月8日上午10点执行slocate -u命令。在root权限下执行命令如下: + +```shell +# at 10:00 6/8/19 +at> slocate -u +at> +[1]+ Stopped at 10:00 6/8/19 +``` + +上面的结果中,输入at命令之后,会出现提示符at\>,提示用户输入命令,在此输入了slocate -u,然后按回车键。还可以输入多条命令,当所有要执行的命令输入结束后,按“Ctrl+d”键结束at命令。 + +在任何情况下,管理员帐户都可以使用这个命令。对于其他用户来说,是否可以使用就取决于/etc/at.allow和/etc/at.deny文件。 + +### 周期性运行一批程序(cron) + +前面介绍at命令都会在一定时间内完成一定任务,但是它只能执行一次。也就是说,当指定了运行命令后,系统在指定时间完成任务,以后就不再执行了。但是在很多情况下需要周期性重复执行一些命令,这时候就需要使用cron命令来完成任务。 + +#### 运行机制 + +首先cron命令会搜索/var/spool/cron目录,寻找以/etc/passwd文件中的用户名命名的crontab文件,被找到的这种文件将装入内存。比如一个用户名为userexample的用户,对应的crontab文件应该是/var/spool/cron/userexample,即以该用户命名的crontab文件存放在/var/spool/cron目录下面。 + +cron命令还将搜索/etc/crontab文件,这个文件是用不同的格式写成的。cron启动以后,它将首先检查是否有用户设置了crontab文件,如果没有就转入睡眠状态,释放系统资源。所以该后台进程占用资源极少,它每分钟被唤醒一次,查看当前是否有需要运行的命令。 + +命令执行结束后,任何输出都将作为邮件发送给crontab的所有者,或者是/etc/crontab文件中MAILTO环境变量中指定的用户。这是cron的工作原理,但是cron命令的执行不需要用户干涉,用户只需要修改crontab中要执行的命令。 + +#### crontab命令 + +crontab命令用于安装、删除或者显示用于驱动cron后台进程的表格。用户把需要执行的命令序列放到crontab文件中以获得执行,而且每个用户都可以有自己的crontab文件。 + +crontab命令的常用方法如下: + +- crontab -u //设置某个用户的cron服务,root用户在执行crontab时需要此参数。 +- crontab -l //列出某个用户cron服务的详细内容。 +- crontab -r //删除某个用户的cron服务。 +- crontab -e //编辑某个用户的cron服务。 + +例如root查看自己的cron设置。命令如下: + +```shell +# crontab -u root -l +``` + +#### crontab文件 + +在crontab文件中输入需要执行的命令和时间。该文件中每行都包括6个域,其中前5个域是指定命令被执行的时间,最后一个域是要被执行的命令。每个域之间使用空格或者制表符分隔。格式如下: + +```shell +minute hour day-of-month month-of-year day-of-week commands +``` + +对于每一项的说明如[表2](#zh-cn_topic_0151921016_t7d97d1204fe249d7ae0a87b4cf9a9353)所示。 + +**表 2** 参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + +

参数

+

描述

+

minute

+

分钟(0~59)。

+

hour

+

小时(0~23)。

+

day-of-month

+

一个月的第几天(1~31)。

+

month-of-year

+

一年的第几个月(1~12)。

+

day-of-week

+

一周的星期几(0~6),0代表星期天。

+

commands

+

需要执行的命令。

+
+ +这些项都不能为空,必须指定值。除了数字还有几个特殊的符号“\*”、“/”和“-”、“,”。其中,\*代表所有的取值范围内的数字,/代表每的意思,“\*/5”表示每5个单位,“-”代表从某个数字到某个数字,“,”用于分开几个离散数字。对于要执行的命令,调用的时候需要写出命令的完整路径。 + +例如晚上18点到22点之间每两个小时,在/tmp/test.txt文件中加入sleepy文本。在crontab文件中对应的行如下: + +```shell +* 18-22/2 * * * echo "sleepy" >> /tmp/test.txt +``` + +每次编辑完某个用户的cron设置后,cron自动在/var/spool/cron下生成一个与此用户同名的文件。此用户的cron信息都记录在这个文件中,这个文件是不可以直接编辑的,只可以用crontab -e来编辑。用户也可以另外建立一个文件,使用“cron文件名”命令导入cron设置。 + +假设有个用户名为userexample,它需要为自己创建一个crontab文件。步骤如下: + +1. 首先可以使用任何文本编辑器建立一个新文件,并向该文件加入需要运行的命令和要定期执行的时间,假设该文件为 \~/userexample.cron。 +2. 然后在root权限下使用crontab命令安装这个文件,使之成为该用户的crontab文件。命令如下: + + ```shell + # crontab -u userexample ~/userexample.cron + ``` + +这样crontab文件就建立好了,可以转到/var/spool/cron目录下面查看,发现多了一个userexample文件。这个文件就是所需的crontab文件。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>cron启动后,每过一分钟读一次crontab文件,检查是否要执行里面的命令。因此该文件被修改后不需要重新启动cron服务。 + +#### 编辑配置文件 + +cron服务每分钟不仅要读一次/var/spool/cron内的所有文件,还需要读一次/etc/crontab,因此通过配置这个文件也能得到cron的服务。用crontab配置是针对某个用户的,而编辑/etc/crontab是针对系统的任务。此文件的文件格式如下: + +```text +SHELL=/bin/sh +PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin +MAILTO=root //如果出现错误,或者有数据输出,将发邮件给这个帐号 +HOME=/ +# run-parts +01 * * * * root run-parts /etc/cron.hourly //每个小时执行一次/etc/cron.hourly里的脚本 +02 4 * * * root run-parts /etc/cron.daily //每天执行一次/etc/cron.daily里的脚本 +22 4 * * 0 root run-parts /etc/cron.weekly //每周执行一次/etc/cron.weekly里的脚本 +42 4 1 * * root run-parts /etc/cron.monthly //每月执行一次/etc/cron.monthly里的脚本 +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果去掉run-parts参数,其后面就是运行的某个脚本名,而不是目录名。 + +## 挂起/恢复进程 + +作业控制允许进程挂起并可以在需要时恢复进程的运行,被挂起的作业恢复后将从中止处开始继续运行。只要在键盘上按“Ctrl+Z”键,即可挂起当前的前台作业。在键盘上按“Ctrl+Z”键后,将挂起当前执行的命令cat。使用jobs命令可以显示shell的作业清单,包括具体的作业、作业号以及作业当前所处的状态。 + +恢复进程执行时,有两种选择:用fg命令将挂起的作业放回到前台执行;用bg命令将挂起的作业放到后台执行。灵活使用上述命令,将给自己带来很大的方便。 diff --git a/docs/zh/server/administration/administrator/public_sys-resources/icon-caution.gif b/docs/zh/server/administration/administrator/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/administration/administrator/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/administration/administrator/public_sys-resources/icon-danger.gif b/docs/zh/server/administration/administrator/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/administration/administrator/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/administration/administrator/public_sys-resources/icon-note.gif b/docs/zh/server/administration/administrator/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/administration/administrator/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/administration/administrator/public_sys-resources/icon-notice.gif b/docs/zh/server/administration/administrator/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/administration/administrator/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/administration/administrator/public_sys-resources/icon-tip.gif b/docs/zh/server/administration/administrator/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/administration/administrator/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/administration/administrator/public_sys-resources/icon-warning.gif b/docs/zh/server/administration/administrator/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/administration/administrator/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/administration/administrator/service_management.md b/docs/zh/server/administration/administrator/service_management.md new file mode 100644 index 0000000000000000000000000000000000000000..878d03eb2f44788f106de05c52d98e5b7a94eedd --- /dev/null +++ b/docs/zh/server/administration/administrator/service_management.md @@ -0,0 +1,805 @@ +# 管理服务 + +本章介绍如何使用systemd进行系统和服务管理。 + +## 简介 + +systemd是在Linux下,与SysV和LSB初始化脚本兼容的系统和服务管理器。systemd使用socket和D-Bus来开启服务,提供基于守护进程的按需启动策略,支持快照和系统状态恢复,维护挂载和自挂载点,实现了各服务间基于从属关系的一个更为精细的逻辑控制,拥有更高的并行性能。 + +### 概念介绍 + +systemd开启和监督整个系统是基于unit的概念。unit是由一个与配置文件对应的名字和类型组成的(例如:avahi.service unit有一个具有相同名字的配置文件,是守护进程Avahi的一个封装单元)。unit有多种类型,如[表1](#zh-cn_topic_0151921012_t2dcb6d973cc249ed9ccd56729751ca6b)所示。 + +**表 1** unit说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

unit名称

+

后缀名

+

描述

+

Service unit

+

.service

+

系统服务。

+

Target unit

+

.target

+

一组systemd units。

+

Automount unit

+

.automount

+

文件系统挂载点。

+

Device unit

+

.device

+

内核识别的设备文件。

+

Mount unit

+

.mount

+

文件系统挂载点。

+

Path unit

+

.path

+

在一个文件系统中的文件或目录。

+

Scope unit

+

.scope

+

外部创建的进程。

+

Slice unit

+

.slice

+

一组用于管理系统进程分层组织的units。

+

Socket unit

+

.socket

+

一个进程间通信的Socket。

+

Swap unit

+

.swap

+

swap设备或者swap文件。

+

Timer unit

+

.timer

+

systemd计时器。

+
+ +所有的可用systemd unit类型,可在如[表2](#zh-cn_topic_0151921012_t2523a0a9a0c54f9b849e52d1efa0160c)所示的路径下查看。 + +**表 2** 可用systemd unit类型 + + + + + + + + + + + + + + + + +

路径

+

描述

+

/usr/lib/systemd/system/

+

随安装的RPM产生的systemd units。

+

/run/systemd/system/

+

在运行时创建systemd units。

+

/etc/systemd/system/

+

由系统管理员创建和管理的systemd units。

+
+ +## 特性说明 + +### 更快的启动速度 + +systemd提供了比UpStart更激进的并行启动能力,采用了socket/D-Bus activation等技术启动服务,带来了更快的启动速度。 + +为了减少系统启动时间,systemd的目标是: + +- 尽可能启动更少的进程。 +- 尽可能将更多进程并行启动。 + +### 提供按需启动能力 + +当sysvinit系统初始化的时候,它会将所有可能用到的后台服务进程全部启动运行。并且系统必须等待所有的服务都启动就绪之后,才允许用户登录。这种做法有两个缺点:首先是启动时间过长;其次是系统资源浪费。 + +某些服务很可能在很长一段时间内,甚至整个服务器运行期间都没有被使用过。比如CUPS,打印服务在多数服务器上很少被真正使用到。您可能没有想到,在很多服务器上SSHD也是很少被真正访问到的。花费在启动这些服务上的时间是不必要的;同样,花费在这些服务上的系统资源也是一种浪费。 + +systemd可以提供按需启动的能力,只有在某个服务被真正请求的时候才启动它。当该服务结束,systemd可以关闭它,等待下次需要时再次启动它。 + +### 采用cgroup特性跟踪和管理进程的生命周期 + +init系统的一个重要职责就是负责跟踪和管理服务进程的生命周期。它不仅可以启动一个服务,也能够停止服务。这看上去没有什么特别的,然而在真正用代码实现的时候,您或许会发现停止服务比一开始想的要困难。 + +服务进程一般都会作为守护进程(daemon)在后台运行,为此服务程序有时候会派生(fork)两次。在UpStart中,需要在配置文件中正确地配置expect小节。这样UpStart通过对fork系统调用进行计数,从而获知真正的精灵进程的PID号。 + +cgroup已经出现了很久,它主要用来实现系统资源配额管理。cgroup提供了类似文件系统的接口,使用方便。当进程创建子进程时,子进程会继承父进程的cgroup。因此无论服务如何启动新的子进程,所有的这些相关进程都会属于同一个cgroup,systemd只需要简单地遍历指定的cgroup即可正确地找到所有的相关进程,将它们逐一停止即可。 + +### 启动挂载点和自动挂载的管理 + +传统的Linux系统中,用户可以用/etc/fstab文件来维护固定的文件系统挂载点。这些挂载点在系统启动过程中被自动挂载,一旦启动过程结束,这些挂载点就会确保存在。这些挂载点都是对系统运行至关重要的文件系统,比如HOME目录。和sysvinit一样,systemd管理这些挂载点,以便能够在系统启动时自动挂载它们。systemd还兼容/etc/fstab文件,您可以继续使用该文件管理挂载点。 + +有时候用户还需要动态挂载点,比如打算访问DVD内容时,才临时执行挂载以便访问其中的内容,而不访问光盘时该挂载点被取消(umount),以便节约资源。传统地,人们依赖autofs服务来实现这种功能。 + +systemd内建了自动挂载服务,无需另外安装autofs服务,可以直接使用systemd提供的自动挂载管理能力来实现autofs的功能。 + +### 实现事务性依赖关系管理 + +系统启动过程是由很多的独立工作共同组成的,这些工作之间可能存在依赖关系,比如挂载一个NFS文件系统必须依赖网络能够正常工作。systemd虽然能够最大限度地并发执行很多有依赖关系的工作,但是类似“挂载NFS”和“启动网络”这样的工作还是存在天生的先后依赖关系,无法并发执行。对于这些任务,systemd维护一个“事务一致性”的概念,保证所有相关的服务都可以正常启动而不会出现互相依赖,以至于死锁的情况。 + +### 与SysV初始化脚本兼容 + +和UpStart一样,systemd引入了新的配置方式,对应用程序的开发也有一些新的要求。如果systemd想替代目前正在运行的初始化系统,就必须和现有程序兼容。任何一个Linux发行版都很难为了采用systemd而在短时间内将所有的服务代码都修改一遍。 + +systemd提供了和sysvinit以及LSB initscripts兼容的特性。系统中已经存在的服务和进程无需修改。这降低了系统向systemd迁移的成本,使得systemd替换现有初始化系统成为可能。 + +### 能够对系统进行快照和恢复 + +systemd支持按需启动,因此系统的运行状态是动态变化的,人们无法准确地知道系统当前运行了哪些服务。systemd快照提供了一种将当前系统运行状态保存并恢复的能力。 + +比如系统当前正运行服务A和B,可以用systemd命令行对当前系统运行状况创建快照。然后将进程A停止,或者做其他的任意的对系统的改变,比如启动新的进程C。在这些改变之后,运行systemd的快照恢复命令,就可立即将系统恢复到快照时刻的状态,即只有服务A和B在运行。一个可能的应用场景是调试:比如服务器出现一些异常,为了调试用户将当前状态保存为快照,然后可以进行任意的操作,比如停止服务等等。等调试结束,恢复快照即可。 + +## 管理系统服务 + +systemd提供systemctl命令来运行、关闭、重启、显示、启用/禁用系统服务。 + +### sysvinit命令和systemd命令 + +systemd提供systemctl命令与sysvinit命令的功能类似。当前版本中依然兼容service和chkconfig命令,相关说明如[表3](#zh-cn_topic_0151920917_ta7039963b0c74b909b72c22cbc9f2e28),但建议用systemctl进行系统服务管理。 + +**表 3** sysvinit命令和systemd命令的对照表 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

sysvinit命令

+

systemd命令

+

备注

+

service network start

+

systemctl start network.service

+

用来启动一个服务 (并不会重启现有的)。

+

service network stop

+

systemctl stop network.service

+

用来停止一个服务 (并不会重启现有的)。

+

service network restart

+

systemctl restart network.service

+

用来停止并启动一个服务。

+

service network reload

+

systemctl reload network.service

+

当支持时,重新装载配置文件而不中断等待操作。

+

service network condrestart

+

systemctl condrestart network.service

+

如果服务正在运行那么重启它。

+

service network status

+

systemctl status network.service

+

检查服务运行状态

+

chkconfig network on

+

systemctl enable network.service

+

在下次启动时或满足其他触发条件时设置服务为启用。

+

chkconfig network off

+

systemctl disable network.service

+

在下次启动时或满足其他触发条件时设置服务为禁用。

+

chkconfig network

+

systemctl is-enabled network.service

+

用来检查一个服务在当前环境下被配置为启用还是禁用。

+

chkconfig --list

+

systemctl list-unit-files --type=service

+

输出在各个运行级别下服务的启用和禁用情况。

+

chkconfig network --list

+

ls /etc/systemd/system/*.wants/network.service

+

用来列出该服务在哪些运行级别下启用和禁用。

+

chkconfig network --add

+

systemctl daemon-reload

+

当您创建新服务文件或者变更设置时使用。

+
+ +### 显示所有当前服务 + +如果您需要显示当前正在运行的服务,使用命令如下: + +```shell +systemctl list-units --type service +``` + +如果您需要显示所有的服务(包括未运行的服务),需要添加-all参数,使用命令如下: + +```shell +# systemctl list-units --type service --all +``` + +例如显示当前正在运行的服务,命令如下: + +```shell +# systemctl list-units --type service +UNIT LOAD ACTIVE SUB DESCRIPTION +atd.service loaded active running Deferred execution scheduler +auditd.service loaded active running Security Auditing Service +avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack +chronyd.service loaded active running NTP client/server +crond.service loaded active running Command Scheduler +dbus.service loaded active running D-Bus System Message Bus +dracut-shutdown.service loaded active exited Restore /run/initramfs on shutdown +firewalld.service loaded active running firewalld - dynamic firewall daemon +getty@tty1.service loaded active running Getty on tty1 +gssproxy.service loaded active running GSSAPI Proxy Daemon +...... +``` + +### 显示服务状态 + +如果您需要显示某个服务的状态,可执行如下命令: + +```shell +systemctl status name.service +``` + +相关状态显示参数说明如[表4](#zh-cn_topic_0151920917_t36cd267d69244ed39ae06bb117ed8e62)所示。 + +**表 4** 状态参数说明 + + + + + + + + + + + + + + + + + + + +

参数

+

描述

+

Loaded

+

说明服务是否被加载,并显示服务对应的绝路径以及是否启用。

+

Active

+

说明服务是否正在运行,并显示时间节点。

+

Main PID

+

相应的系统服务的PID值。

+

CGroup

+

相关控制组(CGroup)的其他信息。

+
+ +如果您需要鉴别某个服务是否运行,可执行如下命令: + +```shell +systemctl status name.service +``` + +is-active命令的返回结果如下: + +**表 5** is-active命令的返回结果 + + + + + + + + + + + + + + + + + + + +

状态

+

含义

+

active(running)

+

有一个或多个程序正在系统中执行。

+

active(exited)

+

仅执行一次就正常结束的服务,目前并没有任何程序在系统中执行。 举例来说,开机或者 是挂载时才会进行一次的 quotaon 功能。

+

active(waiting)

+

正在执行当中,不过要等待其他的事件才能继续处理。例如:打印的队列相关服务 就是这种状态,虽然正在启动中,不过也需要真的有队列进来 (打印作业) 这样他才会继续唤醒打印机 服务来进行下一步打印的功能

+

inactive

+

这个服务没有运行

+
+ +同样,如果您需要判断某个服务是否被启用,可执行如下命令: + +```shell +systemctl is-enabled name.service +``` + +is-enabled命令的返回结果如下: + +**表 6** is-enabled命令的返回结果 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

状态

+

含义

+

"enabled"

+

已经通过 /etc/systemd/system/ 目录下的 Alias= 别名、 .wants/ 或 .requires/ 软链接被永久启用。

+

"enabled-runtime"

+

已经通过 /run/systemd/system/ 目录下的 Alias= 别名、 .wants/ 或 .requires/ 软链接被临时启用。

+

"linked"

+

虽然单元文件本身不在标准单元目录中,但是指向此单元文件的一个或多个软链接已经存在于 /etc/systemd/system/ 永久目录中。

+

"linked-runtime"

+

虽然单元文件本身不在标准单元目录中,但是指向此单元文件的一个或多个软链接已经存在于 /run/systemd/system/ 临时目录中。

+

"masked"

+

已经被 /etc/systemd/system/ 目录永久屏蔽(软链接指向 /dev/null 文件),因此 start 操作会失败。

+

"masked-runtime"

+

已经被 /run/systemd/systemd/ 目录临时屏蔽(软链接指向 /dev/null 文件),因此 start 操作会失败。

+

"static"

+

尚未被启用,并且单元文件的 "[Install]" 小节中没有可用于 enable 命令的选项。

+

"indirect"

+

尚未被启用,但是单元文件的 "[Install]" 小节中 Also= 选项的值列表非空(也就是列表中的某些单元可能已被启用)、或者它拥有一个不在 Also= 列表中的其他名称的别名软链接。对于模版单元来说,表示已经启用了一个不同于 DefaultInstance= 的实例。

+

"disabled"

+

尚未被启用,但是单元文件的 "[Install]" 小节中存在可用于 enable 命令的选项

+

"generated"

+

单元文件是被单元生成器动态生成的。被生成的单元文件可能并未被直接启用,而是被单元生成器隐含的启用了。

+

"transient"

+

单元文件是被运行时API动态临时生成的。该临时单元可能并未被启用。

+

"bad"

+

单元文件不正确或者出现其他错误。 is-enabled 不会返回此状态,而是会显示一条出错信息。 list-unit-files 命令有可能会显示此单元。

+
+ +例如查看gdm.service服务状态,命令如下: + +```shell +# systemctl status gdm.service +gdm.service - GNOME Display Manager Loaded: loaded (/usr/lib/systemd/system/gdm.service; enabled) Active: active (running) since Thu 2013-10-17 17:31:23 CEST; 5min ago + Main PID: 1029 (gdm) + CGroup: /system.slice/gdm.service + ├─1029 /usr/sbin/gdm + ├─1037 /usr/libexec/gdm-simple-slave --display-id /org/gno... + └─1047 /usr/bin/Xorg :0 -background none -verbose -auth /r...Oct 17 17:31:23 localhost systemd[1]: Started GNOME Display Manager. +``` + +### 运行服务 + +如果您需要运行某个服务,请在root权限下执行如下命令: + +```shell +systemctl start name.service +``` + +例如运行httpd服务,命令如下: + +```shell +# systemctl start httpd.service +``` + +### 关闭服务 + +如果您需要关闭某个服务,请在root权限下执行如下命令: + +```shell +systemctl stop name.service +``` + +例如关闭蓝牙服务,命令如下: + +```shell +# systemctl stop bluetooth.service +``` + +### 重启服务 + +如果您需要重启某个服务,请在root权限下执行如下命令: + +```shell +systemctl restart name.service +``` + +执行命令后,当前服务会被关闭,但马上重新启动。如果您指定的服务,当前处于关闭状态,执行命令后,服务也会被启动。 + +例如重启蓝牙服务,命令如下: + +```shell +# systemctl restart bluetooth.service +``` + +### 启用服务 + +如果您需要在开机时启用某个服务,请在root权限下执行如下命令: + +```shell +systemctl enable name.service +``` + +例如设置httpd服务开机时启动,命令如下: + +```shell +# systemctl enable httpd.service +ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' +``` + +### 禁用服务 + +如果您需要在开机时禁用某个服务,请在root权限下执行如下命令: + +```shell +systemctl disable name.service +``` + +例如在开机时禁用蓝牙服务启动,命令如下: + +```shell +# systemctl disable bluetooth.service +Removed /etc/systemd/system/bluetooth.target.wants/bluetooth.service. +Removed /etc/systemd/system/dbus-org.bluez.service. +``` + +## 改变运行级别 + +### Target和运行级别 + +systemd用目标(target)替代了运行级别的概念,提供了更大的灵活性,如您可以继承一个已有的目标,并添加其他服务,来创建自己的目标。[表7](#zh-cn_topic_0151920939_t9af92c282ad240ea9a79fb08d26e8181)列举了systemd下的目标和常见runlevel的对应关系。 + +**表 7** 运行级别和systemd目标 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

运行级别

+

systemd目标(target)

+

描述

+

0

+

runlevel0.target,poweroff.target

+

关闭系统。

+

1, s, single

+

runlevel1.target,rescue.target

+

单用户模式。

+

2, 4

+

runlevel2.target,runlevel4.target,multi-user.target

+

用户定义/域特定运行级别。默认等同于3。

+

3

+

runlevel3.target,multi-user.target

+

多用户,非图形化。用户可以通过多个控制台或网络登录。

+

5

+

runlevel5.target,graphical.target

+

多用户,图形化。通常为所有运行级别3的服务外加图形化登录。

+

6

+

runlevel6.target,reboot.target

+

重启系统。

+

emergency

+

emergency.target

+

紧急Shell。

+
+ +### 查看系统默认启动目标 + +查看当前系统默认的启动目标,命令如下: + +```shell +systemctl get-default +``` + +### 查看当前系统所有的启动目标 + +查看当前系统所有的启动目标,命令如下: + +```shell +systemctl list-units --type=target +``` + +### 改变默认目标 + +改变系统默认的目标,在root权限下执行如下命令: + +```shell +systemctl set-default name.target +``` + +### 改变当前目标 + +改变当前系统的目标,在root权限下执行如下命令: + +```shell +systemctl isolate name.target +``` + +### 切换到救援模式 + +改变当前系统为救援模式,在root权限下执行如下命令: + +```shell +systemctl rescue +``` + +这条命令和“systemctl isolate rescue.target”类似。命令执行后会在串口有如下打印信息: + +```shell +You are in rescue mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. +Give root password for maintenance +(or press Control-D to continue): +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>从救援模式进入正常模式,用户需要重启系统。 + +### 切换到紧急模式 + +改变当前系统为紧急模式,在root权限下执行如下命令: + +```shell +systemctl emergency +``` + +这条命令和“systemctl isolate emergency.target”类似。命令执行后会在串口有如下打印信息: + +```shell +You are in emergency mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. +Give root password for maintenance +(or press Control-D to continue): +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>从紧急模式进入正常模式,用户需要重启系统。 + +## 关闭、暂停和休眠系统 + +### systemctl命令 + +systemd通过systemctl命令可以对系统进行关机、重启、休眠等一系列操作。当前仍兼容部分Linux常用管理命令,对应关系如[表8](#zh-cn_topic_0151920964_t3daaaba6a03b4c36be9668efcdb61f3b)。建议用户使用systemctl命令进行操作。 + +**表 8** 命令对应关系 + + + + + + + + + + + + + + + + + + + + +

Linux常用管理命令

+

systemctl命令

+

描述

+

halt

+

systemctl halt

+

关闭系统

+

poweroff

+

systemctl poweroff

+

关闭电源

+

reboot

+

systemctl reboot

+

重启

+
+ +### 关闭系统 + +关闭系统并下电,在root权限下执行如下命令: + +```shell +systemctl poweroff +``` + +关闭系统但不下电机器,在root权限下执行如下命令: + +```shell +systemctl halt +``` + +执行上述命令会给当前所有的登录用户发送一条提示消息。如果不想让systemd发送该消息,您可以添加“--no-wall”参数。具体命令如下: + +```shell +systemctl --no-wall poweroff +``` + +### 重启系统 + +重启系统,在root权限下执行如下命令: + +```shell +systemctl reboot +``` + +执行上述命令会给当前所有的登录用户发送一条提示消息。如果不想让systemd发送该消息,您可以添加“--no-wall”参数。具体命令如下: + +```shell +systemctl --no-wall reboot +``` + +### 使系统待机 + +使系统待机,在root权限下执行如下命令: + +```shell +systemctl suspend +``` + +### 使系统休眠 + +使系统休眠,在root权限下执行如下命令: + +```shell +systemctl hibernate +``` + +使系统待机且处于休眠状态,在root权限下执行如下命令: + +```shell +systemctl hybrid-sleep +``` diff --git a/docs/zh/server/administration/administrator/setting_up_the_database_server.md b/docs/zh/server/administration/administrator/setting_up_the_database_server.md new file mode 100644 index 0000000000000000000000000000000000000000..1fd897f2ad3731204960ee7aca906acbdbe2dc3b --- /dev/null +++ b/docs/zh/server/administration/administrator/setting_up_the_database_server.md @@ -0,0 +1,2662 @@ +# 搭建数据库服务器 + +## PostgreSql服务器 + +### 软件介绍 + +PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1](#table62020913417)所示。 + +**图 1** PostgreSql架构 +![](./figures/PostgreSql_architecture.png) + +**表 1** PostgreSql中的主要进程说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

进程类别

+

进程名称

+

说明

+

主进程

+

Postmaster

+

Postmaster是整个数据库实例的总控进程,负责启动和关闭该数据库实例。

+

常驻进程

+

Postgres(常驻进程)

+

管理后端的常驻进程,也称为“postmaster”。其默认侦听UNIXDomain Socket和TCP/IP(Windows等,一部分的平台只侦听TCP/IP)的5432端口,等待来自前端的连接处理。侦听的端口号可以在PostgreSql的设置文件postgresql.conf中修改。

+

子进程

+

Postgres(子进程)

+

子进程根据pg_hba.conf定义的安全策略来判断是否允许进行连接,根据策略,会拒绝某些特定的IP及网络,或者也可以只允许某些特定的用户或者对某些数据库进行连接。

+

Postgres会接受前端过来的查询,然后对数据库进行检索,最后把结果返回,有时也会对数据库进行更新。更新的数据同时还会记录在事务日志里面(PostgreSQL称为WAL日志)。这个主要是当停电、服务器宕机、重新启动的时候进行恢复处理的时候使用。另外,把日志归档保存起来,可在需要进行恢复的时候使用。在PostgreSQL 9.0以后,通过把WAL日志传送其他的postgreSQL,可以实时的进行数据库复制,这就是所谓的“数据库复制”功能。

+

辅助进程

+

SysLogger(系统日志)

+

需要在Postgres.conf中logging_collection设置为on,此时主进程才会启动Syslogger辅助进程。

+

BgWriter(后台写)

+

把共享内存中的脏页写到磁盘上的进程。主要是为了提高插入、更新和删除数据的性能。

+

WALWriter(预写式日志)

+

在修改数据之前把修改操作记录到磁盘中,以便后面更新实时数据时就不需要数据持久化到文件中。

+

PgArch(归档)

+

WAL日志会被循环使用,PgArch在归档前会把WAL日志备份出来。通过PITY(Point in Time Recovery)技术,可以在数据库进行一次全量备份后,将全量备份时间点之后的WAL日志通过归档进行备份,然后凭借数据库的全量备份再加上后面产生的WAL日志,即可把数据库向前推到全量备份后的任意一个时间点。

+

AutoVacuum(系统自动清理)

+

在PostgreSQL数据库中,对表进行DELETE操作后,旧的数据并不会立即被删除,并且,在更新数据时,也并不会在旧的数据上做更新,而是新生成一行数据。旧的数据只是被标识为删除状态,只有在没有并发的其他事务读到这些就数据时,它们才会被清除。这个清除工作就由AutoVacuum进程完成。

+

PgStat(统计收集)

+

做数据的统计收集工作。主要用于查询优化时的代价估算,包括一个表和索引进行了多少次的插入、更新、删除操作,磁盘块读写的次数、行的读次数。pg_statistic中存储了PgStat收集的各类信息。

+

CheckPoint(检查点)

+

检查点是系统设置的事务序列点,设置检查点保证检查点前的日志信息刷到磁盘中。

+
+ +### 配置环境 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>以下环境配置仅为参考示例,具体配置视实际需求做配置 + +#### 关闭防火墙并取消开机自启动 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 + +1. 在root权限下停止防火墙。 + + ```shell + systemctl stop firewalld + ``` + +2. 在root权限下关闭防火墙。 + + ```shell + systemctl disable firewalld + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >执行disable命令关闭防火墙的同时,也取消了开机自启动。 + +#### 修改SELINUX为disabled + +在root权限下修改配置文件。 + +```shell +sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config +``` + +#### 创建组和用户 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 + +1. 在root权限下创建PostgreSQL用户(组)。 + + ```shell + groupadd postgres + useradd -g postgres postgres + ``` + +2. 在root权限下设置postgres用户密码(重复输入密码)。 + + ```shell + passwd postgres + ``` + +#### 搭建数据盘 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 测试极限性能时,建议单独挂载IO性能更优的NVME SSD存储介质创建PostgreSQL测试实例,避免磁盘IO对性能测试结果的影响,本文以单独挂载NVME SSD为例,参考步骤1\~步骤4。 +>- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: +> mkdir /data + +1. 在root权限下创建文件系统(以xfs为例,根据实际需求创建文件系统),若磁盘之前已做过文件系统,执行此命令会出现报错,可使用-f参数强制创建文件系统。 + + ```shell + mkfs.xfs /dev/nvme0n1 + ``` + +2. 在root权限下创建数据目录。 + + ```shell + mkdir /data + ``` + +3. 在root权限下挂载磁盘。 + + ```shell + mount -o noatime,nobarrier /dev/nvme0n1 /data + ``` + +#### 数据目录授权 + +1. 在root权限下修改目录权限。 + + ```shell + chown -R postgres:postgres /data/ + ``` + +### 安装、运行和卸载 + +#### 安装 + +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./configuring_the_repo_server.md)。 + +2. 清除缓存。 + + ```shell + dnf clean all + ``` + +3. 创建缓存。 + + ```shell + dnf makecache + ``` + +4. 在root权限下安装PostgreSQL服务器。 + + ```shell + dnf install postgresql-server + ``` + +5. 查看安装后的rpm包。 + + ```shell + rpm -qa | grep postgresql + ``` + +#### 运行 + +##### 初始化数据库 + +>![](./public_sys-resources/icon-notice.gif) **须知:** +>此步骤在postgres用户下操作。 + +1. 切换到已创建的PostgreSQL用户。 + + ```shell + su - postgres + ``` + +2. 初始化数据库,其中命令中的/usr/bin是命令initdb所在的目录。 + + ```shell + usr/bin/initdb -D /data/ + ``` + +##### 启动数据库 + +1. 启动PostgreSQL数据库。 + + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile start + ``` + +2. 确认PostgreSQL数据库进程是否正常启动。 + + ```shell + ps -ef | grep postgres + ``` + + 命令执行后,打印信息如下图所示,PostgreSQL相关进程已经正常启动了。 + + ![](./figures/postgres.png) + +##### 登录数据库 + +1. 登录数据库。 + + ```shell + /usr/bin/psql -U postgres + ``` + + ![](./figures/login.png) + + >![](./public_sys-resources/icon-note.gif) **说明:** + >初次登录数据库,无需密码。 + +##### 配置数据库帐号密码 + +1. 登录后,设置postgres密码。 + + ```shell + postgres=#alter user postgres with password '123456'; + ``` + + ![](./figures/zh-cn_image_0230050789.png) + +##### 退出数据库 + +1. 执行\\q退出数据库。 + + ```shell + postgres=#\q + ``` + +##### 停止数据库 + +1. 停止PostgreSQL数据库。 + + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop + ``` + +#### 卸载 + +1. 在postgres用户下停止数据库。 + + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop + ``` + +2. 在root用户下执行**dnf remove postgresql-server**卸载PostgreSQL数据库。 + + ```shell + dnf remove postgresql-server + ``` + +### 管理数据库角色 + +#### 创建角色 + +可以使用CREATE ROLE语句或createuser来创建角色。createuser是对CREATE ROLE命令的封装,需要在shell界面执行,而不是在数据库界面。 + +```shell +CREATE ROLE rolename [ [ WITH ] option [ ... ] ]; +``` + +```shell +createuser rolename +``` + +其中: + +- rolename:角色名。 +- option为参数选项,常用的有: + - SUPERUSER | NOSUPERUSER:决定一个新角色是否为"超级用户",若未指定,则默认为NOSUPERUSER,即不是超级用户。 + - CREATEDB | NOCREATEDB:定义一个角色是否能创建数据库,若未指定,则默认为NOCREATEDB,即不能创建数据库。 + - CREATEROLE | NOCREATEROLE:决定一个角色是否可以创建新角色,若未指定,则默认为NOCREATEROLE,即不能创建新角色。 + - INHERIT | NOINHERIT:决定一个角色是否"继承"它所在组的角色的权限。一个带有 INHERIT 属性的角色可以自动使用已经赋与它直接或间接所在组的任何权限。若未指定,则默认为INHERIT。 + - LOGIN | NOLOGIN:决定一个角色是否可以登录,一个拥有LOGIN属性的角色可以认为是一个用户,若无此属性的角色可以用于管理数据库权限,但是并不是用户,若未指定,则默认为NOLOGIN。但若创建角色是使用的是CREATE USER而不是CREATE ROLE,则默认是LOGIN属性。 + - \[ ENCRYPTED | UNENCRYPTED \] PASSWORD 'password':设置角色的密码,密码只对那些拥有 LOGIN 属性的角色有意义。ENCRYPTED | UNENCRYPTED表示是否对密码进行加密,若未指定,则默认为ENCRYPTED,即加密。 + - VALID UNTIL 'timestamp':角色的密码失效的时间戳,若为指定,则表示密码永久有效。 + - IN ROLE rolename1:列出一个或多个现有的角色,新角色rolename将立即加入这些角色,成为rolename1的成员。 + - ROLE rolename2:列出一个或多个现有的角色,它们将自动添加为新角色rolename的成员,即新角色为"组"。 + +要使用这条命令,必须拥有 CREATEROLE 权限或者是数据库超级用户。 + +##### 示例 + +创建一个可以登录的角色roleexample1。 + +```shell +postgres=# CREATE ROLE roleexample1 LOGIN; +``` + +创建一个密码为123456的角色roleexample2。 + +```shell +postgres=# CREATE ROLE roleexample2 WITH LOGIN PASSWORD '123456'; +``` + +创建角色名为roleexample3的角色。 + +```shell +[postgres@localhost ~]# createuser roleexample3 +``` + +#### 查看角色 + +可以使用SELECT语句或psql的元命令\\du查看角色。 + +```shell +SELECT rolename FROM pg_roles; +``` + +```shell +\du +``` + +其中:rolename:角色名。 + +##### 示例 + +查看roleexample1角色。 + +```shell +postgres=# SELECT roleexample1 from pg_roles; +``` + +查看现有角色。 + +```shell +postgres=# \du +``` + +#### 修改角色 + +##### 修改用户名 + +可以使用ALTER ROLE语句修改一个已经存在的角色名。 + +```shell +ALTER ROLE oldrolername RENAME TO newrolename; +``` + +其中: + +- oldrolername:旧的角色名。 +- newrolename:新的角色名。 + +##### 修改用户示例 + +将角色名roleexample1修改为roleexapme2。 + +```shell +postgres=# ALTER ROLE roleexample1 RENAME TO roleexample2; +``` + +##### 修改用户密码 + +可以使用ALTER ROLE语句修改一个角色的登录密码。 + +```shell +ALTER ROLE rolename PASSWORD 'password' +``` + +其中: + +- rolename:角色名。 +- password:密码。 + +##### 修改角色密码示例 + +将roleexample1的密码修改为456789。 + +```shell +postgres=# ALTER ROLE roleexample1 WITH PASSWORD '456789'; +``` + +#### 删除角色 + +可以使用DROP ROLE语句或dropuser来删除角色。dropuser是对DROP ROLE命令的封装,需要在shell界面执行,而不是在数据库界面。 + +```shell +DROP ROLE rolename; +``` + +```shell +dropuser rolename +``` + +其中:rolename为角色名。 + +##### 示例 + +删除userexample1角色。 + +```shell +postgres=# DROP ROLE userexample1; +``` + +删除userexample2角色。 + +```shell +[postgres@localhost ~]# dropuser userexample2 +``` + +#### 角色授权 + +可以使用GRANT语句来对角色授权。 + +对角色授予表的操作权限: + +```shell +GRANT { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +对角色授予序列的操作权限: + +```shell +GRANT { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +对角色授予数据库的操作权限: + +```shell +GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +对角色授予函数的操作权限: + +```shell +GRANT { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +对角色授予过程语言的操作权限: + +```shell +GRANT { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +对角色授予模式的操作权限: + +```shell +GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +对角色授予表空间的操作权限: + +```shell +GRANT { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] +``` + +将角色rolename1的成员关系赋予角色rolename2: + +```shell +GRANT rolename1 [, ...] TO rolename2 [, ...] [ WITH ADMIN OPTION ] +``` + +其中: + +- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL \[ PRIVILEGES \]:用户的操作权限,ALL \[ PRIVILEGES \]表示所有的权限,PRIVILEGES关键字在 PostgreSQL里是可选的,但是严格的SQL 要求有这个关键字。 +- ON字句:用于指定权限授予的对象。 +- tablename:表名。 +- TO字句:用来指定被赋予权限的角色。 +- rolename、rolename1、rolename2:角色名。 +- groupname:角色组名。 +- PUBLIC:表示该权限要赋予所有角色,包括那些以后可能创建的用户。 +- WITH GRANT OPTION:表示权限的接收者也可以将此权限赋予他人,否则就不能授权他人。该选项不能赋予给PUBLIC。 +- sequencename:序列名。 +- databasename:数据库名。 +- funcname \( \[ \[ argmode \] \[ argname \] argtype \[, ...\] \] \):函数名及其参数。 +- langname:过程语言名。 +- schemaname:模式名。 +- tablespacename:表空间名。 +- WITH ADMIN OPTION:表示成员随后就可以将角色的成员关系赋予其他角色,以及撤销其他角色的成员关系。 + +##### 示例 + +对userexample授予数据库database1的CREATE权限。 + +```shell +postgres=# GRANT CREATE ON DATABASE database1 TO userexample; +``` + +对所有用户授予表table1的所有权限。 + +```shell +postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; +``` + +#### 删除用户权限 + +可以使用REVOKE语句来撤销以前赋予一个或多个角色的权限。 + +撤销角色对表的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] +``` + +撤销角色对序列的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +撤销角色对数据库的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +撤销角色对函数的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +撤销角色对过程语言的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +撤销角色对模式的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +撤销角色对表空间的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] +``` + +删除rolename2的rolename1的成员关系: + +```shell +REVOKE [ ADMIN OPTION FOR ] rolename1 [, ...] FROM rolename2 [, ...] [ CASCADE | RESTRICT ] +``` + +其中: + +- GRANT OPTION FOR:表示只是撤销对该权限的授权的权力,而不是撤销该权限本身。 +- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL \[ PRIVILEGES \]:用户的操作权限,ALL \[ PRIVILEGES \]表示所有的权限,PRIVILEGES关键字在 PostgreSQL里是可选的,但是严格的SQL 要求有这个关键字。 +- ON字句:用于指定撤销权限的对象。 +- tablename:表名。 +- FROM字句:用来指定被撤销权限的角色。 +- rolename、rolename1、rolename2:角色名。 +- groupname:角色组名。 +- PUBLIC:表示撤销隐含定义的、拥有所有角色的组,但并不意味着所有角色都失去了权限,那些直接得到的权限以及通过一个组得到的权限仍然有效。 +- sequencename:序列名。 +- CASCADE:撤销所有依赖性权限。 +- RESTRICT:不撤销所有依赖性权限。 +- databasename:数据库名。 +- funcname \( \[ \[ argmode \] \[ argname \] argtype \[, ...\] \] \):函数名及其参数。 +- langname:过程语言名。 +- schemaname:模式名。 +- tablespacename:表空间名。 +- ADMIN OPTION FOR:表示传递的授权不会自动收回。 + +##### 示例 + +对userexample授予数据库database1的CREATE权限。 + +```shell +postgres=# GRANT CREATE ON DATABASE database1 TO userexample; +``` + +对所有用户授予表table1的所有权限。 + +```shell +postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; +``` + +### 管理数据库 + +#### 创建数据库 + +可以使用CREATE DATABASE语句或createdb来创建数据库。createrdb是对CREATE DATABASE命令的封装,需要在shell界面执行,而不是在数据库界面。 + +```shell +CREATE DATABASE databasename; +``` + +```shell +createdb databasename +``` + +其中:databasename为数据库名。 + +要使用这条命令,必须拥有CREATEDB权限。 + +##### 示例 + +创建一个数据库database1。 + +```shell +postgres=# CREATE DATABASE database1; +``` + +#### 选择数据库 + +可以使用\\c语句来选择数据库。 + +```shell +\c databasename; +``` + +其中:databasename为数据库名称。 + +##### 示例 + +选择databaseexample数据库。 + +```shell +postgres=# \c databaseexample; +``` + +#### 查看数据库 + +可以使用\\l语句来查看数据库。 + +```shell +\l; +``` + +##### 示例 + +查看所有数据库。 + +```shell +postgres=# \l; +``` + +#### 删除数据库 + +可以使用DROP DATABASE语句或dropdb来删除数据库。dropdb是对DROP DATABASE命令的封装,需要在shell界面执行,而不是在数据库界面。 + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 + +```shell +DROP DATABASE databasename; +``` + +```shell +dropdb databasename +``` + +其中:databasename为数据库名称。 + +DROP DATABASE会删除数据库的系统目录项并且删除包含数据的文件目录。 + +DROP DATABASE只能由超级管理员或数据库拥有者执行。 + +##### 示例 + +删除databaseexample数据库。 + +```shell +postgres=# DROP DATABASE databaseexample; +``` + +#### 备份数据库 + +可以使用pg\_dump命令备份数据库,将数据库转储到一个脚本文件或其他归档文件中。 + +```shell +pg_dump [option]... [databasename] > outfile +``` + +其中: + +- databasename:数据库名称。如果没有声明这个参数,那么使用环境变量 PGDATABASE 。如果那个环境变量也没声明,那么使用发起连接的用户名。 +- outfile:数据库备份的文件。 +- option:pg\_dump命令参数选项,多个参数之间可以使用空格分隔。常用的pg\_dump命令参数选项如下: + - -f,\-\-file= _filename_ :指输出到指定的文件。如果忽略,则使用标准输出。 + - -d,\-\-dbname= _databasename_ :指定转储的数据库。 + - -h,\-\-host= _hostname_ :指定主机名。 + - -p,\-\-port= _portnumber_ :指定端口。 + - -U,\-\-username= _username_ :指定连接的用户名。 + - -W,\-\-password:强制口令提示(自动)。 + +##### 示例 + +备份主机为192.168.202.144,端口为3306,postgres用户下的database1数据库到db1.sql中。 + +```shell +[postgres@localhost ~]# pg_dump -h 192.168.202.144 -p 3306 -U postgres -W database1 > db1.sql +``` + +#### 恢复数据库 + +可以使用psql命令恢复数据库。 + +```shell +psql [option]... [databasename [username]] < infile +``` + +其中: + +- databasename:数据库名称。如果没有声明这个参数,那么使用环境变量 PGDATABASE 。如果那个环境变量也没声明,那么使用发起连接的用户名。 +- username:用户名。 +- infile:pg\_dump命令中的outfile参数。 +- option:psql命令参数选项,多个参数之间可以使用空格分隔。常用的psql命令参数选项如下: + - -f,--file=filename:指输出到指定的文件。如果忽略,则使用标准输出。 + - -d,--dbname=databasename:指定转储的数据库。 + - -h,--host=hostname:指定主机名。 + - -p,--port=portnumber:指定端口。 + - -U,--username=username:指定连接的用户名。 + - -W,--password:强制口令提示(自动)。 + +psql命令不会自动创建databasename数据库,所以在执行psql恢复数据库之前需要先创建databasename数据库。 + +##### 示例 + +将db1.sql脚本文件导入到主机为192.168.202.144,端口为3306,postgres用户下newdb数据库中。 + +```shell +[postgres@localhost ~]# createdb newdb +[postgres@localhost ~]# psql -h 192.168.202.144 -p 3306 -U postgres -W -d newdb < db1.sql +``` + +## Mariadb服务器 + +### 软件介绍 + +MariaDB数据库管理系统是MySQL的一个分支,主要由开源社区在维护,采用GPL授权许可。MariaDB的目的是完全兼容MySQL,包括API和命令行,使之能轻松成为MySQL的代替品,MariaDB还提供了许多更好的新特性。 + +MariaDB的架构如[图2](#fig13492418164520)所示。 + +**图 2** MariaDB逻辑架构 +![](./figures/logical_architectureofMariaDB.png) + +当Mariadb接受到Sql语句时,其详细的执行过程如下: + +1. 当客户端连接到mariadb的时候,会认证客户端的主机名、用户、密码,认证功能可以做成插件。 +2. 如果登录成功,客户端发送sql命令到服务端。由解析器解析sql语句。 +3. 服务端检查客户端是否有权限去获取它想要的资源。 +4. 如果查询已经存储在query cache当中,那么结果立即返回。 +5. 优化器将会找出最快的执行策略,或者是执行计划,也就是说优化器可以决定什么表将会被读,以及哪些索引会被访问,哪些临时表会被使用,一个好的策略能够减少大量的磁盘访问和排序操作等。 +6. 存储引擎读写数据和索引文件,cache用来加速这些操作,其他的诸如事物和外键特性,都是在存储引擎层处理的。 + +存储引擎在物理层管控数据,它负责数据文件、数据、索引、cache等的管理,这使得管理和读取数据变得更高效,每一张表,都有一个.frm文件,这些文件包含着表的定义。 + +每一个存储引擎管理、存储数据的方式都是不同的,所支持的特性和性能也不尽相同。例如: + +- MyISAM,适合读多写少的环境,且不支持事务,支持全文索引等。 +- noDB,支持事务,支持行锁和外键等。 +- MEMORY,将数据存储在内存当中。 +- CSV,将数据存储为CSV格式。 + +### 配置环境 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>以下环境配置仅为参考示例,具体配置视实际需求做配置 + +#### 关闭防火墙并取消开机自启动 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 + +1. 在root权限下停止防火墙。 + + ```shell + systemctl stop firewalld + ``` + +2. 在root权限下关闭防火墙。 + + ```shell + systemctl disable firewalld + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >执行disable命令关闭防火墙的同时,也取消了开机自启动。 + +#### 修改SELINUX为disabled + +1. 在root权限下修改配置文件。 + + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + ``` + +#### 创建组和用户 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 + +1. 在root权限下创建MySQL用户(组)。 + + ```shell + groupadd mysql + ``` + + ```shell + useradd -g mysql mysql + ``` + +2. 在root权限下设置MySQL用户密码。 + + ```shell + passwd mysql + ``` + + 重复输入密码(根据实际需求设置密码)。 + +#### 搭建数据盘 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二。 +>- 非性能测试时,在root权限下执行`mkdir /data`创建数据目录即可。然后跳过本小节。 + +##### 方法一:在root权限下使用fdisk进行磁盘管理 + +1. 创建分区(以/dev/sdb为例,根据实际情况创建) + + ```shell + fdisk /dev/sdb + ``` + +2. 输入n,按回车确认。 +3. 输入p,按回车确认。 +4. 输入1,按回车确认。 +5. 采用默认配置,按回车确认。 +6. 采用默认配置,按回车确认。 +7. 输入w,按回车保存。 +8. 创建文件系统(以xfs为例,根据实际需求创建文件系统) + + ```shell + mkfs.xfs /dev/sdb1 + ``` + +9. 挂载分区到“/data”以供操作系统使用。 + + ```shell + mkdir /data + ``` + + ```shell + mount /dev/sdb1 /data + ``` + +10. 执行命令“vi /etc/fstab", 编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 + + 其中,/dev/nvme0n1p1为示例,具体名称以实际情况为准。 + + ![](./figures/creat_datadisk1.png) + +##### 方法二:在root权限下使用LVM进行磁盘管理 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>此步骤需要安装镜像中的lvm2相关包,步骤如下: +> +> - 配置本地yum源,详细信息请参考[搭建repo服务器](./configuring_the_repo_server.md)。如果已经执行,则可跳过此步。 +> - 在root权限下执行`yum install lvm2`命令安装lvm2。 + +1. 创建物理卷(sdb为硬盘名称,具体名字以实际为准)。 + + ```shell + pvcreate /dev/sdb + ``` + +2. 创建物理卷组(其中datavg为创建的卷组名称,具体名字以实际规划为准)。 + + ```shell + vgcreate datavg /dev/sdb + ``` + +3. 创建逻辑卷(其中600G为规划的逻辑卷大小,具体大小以实际情况为准;datalv为创建的逻辑卷的名字,具体名称以实际规划为准。)。 + + ```shell + lvcreate -L 600G -n datalv datavg + ``` + +4. 创建文件系统。 + + ```shell + mkfs.xfs /dev/datavg/datalv + ``` + +5. 创建数据目录并挂载。 + + ```shell + mkdir /data + mount /dev/datavg/datalv /data + ``` + +6. 执行命令**vi /etc/fstab**,编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 + + 其中,/dev/datavg/datalv为示例,具体名称以实际情况为准。 + + ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png) + +#### 创建数据库目录并且授权 + +1. 在已创建的数据目录 **/data** 基础上,使用root权限继续创建进程所需的相关目录并授权MySQL用户(组)。 + + ```shell + mkdir -p /data/mariadb + cd /data/mariadb + mkdir data tmp run log + chown -R mysql:mysql /data + ``` + +### 安装、运行和卸载 + +#### 安装 + +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./configuring_the_repo_server.md)。 + +2. 清除缓存。 + + ```shell + dnf clean all + ``` + +3. 创建缓存。 + + ```shell + dnf makecache + ``` + +4. 在root权限下安装mariadb服务器。 + + ```shell + dnf install mariadb-server + ``` + +5. 查看安装后的rpm包。 + + ```shell + rpm -qa | grep mariadb + ``` + +#### 运行 + +1. 在root权限下开启mariadb服务器。 + + ```shell + systemctl start mariadb + ``` + +2. 在root权限下初始化数据库。 + + ```shell + /usr/bin/mysql_secure_installation + ``` + + 命令执行过程中需要输入数据库的root设置的密码,若没有密码则直接按“Enter”。然后根据提示及实际情况进行设置。 + +3. 登录数据库。 + + ```shell + mysql -u root -p + ``` + + 命令执行后提示输入密码。密码为[2](#li197143190587)中设置的密码。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >执行 **\\q** 或者 **exit** 可退出数据库。 + +#### 卸载 + +1. 在root权限下关闭数据库进程。 + + ```shell + ps -ef | grep mysql + kill -9 进程ID + ``` + +2. 在root权限下执行**dnf remove mariadb-server**命令卸载mariadb。 + + ```shell + dnf remove mariadb-server + ``` + +### 管理数据库用户 + +#### 创建用户 + +可以使用CREATE USER语句来创建一个或多个用户,并设置相应的口令。 + +```shell +CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; +``` + +其中: + +- username:用户名。 +- host:主机名,即用户连接数据库时所在的主机的名字。若是本地用户可用localhost,若在创建的过程中,未指定主机名,则主机名默认为“%”,表示一组主机。 +- password:用户的登录密码,密码可以为空,如果为空则该用户可以不需要密码登录服务器,但从安全的角度而言,不推荐这种做法。 + +使用CREATE USER语句必须拥有数据库的INSERT权限或全局CREATE USER权限。 + +使用CREATE USER语句创建一个用户帐号后,会在系统自身的数据库的user表中添加一条新记录。若创建的帐户已经存在,则语句执行时会出现错误。 + +新创建的用户拥有的权限很少,只允许进行不需要权限的操作,如使用SHOW语句查询所有存储引擎和字符集的列表等。 + +##### 示例 + +创建密码为123456,用户名为userexample1的本地用户。 + +```shell +> CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; +``` + +创建密码为123456,用户名为userexample2,主机名为192.168.1.100的用户。 + +```shell +> CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; +``` + +#### 查看用户 + +可以使用SHOW GRANTS语句或SELECT语句查看一个或多个用户。 + +查看特定用户: + +```shell +SHOW GRANTS [FOR 'username'@'hostname']; +``` + +```shell +SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; +``` + +查看所有用户: + +```shell +SELECT USER,HOST,PASSWORD FROM mysql.user; +``` + +其中: + +- username:用户名。 +- hostname:主机名。 + +##### 示例 + +查看userexample1用户。 + +```shell +> SHOW GRANTS FOR 'userexample1'@'localhost'; +``` + +查看mysql数据库中所有用户。 + +```shell +> SELECT USER,HOST,PASSWORD FROM mysql.user; +``` + +#### 修改用户 + +##### 修改用户名 + +可以使用RENAME USER语句修改一个或多个已经存在的用户名。 + +```shell +RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; +``` + +其中: + +- oldusername:旧的用户名。 +- newusername:新的用户名。 +- hostname:主机名。 + +RENAME USER语句用于对原有的帐号进行重命名。若系统中旧帐号不存在或者新帐号已存在,则该语句执行时会出现错误。 + +使用RENAME USER语句,必须拥有数据库的UPDATE权限或全局CREATE USER权限。 + +##### 修改用户示例 + +将用户名userexample1修改为userexapme2,主机名为locahost。 + +```shell +> RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; +``` + +##### 修改用户密码 + +可以使用SET PASSWORD语句修改一个用户的登录密码。 + +```shell +SET PASSWORD FOR 'username'@'hostname' = PASSWORD('newpassword'); +``` + +其中: + +- FOR 'username'@'hostname':FOR字句,可选项,指定欲修改密码的用户名及主机名。 +- PASSWORD\('newpassword'\):表示使用函数PASSWORD\(\)设置新口令,即新口令必须传递到函数PASSWORD\(\)中进行加密。 + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>PASSWORD\(\)函数为单向加密函数,一旦加密后不能解密出原明文。 + +在SET PASSWORD语句中,若不加上FOR子句,表示修改当前用户的密码。 + +FOR字句中必须以'username'@'hostname'的格式给定,username为帐户的用户名,hostname为帐户的主机名。 + +欲修改密码的帐号必须在系统中存在,否则语句执行时会出现错误。 + +##### 修改用户密码示例 + +将用户名为userexample的密码修改为0123456,主机名为locahost。 + +```shell +> SET PASSWORD FOR 'userexample'@'localhost' = PASSWORD('0123456') ; +``` + +#### 删除用户 + +可以使用DROP USER语句来删除一个或多个用户帐号以及相关的权限。 + +```shell +DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']…; +``` + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的帐号。 + +DROP USER语句可用于删除一个或多个数据库帐号,并删除其原有权限。 + +使用DROP USER语句必须拥有数据库的DELETE权限或全局CREATE USER权限。 + +在DROP USER语句的使用中,若没有明确地给出帐号的主机名,则该主机名默认为“%”。 + +##### 示例 + +删除用户名为userexample的本地用户。 + +```shell +> DROP USER 'userexample'@'localhost'; +``` + +#### 用户授权 + +可以使用GRANT语句来对新建用户的授权。 + +```shell +GRANT privileges ON databasename.tablename TO 'username'@'hostname'; +``` + +其中: + +- ON字句:用于指定权限授予的对象和级别。 +- privileges:用户的操作权限,如SELECT,INSERT,UPDATE等,如果要授予所有的权限则使用ALL。 +- databasename:数据库名。 +- tablename:表名。 +- TO字句:用来设定用户密码,以及指定被赋予权限的用户。 +- username:用户名。 +- hostname:主机名。 + +如果要授予该用户对所有数据库和表的相应操作权限则可用\*表示,如\*.\*。 + +如果在TO子句中给系统中存在的用户指定密码,则新密码会将原密码覆盖。 + +如果权限被授予给一个不存在的用户,则会自动执行一条CREATE USER语句来创建这个用户,但同时必须为该用户指定密码。 + +##### 示例 + +对本地用户userexample授予SELECT和INSERT权限。 + +```shell +> GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; +``` + +#### 删除用户权限 + +可以使用REVOKE语句来删除一个用户的权限,但此用户不会被删除。 + +```shell +REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; +``` + +其中REVOKE语句的参数与GRANT语句的参数含义相同。 + +要使用 REVOKE 语句,必须拥有数据库的全局CREATE USER权限或UPDATE权限。 + +##### 示例 + +删除本地用户userexample的INSERT权限。 + +```shell +> REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; +``` + +### 管理数据库 + +#### 创建数据库 + +可以使用CREATE DATABASE语句来创建数据库。 + +```shell +CREATE DATABASE databasename; +``` + +其中:databasename为数据库名称,且数据库名称不区分大小写。 + +##### 示例 + +创建数据库名为databaseexample的数据库。 + +```shell +> CREATE DATABASE databaseexample; +``` + +#### 查看数据库 + +可以使用SHOW DATABASES语句来查看数据库。 + +```shell +SHOW DATABASES; +``` + +##### 示例 + +查看所有数据库。 + +```shell +> SHOW DATABASES; +``` + +#### 选择数据库 + +一般创建表,查询表等操作首先需要选择一个目标数据库。可以使用USE语句来选择数据库。 + +```shell +USE databasename; +``` + +其中:databasename为数据库名称。 + +##### 示例 + +选择databaseexample数据库。 + +```shell +> USE databaseexample; +``` + +#### 删除数据库 + +可以使用DROP DATABASE语句来删除数据库。 + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 + +```shell +DROP DATABASE databasename; +``` + +其中:databasename为数据库名称。 + +DROP DATABASE命令用于删除创建过\(已存在\)的数据库,且会删除数据库中的所有表,但数据库的用户权限不会自动删除。 + +要使用DROP DATABASE,您需要数据库的DROP权限。 + +DROP SCHEMA是DROP DATABASE的同义词。 + +##### 示例 + +删除databaseexample数据库。 + +```shell +> DROP DATABASE databaseexample; +``` + +#### 备份数据库 + +可以在root权限下使用mysqldump命令备份数据库。 + +备份一个或多个表: + +```shell +mysqldump [options] databasename [tablename ...] > outfile +``` + +备份一个或多个库: + +```shell +mysqldump [options] -databases databasename ... > outfile +``` + +备份所有库: + +```shell +mysqldump [options] -all-databases > outputfile +``` + +其中: + +- databasename:数据库名称。 +- tablename:数据表名称。 +- outfile:数据库备份的文件。 +- options:mysqldump命令参数选项,多个参数之间可以使用空格分隔。常用的mysqldump命令参数选项如下: + - -u, \-\-user= _username_ :指定用户名。 + - -p, \-\-password\[= _password_\]:指定密码。 + - -P, \-\-port= _portnumber_ :指定端口。 + - -h, \-\-host= _hostname_ :指定主机名。 + - -r, \-\-result-file= _filename_ :将导出结果保存到指定的文件中,等同于“\>”。 + - -t:只备份数据。 + - -d:只备份表结构。 + +##### 示例 + +备份主机为192.168.202.144,端口为3306,root用户下的所有数据库到alldb.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql +``` + +备份主机为192.168.202.144,端口为3306,root用户下的db1数据库到db1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql +``` + +备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的tb1表到db1tb1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql +``` + +只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的表结构到db1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql +``` + +只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的数据到db1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql +``` + +#### 恢复数据库 + +可以在root权限下使用mysql命令恢复数据库。 + +恢复一个或多个表: + +```shell +mysql -h hostname -P portnumber -u username -ppassword databasename < infile +``` + +其中: + +- hostname:主机名。 +- portnumber:端口号。 +- username:用户名。 +- password:密码。 +- databasename:数据库名。 +- infile:mysqldump命令中的outfile参数。 + +##### 示例 + +恢复数据库。 + +```shell +# mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql +``` + +## MySQL服务器 + +### 软件介绍 + +MySQL是一个关系型数据库管理系统,由瑞典MySQL AB公司开发,目前属于Oracle旗下产品。MySQL是业界最流行的RDBMS \(Relational Database Management System,关系数据库管理系统\)之一,尤其在WEB应用方面。 + +关系数据库将数据保存在不同的表中,而不是将所有数据放在一个大仓库内,这样就加快了速度并提高了灵活性。 + +MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。MySQL软件采用了双授权模式,分为社区版和商业版,由于其体积小、速度快、总体拥有成本低,尤其是开放源码这一特点,一般中小型网站的开发都选择MySQL作为网站数据库。 + +### 配置环境 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>以下环境配置仅为参考示例,具体配置视实际需求做配置 + +#### 关闭防火墙并取消开机自启动 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 + +1. 在root权限下停止防火墙。 + + ```shell + systemctl stop firewalld + ``` + +2. 在root权限下关闭防火墙。 + + ```shell + systemctl disable firewalld + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >执行disable命令关闭防火墙的同时,也取消了开机自启动。 + +#### 修改SELINUX为disabled + +1. 在root权限下修改配置文件。 + + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + ``` + +#### 创建组和用户 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 + +1. 在root权限下创建MySQL用户(组)。 + + ```shell + groupadd mysql + ``` + + ```shell + useradd -g mysql mysql + ``` + +2. 在root权限下设置MySQL用户密码。 + + ```shell + passwd mysql + ``` + + 重复输入密码(根据实际需求设置密码)。 + +#### 搭建数据盘 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二。 +>- 非性能测试时,在root权限下执行`mkdir /data`创建数据目录即可。然后跳过本小节: + +##### 方法一:在root权限下使用fdisk进行磁盘管理 + +1. 创建分区(以/dev/sdb为例,根据实际情况创建) + + ```shell + fdisk /dev/sdb + ``` + +2. 输入n,按回车确认。 +3. 输入p,按回车确认。 +4. 输入1,按回车确认。 +5. 采用默认配置,按回车确认。 +6. 采用默认配置,按回车确认。 +7. 输入w,按回车保存。 +8. 创建文件系统(以xfs为例,根据实际需求创建文件系统) + + ```shell + mkfs.xfs /dev/sdb1 + ``` + +9. 挂载分区到“/data”以供操作系统使用。 + + ```shell + mkdir /data + ``` + + ```shell + mount /dev/sdb1 /data + ``` + +10. 执行命令“vi /etc/fstab", 编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 + + 其中,/dev/nvme0n1p1为示例,具体名称以实际情况为准。 + + ![](./figures/creat_datadisk.png) + +##### 方法二:在root权限下使用LVM进行磁盘管理 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>此步骤需要安装镜像中的lvm2相关包,步骤如下: +> +> - 配置本地yum源,详细信息请参考[搭建repo服务器](./configuring_the_repo_server.md)。如果已经执行,则可跳过此步。 +> - 执行`yum install lvm2`安装lvm2。 + +1. 创建物理卷(sdb为硬盘名称,具体名字以实际为准)。 + + ```shell + pvcreate /dev/sdb + ``` + +2. 创建物理卷组(其中datavg为创建的卷组名称,具体名字以实际规划为准)。 + + ```shell + vgcreate datavg /dev/sdb + ``` + +3. 创建逻辑卷(其中600G为规划的逻辑卷大小,具体大小以实际情况为准;datalv为创建的逻辑卷的名字,具体名称以实际规划为准。)。 + + ```shell + lvcreate -L 600G -n datalv datavg + ``` + +4. 创建文件系统。 + + ```shell + mkfs.xfs /dev/datavg/datalv + ``` + +5. 创建数据目录并挂载。 + + ```shell + mkdir /data + ``` + + ```shell + mount /dev/datavg/datalv /data + ``` + +6. 执行命令**vi /etc/fstab**,编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 + + 其中,/dev/datavg/datalv为示例,具体名称以实际情况为准。 + + ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png) + +#### 创建数据库目录并且授权 + +1. 在已创建的数据目录 **/data** 基础上,使用root权限继续创建进程所需的相关目录并授权MySQL用户(组)。 + + ```shell + mkdir -p /data/mysql + cd /data/mysql + mkdir data tmp run log + chown -R mysql:mysql /data + ``` + +### 安装、运行和卸载 + +#### 安装 + +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./configuring_the_repo_server.md)章节。 + +2. 清除缓存。 + + ```shell + dnf clean all + ``` + +3. 创建缓存。 + + ```shell + dnf makecache + ``` + +4. 在root权限下安装MySQL服务器。 + + ```shell + dnf install mysql-server + ``` + +5. 查看安装后的rpm包。 + + ```shell + rpm -qa | grep mysql-server + ``` + +#### 运行 + +1. 修改配置文件。 + 1. 在root权限下创建my.cnf文件,其中文件路径(包括软件安装路径basedir、数据路径datadir等)根据实际情况修改。 + + ```shell + vi /etc/my.cnf + ``` + + 编辑my.cnf内容如下: + + ```text + [mysqld_safe] + log-error=/data/mysql/log/mysql.log + pid-file=/data/mysql/run/mysqld.pid + [mysqldump] + quick + [mysql] + no-auto-rehash + [client] + default-character-set=utf8 + [mysqld] + basedir=/usr/local/mysql + socket=/data/mysql/run/mysql.sock + tmpdir=/data/mysql/tmp + datadir=/data/mysql/data + default_authentication_plugin=mysql_native_password + port=3306 + user=mysql + ``` + + 2. 确保my.cnf配置文件修改正确。 + + ```shell + cat /etc/my.cnf + ``` + + ![](./figures/zh-cn_image_0231563132.png) + + >![](./public_sys-resources/icon-caution.gif) **注意:** + >其中basedir为软件安装路径,请根据实际情况修改。 + + 3. 在root权限下修改/etc/my.cnf文件的组和用户为mysql:mysql + + ```shell + chown mysql:mysql /etc/my.cnf + ``` + +2. 配置环境变量。 + 1. 安装完成后,在root权限下将MySQL二进制文件路径到PATH。 + + ```shell + echo export PATH=$PATH:/usr/local/mysql/bin >> /etc/profile + ``` + + >![](./public_sys-resources/icon-caution.gif) **注意:** + >其中PATH中的“/usr/local/mysql/bin“路径,为MySQL软件安装目录下的bin文件的绝对路径。请根据实际情况修改。 + + 2. 在root权限下使环境变量配置生效。 + + ```shell + source /etc/profile + ``` + +3. 在root权限下初始化数据库。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >本步骤倒数第2行中有初始密码,请注意保存,登录数据库时需要使用。 + + ```shell + # mysqld --defaults-file=/etc/my.cnf --initialize + 2020-03-18T03:27:13.702385Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.17) initializing of server in progress as process 34014 + 2020-03-18T03:27:24.112453Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: iNat=)#V2tZu + 2020-03-18T03:27:28.576003Z 0 [System] [MY-013170] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.17) initializing of server has completed + ``` + + 查看打印信息,打印信息中包括“initializing of server has completed”表示初始化数据库完成,且打印信息中“A temporary password is generated for root@localhost: iNat=\)V2tZu”的“iNat=\)V2tZu”为初始密码。 + +4. 启动数据库。 + + >![](./public_sys-resources/icon-caution.gif) **注意:** + >如果第一次启动数据库服务,以root用户启动数据库,则启动时会提示缺少mysql.log文件而导致失败。使用mysql用户启动之后,会在/data/mysql/log目录下生成mysql.log文件,再次使用root用户启动则不会报错。 + + 1. 在root权限下修改文件权限。 + + ```shell + chmod 777 /usr/local/mysql/support-files/mysql.server + chown mysql:mysql /var/log/mysql/* + ``` + + 2. 在root权限下启动MySQL。 + + ```shell + cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql + chkconfig mysql on + ``` + + 以mysql用户启动数据库。 + + ```shell + su - mysql + service mysql start + ``` + +5. 登录数据库。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >- 提示输入密码时,请输入[3](#li15634560582)产生的初始密码。 + >- 如果采用官网RPM安装方式,则mysql文件在/usr/bin目录下。登录数据库的命令根据实际情况修改。 + + ```shell + # /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock + ``` + + ![](./figures/zh-cn_image_0231563134.png) + +6. 配置数据库帐号密码。 + 1. 登录数据库以后,修改通过root用户登录数据库的密码。 + + ```shell + mysql> alter user 'root'@'localhost' identified by "123456"; + ``` + + 2. 创建全域root用户(允许root从其他服务器访问)。 + + ```shell + mysql> create user 'root'@'%' identified by '123456'; + ``` + + 3. 进行授权。 + + ```shell + mysql> grant all privileges on *.* to 'root'@'%'; + mysql> flush privileges; + ``` + + ![](./figures/zh-cn_image_0231563135.png) + +7. 退出数据库。 + + 执行 **\\q** 或者 **exit** 退出数据库。 + + ```shell + mysql> exit + ``` + + ![](./figures/zh-cn_image_0231563136.png) + +#### 卸载 + +1. 在root权限下关闭数据库进程。 + + ```shell + ps -ef | grep mysql + kill -9 进程ID + ``` + +2. 在root权限下执行**dnf remove mysql**命令卸载MySQL。 + + ```shell + dnf remove mysql + ``` + +### 管理数据库用户 + +#### 创建用户 + +可以使用CREATE USER语句来创建一个或多个用户,并设置相应的口令。 + +```shell +CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; +``` + +其中: + +- username:用户名。 +- host:主机名,即用户连接数据库时所在的主机的名字。若是本地用户可用localhost,若在创建的过程中,未指定主机名,则主机名默认为“%”,表示一组主机。 +- password:用户的登录密码,密码可以为空,如果为空则该用户可以不需要密码登录服务器,但从安全的角度而言,不推荐这种做法。 + +使用CREATE USER语句必须拥有数据库的INSERT权限或全局CREATE USER权限。 + +使用CREATE USER语句创建一个用户帐号后,会在系统自身的数据库的user表中添加一条新记录。若创建的帐户已经存在,则语句执行时会出现错误。 + +新创建的用户拥有的权限很少,只允许进行不需要权限的操作,如使用SHOW语句查询所有存储引擎和字符集的列表等。 + +##### 示例 + +创建密码为123456,用户名为userexample1的本地用户。 + +```shell +> CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; +``` + +创建密码为123456,用户名为userexample2,主机名为192.168.1.100的用户。 + +```shell +> CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; +``` + +#### 查看用户 + +可以使用SHOW GRANTS语句或SELECT语句查看一个或多个用户。 + +查看特定用户: + +```shell +SHOW GRANTS [FOR 'username'@'hostname']; +``` + +```shell +SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; +``` + +查看所有用户: + +```shell +SELECT USER,HOST FROM mysql.user; +``` + +其中: + +- username:用户名。 +- hostname:主机名。 + +##### 示例 + +查看userexample1用户。 + +```shell +> SHOW GRANTS FOR 'userexample1'@'localhost'; +``` + +查看mysql数据库中所有用户。 + +```shell +> SELECT USER,HOST FROM mysql.user; +``` + +#### 修改用户 + +##### 修改用户名 + +可以使用RENAME USER语句修改一个或多个已经存在的用户名。 + +```shell +RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; +``` + +其中: + +- oldusername:旧的用户名。 +- newusername:新的用户名。 +- hostname:主机名。 + +RENAME USER语句用于对原有的帐号进行重命名。若系统中旧帐号不存在或者新帐号已存在,则该语句执行时会出现错误。 + +使用RENAME USER语句,必须拥有数据库的UPDATE权限或全局CREATE USER权限。 + +##### 修改用户示例 + +将用户名userexample1修改为userexapme2,主机名为locahost。 + +```shell +> RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; +``` + +##### 修改用户密码 + +可以使用SET PASSWORD语句修改一个用户的登录密码。 + +```shell +SET PASSWORD FOR 'username'@'hostname' = 'newpassword'; +``` + +其中: + +- FOR 'username'@'hostname':FOR字句,可选项,指定欲修改密码的用户名及主机名。 +- 'newpassword':新密码。 + +在SET PASSWORD语句中,若不加上FOR子句,表示修改当前用户的密码。 + +FOR字句中必须以'username'@'hostname'的格式给定,username为帐户的用户名,hostname为帐户的主机名。 + +欲修改密码的帐号必须在系统中存在,否则语句执行时会出现错误。 + +##### 修改用户密码示例 + +将用户名为userexample的密码修改为0123456,主机名为locahost。 + +```shell +> SET PASSWORD FOR 'userexample'@'localhost' = '0123456'; +``` + +#### 删除用户 + +可以使用DROP USER语句来删除一个或多个用户帐号以及相关的权限。 + +```shell +DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']…; +``` + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的帐号。 + +DROP USER语句可用于删除一个或多个数据库帐号,并删除其原有权限。 + +使用DROP USER语句必须拥有数据库的DELETE权限或全局CREATE USER权限。 + +在DROP USER语句的使用中,若没有明确地给出帐号的主机名,则该主机名默认为“%”。 + +##### 示例 + +删除用户名为userexample的本地用户。 + +```shell +> DROP USER 'userexample'@'localhost'; +``` + +#### 用户授权 + +可以使用GRANT语句来对新建用户的授权。 + +```shell +GRANT privileges ON databasename.tablename TO 'username'@'hostname'; +``` + +其中: + +- ON字句:用于指定权限授予的对象和级别。 +- privileges:用户的操作权限,如SELECT,INSERT,UPDATE等,如果要授予所有的权限则使用ALL。 +- databasename:数据库名。 +- tablename:表名。 +- TO字句:用来设定用户密码,以及指定被赋予权限的用户。 +- username:用户名。 +- hostname:主机名。 + +如果要授予该用户对所有数据库和表的相应操作权限则可用\*表示,如\*.\*。 + +如果在TO子句中给系统中存在的用户指定密码,则新密码会将原密码覆盖。 + +如果权限被授予给一个不存在的用户,则会自动执行一条CREATE USER语句来创建这个用户,但同时必须为该用户指定密码。 + +##### 示例 + +对本地用户userexample授予SELECT和INSERT权限。 + +```shell +> GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; +``` + +#### 删除用户权限 + +可以使用REVOKE语句来删除一个用户的权限,但此用户不会被删除。 + +```shell +REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; +``` + +其中REVOKE语句的参数与GRANT语句的参数含义相同。 + +要使用 REVOKE 语句,必须拥有数据库的全局CREATE USER权限或UPDATE权限。 + +##### 示例 + +删除本地用户userexample的INSERT权限。 + +```shell +> REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; +``` + +### 管理数据库 + +#### 创建数据库 + +可以使用CREATE DATABASE语句来创建数据库。 + +```shell +CREATE DATABASE databasename; +``` + +其中:databasename为数据库名称,且数据库名称不区分大小写。 + +##### 示例 + +创建数据库名为databaseexample的数据库。 + +```shell +> CREATE DATABASE databaseexample; +``` + +#### 查看数据库 + +可以使用SHOW DATABASES语句来查看数据库。 + +```shell +SHOW DATABASES; +``` + +##### 示例 + +查看所有数据库。 + +```shell +> SHOW DATABASES; +``` + +#### 选择数据库 + +一般创建表,查询表等操作首先需要选择一个目标数据库。可以使用USE语句来选择数据库。 + +```shell +USE databasename; +``` + +其中:databasename为数据库名称。 + +##### 示例 + +选择databaseexample数据库。 + +```shell +> USE databaseexample; +``` + +#### 删除数据库 + +可以使用DROP DATABASE语句来删除数据库。 + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 + +```shell +DROP DATABASE databasename; +``` + +其中:databasename为数据库名称。 + +DROP DATABASE命令用于删除创建过\(已存在\)的数据库,且会删除数据库中的所有表,但数据库的用户权限不会自动删除。 + +要使用DROP DATABASE,您需要数据库的DROP权限。 + +DROP SCHEMA是DROP DATABASE的同义词。 + +##### 示例 + +删除databaseexample数据库。 + +```shell +> DROP DATABASE databaseexample; +``` + +#### 备份数据库 + +可以在root权限下使用mysqldump命令备份数据库。 + +备份一个或多个表: + +```shell +mysqldump [options] databasename [tablename ...] > outfile +``` + +备份一个或多个库: + +```shell +mysqldump [options] -databases databasename ... > outfile +``` + +备份所有库: + +```shell +mysqldump [options] -all-databases > outputfile +``` + +其中: + +- databasename:数据库名称。 +- tablename:数据表名称。 +- outfile:数据库备份的文件。 +- options:mysqldump命令参数选项,多个参数之间可以使用空格分隔。常用的mysqldump命令参数选项如下: + - -u, \-\-user= _username_ :指定用户名。 + - -p, \-\-password\[= _password_\]:指定密码。 + - -P, \-\-port= _portnumber_ :指定端口。 + - -h, \-\-host= _hostname_ :指定主机名。 + - -r, \-\-result-file= _filename_ :将导出结果保存到指定的文件中,等同于“\>”。 + - -t:只备份数据。 + - -d:只备份表结构。 + +##### 示例 + +备份主机为192.168.202.144,端口为3306,root用户下的所有数据库到alldb.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql +``` + +备份主机为192.168.202.144,端口为3306,root用户下的db1数据库到db1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql +``` + +备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的tb1表到db1tb1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql +``` + +只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的表结构到db1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql +``` + +只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的数据到db1.sql中。 + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql +``` + +#### 恢复数据库 + +可以在root权限下使用mysql命令恢复数据库。 + +恢复一个或多个表: + +```shell +mysql -h hostname -P portnumber -u username -ppassword databasename < infile +``` + +其中: + +- hostname:主机名。 +- portnumber:端口号。 +- username:用户名。 +- password:密码。 +- databasename:数据库名。 +- infile:mysqldump命令中的outfile参数。 + +##### 示例 + +恢复数据库。 + +```shell +# mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql +``` + +## openGauss服务器 + +### 软件介绍 + +openGauss是一款开源关系型数据库管理系统,采用木兰宽松许可证v2发行。openGauss内核深度融合华为在数据库领域多年的经验,结合企业级场景需求,持续构建竞争力特性。 + +### 安装 + +安装指南请参见[《openGauss rpm安装》](https://docs.opengauss.org/zh/docs/latest/docs/InstallationGuide/RPM%E5%AE%89%E8%A3%85.html)。 + +### 管理数据库角色 + +#### 创建角色 + +可以使用CREATE ROLE语句来创建角色,在数据库界面执行。 + +```shell +CREATE ROLE role_name [ [ WITH ] option [ ... ] ] [ ENCRYPTED | UNENCRYPTED ] { PASSWORD | IDENTIFIED BY } { 'password' [EXPIRED] | DISABLE }; +``` + +其中: + +- role_name:角色名。 +- password:登录密码。 +- option为参数选项,常用的有: + - SYSADMIN | NOSYSADMIN:决定一个新角色是否为"系统管理员",具有SYSADMIN属性的角色拥有系统最高权限。缺省为NOSYSADMIN。 + - CREATEDB | NOCREATEDB:定义一个角色是否能创建数据库,若未指定,则默认为NOCREATEDB,即不能创建数据库。 + - CREATEROLE | NOCREATEROLE:决定一个角色是否可以创建新角色,若未指定,则默认为NOCREATEROLE,即不能创建新角色。 + - INHERIT | NOINHERIT:这些子句决定一个角色是否“继承”它所在组的角色的权限。不推荐使用。 + - LOGIN | NOLOGIN:具有LOGIN属性的角色才可以登录数据库。一个拥有LOGIN属性的角色可以认为是一个用户。 + - ENCRYPTED | UNENCRYPTED:控制密码存储在系统表里的口令是否加密。按照产品安全要求,密码必须加密存储,所以,UNENCRYPTED在openGauss中禁止使用。因为系统无法对指定的加密口令字符串进行解密,所以如果目前的口令字符串已经是用SHA256加密的格式,则会继续照此存放,而不管是否声明了ENCRYPTED或UNENCRYPTED。这样就允许在dump/restore的时候重新加载加密的口令。 + - VALID UNTIL:设置角色失效的时间戳。如果省略了该子句,角色无有效结束时间限制。 + - IN ROLE:新角色立即拥有IN ROLE子句中列出的一个或多个现有角色拥有的权限。不推荐使用。 + - ROLE:ROLE子句列出一个或多个现有的角色,它们将自动添加为这个新角色的成员,拥有新角色所有的权限。 + +要使用这条命令,必须拥有 CREATE ROLE 权限或者是系统管理员。 + +##### 示例 + +创建一个角色,名为manager,密码为xxxxxxxxx。 + +```shell +openGauss=# CREATE ROLE manager IDENTIFIED BY 'xxxxxxxxx'; +``` + +创建一个角色,从2015年1月1日开始生效,到2026年1月1日失效。 + +```shell +openGauss=# CREATE ROLE miriam WITH LOGIN PASSWORD 'xxxxxxxxx' VALID BEGIN '2015-01-01' VALID UNTIL '2026-01-01'; +``` + +#### 查看角色 + +可以使用SELECT语句或gsql的元命令du或者du+查看角色。 + +```shell +SELECT * FROM pg_roles; +``` + +```shell +\du +``` + +```shell +\du+ +``` + +##### 示例 + +查看所有角色名包括内置角色。 + +```shell +openGauss=# SELECT rolname from pg_roles; +``` + +查看现有角色不包含内置角色。 + +```shell +openGauss=# \du +``` + +#### 修改角色 + +##### 修改用户名 + +可以使用ALTER ROLE语句修改一个已经存在的角色名。 + +```shell +ALTER ROLE oldrolename RENAME TO newrolename; +``` + +其中: + +- oldrolename:旧的角色名。 +- newrolename:新的角色名。 + +##### 修改用户示例 + +将角色名manager修改为newmanager。 + +```shell +openGauss=# ALTER ROLE manager RENAME TO newmanager; +``` + +##### 修改用户密码 + +可以使用ALTER ROLE语句修改一个角色的登录密码。 + +```shell +ALTER ROLE rolename with PASSWORD 'password' +``` + +其中: + +- rolename:角色名。 +- password:密码。 + +##### 修改角色密码示例 + +将manager的密码修改为xxxxxxxxx。 + +```shell +openGauss=# ALTER ROLE manager with PASSWORD 'xxxxxxxxx'; +``` + +#### 删除角色 + +可以使用DROP ROLE语句来删除角色。在数据库界面执行。 + +```shell +DROP ROLE rolename; +``` + +其中:rolename为角色名。 + +##### 示例 + +删除manager角色。 + +```shell +openGauss=# DROP ROLE manager; +``` + +#### 角色授权 + +可以使用GRANT语句来对角色授权。 + +对角色授予表或视图的操作权限: + +```shell +GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER | ALTER | DROP | COMMENT | INDEX | VACUUM } [, ...] + | ALL [ PRIVILEGES ] } + ON { [ TABLE ] table_name [, ...] + | ALL TABLES IN SCHEMA schema_name [, ...] } + TO { [ GROUP ] role_name | PUBLIC } [, ...] + [ WITH GRANT OPTION ]; +``` + +对角色授予序列的操作权限: + +```shell +GRANT { { SELECT | UPDATE | USAGE | ALTER | DROP | COMMENT } [, ...] + | ALL [ PRIVILEGES ] } + ON { [ [ LARGE ] SEQUENCE ] sequence_name [, ...] + | ALL SEQUENCES IN SCHEMA schema_name [, ...] } + TO { [ GROUP ] role_name | PUBLIC } [, ...] + [ WITH GRANT OPTION ]; +``` + +对角色授予数据库的操作权限: + +```shell +GRANT { { CREATE | CONNECT | TEMPORARY | TEMP | ALTER | DROP | COMMENT } [, ...] + | ALL [ PRIVILEGES ] } + ON DATABASE database_name [, ...] + TO { [ GROUP ] role_name | PUBLIC } [, ...] + [ WITH GRANT OPTION ]; +``` + +对角色授予函数的操作权限: + +```shell +GRANT { { EXECUTE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] } + ON { FUNCTION {function_name ( [ {[ argmode ] [ arg_name ] arg_type} [, ...] ] )} [, ...] + | ALL FUNCTIONS IN SCHEMA schema_name [, ...] } + TO { [ GROUP ] role_name | PUBLIC } [, ...] + [ WITH GRANT OPTION ]; +``` + +对角色授予过程语言的操作权限: + +```shell +GRANT { USAGE | ALL [ PRIVILEGES ] } + ON LANGUAGE lang_name [, ...] + TO { [ GROUP ] role_name | PUBLIC } [, ...] + [ WITH GRANT OPTION ]; +``` + +将模式的访问权限赋予指定的角色: + +```shell +GRANT { { CREATE | USAGE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] } + ON SCHEMA schema_name [, ...] + TO { [ GROUP ] role_name | PUBLIC } [, ...] + [ WITH GRANT OPTION ]; +``` + +对角色授予表空间的操作权限: + +```shell +GRANT { { CREATE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] } + ON TABLESPACE tablespace_name [, ...] + TO { [ GROUP ] role_name | PUBLIC } [, ...] + [ WITH GRANT OPTION ]; +``` + +将角色rolename1的成员关系赋予角色rolename2: + +```shell +GRANT rolename1 [, ...] TO rolename2 [, ...] [ WITH ADMIN OPTION ] +``` + +其中: + +- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL PRIVILEGES:用户的操作权限,ALL PRIVILEGES表示所有的权限。 +- ON字句:用于指定权限授予的对象。 +- tablename:表名。 +- TO字句:用来指定被赋予权限的角色。 +- rolename1、rolename2:角色名。 +- PUBLIC:表示该权限要赋予所有角色,包括那些以后可能创建的用户。 +- WITH GRANT OPTION:被授权的用户也可以将此权限赋予他人,否则就不能授权给他人。这个选项不能赋予PUBLIC。 +- sequence_name:序列名。 +- database_name:数据库名。 +- function_name ( [ {[ argmode ] [ arg_name ] arg_type} [, ...] ] )} [, ...]:函数名及其参数。 +- lang_name:过程语言名。 +- schema_name:模式名。 +- tablespace_name:表空间名。 +- WITH ADMIN OPTION:表示成员随后就可以将角色的成员关系赋予其他角色,以及撤销其他角色的成员关系。 + +##### 示例 + +对manager授予数据库database1的CREATE权限。· + +```shell +openGauss=# GRANT CREATE ON DATABASE database1 TO manager; +``` + +对所有用户授予表table1的所有权限。 + +```shell +openGauss=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; +``` + +#### 删除用户权限 + +可以使用REVOKE语句来撤销一个或多个角色的权限。 + +撤销角色对表的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] + { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | ALTER | DROP | COMMENT | INDEX | VACUUM }[, ...] + | ALL [ PRIVILEGES ] } + ON { [ TABLE ] table_name [, ...] + | ALL TABLES IN SCHEMA schema_name [, ...] } + FROM { [ GROUP ] role_name | PUBLIC } [, ...] + [ CASCADE | RESTRICT ]; +``` + +撤销角色对序列的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] + { { SELECT | UPDATE | ALTER | DROP | COMMENT }[, ...] + | ALL [ PRIVILEGES ] } + ON { [ [ LARGE ] SEQUENCE ] sequence_name [, ...] + | ALL SEQUENCES IN SCHEMA schema_name [, ...] } + FROM { [ GROUP ] role_name | PUBLIC } [, ...] + [ CASCADE | RESTRICT ]; +``` + +撤销角色对数据库的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] + { { CREATE | CONNECT | TEMPORARY | TEMP | ALTER | DROP | COMMENT } [, ...] + | ALL [ PRIVILEGES ] } + ON DATABASE database_name [, ...] + FROM { [ GROUP ] role_name | PUBLIC } [, ...] + [ CASCADE | RESTRICT ]; +``` + +撤销角色对函数的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] + { { EXECUTE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] } + ON { FUNCTION {function_name ( [ {[ argmode ] [ arg_name ] arg_type} [, ...] ] )} [, ...] + | ALL FUNCTIONS IN SCHEMA schema_name [, ...] } + FROM { [ GROUP ] role_name | PUBLIC } [, ...] + [ CASCADE | RESTRICT ]; +``` + +撤销角色对过程语言的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] + { USAGE | ALL [ PRIVILEGES ] } + ON LANGUAGE lang_name [, ...] + FROM { [ GROUP ] role_name | PUBLIC } [, ...] + [ CASCADE | RESTRICT ]; +``` + +撤销角色对模式的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] + { { CREATE | USAGE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] } + ON SCHEMA schema_name [, ...] + FROM { [ GROUP ] role_name | PUBLIC } [, ...] + [ CASCADE | RESTRICT ]; + +``` + +撤销角色对表空间的操作权限: + +```shell +REVOKE [ GRANT OPTION FOR ] + { { CREATE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] } + ON TABLESPACE tablespace_name [, ...] + FROM { [ GROUP ] role_name | PUBLIC } [, ...] + [ CASCADE | RESTRICT ]; +``` + +删除rolename2的rolename1之间的成员关系: + +```shell +REVOKE [ ADMIN OPTION FOR ] rolename1 [, ...] FROM rolename2 [, ...] [ CASCADE | RESTRICT ] +``` + +其中: + +- GRANT OPTION FOR:表示只是撤销对该权限的授权的权力,而不是撤销该权限本身。 +- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL PRIVILEGES:用户的操作权限,ALL PRIVILEGES表示所有的权限。 +- ON字句:用于指定撤销权限的对象。 +- table_name:表名。 +- FROM字句:用来指定被撤销权限的角色。 +- rolename1、rolename2:角色名。 +- PUBLIC:表示撤销隐含定义的、拥有所有角色的组,但并不意味着所有角色都失去了权限,那些直接得到的权限以及通过一个组得到的权限仍然有效。 +- sequence_name:序列名。 +- CASCADE:撤销所有依赖性权限。 +- RESTRICT:不撤销所有依赖性权限。 +- database_name:数据库名。 +- function_name ( [ {[ argmode ] [ arg_name ] arg_type} [, ...] ] )} [, ...]:函数名及其参数。 +- lang_name:过程语言名。 +- schema_name:模式名。 +- tablespace_name:表空间名。 +- ADMIN OPTION FOR:表示传递的授权不会自动收回。 + +##### 示例 + +对manager授予数据库database1的CREATE权限。 + +```shell +openGauss=# GRANT CREATE ON DATABASE database1 TO manager; +``` + +对所有用户撤销表table1的所有权限。 + +```shell +openGauss=# REVOKE ALL PRIVILEGES ON TABLE table1 FROM PUBLIC; +``` + +### 管理数据库 + +#### 创建数据库 + +可以使用CREATE DATABASE语句来创建数据库。在数据库界面使用。 + +```shell +CREATE DATABASE databasename; +``` + +其中:databasename为数据库名。 + +要使用这条命令,必须拥有CREATEDB权限。 + +##### 示例 + +创建一个数据库database1。 + +```shell +openGauss=# CREATE DATABASE database1; +``` + +#### 选择数据库 + +可以使用\c语句来选择数据库。 + +```shell +\c databasename; +``` + +其中:databasename为数据库名称。 + +##### 示例 + +选择database_example数据库。 + +```shell +openGauss=# \c database_example; +``` + +#### 查看数据库 + +可以使用\l语句来查看数据库。 + +```shell +\l; +``` + +##### 示例 + +查看所有数据库。 + +```shell +openGauss=# \l; +``` + +#### 删除数据库 + +可以使用DROP DATABASE语句来删除数据库。 + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 + +```shell +DROP DATABASE databasename; +``` + +其中:databasename为数据库名称。 + +DROP DATABASE会删除数据库的系统目录项并且删除包含数据的文件目录。 + +DROP DATABASE只能由超级管理员或数据库管理者执行。 + +##### 示例 + +删除databaseexample数据库。 + +```shell +openGauss=# DROP DATABASE databaseexample; +``` + +#### 备份数据库 + +gs_dump支持将数据库信息导出至纯文本格式的SQL脚本文件或其他归档文件中。 + +```shell +gs_dump [OPTION]... [DBNAME] +gs_dump -p port_number postgres -f dump1.sql +``` + +其中: + +- DBNAME前面不需要加短或长选项。DBNAME指定要连接的数据库。 例如: 不需要-d,直接指定DBNAME。 +- dump1.sql:数据库备份的文件。 +- option:gs_dump命令参数选项,多个参数之间可以使用空格分隔。常用的gs_dump命令参数选项如下: + - -F, --format=c|d|t|p:选择输出格式。格式如下: + - p|plain:输出一个文本SQL脚本文件(默认)。 + - c|custom:输出一个自定义格式的归档,并且以目录形式输出,作为gs_restore输入信息。该格式是最灵活的输出格式,因为能手动选择,而且能在恢复过程中将归档项重新排序。该格式默认状态下会被压缩。 + - d|directory:该格式会创建一个目录,该目录包含两类文件,一类是目录文件,另一类是每个表和blob对象对应的数据文件。 + - t|tar:输出一个tar格式的归档形式,作为gs_restore输入信息。tar格式与目录格式兼容;tar格式归档形式在提取过程中会生成一个有效的目录格式归档形式。但是,tar格式不支持压缩且对于单独表有8GB的大小限制。此外,表数据项的相应排序在恢复过程中不能更改. + - -h, --host=HOSTNAME:指定主机名。 + - -p, --port=PORT:指定端口。 + - -U, --username=NAME:指定连接的用户名。 + - -W, --password=PASSWORD:指定用户连接的密码。如果主机的认证策略是trust,则不会对系统管理员进行密码验证,即无需输入-W选项;如果没有-W选项,并且不是系统管理员,“Dump Restore工具”会提示用户输入密码。 + - -w, --no-password:不出现输入密码提示。如果主机要求密码认证并且密码没有通过其它形式给出,则连接尝试将会失败。 该选项在批量工作和不存在用户输入密码的脚本中很有帮助。 + +##### 示例 + +执行gs_dump,导出postgres数据库全量信息,导出的MPPDB_backup.sql文件格式为纯文本格式。 + +```shell +[openGauss@localhost ~]# gs_dump -U omm -W password -f backup/MPPDB_backup.sql -p port postgres -F p +``` + +执行gs_dump,导出postgres数据库全量信息,导出的MPPDB_backup.dmp文件格式为自定义归档格式。 + +```shell +gs_dump -U omm -W password -f backup/MPPDB_backup.dmp -p port postgres -F c +``` + +#### 恢复数据库 + +gs_restore是openGauss提供的针对gs_dump导出数据的导入工具。通过此工具可将由gs_dump生成的导出文件进行导入。 + +```shell +gs_restore [OPTION]... FILE +``` + +其中: + +- FILE没有短选项或长选项。用来指定归档文件所处的位置。 +- 作为前提条件,需输入dbname或-l选项。不允许用户同时输入dbname和-l选项。 +- gs_restore默认是以追加的方式进行数据导入。为避免多次导入造成数据异常,在进行导入时,建议使用“-c” 参数,在重新创建数据库对象前,清理(删除)已存在于将要还原的数据库中的数据库对象。 +- option:通用参数如下: + - -f,--file=FILENAME:指定生成脚本的输出文件,或使用-l时列表的输出文件。 + - -d, --dbname=NAME:连接数据库dbname并直接导入到该数据库中。 + - -h, --host=HOSTNAME:指定主机名。 + - -p, --port=PORT:指定端口。 + - -U, --username=NAME:指定连接的用户名。 + - -W, --password=PASSWORD:指定用户连接的密码。如果主机的认证策略是trust,则不会对系统管理员进行密码验证,即无需输入-W参数;如果没有-W参数,并且不是系统管理员,“gs_restore”会提示用户输入密码。 + +##### 示例 + +执行gs_restore,将导出的MPPDB_backup.dmp文件(自定义归档格式)导入到postgres数据库。 + +```shell +[openGauss@localhost ~]# gs_restore -W password backup/MPPDB_backup.dmp -p port -d postgres +``` diff --git a/docs/zh/server/administration/administrator/user_and_user_group_management.md b/docs/zh/server/administration/administrator/user_and_user_group_management.md new file mode 100644 index 0000000000000000000000000000000000000000..14c45939e940610614034f5a65891b699f720a1d --- /dev/null +++ b/docs/zh/server/administration/administrator/user_and_user_group_management.md @@ -0,0 +1,325 @@ +# 管理用户 + +在Linux中,每个普通用户都有一个帐户,包括用户名、密码和主目录等信息。除此之外,还有一些系统本身创建的特殊用户,它们具有特殊的意义,其中最重要的是管理员帐户,默认用户名是root。同时Linux也提供了用户组,使每一个用户至少属于一个组,从而便于权限管理。 + +用户和用户组管理是系统安全管理的重要组成部分,本章主要介绍openEuler提供的用户管理和组管理命令,以及为普通用户分配特权的方法。 + +## 管理用户 + +### 增加用户 + +#### useradd命令 + +在root权限下,通过useradd命令可以为系统添加新用户信息,其中 _options_ 为相关参数, _username_ 为用户名称。 + +```shell +useradd [options] username +``` + +#### 用户信息文件 + +与用户帐号信息有关的文件如下: + +- /etc/passwd:用户帐号信息文件。 +- /etc/shadow:用户帐号信息加密文件。 +- /etc/group:组信息文件。 +- /etc/default/useradd:定义默认设置文件。 +- /etc/login.defs:系统广义设置文件。 +- /etc/skel:默认的初始配置文件目录。 + +#### 创建用户实例 + +例如新建一个用户名为userexample的用户,在root权限下执行如下命令: + +```shell +# useradd userexample +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>没有任何提示,表明用户建立成功。这时并没有设置用户的口令,请使用passwd命令修改用户的密码,没有设置密码的新帐号不能登录系统。 + +使用id命令查看新建的用户信息,命令如下: + +```shell +# id userexample +uid=502(userexample) gid=502(userexample) groups=502(userexample) +``` + +修改用户userexample的密码: + +```shell +# passwd userexample +``` + +建议在修改用户密码时满足密码复杂度要求,密码的复杂度的要求如下: + +1. 口令长度至少8个字符。 +2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 +3. 口令不能和帐号一样。 +4. 口令不能使用字典词汇。 + - 查询字典 + 在已装好的openEuler环境中,可以通过如下命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 + + ```shell + cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt + ``` + + - 修改字典 + 1. 修改上面导出的字典文件,执行如下命令更新系统字典库。 + + ```shell + # create-cracklib-dict dictionary.txt + ``` + + 2. 在原字典库基础上新增其他字典内容custom.txt。 + + ```shell + # create-cracklib-dict dictionary.txt custom.txt + ``` + +根据提示两次输入新用户的密码,完成密码更改。过程如下: + +```shell +# passwd userexample +Changing password for user userexample. +New password: +Retype new password: +passwd: all authentication tokens updated successfully. +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>若打印信息中出现“BAD PASSWORD: The password fails the dictionary check - it is too simplistic/sytematic”,表示设置的密码过于简单,建议设置复杂度较高的密码。 + +### 修改用户帐号 + +#### 修改密码 + +普通用户可以用passwd修改自己的密码,只有管理员才能用passwd username为其他用户修改密码。 + +#### 修改用户shell设置 + +使用chsh命令可以修改自己的shell,只有管理员才能用chsh username为其他用户修改shell设置。 + +用户也可以使用usermod命令修改shell信息,在root权限下执行如下命令,其中 _new\_shell\_path_ 为目标shell路径,_username_ 为要修改用户的用户名,请根据实际情况修改: + +```shell +usermod -s new_shell_path username +``` + +例如,将用户userexample的shell改为csh,命令如下: + +```shell +# usermod -s /bin/csh userexample +``` + +#### 修改主目录 + +- 修改主目录,可以在root权限下执行如下命令,其中 _new\_home\_directory_ 为已创建的目标主目录的路径,_username_ 为要修改用户的用户名,请根据实际情况修改: + + ```shell + usermod -d new_home_directory username + ``` + +- 如果想将现有主目录的内容转移到新的目录,应该使用-m选项,命令如下: + + ```shell + usermod -d new_home_directory -m username + ``` + +#### 修改UID + +修改用户ID,在root权限下执行如下命令,其中 _UID_ 代表目标用户ID,_username_ 代表用户名,请根据实际情况修改: + +```shell +usermod -u UID username +``` + +该用户主目录中所拥有的文件和目录都将自动修改UID设置。但是,对于主目录外所拥有的文件,只能使用chown命令手动修改所有权。 + +#### 修改帐号的有效期 + +如果使用了影子口令,则可以在root权限下,执行如下命令来修改一个帐号的有效期,其中 _MM_ 代表月份,_DD_ 代表某天,_YY_ 代表年份,_username_ 代表用户名,请根据实际情况修改: + +```shell +usermod -e MM/DD/YY username +``` + +### 删除用户 + +在root权限下,使用userdel命令可删除现有用户。 + +例如,删除用户Test,命令如下: + +```shell +# userdel Test +``` + +如果想同时删除该用户的主目录以及其中所有内容,要使用-r参数递归删除。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>不建议直接删除已经进入系统的用户,如果需要强制删除,请使用 userdel -f _Test_ 命令。 + +### 管理员帐户授权 + +使用sudo命令可以允许普通用户执行管理员帐户才能执行的命令。 + +sudo命令允许已经在/etc/sudoers文件中指定的用户运行管理员帐户命令。例如,一个已经获得许可的普通用户可以运行如下命令: + +```shell +sudo /usr/sbin/useradd newuserl +``` + +实际上,sudo的配置完全可以指定某个已经列入/etc/sudoers文件的普通用户可以做什么,不可以做什么。 + +/etc/sudoers的配置行如下所示。 + +- 空行或注释行(以\#字符打头):无具体功能的行。 +- 可选的主机别名行:用来创建主机列表的简称。必须以Host\_Alias关键词开头,列表中的主机必须用逗号隔开,如: + + ```shell + Host_Alias linux=ted1,ted2 + ``` + + 其中ted1和ted2是两个主机名,可使用linux(别名)称呼它们。 + +- 可选的用户别名行:用来创建用户列表的简称。用户别名行必须以User\_Alias关键词开头,列表中的用户名必须以逗号隔开。其格式同主机别名行。 +- 可选的命令别名行:用来创建命令列表的简称。必须以Cmnd\_Alias开头,列表中的命令必须用逗号隔开。 +- 可选的运行方式别名行:用来创建用户列表的简称。不同的是,使用这样的别名可以告诉sudo程序以列表中某一用户的身份来运行程序。 +- 必要的用户访问说明行。 + + 用户访问的说明语法如下: + + ```text + user host = [ run as user ] command list + ``` + + 在user处指定一个真正的用户名或定义过的别名,host也可以是一个真正的主机名或者定义过的主机别名。默认情况下,sudo执行的所有命令都是以root身份执行。如果您想使用其他身份可以指定。command list可以是以逗号分隔的命令列表,也可以是一个已经定义过的别名,如: + + ```text + ted1 ted2=/sbin/shutdown + ``` + + 这一句说明ted1可以在ted2主机上运行关机命令。 + + ```text + newuser1 ted1=(root) /usr/sbin/useradd,/usr/sbin/userdel + ``` + + 这一句说明ted1主机上的newuser1具有以root用户权限执行useradd,userdel命令的功能。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- 可以在一行定义多个别名,中间用冒号 \(:\) 隔开。 + >- 可在命令或命令别名之前加上感叹号 \(!\),使该命令或命令别名无效。 + >- 有两个关键词:ALL和NOPASSWD。ALL意味着“所有”(所有文件、所有主机或所有命令),NOPASSWD意味着不用密码。 + >- 通过修改用户访问,将普通用户的访问权限修改为同root一样,则可以给普通用户分配特权。 + +下面是一个sudoers文件的例子: + +```text +#sudoers files +#User alias specification +User_Alias ADMIN=ted1:POWERUSER=globus,ted2 +#user privilege specification +ADMIN ALL=ALL +POWERUSER ALL=ALL,!/bin/su +``` + +其中: + +- User\_Alias ADMIN=ted1:POWERUSER=globus,ted2 + + 定义了两个别名ADMIN和POWERUSER + +- ADMIN ALL=ALL + + 说明在所有主机上,ADMIN用户都可以以root身份执行所有命令 + +- POWERUSER ALL=ALL,!/bin/su + + 给POWERUSER用户除了运行su命令外等同ADMIN的权限 + +## 管理用户组 + +### 增加用户组 + +#### groupadd命令 + +在root权限下,通过groupadd命令可以为系统添加新用户组信息,其中 _options_ 为相关参数, _groupname_ 为用户组名称。 + +```shell +groupadd [options] groupname +``` + +#### 用户组信息文件 + +与用户组信息有关的文件如下: + +- /etc/gshadow:用户组信息加密文件。 +- /etc/group:组信息文件。 +- /etc/login.defs:系统广义设置文件。 + +#### 创建用户组实例 + +例如新建一个用户组名为groupexample的用户,在root权限下执行如下命令: + +```shell +# groupadd groupexample +``` + +### 修改用户组 + +#### 修改GID + +修改用户组ID,在root权限下执行如下命令,其中 _GID_ 代表目标用户组ID, _groupname_ 代表用户组,请根据实际情况修改: + +```shell +# groupmod -g GID groupname +``` + +#### 修改用户组名 + +修改用户组名,在root权限下执行如下命令,其中 _newgroupname_ 代表新用户组名, _oldgroupname_ 代表已经存在的待修改的用户组名,请根据实际情况修改: + +```shell +# groupmod -n newgroupname oldgroupname +``` + +### 删除用户组 + +在root权限下,使用groupdel命令可删除用户组。 + +例如,删除用户组Test,命令如下: + +```shell +# groupdel Test +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>groupdel不能直接删除用户的主组,如果需要强制删除用户主组,请使用 groupdel -f _Test_ 命令。 + +### 将用户加入用户组或从用户组中移除 + +在root权限下,使用gpasswd命令将用户加入用户组或从用户组中移除。 + +例如,将用户 _userexample_ 加入用户组 _Test_ ,命令如下: + +```shell +# gpasswd -a userexample Test +``` + +例如,将用户 _userexample_ 从 _Test_ 用户组中移除,命令如下: + +```shell +# gpasswd -d userexample Test +``` + +### 切换用户组 + +一个用户同时属于多个用户组时,则在用户登录后,使用newgrp命令可以切换到其他用户组,以便具有其他用户组的权限。 + +例如,将用户 _userexample_ 切换到 _Test_ 用户组,命令如下: + +```shell +newgrp Test +``` diff --git a/docs/zh/server/administration/administrator/using_dnf_to_manage_software_packages.md b/docs/zh/server/administration/administrator/using_dnf_to_manage_software_packages.md new file mode 100644 index 0000000000000000000000000000000000000000..f47245fe7e1276690895fe4b5d683a1d1cad8e91 --- /dev/null +++ b/docs/zh/server/administration/administrator/using_dnf_to_manage_software_packages.md @@ -0,0 +1,438 @@ +# 使用DNF管理软件包 + +DNF是一款Linux软件包管理工具,用于管理RPM软件包。DNF可以查询软件包信息,从指定软件库获取软件包,自动处理依赖关系以安装或卸载软件包,以及更新系统到最新可用版本。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- DNF与YUM完全兼容,提供了YUM兼容的命令行以及为扩展和插件提供的API。 +>- 使用DNF需要管理员权限,本章所有命令需要在管理员权限下执行。 + +## 配置DNF + +### DNF配置文件 + +DNF 的主要配置文件是 /etc/dnf/dnf.conf,该文件包含两部分: + +- “main”部分保存着DNF的全局设置。 + +- “repository”部分保存着软件源的设置,可以有零个或多个“repository”。 + +另外,在/etc/yum.repos.d 目录中保存着零个或多个repo源相关文件,它们也可以定义不同的“repository”。 + +所以openEuler软件源的配置一般有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是在/etc/yum.repos.d目录下增加.repo文件。 + +#### 配置main部分 + +/etc/dnf/dnf.conf 文件包含的“main”部分,配置示例如下: + +```text +[main] +gpgcheck=1 +installonly_limit=3 +clean_requirements_on_remove=True +best=True +``` + +常用选项说明: + +**表 1** main参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

参数

+

说明

+

cachedir

+

缓存目录,该目录用于存储RPM包和数据库文件。

+

keepcache

+

可选值是1和0,表示是否要缓存已安装成功的那些RPM包及头文件,缺省值为0,即不缓存。

+

debuglevel

+

设置dnf生成的debug信息。取值范围:[0-10],数值越大会输出越详细的debug信息。缺省值为2,设置为0表示不输出debug信息。

+

clean_requirements_on_remove

+

删除在dnf remove期间不再使用的依赖项,如果软件包是通过DNF安装的,而不是通过显式用户请求安装的,则只能通过clean_requirements_on_remove删除软件包,即它是作为依赖项引入的。 缺省值为True。

+

best

+

升级包时,总是尝试安装其最高版本,如果最高版本无法安装,则提示无法安装的原因并停止安装。缺省值为True。

+

obsoletes

+

可选值1和0,设置是否允许更新陈旧的RPM包。缺省值为1,表示允许更新。

+

gpgcheck

+

可选值1和0,设置是否进行gpg校验。缺省值为1,表示需要进行校验。

+

plugins

+

可选值1和0,表示启用或禁用dnf插件。缺省值为1,表示启用dnf插件。

+

installonly_limit

+

设置可以同时安装“installonlypkgs”指令列出包的数量。缺省值为3,不建议降低此值。

+
+ +#### 配置repository部分 + +repository部分允许您定义定制化的openEuler软件源仓库,各个仓库的名称不能相同,否则会引起冲突。配置repository部分有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是配置/etc/yum.repos.d目录下的.repo文件。 + +- 直接配置/etc/dnf/dnf.conf文件中的“repository”部分 + + 下面是\[repository\]部分的一个最小配置示例: + + ```text + [repository] + name=repository_name + baseurl=repository_url + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >openEuler提供在线的镜像源,地址:[https://repo.openeuler.org/](https://repo.openeuler.org/)。以 openEuler 23.09的aarch64版本为例,baseurl可配置为[https://repo.openeuler.org/openEuler-23.09/OS/aarch64/](https://repo.openeuler.org/openEuler-23.09/OS/aarch64/)。 + + 选项说明: + + **表 2** repository参数说明 + + + + + + + + + + + + +

参数

+

说明

+

name=repository_name

+

软件仓库(repository )描述的字符串。

+

baseurl=repository_url

+

软件仓库(repository )的地址。

+
  • 使用http协议的网络位置:例如 http://path/to/repo
  • 使用ftp协议的网络位置:例如 ftp://path/to/repo
  • 本地位置:例如 file:///path/to/local/repo
+
+ +- 配置/etc/yum.repos.d目录下的.repo文件 + + openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](../../../server/releasenotes/releasenotes/os_installation.md)。使用root权限添加openEuler repo源,示例如下: + + ```shell + # vi /etc/yum.repos.d/openEuler.repo + + [OS] + name=openEuler-$releasever-OS + baseurl=https://repo.openeuler.org/openEuler-{version}/OS/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=https://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + > - enabled为是否启用该软件源仓库,可选值为1和0。缺省值为1,表示启用该软件源仓库。 + > + > - gpgkey为验证签名用的公钥。 + +#### 显示当前配置 + +- 显示当前的配置信息: + + ```shell + # dnf config-manager --dump + ``` + +- 显示相应软件源的配置,首先查询repo id: + + ```shell + # dnf repolist + ``` + + 然后执行如下命令,显示对应id的软件源配置,其中 *repository* 为查询得到的repo id: + + ```shell + # dnf config-manager --dump repository + ``` + +- 您也可以使用一个全局正则表达式,来显示所有匹配部分的配置: + + ```shell + # dnf config-manager --dump glob_expression + ``` + +### 创建本地软件源仓库 + +要建立一个本地软件源仓库,请按照下列步骤操作。 + +1. 安装createrepo软件包。 + + ```shell + # dnf install createrepo + ``` + +2. 将需要的软件包复制到一个目录下,如/mnt/local\_repo/ 。 + +3. 创建软件源。 + + ```shell + # createrepo /mnt/local_repo + ``` + +### 添加、启用和禁用软件源 + +本节将介绍如何通过“dnf config-manager”命令添加、启用和禁用软件源仓库。 + +#### 添加软件源 + +要定义一个新的软件源仓库,您可以在 /etc/dnf/dnf.conf 文件中添加“repository”部分,或者在/etc/yum.repos.d/目录下添加“.repo”文件进行说明。建议您通过添加“.repo”的方式,每个软件源都有自己对应的“.repo”文件,以下介绍该方式的操作方法。 + +要在您的系统中添加一个这样的源,请在root权限下执行如下命令,执行完成之后会在/etc/yum.repos.d/目录下生成对应的repo文件。其中 *repository\_url* 为repo源地址,详情请参见[表2](#zh-cn_topic_0151921080_t7c83ace02ab94e9986c0684f417e3436)。 + +```shell +# dnf config-manager --add-repo repository_url +``` + +#### 启用软件源 + +要启用软件源,请在root权限下执行如下命令,其中 *repository* 为新增.repo文件中的repo id(可通过dnf repolist查询): + +```shell +# dnf config-manager --set-enable repository +``` + +您也可以使用一个全局正则表达式,来启用所有匹配的软件源。其中 *glob\_expression* 为对应的正则表达式,用于同时匹配多个repo id: + +```shell +# dnf config-manager --set-enable glob_expression +``` + +#### 禁用软件源 + +要禁用软件源,请在root权限下执行如下命令: + +```shell +# dnf config-manager --set-disable repository +``` + +同样的,您也可以使用一个全局正则表达式来禁用所有匹配的软件源: + +```shell +# dnf config-manager --set-disable glob_expression +``` + +## 管理软件包 + +使用dnf能够让您方便的进行查询、安装、删除软件包等操作。 + +### 搜索软件包 + +您可以使用rpm包名称、缩写或者描述搜索需要的RPM包,使用命令如下: + +```shell +# dnf search httpd (以httpd为例) +``` + +### 列出软件包清单 + +要列出系统中所有已安装的以及可用的RPM包信息,使用命令如下: + +```shell +# dnf list all +``` + +要列出系统中特定的RPM包信息,使用命令如下: + +```shell +# dnf list httpd (以httpd为例) +``` + +### 显示RPM包信息 + +要显示一个或者多个RPM包信息,多个包之间以空格分隔,使用命令如下: + +```shell +# dnf info httpd zip (以httpd,zip两个包为例) +``` + +### 安装RPM包 + +要安装一个软件包及其所有未安装的依赖,请在root权限下执行如下命令: + +```shell +# dnf install package_name +``` + +您也可以通过添加软件包名字同时安装多个软件包。配置文件/etc/dnf/dnf.conf添加参数strict=False,运行dnf命令参数添加\-\-setopt=strict=0。请在root权限下执行如下命令: + +```shell +# dnf install package_name package_name... --setopt=strict=0 +``` + +示例如下: + +```shell +# dnf install httpd +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>安装RPM包过程中,若出现安装失败,可参考[安装时出现软件包冲突、文件冲突或缺少软件包导致安装失败](./FAQ-54.md#安装时出现软件包冲突文件冲突或缺少软件包导致安装失败)。 + +### 下载软件包 + +使用dnf下载软件包,请在root权限下输入如下命令: + +```shell +# dnf download package_name +``` + +如果需要同时下载未安装的依赖,则加上\-\-resolve,使用命令如下: + +```shell +# dnf download --resolve package_name +``` + +示例如下: + +```shell +# dnf download --resolve httpd +``` + +### 删除软件包 + +要卸载软件包以及相关的依赖软件包,请在root权限下执行如下命令: + +```shell +# dnf remove package_name... +``` + +示例如下: + +```shell +# dnf remove totem +``` + +## 管理软件包组 + +软件包集合是服务于一个共同的目的一组软件包,例如系统工具集等。使用dnf可以对软件包组进行安装/删除等操作,使相关操作更高效。 + +### 列出软件包组清单 + +使用summary参数,可以列出系统中所有已安装软件包组、可用的组,可用的环境组的数量,命令如下: + +```shell +# dnf groups summary +``` + +要列出所有软件包组和它们的组ID ,命令如下: + +```shell +# dnf group list +``` + +### 显示软件包组信息 + +要列出包含在一个软件包组中必须安装的包和可选包,使用命令如下: + +```shell +# dnf group info glob_expression... +``` + +例如显示Development Tools信息,示例如下: + +```shell +# dnf group info "Development Tools" +``` + +### 安装软件包组 + +每一个软件包组都有自己的名称以及相应的ID(groupid),您可以使用软件包组名称或它的ID进行安装。 + +要安装一个软件包组,请在root权限下执行如下命令: + +```shell +# dnf group install group_name +# dnf group install groupid +``` + +例如安装Development Tools相应的软件包组,命令如下: + +```shell +# dnf group install "Development Tools" +# dnf group install development +``` + +### 删除软件包组 + +要卸载软件包组,您可以使用软件包组名称或它的ID,在root权限下执行如下命令: + +```shell +# dnf group remove group_name +# dnf group remove groupid +``` + +例如删除Development Tools相应的软件包组,命令如下: + +```shell +# dnf group remove "Development Tools" +# dnf group remove development +``` + +## 检查并更新 + +dnf可以检查您的系统中是否有软件包需要更新。您可以通过dnf列出需要更新的软件包,并可以选择一次性全部更新或者只对指定包进行更新。 + +### 检查更新 + +如果您需要显示当前系统可用的更新,使用命令如下: + +```shell +# dnf check-update +``` + +### 升级 + +如果您需要升级单个软件包,在root权限下执行如下命令: + +```shell +# dnf update package_name +``` + +例如升级rpm包,示例如下: + +```shell +# dnf update anaconda-gui.aarch64 (以anaconda-gui包为例) +``` + +类似的,如果您需要升级软件包组,在root权限下执行如下命令: + +```shell +# dnf group update group_name +``` + +### 更新所有的包和它们的依赖 + +要更新所有的包和它们的依赖,在root权限下执行如下命令: + +```shell +# dnf update +``` diff --git a/docs/zh/server/administration/administrator/viewing_system_information.md b/docs/zh/server/administration/administrator/viewing_system_information.md new file mode 100644 index 0000000000000000000000000000000000000000..0e845d4714920452e9a9689641b597c8bcb74d93 --- /dev/null +++ b/docs/zh/server/administration/administrator/viewing_system_information.md @@ -0,0 +1,45 @@ +# 查看系统信息 + +- 查看系统信息,命令如下: + + ```shell + cat /etc/os-release + ``` + + 输出结果示例: + + ```shell + $ cat /etc/os-release + NAME="openEuler" + VERSION="24.03 (LTS-SP1)" + ID="openEuler" + VERSION_ID="24.03" + PRETTY_NAME="openEuler 24.03 (LTS-SP1)" + ANSI_COLOR="0;31" + ``` + +- 查看系统相关的资源信息。 + + 查看CPU信息,命令如下: + + ```shell + lscpu + ``` + + 查看内存信息,命令如下: + + ```shell + free + ``` + + 查看磁盘分区信息,命令如下: + + ```shell + fdisk -l + ``` + +- 查看系统资源实时信息,命令如下: + + ```shell + top + ``` diff --git a/docs/zh/server/administration/compa_command/_toc.yaml b/docs/zh/server/administration/compa_command/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3d2cae5e5b88e9bfcf7379fcd9629002e5f235c0 --- /dev/null +++ b/docs/zh/server/administration/compa_command/_toc.yaml @@ -0,0 +1,11 @@ +label: 兼容性命令 +isManual: true +description: 基于 Rust 语言重构的 shell 及 Linux 命令,与 Linux 原生命令兼容 +sections: + - label: 兼容性命令 + href: ./overview.md + sections: + - label: utshell用户指南 + href: ./utshell_guide.md + - label: utsudo用户指南 + href: ./utsudo_user_guide.md diff --git a/docs/zh/server/administration/compa_command/figures/image-20230828094539717.png b/docs/zh/server/administration/compa_command/figures/image-20230828094539717.png new file mode 100644 index 0000000000000000000000000000000000000000..db620cb37b44ba6cc3c30035ce65a2ef5a18efea Binary files /dev/null and b/docs/zh/server/administration/compa_command/figures/image-20230828094539717.png differ diff --git a/docs/zh/server/administration/compa_command/figures/image-20230828094723153.png b/docs/zh/server/administration/compa_command/figures/image-20230828094723153.png new file mode 100644 index 0000000000000000000000000000000000000000..fe85725a5748b7405bf0c4ac104158449098403e Binary files /dev/null and b/docs/zh/server/administration/compa_command/figures/image-20230828094723153.png differ diff --git a/docs/zh/server/administration/compa_command/figures/image-20230828135001624.png b/docs/zh/server/administration/compa_command/figures/image-20230828135001624.png new file mode 100644 index 0000000000000000000000000000000000000000..2b17e0dd49ad6ec34028fc233738581d0fa6e209 Binary files /dev/null and b/docs/zh/server/administration/compa_command/figures/image-20230828135001624.png differ diff --git a/docs/zh/server/administration/compa_command/figures/image-20230828140355863.png b/docs/zh/server/administration/compa_command/figures/image-20230828140355863.png new file mode 100644 index 0000000000000000000000000000000000000000..de9dbabc6e6f8a157a18e23ee8fbeb68ec2630e1 Binary files /dev/null and b/docs/zh/server/administration/compa_command/figures/image-20230828140355863.png differ diff --git a/docs/zh/server/administration/compa_command/figures/image-20230828140709441.png b/docs/zh/server/administration/compa_command/figures/image-20230828140709441.png new file mode 100644 index 0000000000000000000000000000000000000000..9dd87d5c65190428efd9bf81ee18e8809d6cc6d9 Binary files /dev/null and b/docs/zh/server/administration/compa_command/figures/image-20230828140709441.png differ diff --git a/docs/zh/server/administration/compa_command/media/media/image1.png b/docs/zh/server/administration/compa_command/media/media/image1.png new file mode 100644 index 0000000000000000000000000000000000000000..feff5b7bae51f432b5a8a05828295ace5b2f616d Binary files /dev/null and b/docs/zh/server/administration/compa_command/media/media/image1.png differ diff --git a/docs/zh/server/administration/compa_command/media/media/image2.png b/docs/zh/server/administration/compa_command/media/media/image2.png new file mode 100644 index 0000000000000000000000000000000000000000..c241e9356595daf58732a25a2bb31cd0a75bd027 Binary files /dev/null and b/docs/zh/server/administration/compa_command/media/media/image2.png differ diff --git a/docs/zh/server/administration/compa_command/media/media/image3.png b/docs/zh/server/administration/compa_command/media/media/image3.png new file mode 100644 index 0000000000000000000000000000000000000000..f00123d7b8553d8b7c374c7a0becd4269a663084 Binary files /dev/null and b/docs/zh/server/administration/compa_command/media/media/image3.png differ diff --git a/docs/zh/server/administration/compa_command/media/media/image4.png b/docs/zh/server/administration/compa_command/media/media/image4.png new file mode 100644 index 0000000000000000000000000000000000000000..9a047ff75fb1144c7df513345acef97357aa82b7 Binary files /dev/null and b/docs/zh/server/administration/compa_command/media/media/image4.png differ diff --git a/docs/zh/server/administration/compa_command/overview.md b/docs/zh/server/administration/compa_command/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..76fde7cef6cf6c41594275e75ab437392c0b4d23 --- /dev/null +++ b/docs/zh/server/administration/compa_command/overview.md @@ -0,0 +1 @@ +本文档是介绍基于 Rust 语言重构的 shell 及 Linux 命令,可在 openEuler 系统上使用,与 Linux 原生命令兼容。 diff --git a/docs/zh/server/administration/compa_command/utshell_guide.md b/docs/zh/server/administration/compa_command/utshell_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..9e165806a94b46a4dea1e8565d13ac844572b183 --- /dev/null +++ b/docs/zh/server/administration/compa_command/utshell_guide.md @@ -0,0 +1,273 @@ +# utshell 用户手册 + +## 介绍 + +utshell 是一个与 bash 兼容的 shell。它实现了基本的内建命令执行和启动外部命令。同时也实现了任务、管道和信号处理等功能。 + +## 安装和卸载 + +### 安装 + +utshell 使用 rpm 命令进行安装,我们假设使用的是欧拉的 2309 系统: + +进入命令行界面执行: + +![截图.png](./media/media/image1.png) + +根据提示输入\"y\",即可安装成功。 + +![截图.png](./media/media/image2.png) + +### 卸载 + +在命令行执行`rpm -e utshell`即可卸载 utshell。 + +```shell + +rpm -e utshell + +``` + +![截图.png](./media/media/image3.png) + +## 使用 + +### 一般命令 + +在 utshell 环境下,直接键入命令名即可执行对应的命令。 + +utshell 支持如下内建命令: + +![截图.png](./media/media/image4.png) + +### 变量定义和使用 + +#### 变量定义 + +变量定义直接用\"=\",中间不能有空格。 + +```shell + +var=4 + +``` + +#### 变量使用 + +```shell + +echo \${var} + +``` + +### 数组的定义和使用 + +#### 数组的定义 + +```shell + +distros=(ubuntu fedora suse \"arch linux\") + +``` + +#### 数组的使用 + +```shell + +echo \${distros\[2\]} + +``` + +### 函数定义和使用 + +#### 函数的定义 + +```shell + +func() { echo \$1; } + +``` + +#### 函数的调用 + +```shell + +func 1 + +``` + +#### 给函数传递参数 + +调用函数时,在函数名后面直接已空格分割参数: + +func firstParam secondParam + +在函数体中使用\$1,\$2\...\...其中\$1 表示第一个参数,\$2 表示第二个参数,大于 9 的需要用大括号括起来。 + +```shell + +func() { + +echo \$1 \${10} \#需要传递 10 个参数 + +} + +\#调用 + +func 1 2 3 4 5 6 7 8 9 0 + +``` + +### 逻辑判断 + +#### if 语句 + +语法为: + +```shell + +if condition; then + +do-if-true; + +elif second-condition; then + +do-else-if-true + +elif third-condition; then + +do-else-if-third-true + +else + +do-else-false + +fi + +``` + +其中 condition 可以是命令,如: + +```shell + +if \[ \"\$s\" = \"string\" \]; then + +echo \"string is equivalent to \\\$s\" + +else + +echo \"string is not equivalent to \\\$s\" + +fi + +``` + +也可以是测试条件操作符: + +下面简单介绍些条件操作符: + +```shell + + -f 检查文件是否存在并且它是一个普通文件。 + + -d 检查提供的参数是否是目录。 + + -h 检查提供的参数是否是符号链接。 + + -s 检查文件是否存在且不为空。 + + -r 检查文件是否可读。 + + -w 检查文件是否可写。 + + -x 检查文件是否可执行。 + +``` + +如果用于数字比较,可以用如下测试条件操作符: + +```shell + + -lt 小于 + + -gt 大于 + + -ge 大于等于 + + -le 小于等于 + + -ne 不等于 + +``` + +如果用于字符串比较,可以用如下测试条件操作符: + +```shell + + == 两个字符串相同 + + = 两个字符串相同(同==) + + != 两个字符串不同 + + -z 空字符串,返回 true + + -n 长度不是 0,则返回 true + +``` + +### 循环 + +#### for 循环 + +```shell + +for number in 1 2 3 4 5 + +do + +echo \$number + +done + +使用列表: + +for number in {1..500..2} + +do + +echo \$number + +done + +``` + +其中{1..500..2}表示起始数字为 1,结束数字为 500(包括),步长为 2。 + +#### until 循环 + +```shell + +until \[condition\]; do + +commands + +done + +``` + +当条件为真时,执行循环; + +#### while 循环 + +```shell + +while \[ condition \]; do + +commands + +done + +``` + +当条件为真时,执行循环。 diff --git a/docs/zh/server/administration/compa_command/utsudo_user_guide.md b/docs/zh/server/administration/compa_command/utsudo_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..3a50f647dc9ec77d50ad29dc89da39ff0957f7e5 --- /dev/null +++ b/docs/zh/server/administration/compa_command/utsudo_user_guide.md @@ -0,0 +1,84 @@ +# utsudo 使用指南 + +本文档主要介绍`utsudo`工具的安装和简单使用,帮助用户快速上手。`utsudo`从参数功能到插件使用都是完全兼容`sudo`,大大降低了用户的学习成本,欢迎大家使用。 + +本文档主要适用于`utsudo`的开发人员、测试人员、以及普通用户。 + +## utsudo 介绍 + +utsudo 诞生于 2022 年 6 月份,是一个目前正在进行的使用 Rust 语言重构 Sudo 的项目。utsudo 旨在提供一个更加高效、安全、灵活的提权工具,涉及的模块主要有:通用工具库、整体框架和插件功能等。 + +## utsudo 安装 + +在`0.0.1`版本中,`utsudo`与`sudo`还存在部分文件冲突。需要先使用`yum`命令,把`utsudo`的二进制`rpm`包下载到本地,再使用`rpm`命令进行安装 ,以允许与`sudo`的文件冲突。 + +首先使用`yumdownloader utsudo`命令下载`utsudo`二进制包到本地。 + +然后使用`sudo rpm -Uvh utsudo-0.0.1-0.01.x86_64.rpm --replacefiles`命令安装`utsudo`,执行过程如下所示。 + +![image-20230828094539717](./figures/image-20230828094539717.png) + +安装完成后,使用`rpm -qa | grep utsudo`命令查看`utsudo`是否正常安装,如下图所示。 + +![image-20230828094723153](./figures/image-20230828094723153.png) + +由上图可知,`utsudo`已正常安装,安装的版本是`0.0.1-0.01`。 + +`utsudo`后续还会有版本更新,大家以自己安装的版本为准。 + +## utsudo使用 + +下面给大家介绍一下`utsudo`的简单使用。 + +`utsudo`参数较多,下面简单列出部分参数,详细内容可使用`utsudo -h`列出。 + +```shell + +-e, --edit 编辑文件而非执行命令 +-k, --reset-timestamp 无效的时间戳文件 +-l, --list 列出用户权限或检查某个特定命令;对于长格式,使用两次 + +``` + +### `-e` 参数 + +`-e`参数的功能:编辑文件。 + +`utsudo -e`相当于`sudoedit`命令,执行时会调用普通用户进行编辑,而位于调用用户可写目录中的文件是无法编辑的,除非该用户是`root`用户。 + +在当前用户没有可写权限的目录`e`中,存在一个当前用户没有可编辑权限的文件:`test.txt`。使用普通用户编辑`test.txt`文件,会提示没有权限。使用`utsudo -e`后,可以正常编辑。具体执行过程如下图所示。 + +![image-20230828135001624](./figures/image-20230828135001624.png) + +由上图可知,成功修改了`test.txt`文件的内容。(其中`utsudo -e is okay !!`,是我们在编辑器中自己添加的。) + +### `-k`参数 + +`-k`参数功能:使时间戳无效。 + +默认使用`utsudo`执行命令时,第一次是需要输入密码的,短时间内(默认是5分钟)再次执行`sudo`命令则不需要再次输入密码。使用`-k`参数可以强迫使用者在下一次执行`utsudo`时询问密码。 + +![image-20230828140355863](./figures/image-20230828140355863.png) + +`utsudo`输入密码后,默认`5`分钟之内不需要输入密码。 + +但是,由上图可知,`utsudo -k`使得`utsudo`的时间戳失效了。 + +### `-l`参数 + +`-l`参数功能:用于显示当前用户可以用`utsudo`执行哪些命令。 + +执行过程如下所示: + +![image-20230828140709441](./figures/image-20230828140709441.png) + +上图显示了`test`用户,可以运行如下命令: + +```shell + +(ALL) ALL + +``` +也就是所有命令,说明`/etc/sudoers`文件中,并没有对`test`用户做过多的限制。 + +`utsudo`的使用,就简单介绍这些,除了上面介绍到的,`utsudo`还有很多其他的功能和参数,此处就不一一列举了。欢迎大家讨论。 diff --git a/docs/zh/server/administration/sysmaster/_toc.yaml b/docs/zh/server/administration/sysmaster/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1d11a2e0371b80e538208a69dce53cca4b10214d --- /dev/null +++ b/docs/zh/server/administration/sysmaster/_toc.yaml @@ -0,0 +1,20 @@ +label: sysMaster用户指南 +isManual: true +description: 使用 sysMaster 管理服务器和设备 +sections: + - label: 概述 + href: ./overview.md + - label: 服务管理 + href: ./service_management.md + sections: + - label: 安装与部署 + href: ./sysmaster_install_deploy.md + - label: 使用说明 + href: ./sysmaster_usage.md + - label: 设备管理 + href: ./device_management.md + sections: + - label: 安装与部署 + href: ./devmaster_install_deploy.md + - label: 使用说明 + href: ./devmaster_usage.md diff --git a/docs/zh/server/administration/sysmaster/device_management.md b/docs/zh/server/administration/sysmaster/device_management.md new file mode 100644 index 0000000000000000000000000000000000000000..9fa6b496e474b31d090c5ff35a0679fa072b6e93 --- /dev/null +++ b/docs/zh/server/administration/sysmaster/device_management.md @@ -0,0 +1,14 @@ +# 设备管理 + +设备管理器作为链接用户态软件与底层物理设备的桥梁,支撑着 `lvm2`、`NetworkManager`等关键基础软件的运作。`devmaster`作为 `sysMaster`的设备管理组件,一方面支撑 `sysMaster`的快速启动以及用户态软件的生态兼容,另一方面通过对 `Linux`生态下主流设备管理方案的现状和优劣进行了总结和思考,从而提供一种分层解耦、可扩展性强、面向通用 `OS`的设备管理能力。 + +`devmaster`由常驻进程、客户端工具和动态库组成。常驻进程`devmaster`基于内核提供的`netlink`、`inotify`、`sysfs`等机制,监听设备事件并触发规则处理任务;客户端工具`devctl`和动态库`libs`提供一组命令行指令以及公开接口,用于调试规则、控制常驻进程、查询设备状态等等。`devmaster`的总体架构如下图所示: + +**图1 devMaster的总体架构** +![devMaster的总体架构](./figures/devmaster_architecture.png) + +`devmaster`使用 `Rust`语言编写,能够原生消除内存安全类问题。`devmaster`的核心功能如下: + +1. 事件驱动:利用队列缓存和 `worker`池机制,满足设备事件高并发的场景,并支持将设备就绪状态动态地通知到用户态进程。 +2. 机制与策略分离:将设备处理逻辑定义在规则中,避免业务硬编码,提供按需定制、灵活组合的能力。 +3. 生态兼容:良好地兼容 `udev`语法和 `udev`用户态广播协议,支持原有业务低成本迁移到 `devmaster`环境。 diff --git a/docs/zh/server/administration/sysmaster/devmaster_install_deploy.md b/docs/zh/server/administration/sysmaster/devmaster_install_deploy.md new file mode 100644 index 0000000000000000000000000000000000000000..4f3daa4092420c9123e324093127504743fdab77 --- /dev/null +++ b/docs/zh/server/administration/sysmaster/devmaster_install_deploy.md @@ -0,0 +1,69 @@ +# 安装与部署 + +`devmaster`目前可应用于虚拟机环境,本章节介绍安装部署的规格约束以及操作流程。 + +## 软件要求 + +* 操作系统:`openEuler 23.09` + +## 硬件要求 + +* `x86_64`架构、`aarch64`架构 + +## 安装部署流程 + +1. 执行如下命令,使用`yum`工具安装`sysmaster-devmaster`包: + + ```shell + # yum install sysmaster-devmaster + ``` + +2. 执行如下命令,创建默认规则文件`/etc/devmaster/rules.d/99-default.rules`和常驻进程的配置文件`/etc/devmaster/config.toml`: + + ```shell + # mkdir -p /etc/devmaster/rules.d + # mkdir -p /etc/devmaster/network.d + # echo "TAG+=\"devmaster\"" > /etc/devmaster/rules.d/99-default.rules + # cat << EOF > /etc/devmaster/config.toml + log_level = "info" + rules_d = ["/etc/devmaster/rules.d"] + network_d = ["/etc/devmaster/network.d"] + max_workers = 1 + log_targets = ["console"] + EOF + ``` + +3. 执行如下命令启动常驻进程`devmaster`,并将日志导出到`/tmp/devmaster.log`文件中: + + ```shell + # /lib/devmaster/devmaster &>> /tmp/devmaster.log & + ``` + + > ![说明](./public_sys-resources/icon-note.gif) **说明:** + > + > `devmaster`需要以 `root`权限启动,并且不能和 `udev`同时处于运行状态,启动 `devmaster`前需要停止 `udev`服务。 + > + > + > `sysmaster`启动环境下,执行以下命令: + > + > ```shell + > # sctl stop udevd.service udevd-control.socket udevd-kernel.socket + > ``` + > + > `systemd`启动环境下,执行以下命令: + > + > ```shell + > # systemctl stop systemd-udevd.service systemd-udevd systemd-udevd-kernel.socket systemd-udevd-control.socket + > ``` + +4. 执行如下命令,使用 `devctl`工具触发设备事件: + + ```shell + # devctl trigger + ``` + +5. 查看 `/run/devmaster/data/`目录,如果生成设备数据库,则表示部署成功: + + ```shell + # ll /run/devmaster/data/ + ``` diff --git a/docs/zh/server/administration/sysmaster/devmaster_usage.md b/docs/zh/server/administration/sysmaster/devmaster_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..3d8b9998af05db05ad14f40a376afd599e03c842 --- /dev/null +++ b/docs/zh/server/administration/sysmaster/devmaster_usage.md @@ -0,0 +1,254 @@ +# 使用说明 + +本章介绍 `devmaster`的使用方法,包括常驻进程配置、客户端工具、规则使用说明和网卡配置。 + +## 常驻进程配置 + +常驻进程 `devmaster`启动后会读取配置文件,并根据配置文件内容,调整日志级别、设置规则加载路径等等。`devmaster`拥有唯一的配置文件,路径为 `/etc/devmaster/config.toml`,文件内容采用 `toml`格式。 + +### 配置选项 + +目前 `devmaster`配置文件中支持的配置选项如下: + +- `rules_d`: 指定规则加载路径,默认规则中设置为 `["/etc/devmaster/rules.d"]`,未指定时无默认加载路径。`devmaster`当前不支持规则加载优先级,不同规则路径下的同名规则文件不会发生覆盖。规则文件的加载顺序按照 `rules_d`配置项中指定的目录顺序,相同目录下按照规则文件的字典序进行加载。 +- `max_workers`: 指定最大 `worker`线程并发数,未指定时默认为3。 +- `log_level`: 指定日志级别,支持 `debug`和 `info`级别,未指定时默认为 `"info"`。 +- `network_d`: 指定网卡配置加载路径,默认规则中设置为 `["/etc/devmaster/network.d"]`,未指定时无默认加载路径。网卡配置用于控制 `devmaster`的内置命令 `net_setup_link`的行为,具体可参考[网卡配置说明](#网卡配置)。 + +## 客户端工具 + +`devctl`是常驻进程 `devmaster`的客户端工具,用来控制 `devmaster`的行为、模拟设备事件、调试规则等等。 + + ```shell + # devctl --help + devmaster 0.5.0 + parse program arguments + + USAGE: + devctl + + OPTIONS: + -h, --help Print help information + -V, --version Print version information + + SUBCOMMANDS: + monitor Monitor device events from kernel and userspace + kill Kill all devmaster workers + test Send a fake device to devmaster + trigger Trigger a fake device action, then the kernel will report an uevent + test-builtin Test builtin command on a device + help Print this message or the help of the given subcommand(s) + ``` + +选项说明: + + `-h, --help`: 显示帮助信息。 + + `-V, --version`: 显示版本信息。 + + ``: 选择执行的子命令,包括`monitor`、`trigger`、`test-builtin`等。 + +接下来介绍三种常用的子命令,分别用于监听设备事件、触发设备事件以及测试内置命令。 + +### 监听设备事件 + +监听内核上报的 `uevent`事件和 `devmaster`处理完设备后发出的事件,分别以 `KERNEL`和 `USERSPACE`作为前缀进行区分,执行的命令如下: + + ```shell + # devctl monitor [OPTIONS] + ``` + +选项说明: + + `-h, --help`: 显示帮助信息。 + +### 触发设备事件 + +模拟一个设备动作,使内核上报对应的uevent事件,用于重放内核初始化过程中的冷插(coldplug)设备事件,执行的命令如下: + + ```shell + # devctl trigger [OPTIONS] [DEVICES...] + ``` + +选项说明: + + `-h, --help`: 显示帮助信息。 + + `-a, --action `: 指定设备事件的动作类型。 + + `-t, --type `: 指定搜索的设备类型,可以是`devices`(设备)或者`subsystems`(子系统)。 + + `-v, --verbose`: 打印搜索到的设备。 + + `-n, --dry-run`: 不会实际触发设备事件,配合`--verbose`选项使用时,可以查看系统中的设备清单。 + + `[DEVICES...]`: 指定若干个需要触发事件的设备,如果为空,则触发系统中所有设备的事件。 + +### 测试内置命令 + +测试内置命令在某个设备上的执行效果,执行的命令如下: + + ```shell + # devctl test-builtin [OPTIONS] + ``` + +选项说明: + + `-a, --action `: 指定设备事件的动作类型,包括:`add`、`change`、`remove`、`move`、`online`、`offline`、`bind`和 `unbind`。 + + `-h, --help`: 显示帮助信息。 + + ``: 选择执行的内置命令,目前支持`blkid`、`input_id`、`kmod`、`net_id`、`net_setup_link`、`path_id`、`usb_id`。 + + ``: 指定设备的 `sysfs`路径。 + +## 规则使用说明 + +`devmaster`的规则由一组规则文件组成,`devmaster`常驻进程启动后会根据配置文件中指定的规则加载目录,按字典序依次加载各个规则文件。 + +> ![说明](./public_sys-resources/icon-note.gif) **说明:** +> +> 增加、删除、修改规则后,均需要重启 `devmaster`使之生效。 + +### 常用规则案例 + +以下介绍几种常见的规则应用案例,规则语法详见官方文档中的[devmaster手册](http://sysmaster.online/man/exts/devmaster/devmaster/)。 + +#### 示例1: 创建块设备软链接 + +通过 `blkid`内置命令,读取块设备的 `uuid`,并基于 `uuid`创建块设备的软链接。 + +触发拥有文件系统的某块设备的事件后,在 `/dev/test`目录下生成该设备对应的软链接。 + +以 `sda1`分区块设备为例,测试规则效果: + +1. 创建规则文件 `/etc/devmaster/rules.d/00-persist-storage.rules`,内容如下: + + ```shell + SUBSYSTEM!="block", GOTO="end" + + IMPORT{builtin}=="blkid" + + ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="test/$env{ID_FS_UUID_ENC}" + + LABEL="end" + ``` + +2. 触发 `sda1`设备的事件: + + ```shell + # devctl trigger /dev/sda1 + ``` + +3. 查看 `/dev/test/`目录下存在指向 `sda1`的软链接,表示规则生效: + + ```shell + # ll /dev/test/ + total 0 + lrwxrwxrwx 1 root root 7 Sep 6 15:35 06771fe1-39da-42d7-ad3c-236a10d08a7d -> ../sda1 + ``` + +#### 示例2: 网卡重命名 + +使用 `net_id`内置命令,获取网卡设备的硬件属性,再使用 `net_setup_link`内置命令,基于网卡配置选择某个硬件属性作为网卡名,最后通过 `NAME`规则重命名网卡。 + +以 `ens33`网卡为例,测试网卡重命名规则的效果: + +1. 创建规则文件 `/etc/devmaster/rules.d/01-netif-rename.rules`,内容如下: + + ```shell + SUBSYSTEM!="net", GOTO="end" + + IMPORT{builtin}=="net_id" + + IMPORT{builtin}=="net_setup_link" + + ENV{ID_NET_NAME}=="?*", NAME="$env{ID_NET_NAME}" + + LABEL="end" + ``` + +2. 创建网卡配置`/etc/devmaster/network.d/99-default.link`,内容如下: + + ```shell + [Match] + OriginalName = "*" + + [Link] + NamePolicy = ["database", "onboard", "slot", "path"] + ``` + +3. 先将网卡设备下线: + + ```shell + # ip link set ens33 down + ``` + +4. 将网卡名临时命名为 `tmp`: + + ```shell + # ip link set ens33 name tmp + ``` + +5. 触发网卡设备的 `add`事件: + + ```shell + # devctl trigger /sys/class/net/tmp --action add + ``` + +6. 查看网卡名称,发现重新命名为 `ens33`,表示规则生效: + + ```shell + # ll /sys/class/net/| grep ens33 + lrwxrwxrwx 1 root root 0 Sep 6 11:57 ens33 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:01.0/net/ens33 + ``` + +7. 激活网卡后恢复网络连接: + + ```shell + # ip link set ens33 up + ``` + +> ![说明](./public_sys-resources/icon-note.gif) **说明:** +> +> 网卡设备处于激活状态下无法重命名,需要先将其下线。另外 `devmaster`仅在网卡设备的 `add`事件下对网卡重命名才会生效。 +> + +#### 示例3: 修改设备节点的用户权限 + +`OPTIONS+="static_node=`规则会使 `devmaster`启动后,立即将本规则行中的用户权限应用在 `/dev/`设备节点上。重启 `devmaster`后立即生效,无需设备事件触发。 + +1. 创建规则文件`/etc/devmaster/rules.d/02-devnode-privilege.rules`,内容如下: + + ```shell + OWNER="root", GROUP="root", MODE="777", OPTIONS+="static_node=tty5" + ``` + +2. 重启 `devmaster`后,观察 `/dev/tty5`的用户、用户组和权限,变更为 `root`、`root`和 `rwxrwxrwx`,表示规则生效: + + ```shell + # ll /dev/tty5 + crwxrwxrwx 1 root root 4, 5 Feb 3 2978748 /dev/tty5 + ``` + +## 网卡配置 + +`devmaster`的网卡重命名功能由内置命令 `net_id`、`net_setup_link`和网卡配置文件配合完成。在规则文件中,通过 `net_id`获取网卡的硬件属性,再使用 `net_setup_link`选择某个网卡属性作为新的网卡名。`net_setup_link`命令基于网卡配置,针对特定网卡设备,控制网卡命名的风格。本章主要介绍网卡配置文件的使用方法,网卡重命名的实施方法可参考[网卡重命名规则案例](#示例2-网卡重命名)。 + +### 默认网卡配置 + +`devmaster`提供了如下默认网卡配置: + + ```toml + [Match] + OriginalName = "*" + + [Link] + NamePolicy = ["onboard", "slot", "path"] + ``` + +网卡配置文件中包含 `[Match]`匹配节和 `[Link]`控制节,每节中包含若干配置项。匹配节的配置项用于匹配网卡设备,当网卡满足所有匹配条件时,将控制节中的所有配置项作用在网卡上,比如设置网卡名选取策略、调整网卡参数等等。 + +以上列举的默认网卡配置表示将该配置作用在所有网卡设备上,并依次检查 `onboard`、`slot`和 `path`风格的网卡命名风格,如果找到一个可用的风格,就以该风格对网卡进行命名。 + +网卡配置的详细说明可以参考 `sysMaster`官方手册中的[devmaster手册](http://sysmaster.online/man/exts/devmaster/netif_config/#1)。 diff --git a/docs/zh/server/administration/sysmaster/figures/devmaster_architecture.png b/docs/zh/server/administration/sysmaster/figures/devmaster_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..c60c9505c570093c78fa5335b590e7da58c7cc7c Binary files /dev/null and b/docs/zh/server/administration/sysmaster/figures/devmaster_architecture.png differ diff --git a/docs/zh/server/administration/sysmaster/figures/sysMaster.png b/docs/zh/server/administration/sysmaster/figures/sysMaster.png new file mode 100644 index 0000000000000000000000000000000000000000..5f4a8d239727c4d22f2b8841946bb12cd4a8d86b Binary files /dev/null and b/docs/zh/server/administration/sysmaster/figures/sysMaster.png differ diff --git a/docs/zh/server/administration/sysmaster/overview.md b/docs/zh/server/administration/sysmaster/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..f6e9a47416daf2f6fe4fc45f8f4c1e4ede347042 --- /dev/null +++ b/docs/zh/server/administration/sysmaster/overview.md @@ -0,0 +1,26 @@ +# sysMaster用户指南 + +## 概述 + +`sysMaster`是一套超轻量、高可靠的服务管理程序集合,是对 `1`号进程的全新实现,旨在改进传统的 `init`守护进程。它使用 `Rust`编写,具有故障监测、秒级自愈和快速启动等能力,从而提升操作系统可靠性和业务可用度。 + +`sysMaster`支持进程、容器和虚拟机的统一管理,其适用于服务器、云计算和嵌入式等多个场景。 + +`sysMaster`实现思路是将传统 `1`号进程的功能解耦分层,结合使用场景,拆分出 `1+1+N`的架构。 + +如下面 `sysMaster`系统架构图所示,主要包含三个方面: +• `sysmaster-init`:新的 `1`号进程提供系统初始化、僵尸进程回收、监控保活等功能,可单独应用于嵌入式场景。 +• `sysmaster-core`:承担原有服务管理的核心功能,引入可靠性框架,使其具备崩溃快速自愈、热升级等能力,保障业务全天在线。 +• `sysmaster-exts`:使原本耦合的各组件功能独立,提供系统关键功能的组件集合(如设备管理 `devMaster`,总线通信 `busMaster`等),各组件可单独使用,可根据不同场景灵活选用。 + +**图1** sysMaster整体架构图 +![sysMaster](./figures/sysMaster.png) + +`sysMaster`目前主要由 `sysmaster`和 `devmaster`2部分功能组成,其中 `sysmaster`负责服务的管理,`devmaster`负责设备的管理,下面将对这2部分功能进行说明。 + +## 读者对象 + +本文档主要适用于使用 `openEuler`并需要对服务和设备进行管理的用户。用户需要具备以下经验和技能: + +* 熟悉 `Linux`基本操作 +* 对服务配置和设备有一定了解 diff --git a/docs/zh/server/administration/sysmaster/public_sys-resources/icon-caution.gif b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/administration/sysmaster/public_sys-resources/icon-danger.gif b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/administration/sysmaster/public_sys-resources/icon-note.gif b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/administration/sysmaster/public_sys-resources/icon-notice.gif b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/administration/sysmaster/public_sys-resources/icon-tip.gif b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/administration/sysmaster/public_sys-resources/icon-warning.gif b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/administration/sysmaster/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/administration/sysmaster/service_management.md b/docs/zh/server/administration/sysmaster/service_management.md new file mode 100644 index 0000000000000000000000000000000000000000..ba8dedd4f178a8048eba05d6d0234c17f76f3fd2 --- /dev/null +++ b/docs/zh/server/administration/sysmaster/service_management.md @@ -0,0 +1,5 @@ +# 服务管理 + +在 `Linux`中,有很多在后台运行的程序或进程,如 `Web`服务器、数据库服务器、邮件服务器等。系统启动和运行过程中会启动和停止这些程序。 `sysmaster`对此提供了高效的服务管理的命令及配置,确保系统正常工作。 + +本文主要介绍 `sysmaster`的安装部署与各个特性说明和使用方法,使用户能够快速了解并使用。 diff --git a/docs/zh/server/administration/sysmaster/sysmaster_install_deploy.md b/docs/zh/server/administration/sysmaster/sysmaster_install_deploy.md new file mode 100644 index 0000000000000000000000000000000000000000..606e265af45077f1ed511679b762fc0d46423ef1 --- /dev/null +++ b/docs/zh/server/administration/sysmaster/sysmaster_install_deploy.md @@ -0,0 +1,98 @@ +# 安装与部署 + +`sysmaster`可应用于容器和虚拟机,本文档将以 `aarch64`系统为例说明如何在各场景下进行安装与部署。 + +## 软件要求 + +* 操作系统:`openEuler 23.09` + +## 硬件要求 + +* `x86_64`架构、`aarch64`架构 + +## 容器场景安装与部署 + +1. 安装 docker + +```bash +yum install -y docker +systemctl restart docker +``` + +2. 加载基础容器镜像 + +下载容器镜像 + +```bash +wget https://repo.openeuler.org/openEuler-23.09/docker_img/aarch64/openEuler-docker.aarch64.tar.xz +xz -d openEuler-docker.aarch64.tar.xz +``` + +加载容器镜像 + +```bash +docker load --input openEuler-docker.aarch64.tar +``` + +3. 构建容器 + +创建 Dockerfile + +```bash +cat << EOF > Dockerfile +FROM openeuler-23.09 +RUN yum install -y sysmaster +CMD ["/usr/lib/sysmaster/init"] +EOF +``` + +构建容器 + +```bash +docker build -t openeuler-23.09:latest . +``` + +4. 启动并进入容器 + +启动容器 + +```bash +docker run -itd --privileged openeuler-23.09:latest +``` + +获取`CONTAINERID` + +```bash +docker ps +``` + +使用上一步获取到`CONTAINERID`进入容器 + +```bash +docker exec -it CONTAINERID /bin/bash +``` + +## 虚拟机场景安装与部署 + +1. `initramfs`镜像制作 + 为了避免 `initrd`阶段 `systemd`的影响,需要制作一个剔除 `systemd`的 `initramfs`镜像,并以该镜像进入 `initrd`流程。使用如下命令: + + ```bash + dracut -f --omit "systemd systemd-initrd systemd-networkd dracut-systemd" /boot/initrd_withoutsd.img + ``` + +2. 新增启动项 + 在 `grub.cfg`中增加新的启动项,`aarch64`下的路径为 `/boot/efi/EFI/openEuler/grub.cfg`,`x86_64`下的路径为 `/boot/grub2/grub.cfg`,拷贝一份原有启动项,并做以下几处修改: + + * `menuentry` 项修改启动项名称 `openEuler (6.4.0-5.0.0.13.oe23.09.aarch64) 23.09`为 `openEuler 23.09 withoutsd` + * `linux` 项内核启动参数修改 `root=/dev/mapper/openeuler-root ro` 为 `root=/dev/mapper/openeuler-root rw` + * `linux` 项内核启动参数修改 `plymouth`,如果环境上安装了 `plymouth`, 需要添加 `plymouth.enable=0` 禁用 `plymouth` + * `linux` 项内核启动参数增加 `init=/usr/lib/sysmaster/init` + * `initrd` 项修改为 `/initrd_withoutsd.img` +3. 安装 sysmaster + + ```bash + yum install sysmaster + ``` + +4. 重启后出现 `openEuler 23.09 withoutsd`启动项表示已成功配置,选择此启动项进入虚拟机 diff --git a/docs/zh/server/administration/sysmaster/sysmaster_usage.md b/docs/zh/server/administration/sysmaster/sysmaster_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..b39bef3db4da92c84ccb577a41a7130aac0a138b --- /dev/null +++ b/docs/zh/server/administration/sysmaster/sysmaster_usage.md @@ -0,0 +1,102 @@ +# sysmaster使用说明 + +本章主要通过一些实例来带领用户初步使用 `sysmaster`,例如: + +* 如何创建 `service`服务单元配置文件。 +* 如何管理单元服务,例如启动、停止、查看服务。 + +## 创建单元配置文件 + +用户可以在 `/usr/lib/sysmaster/system/`目录下创建单元配置文件。 + +### 单元配置文件的类型 + +当前 `sysmaster`支持 `target`、`socket`、`service`类型的单元配置文件。 + +* `target`:封装了一个由 `sysmaster`管理的启动目标,用于将多个单元集中到一个同步点。`sysmaster`提供不同阶段的 `target`单元,例如 `multi-user.target`代表系统已完成启动,用户可以依赖此目标,启动自己的服务。 +* `socket`:封装了一个用于进程间通信的套接字 `socket`, 以支持基于套接字的启动。例如用户可以配置 `service`单元依赖此 `socket`,当此 `socket`有数据写入时,`sysmaster`会拉起对应的 `service`单元。 +* `service`:封装了一个被 `sysmaster`监视与控制的进程。 + +### 单元配置文件的构成 + +单元配置文件通常由3块组成: + +* `Unit`:单元的公共配置说明,如服务名称、描述、依赖关系等。 +* `Install`:描述如何安装和启动服务。 +* `Service`、`Socket`:各个单元类型的配置。 + +### 创建service单元配置 + +`sshd`服务被用来远程登录到服务器,并在远程终端上执行命令和操作。 +使用如下配置项来创建一个 `sshd.service`服务单元配置。 + +```bash +[Unit] +Description="OpenSSH server daemon" +Documentation="man:sshd(8) man:sshd_config(5)" +After="sshd-keygen.target" +Wants="sshd-keygen.target" + +[Service] +Type="notify" +EnvironmentFile="-/etc/sysconfig/sshd" +ExecStart="/usr/sbin/sshd -D $OPTIONS" +ExecReload="/bin/kill -HUP $MAINPID" +KillMode="process" +Restart="on-failure" +RestartSec=42 + +[Install] +WantedBy="multi-user.target" +``` + +以下是对单元配置文件中选项配置的说明,更多可以查阅[官方手册](http://sysmaster.online/man/all/)。 + +* `Description`:说明该 `unit`的主要功能。 +* `Documentation`:说明该 `unit`的文档链接。 +* `After`:配置同时启动的单元的先后顺序,`sshd.service`服务将在 `sshd-keygen.target`之后启动。 +* `Wants`:配置一个单元对另一个单元的依赖,启动 `sshd.service`服务,将会自动启动 `sshd-keygen.target`。 +* `Type`:配置 `sysmaster` 如何启动此服务,`notify`表明需要主进程启动完成后发送通知消息。 +* `EnvironmentFile`:设置环境变量的文件读取路径。 +* `ExecStart`:配置服务启动时执行的命令,启动 `sshd.service`服务会执行 `sshd`命令。 +* `ExecReload`:配置重新加载 `sshd.service`的配置时执行的命令。 +* `KillMode`:配置当需要停止服务进程时,杀死服务进程的方法,`process`表示只杀死主进程。 +* `Restart`:配置服务不同情况下退出或终止,是否重新启动服务,`on-failure`表示当服务非正常退出时重新启动服务。 +* `RestartSec`:配置当服务退出时,重新拉起服务的间隔时间。 +* `WantedBy`:配置依赖当前 `sshd.service`服务的单元。 + +## 管理单元服务 + +`sctl`是 `sysmaster`的命令行工具,用于检查和控制 `sysmaster`服务端行为和各个服务的状态,它可以启动、停止、重启、检查系统服务。 + +### 启动服务 + +使用以下命令可以启动 `sshd`服务和运行 `ExecStart`所配置的命令。 + +```bash +sctl start sshd.service +``` + +### 停止服务 + +使用以下命令可以停止 `sshd`服务,杀死 `ExecStart`所运行的进程。 + +```bash +sctl stop sshd.service +``` + +### 重启服务 + +使用以下命令可以重启 `sshd`服务,该命令会先停止后启动服务。 + +```bash +sctl restart sshd.service +``` + +### 查看服务状态 + +使用以下命令可以查看服务 `sshd`运行状态,用户可以查看服务的状态来获取服务是否正常运行。 + +```bash +sctl status sshd.service +``` diff --git a/docs/zh/server/development/ai4c/_toc.yaml b/docs/zh/server/development/ai4c/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..50196b93450c25a2270c7bc2ced894af741b6178 --- /dev/null +++ b/docs/zh/server/development/ai4c/_toc.yaml @@ -0,0 +1,6 @@ +label: AI4C使用手册 +isManual: true +description: AI4C 代表 AI 辅助编译器的套件,是一个使编译器能够集成机器学习驱动编译优化的框架。 +sections: + - label: AI4C使用手册 + href: ./ai4c_user_manual.md diff --git a/docs/zh/server/development/ai4c/ai4c_user_manual.md b/docs/zh/server/development/ai4c/ai4c_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..054c4e9cdeeeef52216daa69d01876895d08e360 --- /dev/null +++ b/docs/zh/server/development/ai4c/ai4c_user_manual.md @@ -0,0 +1,551 @@ +# AI4C 使用手册 + +## 1 AI4C 介绍 + +AI4C 代表 AI 辅助编译器的套件,是一个使编译器能够集成机器学习驱动编译优化的框架。 + +## 2 软件架构说明 + +本框架包含以下几个模块,自动编译调优工具依赖 python 环境: + +* AI 辅助编译优化的推理引擎,驱动编译器在优化 pass 内使用AI模型推理所获得的结果实现编译优化。 + * 当前 GCC 内的 AI 使能优化 pass 基本通过编译器插件的形式实现,与编译器主版本解耦。 +* 自动编译调优工具,通过编译器外部的调优工具(OpenTuner)驱动编译器执行多层粒度的自动编译调优,当前支持 GCC 和 LLVM 编译器。 + * 选项调优工具,用于应用级的编译选项调优。 + * 编译调优工具,基于 [Autotuner](https://gitee.com/openeuler/BiSheng-Autotuner) 实现,可实现细粒度和粗粒度的编译调优。 + * 细粒度调优,调优优化 pass 内的关键优化参数,例如,循环展开的次数(unroll count)。 + * 粗粒度调优,调优函数级的编译选项。 + +未来规划方向: + +- [ ] 集成 [ACPO](https://gitee.com/src-openeuler/ACPO) 的 LLVM 编译优化模型,同时将 ACPO LLVM 侧的相关代码提取成插件,与 LLVM 主版本解耦。 +- [ ] AI4Compiler 框架支持更多的开源机器学习框架的推理(pytorch - LibTorch、tensorflow - LiteRT)。 +- [ ] 提供更多的 AI 辅助编译优化模型及相应的编译器插件。 +- [ ] 集成新的搜索算法(基于白盒信息)并优化参数搜索空间(热点函数调优)。 +- [ ] 支持 JDK 的编译参数调优。 + +## 3 AI4C 的安装构建 + +### 3.1 直接安装AI4C + +若用户使用最新的openEuler系统(24.03-LTS-SP1),同时只准备使用`AI4C`的现有特性,可以直接安装`AI4C`包。 + +```shell +yum install -y AI4C +``` + +若用户使用其他版本的`AI4C`特性或在其他OS版本中安装`AI4C`,需重新构建`AI4C`,可以参考以下步骤。 + +### 3.2 RPM包构建安装流程(推荐) + +1. 使用 root 权限,安装 rpmbuild、rpmdevtools,具体命令如下: + + ```bash + # 安装 rpmbuild + yum install dnf-plugins-core rpm-build + # 安装 rpmdevtools + yum install rpmdevtools + ``` + +2. 在主目录`/root`下生成 rpmbuild 文件夹: + + ```bash + rpmdev-setuptree + # 检查自动生成的目录结构 + ls ~/rpmbuild/ + BUILD BUILDROOT RPMS SOURCES SPECS SRPMS + ``` + +3. 使用`git clone https://gitee.com/src-openeuler/AI4C.git`,从目标仓库的 `openEuler-24.03-LTS-SP1` 分支拉取代码,并把目标文件放入 rpmbuild 的相应文件夹下: + + ``` shell + cp AI4C/AI4C-v%{version}-alpha.tar.gz ~/rpmbuild/SOURCES/ + cp AI4C/*.patch ~/rpmbuild/SOURCES/ + cp AI4C/AI4C.spec ~/rpmbuild/SPECS/ + ``` + +4. 用户可通过以下步骤生成 `AI4C` 的 RPM 包: + + ```shell + # 安装 AI4C 所需依赖 + yum-builddep ~/rpmbuild/SPECS/AI4C.spec + # 构建 AI4C 依赖包 + # 若出现 check-rpaths 相关报错,则需要在 rpmbuild 前添加 QA_RPATHS=0x0002,例如 + # QA_RPATHS=0x0002 rpmbuild -ba ~/rpmbuild/SPECS/AI4C.spec + rpmbuild -ba ~/rpmbuild/SPECS/AI4C.spec + # 安装 RPM 包 + cd ~/rpmbuild/RPMS/ + rpm -ivh AI4C--..rpm + ``` + + 注意事项:若系统因存有旧版本的 RPM 安装包而导致文件冲突,可以通过以下方式解决: + + ```shell + # 解决方案一:强制安装新版本 + rpm -ivh AI4C--..rpm --force + # 解决方案二:更新安装包 + rpm -Uvh AI4C--..rpm + ``` + + 安装完成后,系统内会存在以下文件: + + * `/usr/bin/ai4c-*`: AI 使能的编译器以及自动调优工具的 wrapper + * `/usr/lib64/libonnxruntime.so`: ONNX Runtime 的推理框架动态库 + * `/usr/lib64/AI4C/*.onnx`: AI 辅助编译优化模型(ONNX 格式) + * `/usr/lib64/python/site-packages/ai4c/lib/*.so`: + * AI 辅助编译优化的推理引擎动态库 + * AI 辅助编译优化与编译调优的编译器插件动态库 + * `/usr/lib64/python/site-packages/ai4c/autotuner/*`: 粗、细粒度调优工具的相关文件 + * `/usr/lib64/python/site-packages/ai4c/optimizer/*`: AI 辅助编译优化的相关文件 + * `/usr/lib64/python/site-packages/ai4c/option_tuner/*`: 应用级编译选项调优的相关文件 + +### 3.3 源码构建安装流程 + +AI4C 的源码地址: + +#### 3.3.1 安装 ONNX Runtime 依赖 + +**方案一:** + +在 GitHub 下载 1.16.3 版本,并解压相应架构的 tgz 文件,例如,aarch64 架构下,下载`onnxruntime-linux-aarch64-1.16.3.tgz`。 + +地址: + +**注意事项**:`tgz` 文件解压后,`libonnxruntime.so`的动态库存在于`lib`目录下,为构建 AI4C 框架,需将`lib`目录重命名为`lib64`,否则可能会导致`-lonnxruntime`找不到路径的报错。 + +**方案二:** + +保证以下 onnxruntime 的依赖包已安装: + +```shell +yum install -y cmake make gcc gcc-c++ abseil-cpp-devel boost-devel bzip2 python3-devel python3-numpy python3-setuptools python3-pip +``` + +使用 cmake 安装 onnxruntime: + +```shell +cd path/to/your/AI4C/third_party/onnxruntime +cmake \ + -DCMAKE_INSTALL_PREFIX=path/to/your/onnxruntime \ + -Donnxruntime_BUILD_SHARED_LIB=ON \ + -Donnxruntime_BUILD_UNIT_TESTS=ON \ + -Donnxruntime_INSTALL_UNIT_TESTS=OFF \ + -Donnxruntime_BUILD_BENCHMARKS=OFF \ + -Donnxruntime_USE_FULL_PROTOBUF=ON \ + -DPYTHON_VERSION=%{python3_version} \ + -Donnxruntime_ENABLE_CPUINFO=ON \ + -Donnxruntime_DISABLE_ABSEIL=ON \ + -Donnxruntime_USE_NEURAL_SPEED=OFF \ + -Donnxruntime_ENABLE_PYTHON=OFF \ + -DCMAKE_BUILD_TYPE=Release \ + -S cmake +make -j %{max_jobs} && make install +``` + +#### 3.3.2 安装 AI4C 的其他构建依赖 + +保证以下依赖包已安装: + +```shell +yum install -y python3-wheel openssl openssl-devel yaml-cpp yaml-cpp-devel gcc-plugin-devel libstdc++-static +``` + +#### 3.3.3 构建 AI4C 框架 + +```shell +cd path/to/your/AI4C/python +python3 setup.py bdist_wheel \ + -Donnxruntime_ROOTDIR=path/to/your/onnxruntime \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_CXX_COMPILER=path/to/your/g++ \ + -DCMAKE_C_COMPILER=path/to/your/gcc +pip3 install dist/ai4c----_.whl --force-reinstall --no-deps +``` + +安装完成后,系统内会存在以下文件: + +* `path/to/your/pythonbin/ai4c-*`: AI 使能的编译器以及自动调优工具的 wrapper +* `path/to/your/onnxruntime/lib64/libonnxruntime.so`: ONNX Runtime 的推理框架动态库 +* `path/to/your/AI4C/models/*.onnx`: AI 辅助编译优化模型(ONNX 格式) +* `path/to/your/pythonlib/ai4c/lib/*.so`: + * AI 辅助编译优化的推理引擎动态库 + * AI 辅助编译优化与编译调优的编译器插件动态库 +* `path/to/your/pythonlib/ai4c/autotuner/*`: 粗、细粒度调优工具的相关文件 +* `path/to/your/pythonlib/ai4c/optimizer/*`: AI 辅助编译优化的相关文件 +* `path/to/your/pythonlib/ai4c/option_tuner/*`: 应用级编译选项调优的相关文件 + +注意事项: + +* `path/to/your/pythonbin`:安装完成后,可通过`which ai4c-gcc`查看 bin 的路径 +* `path/to/your/pythonlib`:安装完成后,可通过`pip show ai4c`显示的 Location 查看 lib 的路径 + +## 4 使用流程 + +### 4.1 AI 辅助编译优化 + +当前的 AI 辅助编译优化模块,主要由三部分输入组成: + +- ONNX 模型,训练后的辅助编译优化模型。 +- 编译器插件(**当前仅支持 GCC 编译器**),用于运行 ONNX 模型推理并获取优化参数。 +- AI4Compiler 框架,提供 ONNX 推理引擎和 GCC 优化编译命令。 + +用户事先根据开源机器学习框架训练一个 AI 模型,输出成 ONNX 格式。同时,针对该 AI 模型提供一个对应的编译器插件,插件内至少包含三个模块: + +* 提取 AI 模型所需的编译器输入特征。 +* 驱动推理引擎调用 AI 模型执行推理。 +* 标注推理结果回编译器的数据结构。 + +在下述测试例中,仅需要在每次编译目标二进制的编译命令中,增加三个与插件相关的编译选项:插件路径、插件对应的 AI 模型路径、推理引擎路径,即可在编译时使能 AI 辅助编译优化模型。 + +```shell +# 若 onnxruntime 安装在非系统的文件夹下,注意设置环境变量 +# export LD_LIBRARY_PATH=path/to/your/onnxruntime/lib64/:$LD_LIBRARY_PATH + +gcc_compiler=path/to/your/gcc +infer_engine_path=$(ai4c-gcc --inference-engine) +model_path=path/to/your/model.onnx +plugin_path=path/to/your/.so + +$gcc_compiler test.c -O2 -o test \ + -fplugin=$plugin_path \ + -fplugin-arg--model=$model_path \ + -fplugin-arg--engine=$infer_engine_path +``` + +当前已支持的插件存在于`$(ai4c-gcc --inference-engine)`的同目录下,已支持的模型存在于`path/to/your/AI4C/models`下。 + +**注意事项:** + +* 编译 AI 模型对应的编译器插件与编译目标优化应用的编译器需保证为同一个,否则会出现编译器版本不一致导致的编译报错。 +* 当前 AI4C 仅支持在 GCC 编译器 cc1 阶段实现的 AI 辅助编译优化 pass 使用插件形式。 + +详细的编译器插件开发流程与使用流程可以参照 [AI 辅助编译优化手册](https://gitee.com/openeuler/AI4C/blob/master/python/docs/gcc-opt.md) 和 [测试例](https://gitee.com/openeuler/AI4C/tree/master/python/test/optimizer/block_correction) 进行。 + +下面我们举两个位于不同编译阶段的 AI 辅助编译优化模型的使用例。**循环展开与函数内联模型**位于`cc1`编译优化阶段,使用 GCC 插件形式实现 AI 模型适配与推理;**BOLT 采样基本块精度修正模型**位于`BOLT`链接后优化阶段,模型适配层位于 [LLVM-BOLT](https://gitee.com/src-openeuler/llvm-bolt) 仓库。 + +#### 4.1.1 循环展开与函数内联模型 + +循环展开与函数内联模型对应的编译优化选项如下: + +| 选项名 | 说明 | +| ---------------------------------------------------- | ------------------------------------------------------------ | +| -fplugin | 指定循环展开与函数内联插件的**绝对路径**(`-fplugin=/path/to/.so`)。 | +| -fplugin-arg-\-engine | 指定函数内联 ONNX 模型的推理引擎**绝对路径**(`-fplugin-arg--inline_model=/path/to/inference_engine.so`),需要与`-fplugin`同时开启。`/path/to/inference_engine.so`的路径可通过`ai4c-gcc --inference-engine`获得。 | +| -fplugin-arg-\-inline_model | 指定函数内联 ONNX 模型的**绝对路径**(`-fplugin-arg--inline_model=/path/to/inline_model.onnx`),需要与`-fplugin`和`-fplugin-arg--engine`同时开启。 | +| -fplugin-arg-\-unroll_model | 指定循环展开 ONNX 模型的**绝对路径**(`-fplugin-arg--unroll_model=/path/to/unroll_model.onnx`),需要与`-fplugin`和`-fplugin-arg--engine`同时开启。 | + +用户可同时启用一个 GCC 插件内的多个 AI 辅助编译优化模型,例如: + +```shell +gxx_compiler=path/to/your/g++ +infer_engine_path=$(ai4c-gcc --inference-engine) +inline_model_path=path/to/your/inline_model.onnx +unroll_model_path=path/to/your/unroll_model.onnx +plugin_path=path/to/your/.so + +$gxx_compiler test.cc -O3 -o test -funroll-loops \ + -fplugin=$plugin_path \ + -fplugin-arg--engine=$infer_engine_path \ + -fplugin-arg--inline_model=$inline_model_path \ + -fplugin-arg--unroll_model=$unroll_model_path +``` + +#### 4.1.2 BOLT 采样基本块精度修正模型 + +BOLT 采样的基本块精度修正模型对应的 BOLT 优化选项如下: + +| 选项名 | 说明 | +| ------------------- | ------------------------------------------------------------ | +| -block-correction | 开启 AI 优化 CFG BB Count 选项,需要与 `-model-path` 选项同时开启以指定 ONNX 模型。 | +| -model-path | 指定 ONNX 模型的**绝对路径**(`-model-path=/path/to/model.onnx`),需要与`-block-correction`同时开启。 | +| -annotate-threshold | 使用模型预测结果的置信度阈值,默认是 0.95。 | + +BOLT 内自定义的优化选项可以通过 GCC 的`-fbolt-option`调用使能,例如: + +```shell +g++ -fbolt-use= -fbolt-target= -fbolt-option=\"-block-correction -model-path=path/to/your/block_correction_model.onnx\" +``` + +### 4.2 细粒度调优 + +此处我们以 GCC 内**循环展开**优化 pass 的细粒度调优为例,展开调优工具的使用流程。 + +当前的细粒度调优模块,由两部分输入组成: + +* 应用的调优配置文件(.ini):处理应用的编译流程、执行流程。 +* 搜参空间配置文件(YAML):Autotuner 阶段配置的选项调优搜参空间,可替换默认搜参空间。 + +当前细粒度调优基于 [Autotuner](https://gitee.com/openeuler/BiSheng-Autotuner) 实现: + +1. 在编译器的`generate`阶段,生成一组可调优的编译数据结构与可调优系数集合,保存在`opp/*.yaml`内。 +2. 根据额外提供的编译搜参空间(`search_space.yaml`)与可调优数据结构,Autotuner 通过调优算法针对每个可调优数据结构生成下一组调优系数,保存在`input.yaml`中。 +3. 在编译器的`autotune`阶段,根据`input.yaml`内数据结构的 hash 值,将调优系数标注到对应的数据结构里,完成调优。 + +在开启细粒度调优前,需安装以下依赖包: + +```shell +yum install -y BiSheng-Autotuner bisheng-opentuner +``` + +下列测试例中,我们将调优 [CoreMark](https://github.com/eembc/coremark) 的循环展开参数。首先,我们将准备`CoreMark`的调优配置文件`coremark_sample.ini`。用户需要 + +* 提供应用路径、应用的编译与运行命令。 +* 在基础编译命令中加入细粒度调优的动态库`-fplugin=%(PluginPath)s/rtl_unroll_autotune_plugin_gcc12.so`。 + * 在`generate`和`autotune`阶段,分别加入`-fplugin-arg-rtl_unroll_autotune_plugin_gcc12-`的相应输入文件。 +* 可自定义可调优结构配置文件的路径(`./opp/*.yaml`)、Autotuner 生成的编译器输入文件路径(`input.yaml`)等。 + +```ini +[DEFAULT] # optional +# PluginPath = /path/to/gcc-plugins + +[Environment Setting] # optional +# prepend a list of paths into the PATH in order. +# PATH = /path/to/bin +# you can also set other enviroment variables here too + +[Compiling Setting] # required +# NOTE: ConfigFilePath is set to the path to the current config file automatically by default. +CompileDir = /path/to/coremark +LLVMInputFile = %(CompileDir)s/input.yaml + +# OppDir and OppCompileCommand are optional, +# do not have to specify this if not using auto_run sub-command +OppDir = autotune_datadir/opp + +CompilerCXX = /path/to/bin/gcc +BaseCommand = %(CompilerCXX)s -I. -I./posix -DFLAGS_STR=\"" -lrt"\" \ + -DPERFORMANCE_RUN=1 -DITERATIONS=10000 -g \ + core_list_join.c core_main.c core_matrix.c \ + core_state.c core_util.c posix/core_portme.c \ + -funroll-loops -O2 -o coremark \ + -fplugin=%(PluginPath)s/rtl_unroll_autotune_plugin_gcc12.so + +# auto-tuning +CompileCommand = %(BaseCommand)s \ + -fplugin-arg-rtl_unroll_autotune_plugin_gcc12-autotune=%(LLVMInputFile)s + +RunDir = %(CompileDir)s +RunCommand = ./coremark 0x0 0x0 0x66 100000 # run 300000 iterations for coremark + +# generate +OppCompileCommand = %(BaseCommand)s \ + -fplugin-arg-rtl_unroll_autotune_plugin_gcc12-generate=%(OppDir)s +``` + +其次,我们可以准备一份额外的参数搜索空间文件`seach_space.yaml`,自定义缩小参数空间。例如,动态库默认选择循环展开系数空间为$\{0, 2^0=1, 2^1=2, ..., 2^6=64\}$,我们可以把搜索空间调整为$\{0, 2^0=1, 2^1=2, ..., 2^5=32\}$。 + +```yaml +CodeRegion: + CodeRegionType: loop + Pass: loop2_unroll + Args: + UnrollCount: + Value: [0, 1, 2, 4, 8, 16, 32] + Type: enum +``` + +最终我们将 `coremark`,`coremark_sample.ini`,和`search_space.yaml` 放在同一个文件夹下,并运行以下脚本: + +```shell +ai4c-autotune autorun coremark_sample.ini \ + -scf search_space.yaml --stage-order loop \ + --time-after-convergence=100 +``` + +其中,参数`time-after-convergence`代表历史最佳值后多少秒未发现新的最优配置时,即提早结束调优。 + +调优完成后,最佳调优配置将保存在`loop.yaml`内,并可通过重新调用`autotune`阶段编译命令,同时修改`autotune`选项的输入文件(i.e., `-fplugin-arg-rtl_unroll_autotune_plugin_gcc12-autotune=loop.yaml`),复现该调优组合的性能值。 + +用户可以通过以下方式调取历史调优配置文件(`autotune_config.csv`)与性能数据文件(`autotune_data.csv`): + +```shell +ai4c-autotune dump -c coremark/input.yaml \ + --database=opentuner.db/localhost.localdomain.db -o autotune +``` + +**注意事项:** + +* 当前默认支持程序运行时间作为性能值。 + +详细使用信息,请参考[细粒度调优使用手册](https://gitee.com/openeuler/AI4C/blob/master/python/docs/autotuner.md) 与该测试例: + +LLVM 编译器的细粒度调优请参考 [Autotuner](https://gitee.com/openeuler/BiSheng-Autotuner) 仓库的使用教程。 + +### 4.3 函数级的粗粒度调优 + +当前的函数级粗粒度调优模块,由三部分输入组成: + +* 应用的调优配置文件(.ini):处理应用的编译流程、执行流程。 +* 搜参空间配置文件(YAML):Autotuner 阶段配置的选项调优搜参空间,可替换默认搜参空间。 +* 编译选项全集文件(YAML):预先设置的编译选项搜索空间全集,默认文件位于`path/to/your/python/site-packages/ai4c/autotuner/yaml/coarse_options.yaml`。 + +当前函数级粗粒度调优基于 [Autotuner](https://gitee.com/openeuler/BiSheng-Autotuner) 实现,可以帮助各函数使用不同的编译选项组合执行编译优化,其调优原理细粒度调优与一致。由于各函数可调优的编译选项众多,可预先对选项空间做裁剪。 + +在开启函数级的粗粒度调优前,需安装以下依赖包: + +```shell +yum install -y BiSheng-Autotuner bisheng-opentuner +``` + +粗粒度调优的使用流程基本与细粒度调优一致。下列测试例中,我们将调优`test_coarse_tuning.cc`中各函数的编译选项参数。首先,我们将准备`test_coarse_tuning.cc`的调优配置文件`test_coarse_tuning.ini`。用户需要 + +* 提供应用路径、应用的编译与运行命令。 +* 在基础编译命令中加入粗粒度调优的动态库`-fplugin=%(PluginPath)s/coarse_option_tuning_plugin_gcc12.so`和编译选项全集文件`-fplugin-arg-coarse_option_tuning_plugin_gcc12-yaml=`。 + * 在`generate`和`autotune`阶段,分别加入`-fplugin-arg-coarse_option_tuning_plugin_gcc12-`的相应输入文件。 +* 可自定义可调优结构配置文件的路径(`./opp/*.yaml`)、Autotuner 生成的编译器输入文件路径(`input.yaml`)等。 + +```ini +[DEFAULT] # optional +# TuningYAMLFile = /path/to/coarse_option_tuning_yaml_config_file + +[Environment Setting] # optional + +[Compiling Setting] # required +CompileDir = ./autotune_datadir +LLVMInputFile = %(CompileDir)s/input.yaml + +OppDir = opp + +Compiler = g++ +BaseCommand = %(Compiler)s ../test_coarse_tuning.cc -O2 -o test_coarse_tuning \ + -fplugin=%(PluginPath)s/coarse_option_tuning_plugin_gcc12.so \ + -fplugin-arg-coarse_option_tuning_plugin_gcc12-yaml=%(TuningYAMLFile)s + +# auto-tuning +CompileCommand = %(BaseCommand)s \ + -fplugin-arg-coarse_option_tuning_plugin_gcc12-autotune=input.yaml + +RunDir = %(CompileDir)s +RunCommand = ./test_coarse_tuning 3 + +# generate +OppCompileCommand = %(BaseCommand)s \ + -fplugin-arg-coarse_option_tuning_plugin_gcc12-generate=%(OppDir)s +``` + +其次,我们可以准备一份额外的参数搜索空间文件`seach_space.yaml`,自定义参数空间。例如,在以下文件中,我们将搜索空间限制在预取相关选项上的调优。 + +```yaml +CodeRegion: + CodeRegionType: function + Pass: coarse_option_generate + Args: + flag_prefetch_loop_arrays: + Type: bool + param_prefetch_latency: + Min: 100 + Max: 2000 + Type: int + param_simultaneous_prefetches: + Min: 1 + Max: 80 + Type: int +``` + +最终我们将 `test_coarse_tuning.cc`,`test_coarse_tuning.ini`,和`search_space.yaml` 放在同一个文件夹下,并运行以下脚本: + +```shell +ai4c-autotune autorun test_coarse_tuning.ini \ + -scf search_space.yaml \ + --stage-order function \ + --time-after-convergence=10 +``` + +其中,参数`time-after-convergence`代表历史最佳值后多少秒未发现新的最优配置时,即提早结束调优。 + +调优完成后,最佳调优配置将保存在`function.yaml`内,并可通过重新调用`autotune`阶段编译命令,同时修改`autotune`选项的输入文件(i.e., `-fplugin-arg-coarse_option_tuning_plugin_gcc12-autotune=function.yaml`),复现该调优组合的性能值。 + +**注意事项:** + +* 当前默认支持程序运行时间作为性能值。 +* 粗粒度调优暂不支持 dump 数据库内保存的历史数据。 +* 当前的粗粒度调优支持与当前版本的 GCC 版本(12.3.1)配套使用,其他编译器版本会出现部分编译选项不支持的问题。可在`path/to/your/AI4C/aiframe/include/option_utils.h`中注释编译器未识别的编译选项。 + +详细使用信息,请参考该测试例: + +LLVM 编译器的粗粒度调优请参考 [Autotuner](https://gitee.com/openeuler/BiSheng-Autotuner) 仓库的使用教程。 + +### 4.4 应用级选项调优 + +当前的应用级选项调优模块,主要由三部分输入组成: + +* 应用的编译与运行脚本(shell):处理应用的编译流程(并将生成的下一组选项替换进编译脚本内)、执行流程、和性能数据采集流程。 +* 编译选项与动态库选项的搜参空间配置文件(YAML):配置选项调优的搜参空间,可配置开关选项(编译优化/动态库)、编译参数、枚举选项。 +* 性能值的配置文件(YAML):配置多个性能项的权重,与目标优化方向(最大/最小值),需与“性能数据采集流程”所获取的性能值数量、顺序对应。 + +应用级选项调优工具将不断收集应用的性能数据,更新性能模型,并生成一组模型预期收益较高的新编译选项组合。通过应用的编译与运行脚本将新的编译选项组合替换进编译脚本内,生成新的二进制文件并执行下一轮运行。反复调优,获取历史最优性能值。 + +在开启应用级选项调优前,需安装以下依赖包: + +```shell +pip install xgboost scikit-learn +yum install -y time +``` + +以下用例将使用不同的编译选项组合构建并调优`test.cc` 3 轮。应用的编译与运行脚本如下: + +```shell +# ---------- run_test.sh ---------- # +parent_dir=$1 # path for intermediate tuning files +config=$(cat ${parent_dir}/tuning/config.txt) # current compiler configuration file +performance_file="${parent_dir}/tuning/performance.txt" # current performance data file + +measure_raw_file="time.txt" + +compiler=g++ +compile_command="${compiler} test.cc -O2 -o test_opt_tuner" +eval "${compile_command} ${config}" # program compilation, appending tuning options + +run_command="time -p -o ${measure_raw_file} ./test_opt_tuner 3" +eval "${run_command}" # program execution + +info_collect_command="grep real ${measure_raw_file} | awk '{printf \"1 1 %s\", \$2}' > ${performance_file}" +eval "${info_collect_command}" # program performance collection + +# ---------- run_option_tuner.sh ---------- # +ai4c-option-tune --test_limit 3 --runfile run_test.sh + # --optionfile path/to/your/python/site-packages/ai4c/option_tuner/input/options.yaml \ + # --libfile path/to/your/python/site-packages/ai4c/option_tuner/input/options_lib.yaml \ + # --measurefile path/to/your/python/site-packages/ai4c/option_tuner/input/config_measure.yaml +``` + +其中默认的选项与性能值配置文件存在于以下路径:`path/to/your/python/site-packages/ai4c/option_tuner/input/*.yaml` + +用户可根据需要修改编译选项与动态库选项配置文件,相关关键词为: + +* `required_*`:必选调优项,将一直保留在调优中 +* `bool_*`:可选的编译优化开关选项 +* `interval_*`: 可选的编译参数(值选项,数据区间) +* `enum_*`: 可选的编译参数(枚举选项) + +例如, + +```yaml +required_config: +- -O2 +bool_config: +- -funroll-loops +interval_config: +- name: --param max-inline-insns-auto + default: 15 + min: 10 + max: 190 +``` + +用户可根据需要修改性能值配置文件,相关关键词为: + +* `weight`: 性能值权重 +* `optim`: 目标优化方向(最大/最小值) + +例如, + +```yaml +config_measure: +- name: throughput + weight: 1 + optim: maximize +``` + +调优完成后,历史与最佳调优数据将保留在`${parent_dir}/tuning/train.csv`和`${parent_dir}/tuning/result.txt`中。 + +详细使用信息,请参考该测试例: diff --git a/docs/zh/server/development/annc/_toc.yaml b/docs/zh/server/development/annc/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ab3b9e9edca68e0b23dd4cd6d4334b0fdbef1b1d --- /dev/null +++ b/docs/zh/server/development/annc/_toc.yaml @@ -0,0 +1,6 @@ +label: ANNC使用手册 +isManual: true +description: ANNC(Accelerated Neural Network Compiler)是专注于加速神经网络计算的编译器,聚焦于通过计算图优化,高性能融合算子生成和对接技术以及高效代码生成和优化能力,加速推荐和大模型的推理性能,支持主流开源推理框架接入。 +sections: + - label: ANNC使用手册 + href: ./annc_user_manual.md diff --git a/docs/zh/server/development/annc/annc_user_manual.md b/docs/zh/server/development/annc/annc_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..f8d229c2d11b838a5f7ee2e1ca7064993a44caaa --- /dev/null +++ b/docs/zh/server/development/annc/annc_user_manual.md @@ -0,0 +1,248 @@ +# ANNC 使用手册 + +## 1 ANNC 介绍 + +ANNC(Accelerated Neural Network Compiler)是专注于加速神经网络计算的编译器,聚焦于通过计算图优化,高性能融合算子生成和对接技术以及高效代码生成和优化能力,加速推荐和大模型的推理性能,支持主流开源推理框架接入。 + +## 2 ANNC 的安装构建 + +### 2.1 直接安装ANNC + +若用户使用最新的openEuler系统(24.03-LTS-SP2),可以直接安装`ANNC`包。 + +```shell +yum install -y ANNC +``` + +若用户使用其他版本的`ANNC`特性或在其他OS版本中安装`ANNC`,需重新构建`ANNC`,可以参考以下步骤。 + +### 2.2 RPM包构建安装流程(推荐) + +1. 使用 root 权限,安装 rpmbuild、rpmdevtools,具体命令如下: + + ```bash + # 安装 rpmbuild + yum install dnf-plugins-core rpm-build + # 安装 rpmdevtools + yum install rpmdevtools + ``` + +2. 在主目录`/root`下生成 rpmbuild 文件夹: + + ```bash + rpmdev-setuptree + # 检查自动生成的目录结构 + ls ~/rpmbuild/ + BUILD BUILDROOT RPMS SOURCES SPECS SRPMS + ``` + +3. 使用`git clone -b openEuler-24.03-LTS-SP2 https://gitee.com/src-openeuler/ANNC.git`,从目标仓库的 `openEuler-24.03-LTS-SP2` 分支拉取代码,并把目标文件放入 rpmbuild 的相应文件夹下: + + ``` shell + cp ANNC/*.tar.gz* ~/rpmbuild/SOURCES + cp ANNC/*.patch ~/rpmbuild/SOURCES/ + cp ANNC/ANNC.spec ~/rpmbuild/SPECS/ + ``` + +4. 用户可通过以下步骤生成 `ANNC` 的 RPM 包: + + ```bash + # 安装 ANNC 所需依赖 + yum-builddep ~/rpmbuild/SPECS/ANNC.spec + # 构建 ANNC 依赖包 + # 若出现 check-rpaths 相关报错,则需要在 rpmbuild 前添加 QA_RPATHS=0x0002,例如 + # QA_RPATHS=0x0002 rpmbuild -ba ~/rpmbuild/SPECS/ANNC.spec + rpmbuild -ba ~/rpmbuild/SPECS/ANNC.spec + # 安装 RPM 包 + cd ~/rpmbuild/RPMS/ + rpm -ivh ANNC--..rpm + ``` + + 注意事项:若系统因存有旧版本的 RPM 安装包而导致文件冲突,可以通过以下方式解决: + + ```bash + # 解决方案一:强制安装新版本 + rpm -ivh ANNC--..rpm --force + # 解决方案二:更新安装包 + rpm -Uvh ANNC--..rpm + ``` + +### 2.3 源码构建安装流程 + +ANNC 的源码地址: + +保证以下依赖包已安装: + +```shell +yum install -y gcc gcc-c++ bzip2 python3-devel python3-numpy python3-setuptools python3-wheel libstdc++-static java-11-openjdk java-11-openjdk-devel make +``` + +安装bazel, 从该地址 获取bazel-6.5.0包 + +```bash +unzip bazel-6.5.0-dist.zip -d bazel-6.5.0 +cd bazel-6.5.0 +env EXTRA_BAZEL_ARGS="--tool_java_runtime_version=local_jdk" bash ./compile.sh + +export PATH=/path/to/bazel-6.5.0/output:$PATH +bazel --version +``` + +安装ANNC, 从源码地址下载ANNC源码包 + +```bash +git clone https://gitee.com/openeuler/ANNC.git + +cd ANNC + +bazel --output_user_root=./output build -c opt \ + --copt="-DANNC_ENABLE_GRAPH_OPT" \ + --copt="-DANNC_ENABLE_OPENBLAS" \ + annc/service/cpu:libannc.so + +cp bazel-bin/annc/service/cpu/libannc.so /usr/lib64 +mkdir -p /usr/include/annc +cp annc/service/cpu/kdnn_rewriter.h /usr/include/annc +cd python +python3 setup.py bdist_wheel +python3 -m pip install dist/*.whl +``` + +## 3 使用流程 + +**注意事项:** + +* ANNC使用者需提前部署好tf-serving,通过编译选项和代码补丁的方式接入ANNC编译优化扩展套件 + +### 3.1 图融合结合手动大算子 + +下载基线模型 + +```bash +git clone https://gitee.com/openeuler/sra_benchmark.git +``` + +从基线模型库中获取以下目标推荐模型 **DeepFM、DFFM、DLRM、W&D** + +命令行实现图融合 + +```bash +# 安装依赖库 + +python3 -m pip install tensorflow==2.15.1 + +# 运行模型转换,以DeepFM模型为例 + +annc-opt -I /path/to/model_DeepFM/1730800001/1 -O deepfm_new/1 dnn_sparse linear_sparse +cp -r /path/to/model_DeepFM/1730800001/1/variables deepfm_new/1 +``` + +输出目录deepfm_new/1下应生成新的模型文件saved_model.pbtxt,搜索KPFusedSparseEmbedding, 确认图融合算子正确生成 + +然后将ANNC提供的开源算子库注册到tf-serving + +```bash +# 进入tf-serving目录,创建自定义算子文件夹 + +cd /path/to/serving +mkdir tensorflow_serving/custom_ops + +# 将ANNC算子拷贝到该目录下 + +cp /usr/include/annc/fused*.cc tensorflow_serving/custom_ops/ +``` + +创建算子编译文件tensorflow_serving/custom_ops/BUILD, 并在该文件中写入以下内容: + +```ini +package( + default_visibility = [ + "//visibility:public", + ], + licenses = ["notice"], +) + +cc_library( + name = 'recom_embedding_ops', + srcs = [ + "fused_sparse_embedding.cc", + "fused_linear_embedding_with_hash_bucket.cc", + "fused_dnn_embedding_with_hash_bucket.cc" + ], + alwayslink = 1, + deps = [ + "@org_tensorflow//tensorflow/core:framework", + ] +) +``` + +```bash +# 打开 tensorflow_serving/model_servers/BUILD, 搜索SUPPORTED_TENSORFLOW_OPS, 添加以下内容注册我们的算子: + +"//tensorflow_serving/custom_ops:recom_embedding_ops" +``` + +完成算子注册后,使用以下命令重新编译tf-serving,编译成功即表示算子成功注册: + +```bash + bazel --output_user_root=./output build -c opt --distdir=./proxy \ + tensorflow_serving/model_servers:tensorflow_model_server +``` + +### 3.2 自动图融合和算子融合 + +进入tf-serving目录,使用如下选项重新编译tf-serving使能ANNC: + +```bash +bazel --output_user_root=./output build -c opt --distdir=./proxy \ + --copt=-DANNC_ENABLED_KDNN \ + tensorflow_serving/model_servers:tensorflow_model_server +``` + +启动tf-serving,制定目标模型,确认服务正常启动即可 + +### 3.3 算子内存和布局优化 + +进入tf-serving目录,需打上相关patch并重新编译 + +```bash +# 打上相关patch, patch位于ANNC目录下 + +export ANNC_PATH=/path/to/ANNC +cp $ANNC_PATH/tfserver/llvm/llvm.sh /path/to/serving/output/{id}/external/llvm-raw +cp ANNC_PATH/tfserver/xla/xla.sh /path/to/serving/output/{id}/external/org_tensorflow/third_party/xla + +cd path/to/serving/output/{id}/external/llvm-raw +bash ./llvm.sh +cd /path/to/serving/output/{id}/external/org_tensorflow/third_party/xla +bash ./xla.sh + +# 重新编译 + +bazel --output_user_root=./output build -c opt --distdir=./proxy \ + --copt=-DANNC_ENABLED_KDNN \ + tensorflow_serving/model_servers:tensorflow_model_server +``` + +设置环境变量,开启优化特性 + +```bash +export XLA_FLAGS="--xla_cpu_use_xla_runtime=true --xla_cpu_enable_concat_optimization=true --xla_cpu_enable_output_tensor_reuse=true --xla_cpu_enable_mlir_tiling_and_fusion=true" +``` + +### 3.4 算子选择和算子库对接 + +进入tf-serving目录,重新编译 + +```bash +cd ./output/{id}/external/org_tensorflow +patch -p1 < /usr/include/tensorflow.patch + +# 开启MatMul算子下发和算子库对接编译选项 + +cd /path/to/serving +bazel --output_user_root=./output build -c opt --distdir=./proxy \ + --copt=-DANNC_ENABLED_KDNN \ + --copt=-DDISABLE_TF_MATMUL_FUSION \ + tensorflow_serving/model_servers:tensorflow_model_server +``` diff --git a/docs/zh/server/development/application_dev/_toc.yaml b/docs/zh/server/development/application_dev/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..20a2eb8d234477912c4d89e371888afa35999f12 --- /dev/null +++ b/docs/zh/server/development/application_dev/_toc.yaml @@ -0,0 +1,18 @@ +label: 应用开发指南 +isManual: true +description: 基于 openEuler 开发应用程序 +sections: + - label: 概述 + href: ./application_development.md + - label: 开发环境准备 + href: ./preparations_for_development_environment.md + - label: 使用GCC编译 + href: ./using_gcc_for_compilation.md + - label: 使用Clang编译 + href: ./using_clang_for_compilation.md + - label: 使用make编译 + href: ./using_make_for_compilation.md + - label: 使用JDK编译 + href: ./using_jdk_for_compilation.md + - label: 构建RPM包 + href: ./building_an_rpm_package.md diff --git a/docs/zh/server/development/application_dev/application_development.md b/docs/zh/server/development/application_dev/application_development.md new file mode 100644 index 0000000000000000000000000000000000000000..6d158355c9cb0ff239c696cba7ea3d1a477a3021 --- /dev/null +++ b/docs/zh/server/development/application_dev/application_development.md @@ -0,0 +1,77 @@ +# 应用开发指南 + +本文档简要介绍应用程序开发需要的常用工具,以指导用户使用openEuler并基于openEuler进行应用程序开发。 + +## 概述 + +本文档主要介绍如下四部分内容,以指导用户使用openEuler并基于openEuler进行代码开发。 + +- 在openEuler系统中安装和使用GCC编译器,并完成一个简单代码的开发、编译和执行。 +- 在openEuler系统中使用JDK自带工具完成代码的编译和执行。 +- 在openEuler系统中安装IntelliJ IDEA进行Java开发。 +- 在本地或使用OBS(Open Build Service)创建RPM(The RPM Package Manager)软件包的方法。 + +## 读者对象 + +本文档适用于所有使用openEuler操作系统进行代码开发的用户。用户需要具备如下经验或能力: + +- 具备Linux操作系统基础知识 +- 了解Linux命令行的基本使用方法 + +## 符号约定 + +在本文中可能出现下列标志,它们所代表的含义如下。 + +| 符号 |说明 | +|:--- |:---- | +| ![](./figures/zh-cn_image_0229243712.png)|用于传递设备或环境安全警示信息,若不避免,可能会导致设备损坏、数据丢失、设备性能降低或其他不可预知的结果。
“注意”不涉及人身伤害。| +| ![](./figures/zh-cn_image_0229243671.png)|用于突出重要/关键信息、最佳实践和小窍门等。
“说明”不是安全警示信息,不涉及人身、设备及环境伤害。| + +## 命令行格式约定 + +**表 1** 命令行格式的约定 + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

格式

+

含义

+

粗体

+

命令行关键字,即命令中保持不变、必须照输的部分,采用加粗字体表示。

+

斜体

+

命令行参数,即命令中必须由实际值进行替代的部分,采用斜体表示。

+

[ ]

+

用“[ ]”括起来的部分表示在命令配置时是可选的。

+

{ x | y | ... }

+

表示从两个或多个选项中选取一个。

+

[ x | y | ... ]

+

表示从两个或多个选项中选取一个或者不选。

+

{ x | y | ... }\*

+

表示从两个或多个选项中选取多个,最少选取一个,最多选取所有选项。

+

[ x | y | ... ]\*

+

表示从两个或多个选项中选取一个、多个或者不选。

+
diff --git a/docs/zh/server/development/application_dev/building_an_rpm_package.md b/docs/zh/server/development/application_dev/building_an_rpm_package.md new file mode 100644 index 0000000000000000000000000000000000000000..4ce187b00f70213faf086b2675faffe017940141 --- /dev/null +++ b/docs/zh/server/development/application_dev/building_an_rpm_package.md @@ -0,0 +1,596 @@ +# 构建RPM包 + +本章介绍通过本地或OBS构建RPM软件包的方法。详见打包规则。 + +## 打包说明 + +### 原理介绍 + +RPM打包的时候需要编译源码,需要把编译好的配置文件、二进制命令文件等放到合适的位置,还要根据需要对RPM的包进行测试,这些都需要先有一个“工作空间”。rpmbuild命令使用一套标准化的“工作空间”: + +```sh +rpmdev-setuptree +``` + +rpmdev-setuptree这个命令就是安装 rpmdevtools 带来的。可以看到运行了这个命令之后,在“/root”目录(非root用户为“/home/用户名”目录)下多了一个 rpmbuild 的文件夹,目录结构如下: + +```sh +# tree rpmbuild +rpmbuild +├── BUILD +├── RPMS +├── SOURCES +├── SPECS +└── SRPMS +``` + +内容相关的说明如下: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

目录

+

宏代码

+

名称

+

功能

+

~/rpmbuild/BUILD

+

%_builddir

+

构建目录

+

源码包被解压至此,并在该目录的子目录完成编译

+

~/rpmbuild/RPMS

+

%_rpmdir

+

标准 RPM 包目录

+

生成/保存二进制 RPM 包

+

~/rpmbuild/SOURCES

+

%_sourcedir

+

源代码目录

+

保存源码包(如 .tar 包)和所有 patch 补丁

+

~/rpmbuild/SPECS

+

%_specdir

+

Spec 文件目录

+

保存 RPM 包配置(.spec)文件

+

~/rpmbuild/SRPMS

+

%_srcrpmdir

+

源代码 RPM 包目录

+

生成/保存源码 RPM 包(SRPM)

+
+ +SPECS 下是RPM包的配置文件,是RPM打包的“图纸”,这个文件会告诉rpmbuild命令如何去打包。“宏代码”这一列就可以在SPEC文件中用来代指所对应的目录,类似于编程语言中的宏或全局变量。 + +### 打包流程 + +打包的过程主要分为如下步骤: + +1. 把源代码放到%\_sourcedir中。 +2. 进行编译,编译的过程是在%\_builddir中完成的,一般情况下,源代码是压缩包格式,需要先进行解压。 +3. 进行“安装”,类似于预先组装软件包,把软件包应该包含的内容(比如二进制文件、配置文件、man文档等)复制到%\_buildrootdir中,并按照实际安装后的目录结构组装,比如二进制命令可能会放在/usr/bin下,那么就在%\_buildrootdir下也按照同样的目录结构放置。 +4. 做一些必要的配置,比如在实际安装前的准备,安装后的清理等等。这些都是通过配置在SPEC文件中来告诉rpmbuild命令。 +5. 检查软件是否正常运行。 +6. 生成的RPM包放置到%\_rpmdir,源码包放置到%\_srcrpmdir下。 + +在SPEC文件中,各个阶段说明如下: + +| 阶段 | 读取的目录 | 写入的目录 | 具体动作 | +|-------------------|--------------|-----------------|-------------------------------------------| +| %prep | %_sourcedir | %_builddir | 读取位于 %_sourcedir 目录的源代码和 patch 之后,解压源代码至 %_builddir 的子目录并应用所有 patch。 | +| %build | %_builddir | %_builddir |编译位于 %_builddir 构建目录下的文件。通过执行类似 ./configure && make 的命令实现。| +| %install | %_builddir | %_buildrootdir |读取位于 %_builddir 构建目录下的文件并将其安装至 %_buildrootdir 目录。这些文件就是用户安装 RPM 后,最终得到的文件。| +| %check | %_builddir | %_builddir | 检查软件是否正常运行。通过执行类似 make test 的命令实现。| +| bin | %_buildrootdir | %_rpmdir| 读取位于 %_buildrootdir 最终安装目录下的文件,以便最终在 %_rpmdir 目录下创建 RPM 包。在该目录下,不同架构的 RPM 包会分别保存至不同子目录, noarch 目录保存适用于所有架构的 RPM 包。这些 RPM 文件就是用户最终安装的 RPM 包。 | +| src | %_sourcedir | %_srcrpmdir | 创建源码 RPM 包(简称 SRPM,以.src.rpm 作为后缀名),并保存至 %_srcrpmdir 目录。SRPM 包通常用于审核和升级软件包。 | + +### 打包选项 + +通过rpmbuild命令构建软件包。rpmbuild构建软件包一般可以通过构建SPEC文件、tar文件、source文件实现。 + +rpmbuild命令格式为:rpmbuild \[_option_...\] + +常用的rpmbuild打包选项如下所示。 + +| option取值 | 说明 | +|----------|--------------| +|-bp specfile |从specfile文件的%prep段开始构建(解开源码包并打补丁)。 | +|-bc specfile |从specfile文件的%build段开始构建。 | +|-bi specfile |从specfile文件的%install段开始构建。 | +|-bl specfile |从specfile文件的%files段开始检查。 | +|-ba specfile |通过specfile文件构建源码包和二进制包。 | +|-bb specfile |通过specfile文件构建二进制包。 | +|-bs specfile |通过specfile文件构建源码包。 | +|-rp sourcefile |从sourcefile文件的%prep段开始构建(解开源码包并打补丁)。 | +|-rc sourcefile |从sourcefile文件的%build段开始构建。 | +|-ri sourcefile |从sourcefile文件的%install段开始构建。 | +|-rl sourcefile |从sourcefile文件的%files段开始检查。 | +|-ra sourcefile |通过sourcefile文件构建源码包和二进制包。 | +|-rb sourcefile |通过sourcefile文件构建二进制包。 | +|-rs sourcefile |通过sourcefile文件构建源码包。 | +|-tp tarfile |从tarfile文件的%prep段开始构建(解开源码包并打补丁)。 | +|-tc tarfile |从tarfile文件的%build段开始构建。 | +|-ti tarfile |从tarfile文件的%install段开始构建。 | +|-ta tarfile |通过tarfile文件构建源码包和二进制包。 | +|-tb tarfile |通过tarfile文件构建二进制包。 | +|-ts tarfile |通过tarfile文件构建源码包。 | +|--buildroot=DIRECTORY |在构建时,使用DIRECTORY目录覆盖默认的/root目录。 | +|--clean |完成打包后清除BUILD目录下的文件。 | +|--nobuild |不执行任何实际的构建步骤。可用于测试spec文件。 | +|--noclean |不执行spec文件的"%clean"阶段(即使它确实存在)。 | +|--nocheck |不执行spec文件的"%check"阶段(即使它确实存在)。 | +|--dbpath DIRECTORY |使用DIRECTORY中的数据库,而不是默认的 /var/lib/rpm。 | +|--root DIRECTORY |使DIRECTORY为最高级别的路径,默认“/”为最高路径。 | +|--recompile sourcefile |将安装指定的源代码包sourcefile,然后进行准备、编译、安装。 | +|--rebuild sourcefile |在\-\-recompile 的基础上额外构建一个新的二进制包。在构建结束时,构建目录、源代码和 spec 文件都将被删除(就好像用了 \-\-clean)。 | +|-?,--help |打印详细的帮助信息。 | +|--version |打印详细的版本信息。 | + +## 本地构建 + +本章通过一个简单的示例介绍如何在本地构建RPM软件包的方法。 + +### 搭建开发环境 + +#### 前提条件 + +需要root权限,已设置openEuler的repo软件源。 + +#### 操作步骤 + +用户可以直接使用DNF工具安装 rpmdevtools,其中包含 rpm-build 等命令以及相关依赖(例如make、gdb)。使用如下命令: + +```sh +# dnf install rpmdevtools* +``` + +### 创建Hello World RPM包 + +这里以GNU “Hello World” 项目的打包过程作为示例,包含了典型的FOSS(Free and Open Source Software) 软件项目相关的最常用的外围组件,其中包括配置/编译/安装环境、文档、国际化等等。 + +#### 下载源码 + +我们直接下载官方例子的源码,使用如下命令: + +```sh +# rpmdev-setuptree +# cd ~/rpmbuild/SOURCES +# wget http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz +``` + +#### 编辑SPEC文件 + +在**~/rpmbuild/SPECS**目录下新建spec文件,参考命令如下: + +```sh +# cd ~/rpmbuild/SPECS +# vi hello.spec +``` + +在文件中写入对应内容后保存文件。文件内容示例如下,请根据实际情况修改相应字段。 + +```Conf +Name: hello +Version: 2.10 +Release: 1%{?dist} +Summary: The "Hello World" program from GNU +Summary(zh_CN): GNU "Hello World" 程序 +License: GPLv3+ +URL: http://ftp.gnu.org/gnu/hello +Source0: http://ftp.gnu.org/gnu/hello/%{name}-%{version}.tar.gz + +BuildRequires: gettext +Requires(post): info +Requires(preun): info + +%description +The "Hello World" program, done with all bells and whistles of a proper FOSS +project, including configuration, build, internationalization, help files, etc. + +%description -l zh_CN +"Hello World" 程序, 包含 FOSS 项目所需的所有部分, 包括配置, 构建, 国际化, 帮助文件等. + +%prep +%setup -q + +%build +%configure +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} +%find_lang %{name} +rm -f %{buildroot}/%{_infodir}/dir + +%post +/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || : + +%preun +if [ $1 = 0 ] ; then +/sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || : +fi + +%files -f %{name}.lang +%doc AUTHORS ChangeLog NEWS README THANKS TODO +%license COPYING +%{_mandir}/man1/hello.1.* +%{_infodir}/hello.info.* +%{_bindir}/hello + +%changelog +* Thu Dec 26 2019 Your Name - 2.10-1 +- Update to 2.10 +* Sat Dec 3 2016 Your Name - 2.9-1 +- Update to 2.9 +``` + +- Name 标签是软件名,Version 标签是版本号,而 Release 标签是发布编号。 +- Summary 标签是简要说明,英文的话第一个字母应大写,以避免 rpmlint 工具(打包检查工具)警告。 +- License 标签说明软件包的协议版本,审查软件的 License 状态是打包者的职责,这可以通过检查源码或 LICENSE 文件,或与作者沟通来完成。 +- Group 标签过去用于按照 /usr/share/doc/rpm-/GROUPS 分类软件包。目前该标记已丢弃,vim的模板还有这一条,删掉即可,不过添加该标记也不会有任何影响。%changelog 标签应包含每个 Release 所做的更改日志,尤其应包含上游的安全/漏洞补丁的说明。%changelog 条目应包含版本字符串,以避免 rpmlint 工具警告。 +- 多行的部分,如 %changelog 或 %description 由指令下一行开始,空行结束。 +- 一些不需要的行 \(如 BuildRequires 和 Requires\) 可在行首使用‘\#’注释。 +- %prep、%build、%install、%files暂时用默认的,未做任何修改。 + +#### 构建RPM包 + +构建源码、二进制和包含调试信息的软件包,在spec文件所在目录执行如下命令: + +```sh +rpmbuild -ba hello.spec +``` + +执行成功后,查看结果,使用如下命令: + +```sh +# tree ~/rpmbuild/*RPMS + +/home/testUser/rpmbuild/RPMS +└── aarch64 + ├── hello-2.10-1.aarch64.rpm + ├── hello-debuginfo-2.10-1.aarch64.rpm + └── hello-debugsource-2.10-1.aarch64.rpm +/home/testUser/rpmbuild/SRPMS +└── hello-2.10-1.src.rpm +``` + +## 使用OBS构建 + +本章介绍通过网页和osc构建RPM软件包的方法。主要包括如下两类: + +- 修改已有软件包:修改已有软件包源代码,然后将修改后的源代码构建成一个RPM软件包。 +- 新增软件包:从无到有全新开发一个新的软件源文件,并将新开发的源文件构建成一个RPM软件包。 + +### OBS简介 + +OBS是基于openSUSE发行版的通用编译框架,用于将源码包构建为RPM软件包或Linux镜像。OBS采用自动化的分布式编译方式,支持多种Linux操作系统发行版(openEuler、SUSE、Debian等)镜像和安装包的编译,且支持在多种架构平台(x86、ARM64等)上编译。 + +OBS由后端和前端组成,后端实现所有核心功能,前端提供了网页应用和API,用于与后端进行交互。此外,OBS还有一个API命令行客户端osc,osc是在一个单独的存储库中开发的。 + +OBS使用工程组织软件包。基础的权限控制、相关的存储仓库和构建目标(操作系统和架构)都可以在工程中定义。一个工程可以包含多个子工程,各个子工程可以独立配置,共同完成任务。 + +### 在线构建软件包 + +本章介绍通过OBS网页端在线构建RPM软件包的方法。 + +#### 构建已有软件包 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 若为首次使用,请首先在OBS网页注册个人帐号。 +>- 该方法需要拷贝修改后的代码,因此,请在执行下述操作前完成代码修改并提交到正确的代码路径。代码路径会在\_service文件中指定。 + +使用OBS网页端,修改已有软件的源代码,并将修改后的源文件构建为RPM软件包的操作方法如下: + +1. 登录OBS界面,地址为:[https://build.openeuler.openatom.cn](https://build.openeuler.openatom.cn)。 +2. 单击“All Projects”进入所有工程页面。 +3. 单击需要修改的对应工程,进入该工程的详情页面,例如单击“openEuler:Mainline”。 +4. 在工程详情页面的搜索框查找需要修改的软件包,然后单击该软件包包名,进入该软件包详情页面。 +5. 单击“Branch package”,在弹出的确认页面单击“Accept”确认创建子工程,如[图1](#fig77646143214)所示。 + + **图 1** Branch Confirmation页面 + ![](./figures/Branch-Confirmationpage.png) + +6. 单击“\_service”文件进入编辑页面,修改\_service内容后点击“Save”保存该文件。\_service内容示例如下,其中 _userCodeURL_、 _userCommitID_ 分别为用户代码托管路径、用户代码提交版本号或分支。 + + ```Conf + + + git + userCodeURL + userCommitID + + + bz2 + *.tar + + + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >单击“Save”保存\_service文件后,OBS服务会根据\_service文件描述,从指定的url下载源码到OBS对应工程的软件目录下并替换原有文件,例如上述例子中 “openEuler:Mainline”工程的kernel目录。 + +7. 文件拷贝并替换完成后,OBS会自动开始构建RPM软件包。等待构建完成,并查看右侧状态栏的构建状态。 + - succeeded:构建成功。用户可以单击“succeeded”查看构建日志,如[图2](#fig10319114217337)所示。 + + **图 2** succeeded的页面 + ![](./figures/succeededpage.png) + + - failed:构建失败。请单击“failed”查看错误日志进行问题定位后重新构建。 + - unresolvable:未进行构建,可能由于缺失依赖。 + - disabled:构建被手动关闭或正在排队构建。 + - excluded:构建被禁止,可能由于缺少spec文件或者spec文件中禁止了目标架构的编译。 + +#### 新增软件包 + +使用OBS网页端,新增一个全新软件包的操作方法如下: + +1. 登录OBS界面。 +2. 根据新增软件包的依赖情况,选择合适的工程,即单击“All Projects”选择对应工程,例如“openEuler:Mainline”。 +3. 单击工程下任一软件包,进入该软件包的详情页面。 +4. 单击“Branch package”,在弹出的确认页面单击“Accept”确认创建子工程。 +5. 单击“Delete package”,删除新创建子工程中的软件包,如[图3](#fig18306181103615)所示。 + + **图 3** 删除子工程中软件包 + ![](./figures/delete_package.png) + + >![](./public_sys-resources/icon-note.gif) **说明:** + >通过已有软件创建新工程是为了继承环境等依赖,而不需要实际的文件,所以这里需要把这些文件删除。 + +6. 单击“Create Package”,在弹出的页面输入软件包名称、标题和软件包描述,然后单击“Create”创建软件包,分别如[图4](#fig6762111693811)、[图5](#fig18351153518389)所示。 + + **图 4** Create Package页面 + ![](./figures/Create-Packagepage.png) + + **图 5** 创建软件包信息填写页面 + ![](./figures/setting_software_info.png) + +7. 在页面中单击“Add file”上传spec文件和需要编译的文件(在spec文件中指定),如[图6](#fig1475845284011)所示。 + + **图 6** Add file页面 + ![](./figures/filepage.png) + +8. 文件上传成功后,OBS会自动开始构建RPM软件包。等待构建完成,并查看右侧状态栏的构建状态。 + - succeeded:构建成功。用户可以单击“succeeded”查看构建日志。 + - failed:构建失败。请单击“failed”查看错误日志进行问题定位后重新构建。 + - unresolvable:未进行构建,可能由于缺失依赖。 + - disabled:构建被手动关闭或正在排队构建。 + - excluded:构建被禁止,可能由于缺少spec文件或者spec文件中禁止了目标架构的编译。 + +#### 获取软件包 + +RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法如下: + +1. 登录OBS界面。 +2. 单击“All Projects”找到所需软件包的对应工程,例如“openEuler:Mainline”。 +3. 在工程下单击所需软件包的包名,进入该软件包详情页面。例如上述例子中的kernel页面。 +4. 选择Repositories页签进入软件包的软件仓库管理页面,在Publish Flag中通过单击选择“Enable”开启(状态由![](./figures/zh-cn_image_0229243704.png)变为![](./figures/zh-cn_image_0229243702.png))对应的RPM软件包下载功能,如[图7](#fig17480830144217)所示。 + + **图 7** Repositories页面 + ![](./figures/Repositoriespage.png) + +5. 单击Repository列的构建工程名称,进入RPM软件包下载页面,单击RPM软件包右侧的“Download”即可下载对应RPM软件包,如[图8](#fig12152145615438)所示。 + + **图 8** RPM软件包下载页面 + ![](./figures/RPM_package_download.png) + +### 使用osc构建软件包 + +本章介绍使用OBS的命令行工具osc创建工程并构建RPM软件包的方法。 + +#### 安装并配置osc + +##### 前提条件 + +需要root权限,已设置openEuler的repo软件源。 + +##### 操作步骤 + +1. 使用root用户安装osc命令行工具及依赖。 + + ```sh + # dnf install osc build + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >编译RPM软件包的过程中会依赖build。 + +2. 配置osc。 + 1. 打开\~/.oscrc,命令如下: + + ```sh + # vi ~/.oscrc + ``` + + 2. 在\~/.oscrc中添加user和pass字段,如下所示,它们的取值 _userName_ 和 _passWord_ 分别是用户在OBS网页([https://build.openeuler.openatom.cn](https://build.openeuler.openatom.cn))上已经注册的帐号和密码。 + + ```sh + [general] + apiurl = https://build.openeuler.openatom.cn + [https://build.openeuler.openatom.cn] + user=userName + pass=passWord + ``` + +#### 构建已有软件包 + +创建工程 + +1. 通过拷贝已有工程,创建属于用户自己的子工程。例如将openEuler:Mainline工程下的zlib软件包添加到新分支,参考命令如下: + + ```sh + # osc branch openEuler:Mainline zlib + ``` + + 回显如下所示,说明在用户testUser下创建了新的分支工程home:testUser:branches:openEuler:Mainline。 + + ```text + A working copy of the branched package can be checked out with: + osc co home:testUser:branches:openEuler:Mainline/zlib + ``` + +2. 将需要修改软件包的相关配置文件(例如\_service)下载到本地当前路径。其中 _testUser_ 为\~/.oscrc配置文件中配置的帐户名称,请根据实际情况修改。 + + ```sh + # osc co home:testUser:branches:openEuler:Mainline/zlib + ``` + + 回显如下所示: + + ```text + A home:testUser:branches:openEuler:Mainline + A home:testUser:branches:openEuler:Mainline/zlib + A home:testUser:branches:openEuler:Mainline/zlib/_service + ``` + +3. 进入本地子工程目录,并将软件包远程代码同步到本地。 + + ```sh + # cd home:testUser:branches:openEuler:Mainline/zlib + # osc up -S + ``` + + 回显如下所示: + + ```text + A _service:tar_scm_kernel_repo:0001-Neon-Optimized-hash-chain-rebase.patch + A _service:tar_scm_kernel_repo:0002-Porting-optimized-longest_match.patch + A _service:tar_scm_kernel_repo:0003-arm64-specific-build-patch.patch + A _service:tar_scm_kernel_repo:zlib-1.2.11-optimized-s390.patch + A _service:tar_scm_kernel_repo:zlib-1.2.11.tar.xz + A _service:tar_scm_kernel_repo:zlib-1.2.5-minizip-fixuncrypt.patch + A _service:tar_scm_kernel_repo:zlib.spec + ``` + +构建RPM包 + +1. 重命名源文件,然后将重命名后的源文件添加到OBS暂存中。 + + ```sh + # rm -f _service;for file in `ls | grep -v .osc`;do new_file=${file##*:};mv $file $new_file;done + # osc addremove * + ``` + +2. 修改源代码和spec文件,并执行如下命令更新文件。 + + ```sh + # osc up + ``` + +3. 将对应软件包的所有修改同步到OBS服务器。参考命令如下,-m参数后的信息为提交记录。 + + ```sh + # osc ci -m "commit log" + ``` + +4. 获取当前工程的仓库名称和架构,参考命令如下: + + ```sh + # osc repos home:testUser:branches:openEuler:Mainline + ``` + +5. 修改提交成功后,OBS会自动开始编译软件包。可以通过如下命令,查看对应仓库的编译日志,其中 _standard_aarch64_ 、 _aarch64_ 分别为查询所得仓库名称和架构。 + + ```sh + # osc buildlog standard_aarch64 aarch64 + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >用户也可以通过网页端打开自己创建的对应工程,查看构建日志。 + +#### 新增软件包 + +使用OBS的osc工具新增一个全新软件包的操作方法如下: + +创建工程 + +1. 根据新增软件包的依赖情况,基于合适的工程,创建属于用户自己的个人工程。例如基于 _openEuler:Mainline_ 工程的 zlib 创建工程的参考命令如下,zlib 为工程下的任一软件包。 + + ```sh + # osc branch openEuler:Mainline zlib + ``` + +2. 删除创建工程时新增的无用软件包。例如删除zlib软件包的参考命令如下: + + ```sh + # cd home:testUser:branches:openEuler:Mainline + # osc rm zlib + # osc commit -m "commit log" + ``` + +3. 在个人工程下创建新增的软件包。例如新增软件包 my-first-obs-package命令如下: + + ```sh + # mkdir my-first-obs-package + # cd my-first-obs-package + ``` + +构建RPM包 + +1. 添加准备的源文件和spec文件到软件包目录。 +2. 修改源代码和spec文件,并将对应软件包的所有文件上传到OBS服务器。参考命令如下,-m 参数后的信息为提交记录。 + + ```sh + # cd home:testUser:branches:openEuler:Mainline + # osc add my-first-obs-package + # osc ci -m "commit log" + ``` + +3. 获取当前工程的仓库名称和架构,参考命令如下: + + ```sh + # osc repos home:testUser:branches:openEuler:Mainline + ``` + +4. 修改提交成功后,OBS会自动开始编译软件包。可以通过如下命令,查看对应仓库的编译日志,其中 _standard_aarch64_ 、 _aarch64_ 分别为查询所得仓库名称和架构。 + + ```sh + # cd home:testUser:branches:openEuler:Mainline/my-first-obs-package + # osc buildlog standard_aarch64 aarch64 + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >用户也可以通过网页端打开自己创建的对应工程,查看构建日志。 + +#### 获取软件包 + +RPM软件包构建完成后,使用osc获取对应RPM软件包的命令如下: + +```sh +# osc getbinaries home:testUser:branches:openEuler:Mainline my-first-obs-package standard_aarch64 aarch64 +``` + +命令中的各参数含义如下,请用户根据实际情况修改: + +- _home:testUser:branches:openEuler:Mainline_ :软件包所在工程名称 +- _my-first-obs-package_ :软件包名称 +- _standard\_aarch64_ :仓库名称 +- _aarch64_ :仓库架构名称 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用osc构建的软件包也可以在网页端获取,获取方式请参见[获取软件包](#获取软件包)。 diff --git a/docs/zh/server/development/application_dev/faqs_and_solutions.md b/docs/zh/server/development/application_dev/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..4214cec89612a68eef0da120006d756a41f7facf --- /dev/null +++ b/docs/zh/server/development/application_dev/faqs_and_solutions.md @@ -0,0 +1,19 @@ +# 常见问题与解决方法 + +## 问题1:部分依赖java-devel的应用程序自编译失败 + +### 问题描述 + +部分依赖java-devel的应用程序会出现使用rpmbuild命令自编译失败的问题。 + +### 原因分析 + +为了提供更新的openjdk特性和对广大java应用程序的兼容,openEuler同时提供了openjdk-1.8.0、openjdk-11等多个版本的openjdk。部分应用程序在编译时需要依赖java-devel包,安装java-devel包时系统会默认安装更高版本的java-11-openjdk,从而导致这些应用的编译失败。 + +### 解决方法 + +用户需手动使用如下命令安装java-1.8.0-openjdk后再使用rpmbuild命令进行自编译。 + +```shell +# yum install java-1.8.0-openjdk +``` diff --git a/docs/zh/server/development/application_dev/figures/Branch-Confirmationpage.png b/docs/zh/server/development/application_dev/figures/Branch-Confirmationpage.png new file mode 100644 index 0000000000000000000000000000000000000000..e66cbcd22217b74785381b85128ea61895194882 Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/Branch-Confirmationpage.png differ diff --git a/docs/zh/server/development/application_dev/figures/Create-Packagepage.png b/docs/zh/server/development/application_dev/figures/Create-Packagepage.png new file mode 100644 index 0000000000000000000000000000000000000000..36ea525856d428b6f88a338202e7cb59b2204fc0 Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/Create-Packagepage.png differ diff --git a/docs/zh/server/development/application_dev/figures/RPM_package_download.png b/docs/zh/server/development/application_dev/figures/RPM_package_download.png new file mode 100644 index 0000000000000000000000000000000000000000..9f32d6c16d344df6951fc4e6aa027d02dfb9ccb5 Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/RPM_package_download.png differ diff --git a/docs/zh/server/development/application_dev/figures/Repositoriespage.png b/docs/zh/server/development/application_dev/figures/Repositoriespage.png new file mode 100644 index 0000000000000000000000000000000000000000..b7c04eedf9dd32cf4a9d024a05f5c8b294c76934 Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/Repositoriespage.png differ diff --git a/docs/zh/server/development/application_dev/figures/delete_package.png b/docs/zh/server/development/application_dev/figures/delete_package.png new file mode 100644 index 0000000000000000000000000000000000000000..a365cd1f46bfb8bec094b79477c0168861a5193b Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/delete_package.png differ diff --git a/docs/zh/server/development/application_dev/figures/filepage.png b/docs/zh/server/development/application_dev/figures/filepage.png new file mode 100644 index 0000000000000000000000000000000000000000..83f0bfaeeb9227bcbb863a93ab8d3535e2b2bc1d Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/filepage.png differ diff --git a/docs/zh/server/development/application_dev/figures/setting_software_info.png b/docs/zh/server/development/application_dev/figures/setting_software_info.png new file mode 100644 index 0000000000000000000000000000000000000000..0144be1f86e2a1d977881355022f7b5a5940cacb Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/setting_software_info.png differ diff --git a/docs/zh/server/development/application_dev/figures/succeededpage.png b/docs/zh/server/development/application_dev/figures/succeededpage.png new file mode 100644 index 0000000000000000000000000000000000000000..3f10cd1db8bdc9be1ab8b660ef93e8a481c2d6b8 Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/succeededpage.png differ diff --git a/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243671.png b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243671.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243671.png differ diff --git a/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243702.png b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243702.png new file mode 100644 index 0000000000000000000000000000000000000000..96096879d161f04750a332e5c749a834c49d3173 Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243702.png differ diff --git a/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243704.png b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243704.png new file mode 100644 index 0000000000000000000000000000000000000000..267bc9508f3a065b5b40c367e745f0d8c3ddb5fa Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243704.png differ diff --git a/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243712.png b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243712.png new file mode 100644 index 0000000000000000000000000000000000000000..8d5a343524e14d11a3e2a94be4066fbb2d20599e Binary files /dev/null and b/docs/zh/server/development/application_dev/figures/zh-cn_image_0229243712.png differ diff --git a/docs/zh/server/development/application_dev/preparations_for_development_environment.md b/docs/zh/server/development/application_dev/preparations_for_development_environment.md new file mode 100644 index 0000000000000000000000000000000000000000..27c0d363d78476b3d36ae5f8b612d2f0a020af1b --- /dev/null +++ b/docs/zh/server/development/application_dev/preparations_for_development_environment.md @@ -0,0 +1,418 @@ +# 开发环境准备 + +## 环境要求 + +- 若使用的是物理机,则开发环境所需的最小硬件要求如[表1](#table154419352610)所示。 + + **表 1** 最小硬件要求 + + + + + + + + + + + + + + + + + + + + + + + + +

部件名称

+

最小硬件要求

+

说明

+

架构

+
  • AArch64
  • x86_64
+
  • 支持Arm的64位架构。
  • 支持Intel的x86_64位架构。
+

CPU

+
  • 华为鲲鹏920系列CPU
  • Intel® Xeon®处理器
+

-

+

内存

+

不小于4GB(为了获得更好的应用体验,建议不小于8GB)

+

-

+

硬盘

+

为了获得更好的应用体验,建议不小于120GB)

+

支持IDE、SATA、SAS等接口的硬盘。

+
+ +- 若使用的是虚拟机,则开发环境所需的最小虚拟化空间要求如[表2](#table780410493819)所示。 + + **表 2** 最小虚拟化空间要求 + + + + + + + + + + + + + + + + + + + + + + + + +

部件名称

+

最小虚拟化空间要求

+

说明

+

架构

+
  • AArch64
  • x86_64
+

-

+

CPU

+

2个CPU

+

-

+

内存

+

不小于4GB(为了获得更好的应用体验,建议不小于8GB)

+

-

+

硬盘

+

不小于32GB(为了获得更好的应用体验,建议不小于120GB)

+

-

+
+ +### 操作系统要求 + +操作系统要求为openEuler操作系统。 + +openEuler操作系统具体安装方法请参考[安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md),其中“软件选择”页面的“已选环境的附加选项”中将“开发工具”勾选。 + +## 配置openEuler yum源 + +通过直接获取在线的openEuler repo源配置在线yum源或通过挂载ISO创建本地openEuler repo源配置本地yum源。 + +### 通过直接获取在线的openEuler repo源配置在线yum源 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](../../releasenotes/releasenotes/os_installation.md)。本操作以AArch64架构的OS repo源为例将其配置为yum源。 + +1. 进入到yum源目录并查看目录下的.repo配置文件。 + + ```shell + # cd /etc/yum.repos.d + # ls + openEuler-xxx.repo + ``` + +2. 在root权限下编辑openEuler-xxx.repo文件,将在线的openEuler repo源配置为yum源。 + + ```shell + # vi openEuler-xxx.repo + ``` + + 编辑openEuler-xxx.repo文件的内容如下,其中{version}和{arch}请根据实际情况进行替换: + + ```text + [osrepo] + name=osrepo + baseurl=http://repo.openeuler.org/openEuler-{version}/OS/{arch}/ + enabled=1 + + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/{arch}/RPM-GPG-KEY-openEuler + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**osrepo**。 + > - name为软件仓库描述的字符串。 + > - baseurl为软件仓库的地址。 + > - enabled为是否启用该软件源仓库,可选值为1和0。缺省值为1,表示启用该软件源仓库。 + > - gpgcheck可设置为1或0,1表示进行gpg(GNU Private Guard)校验,0表示不进行gpg校验,gpgcheck可以确定rpm包的来源是有效和安全的。 + > - gpgkey为验证签名用的公钥。 + +### 通过挂载ISO创建本地openEuler repo源配置本地yum源 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种ISO发布包,各ISO发布包含义可参考[系统安装](../../releasenotes/releasenotes/os_installation.md)。本操作中忽略具体的版本号和架构,请根据实际需要的ISO发布包和校验文件进行修改。 + +1. 下载ISO发布包。 + - 通过跨平台文件传输工具下载ISO镜像。 + 1. 登录[openEuler社区](https://openeuler.org/zh/)网站。 + 2. 单击“下载”。 + 3. 单击“社区发行版”,显示版本列表。 + 4. 在版本列表处找到对应的版本号,单击“前往下载”按钮,进入版本下载列表。 + 5. 在对应的系统下载列表中,可以查看系统镜像架构和应用场景。 + + 架构分类如下: + + - AArch64:AArch64架构的ISO。 + - x86\_64:x86\_64架构的ISO。 + - ARM32:嵌入式的Image。 + + 场景分类如下: + + - 服务器:服务器场景的ISO。 + - 边缘计算:边缘计算场景的ISO。 + - 云计算:云计算场景的ISO。 + - 嵌入式:嵌入式的Image(只有选择AArch64或ARM32架构时,才可选该场景)。 + + 6. 单击“AArch64”,选择AArch64架构。 + 7. 单击“服务器”,选择服务器场景。 + 8. 在“软件包类型”栏选择需要的ISO,单击“立即下载”。 + 9. 单击该ISO对应的完整性校验文件“SHA256”,复制校验值到本地。 + 10. 登录openEuler操作系统,新建用于存放发布包的目录,如“~/iso”。 + + ```shell + # mkdir ~/iso + ``` + + 11. 使用跨平台文件传输工具(如WinSCP)将本地的openEuler发布包上传到openEuler操作系统。 + + - 通过wget命令下载ISO镜像。 + 1. 登录[openEuler社区](https://openeuler.org/zh/)网站。 + 2. 单击“下载”。 + 3. 单击“社区发行版”,显示版本列表。 + 4. 在版本列表处找到对应的版本号,单击“前往下载”按钮,进入版本下载列表。 + 5. 在对应的系统下载列表中,可以查看系统镜像架构和应用场景。 + + 架构分类如下: + + - AArch64:AArch64架构的ISO。 + - x86\_64:x86\_64架构的ISO。 + - ARM32:嵌入式的Image。 + + 场景分类如下: + + - 服务器:服务器场景的ISO。 + - 边缘计算:边缘计算场景的ISO。 + - 云计算:云计算场景的ISO。 + - 嵌入式:嵌入式的Image(只有选择AArch64或ARM32架构时,才可选该场景)。 + + 6. 单击“AArch64”,选择AArch64架构。 + 7. 单击“服务器”,选择服务器场景。 + 8. 在“软件包类型”栏选择需要的ISO,右键单击“立即下载”,单击“复制链接地址”,将openEuler发布包地址记录好。 + 9. 单击复制该ISO对应的完整性校验文件“SHA256”,将openEuler校验文件记录好。 + 10. 登录openEuler操作系统,新建用于存放发布包和检验文件的目录,如“~/iso”,并切换到该目录。 + + ```shell + # mkdir ~/iso + # cd ~/iso + ``` + + 11. 使用**wget**命令远程下载发布包,命令中的 *ipaddriso* 为openEuler发布包地址。 + + ```shell + # wget ipaddriso + ``` + +2. 发布包完整性校验。 + 1. 计算openEuler发布包的sha256校验值。 + + ```shell + sha256sum openEuler-xxx-dvd.iso + ``` + + 命令执行完成后,输出校验值。 + + 2. 对比步骤1和复制的校验值是否一致。 + + 如果校验值一致说明iso文件完整性没有被破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 + +3. 挂载ISO并创建为repo源。 + + 在root权限下使用mount命令挂载镜像文件。 + + 示例如下: + + ```shell + # mount /home/iso/openEuler-xxx-dvd.iso /mnt/ + ``` + + 挂载好的mnt目录如下: + + ```text + . + │── boot.catalog + │── docs + │── EFI + │── images + │── Packages + │── repodata + │── TRANS.TBL + └── RPM-GPG-KEY-openEuler + ``` + + 其中,Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 + +4. 进入到yum源目录并查看目录下的.repo配置文件。 + + ```shell + # cd /etc/yum.repos.d + # ls + openEuler-xxx.repo + ``` + +5. 在root权限下编辑openEuler-xxx.repo文件,将[3](#li6236932222)中创建的repo源配置为本地yum源。 + + ```shell + # vi openEuler-xxx.repo + ``` + + 编辑openEuler-xxx.repo文件的内容如下: + + ```text + [localosrepo] + name=localosrepo + baseurl=file:///mnt + enabled=1 + gpgcheck=1 + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + ``` + +## 安装软件包 + +安装开发过程中需要用到的软件。不同的开发需要的软件不一样,但安装方法相同,本章以安装常用的几个软件包(JDK,rpm-build)为例。有些开发软件openEuler操作系统已默认自带,如GCC、GNU make。 + +### 安装JDK软件包 + +1. 执行 `dnf list installed | grep jdk` 查询JDK软件是否已安装。 + + 查看回显,若回显中包含“jdk”,表示该软件已经安装了,则不需要再安装。若无任何回显,则表示该软件未安装。 + +2. 执行 `dnf clean all` 清除缓存。 + +3. 执行 `dnf makecache` 创建缓存。 + +4. 执行 `dnf search jdk | grep jdk` 查询可安装的JDK软件包。 + + 查看回显,选择安装java-{version}-openjdk-devel.aarch64软件包。 + +5. root权限执行 `dnf install java-{version}-openjdk-devel.aarch64` 安装JDK软件包。 + +6. 执行 `java -version` 查询JDK软件版本。 + + 查看回显,若回显中包含“openjdk version”信息,表示已正确安装。 + +### 安装rpm-build软件包 + +1. 执行 `dnf list installed | grep rpm-build` 查询rpm-build软件是否已安装。 + + 查看回显,若回显中包含“rpm-build”,表示该软件已经安装了,则不需要再安装。若无任何回显,则表示该软件未安装。 + +2. 执行 `dnf clean all` 清除缓存。 + +3. 执行 `dnf makecache` 创建缓存。 + +4. root权限执行 `dnf install rpm-build` 安装rpm-build软件包。 + +5. 执行 `rpmbuild --version` 查询rpm-build软件版本。 + +## 使用IDE进行Java开发 + +对于小型的Java程序,可以直接参考“使用JDK编译”章节得到可运行Java应用。但是对于大中型Java应用,这种方式已经无法满足开发者的需求。因此您可以参考如下步骤安装IDE并进行使用,以方便您在openEuler系统上的Java开发工作。 + +### 简介 + +IntelliJ IDEA是一款非常流行的Java IDE,其社区版可以免费下载使用。目前openEuler支持使用IntelliJ IDEA集成开发环境(IDE)进行Java程序的开发,从而可以提升开发人员的工作效率。 + +### 使用MobaXterm登录服务器 + +MobaXterm是一款非常优秀的SSH客户端,其自带X Server,可以轻松解决远程GUI显示问题。 + +您需要提前下载安装好MobaXterm并打开,然后SSH登录您的服务器并进行以下操作。 + +### 设置JDK环境 + +在设置JAVA\_HOME之前您需要先找到JDK的安装路径。在“开发环境准备 \> 安装软件包 \> 安装JDK软件包”章节中您已经学会了如何安装JDK,如果您还没安装好JDK,请提前安装好。 + +查看java路径,命令如下: + +```shell +# which java +/usr/bin/java +``` + +查看软链接的实际指向目录,命令如下: + +```shell +# ls -la /usr/bin/java +lrwxrwxrwx. 1 root root 22 Mar 6 20:28 /usr/bin/java -> /etc/alternatives/java +# ls -la /etc/alternatives/java +lrwxrwxrwx. 1 root root 83 Mar 6 20:28 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64/jre/bin/java +``` + +发现JDK的真实路径为/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64,设置JAVA\_HOME和PATH,命令如下: + +```shell +# export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64 +# export PATH=$JAVA_HOME/bin:$PATH +``` + +### 下载安装GTK库 + +运行如下命令: + +```shell +# dnf list installed | grep gtk +``` + +如果显示gtk2或者gtk3,则表示您已安装该库,可以直接跳过进入下一步,否则在root权限下运行如下命令自动下载安装gtk库。 + +```shell +# dnf -y install gtk2 libXtst libXrender xauth +``` + +### 设置X11 Forwarding + +切换到sshd配置目录 + +```shell +# cd ~/.ssh +``` + +如果该目录不存在,则创建目录后再进行切换,创建目录命令如下: + +```shell +# mkdir ~/.ssh +``` + +然后在.ssh目录下编辑config文件并保存: + +1. 使用vim打开config文件 + + ```shell + # vim config + ``` + +2. 将以下内容添加到文件末尾并保存: + + ```text + Host * + ForwardAgent yes + ForwardX11 yes + ``` + +### 下载并运行IntelliJ IDEA + +在执行如上环境配置后,您就可以下载使用IntelliJ IDEA了。鉴于最新版的IntelliJ IDEA和openEuler系统在部分功能上有兼容性问题,建议您从此[链接](https://www.jetbrains.com/idea/download/other.html)下载2018版本linux压缩包。下载好后把压缩包移到您想要安装该软件的目录,对压缩包进行解压: + +```shell +# tar -xf ideaIC-2018.3.tar.gz +``` + +解压后切换到IntelliJ IDEA的目录下并运行。 + +```shell +# cd ./idea-IC-183.4284.148 +# bin/idea.sh & +``` diff --git a/docs/zh/server/development/application_dev/public_sys-resources/icon-caution.gif b/docs/zh/server/development/application_dev/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/development/application_dev/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/development/application_dev/public_sys-resources/icon-danger.gif b/docs/zh/server/development/application_dev/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/development/application_dev/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/development/application_dev/public_sys-resources/icon-note.gif b/docs/zh/server/development/application_dev/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/development/application_dev/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/development/application_dev/public_sys-resources/icon-notice.gif b/docs/zh/server/development/application_dev/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/development/application_dev/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/development/application_dev/public_sys-resources/icon-tip.gif b/docs/zh/server/development/application_dev/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/development/application_dev/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/development/application_dev/public_sys-resources/icon-warning.gif b/docs/zh/server/development/application_dev/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/development/application_dev/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/development/application_dev/using_clang_for_compilation.md b/docs/zh/server/development/application_dev/using_clang_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..66ccb6fc3f1cb8da28e7e9ef201f264dcc97cd6f --- /dev/null +++ b/docs/zh/server/development/application_dev/using_clang_for_compilation.md @@ -0,0 +1,80 @@ +# 使用LLVM/Clang编译 + +本章介绍LLVM/Clang编译的一些基本知识,并通过示例进行实际演示。更多Clang使用方法请通过**clang --help**命令查询。 + +## 简介 + +LLVM是一种涵盖多种编程语言和目标处理器的编译器,使用Clang作为C和C++的编译和驱动程序。Clang不仅仅可以将C/C++程序编译为LLVM中间表示的IR,也会调用所有以代码生成为目标的LLVM优化遍,直到生成最终的二进制文件。 + +## LLVM/Clang多版本安装 + +在openEuler操作系统中,Clang/LLVM工具链可通过官方yum仓库进行标准化安装。为兼容不同场景对LLVM版本的需求,系统采用主副版本共存机制:默认安装稳定主版本的同时,支持部署更高版本的LLVM。 + +| openEuler版本 | LLVM主版本 | 安装方式 | LLVM副版本 | 安装方式 | +|----------------|------------|--------------------------|---------------|--------------------------------------------------------------------------| +| 22.03 LTS SP3 | LLVM12 | yum install -y clang | LLVM17、LLVM18 | yum install -y llvm-toolset-17
yum install -y llvm-toolset-18| +| 22.03 LTS SP4 | LLVM12 | yum install -y clang | LLVM17、LLVM18 | yum install -y llvm-toolset-17
yum install -y llvm-toolset-18| +| 24.03 LTS | LLVM17 | yum install -y clang | NA | NA | +| 24.03 LTS SP1 | LLVM17 | yum install -y clang | LLVM18 | yum install -y llvm-toolset-18| + +以openEuler 22.03 LTS SP4为例,验证主版本安装是否成功: + +```shell +clang -v + +clang version 12.0.1 (openEuler 12.0.1-6.oe2203sp4 f4a7df2c51fa9eb3679555ef2de92c638ba9f880) +Target: aarch64-unknown-linux-gnu +Thread model: posix +InstalledDir: /usr/bin +Found candidate GCC installation: /usr/bin/../lib/gcc/aarch64-linux-gnu/10.3.1 +Found candidate GCC installation: /usr/lib/gcc/aarch64-linux-gnu/10.3.1 +Selected GCC installation: /usr/bin/../lib/gcc/aarch64-linux-gnu/10.3.1 +Candidate multilib: .;@m64 +Selected multilib: .;@m64 +``` + +验证副版本安装是否成功: + +```shell +source /opt/openEuler/llvm-toolset-17/enable +clang -v + +clang version 17.0.6 ( 17.0.6-4.oe2203sp4) +Target: aarch64-openEuler-linux-gnu +Thread model: posix +InstalledDir: /opt/openEuler/llvm-toolset-17/root/usr/bin +System configuration file directory: /etc/llvm-toolset-17-clang/ +Found candidate GCC installation: /usr/lib/gcc/aarch64-linux-gnu/10.3.1 +Selected GCC installation: /usr/lib/gcc/aarch64-linux-gnu/10.3.1 +Candidate multilib: .;@m64 +Selected multilib: .;@m64 +``` + +若返回结果中包含clang版本信息,说明安装成功。 + +## 使用示例 + +编译运行C/C++程序: + +```shell +clang [compiler-flags] hello.c -o hello.o +./hello.o +``` + +```shell +clang++ [compiler-flags] hello.cpp -o hello.o +./hello.o +``` + +指定链接器为LLVM的lld,若不指定则使用默认gcc的ld: + +```shell +clang [compiler-flags] -fuse-ld=lld hello.c -o hello.o +./hello.o +``` + +## 手动构建支持 + +请参考openEuler [llvm-project源码仓](https://gitee.com/openeuler/llvm-project)。 + +更多信息请参考LLVM的[用户指导](https://llvm.org/docs/UserGuides.html)。 diff --git a/docs/zh/server/development/application_dev/using_gcc_for_compilation.md b/docs/zh/server/development/application_dev/using_gcc_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..45626654b5f85018ceaf91d5e3f5338b338dc131 --- /dev/null +++ b/docs/zh/server/development/application_dev/using_gcc_for_compilation.md @@ -0,0 +1,594 @@ +# 使用GCC编译 + +本章介绍GCC编译的一些基本知识,并通过示例进行实际演示。更多的GCC知识请通过**man gcc**命令查询。 + +## 简介 + +GCC(GNU Compiler Collection)是GNU推出的功能强大、性能优越的多平台编译器。GCC编译器能将C、C++语言源程序、汇编程序和目标程序编译、链接成可执行文件。openEuler操作系统中已默认安装了GCC软件包。 + +## 基本规则 + +### 文件类型 + +对于任何给定的输入文件,文件类型决定进行何种编译。GCC常用的文件类型如[表1](#table634145764320)所示。 + +**表 1** GCC常用的文件类型 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

扩展名(后缀)

+

说明

+

.c

+

C语言源代码文件。

+

.C,.cc或.cxx

+

C++源代码文件。

+

.m

+

Objective-C源代码文件。

+

.s

+

汇编语言源代码文件。

+

.i

+

已经预处理的C源代码文件。

+

.ii

+

已经预处理的C++源代码文件。

+

.S

+

已经预处理的汇编语言源代码文件。

+

.h

+

程序所包含的头文件。

+

.o

+

编译后的目标文件。

+

.so

+

动态链接库,它是一种特殊的目标文件。

+

.a

+

静态链接库。

+

.out

+

可执行文件,但可执行文件没有统一的后缀,系统从文件的属性来区分可执行文件和不可执行文件。如果没有给出可执行文件的名字,GCC将生成一个名为a.out的文件。

+
+ +### 编译流程 + +使用GCC将源代码文件生成可执行文件,需要经过预处理、编译、汇编和链接。 + +1. 预处理:将源程序(如 **.c** 文件)预处理,生成 **.i** 文件。 +2. 编译:将预处理后的 **.i** 文件编译成为汇编语言,生成 **.s** 文件。 +3. 汇编:将汇编语言文件经过汇编,生成目标文件 **.o** 文件。 +4. 链接:将各个模块的 **.o** 文件链接起来生成一个可执行程序文件。 + +其中 **.i** 文件、**.s**文件、**.o**文件是中间文件或临时文件,如果使用GCC一次性完成C语言程序的编译,则这些文件会被删除。 + +### 编译选项 + +GCC编译的命令格式为:**gcc** \[_options_\] filenames + +其中: + +_options_ :编译选项。 + +_filenames_ :文件名称。 + +GCC是一个功能强大的编译器,其 _options_ 参数取值很多,但大部分并不常用,常用的 _options_ 取值如[表2](#table1342946175212)所示。 + +**表 2** GCC常用的编译选项 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

options取值

+

说明

+

示例

+

-c

+

编译、汇编指定的源文件生成目标文件,但不进行链接。通常用于编译不包含主程序的子程序文件。

+

#使用-c选项编译test1.c、test2.c源文件

+

gcc -c test1.c test2.c

+

-S

+

编译指定的源文件生成以.s作为后缀的汇编语言文件,但不进行汇编。

+

#编译器预处理 circle.c,将其翻译成汇编语言,并将结果存储在 circle.s 文件中。

+

gcc -S circle.c

+

-E

+

预处理指定的源文件,但不进行编译。

+

默认情况下,预处理器的输出会被导入到标准输出流(如显示器),可以利用-o选项把它导入到某个输出文件。

+

#预处理的结果导出到 circle.i 文件。

+

gcc -E circle.c -o circle.i

+

-o file

+

用在生成可执行文件时,生成指定的输出文件file。同时该名称不能和源文件同名。如果不给出这个选项,gcc就给出预设的可执行文件a.out。

+

#将源文件作为输入文件,将可执行文件作为输出文件,也即完整地编译整个程序。

+

gcc main.c func.c -o app.out

+

-g

+

在可执行程序中包含标准调试信息。

+

-

+

-L library_path

+

在库文件的搜索路径列表中添加library_path路径。

+

-

+

-Ilibrary

+

链接时搜索指定的函数库library

+

使用 GCC 编译和链接程序时,GCC 默认会链接 libc.a 或者 libc.so,但是对于其他的库(例如非标准库、第三方库等),就需要手动添加。

+

#使用-l选项,以链接数学库。

+

gcc main.c -o main.out -lm

+
说明:

数学库的文件名是 libm.a。前缀lib和后缀.a是标准的,m是基本名称,GCC 会在-l选项后紧跟着的基本名称的基础上自动添加这些前缀、后缀,本例中,基本名称为 m。

+
+

-I head_path

+

在头文件的搜索路径列表中添加head_path路径。

+

-

+

-static

+

进行静态编译,及链接静态库,禁止链接动态库。

+

-

+

-shared

+

默认选项,可省略。

+
  • 可以生成动态库文件。
  • 进行动态编译,优先链接动态库,只有没有动态库时才会链接同名的静态库。
+

-

+

-fPIC(或-fpic)

+

生成使用相对地址的位置无关的目标代码。通常使用-static选项从该PIC目标文件生成动态库文件。

+

-

+
+ +### 多源文件编译 + +多个源文件的编译方法有2种。 + +- 多个源文件一起编译。编译时需要所有文件重新编译。 + + 示例:将test1.c和test2.c分别编译后链接成test可执行文件。 + + ```shell + gcc test1.c test2.c -o test + ``` + +- 分别编译各个源文件,之后对编译后输出的目标文件链接。编译时只重新编译修改的文件,未修改的文件不用重新编译。 + + 示例:分别编译test1.c,test2.c,再将二者的目标文件test1.o,test2.o链接成test可执行文件。 + + ```shell + gcc -c test1.c + gcc -c test2.c + gcc test1.o test2.o -o test + ``` + +## 库 + +库是写好的、现有的、成熟的、可以复用的代码。每个程序都要依赖很多基础的底层库。 + +库文件在命名时约定,以lib为前缀,以.so(动态库)或.a(静态库)为后缀,中间为库文件名。如libfoo.so或libfoo.a。由于所有的库文件都遵循了同样的规范,因此当在链接库时,-l 选项指定链接的库文件名时可以省去lib前缀,即GCC 在对-lfoo 进行处理时,会自动去链接名为libfoo.so 或libfoo.a的库文件。而当在创建库时,必须指定完整文件名libfoo.so或libfoo.a。 + +根据链接时期的不同,库分为静态库和动态库。静态库是在链接阶段,将汇编生成的目标文件.o与引用到的库一起链接打包到可执行文件中;而动态库是在程序编译时并不会被链接到目标代码中,而是在程序运行时才被载入。二者有如下差异。 + +- 资源利用不一样。 + + 静态库为生成的可执行文件的一部分,而动态库为单独的文件。所以使用静态库和动态库的可执行文件大小和占用的磁盘空间大小不一样,导致资源利用不一样。 + +- 扩展性与兼容性不一样 + + 静态库中某个函数的实现变了,那么可执行文件必须重新编译,而对于动态链接生成的可执行文件,只需要更新动态库本身即可,不需要重新编译可执行文件。 + +- 依赖不一样 + + 静态库的可执行文件不需要依赖其他的内容即可运行,而动态库的可执行文件必须依赖动态库的存在。所以静态库更方便移植。 + +- 加载速度不一样 + + 静态库在链接时就和可执行文件在一块了,而动态库在加载或者运行时才链接,因此,对于同样的程序,静态链接的要比动态链接加载更快。 + +### 动态链接库 + +使用-shared选项 和-fPIC选项,可直接使用源文件、汇编文件或者目标文件创建一个动态库。其中-fPIC 选项作用于编译阶段,在生成目标文件时就需要使用该选项,以生成位置无关的代码。 + +示例1:从源文件生成动态链接库。 + +```shell +gcc -fPIC -shared test.c -o libtest.so +``` + +示例2:从目标文件生成动态链接库。 + +```shell +gcc -fPIC -c test.c -o test.o +gcc -shared test.o -o libtest.so +``` + +将一个动态库链接到可执行文件,需要在命令行中列出动态库的名称。 + +示例:将main.c和libtest.so一起编译成 app.out,当 app.out 运行时,会动态地加载链接库 libtest.so。 + +```shell +gcc main.c libtest.so -o app.out +``` + +这种方式是直接指定使用当前目录下的libtest.so文件。 + +若使用下面搜索动态库的方式,则为了确保程序在运行时能够链接到动态库,需要通过如下三种方法中的任一种实现。 + +- 将动态库保存在标准目录下,例如 /usr/lib。 +- 把动态库所在路径libraryDIR增加到环境变量LD\_LIBRARY\_PATH中 + + ```sh + # export LD\_LIBRARY\_PATH=libraryDIR:$LD\_LIBRARY\_PATH + ``` + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > LD\_LIBRARY\_PATH为动态库的环境变量。当运行动态库时,若动态库不在缺省文件夹(/lib 和/usr/lib)下,则需要指定环境变量LD\_LIBRARY\_PATH。 + +- 把动态库所在路径libraryDIR增加 /etc/ld.so.conf中然后执行ldconfig或者以动态库所在路径libraryDIR为参数执行ldconfig。 + +```shell +gcc main.c -L libraryDIR -ltest -o app.out +export LD_LIBRARY_PATH=libraryDIR:$LD_LIBRARY_PATH +``` + +### 静态链接库 + +创建一个静态链接库,需要先将源文件编译为目标文件,然后再使用ar命令将目标文件打包成静态链接库。 + +示例:将源文件test1.c,test2.c,test3.c编译并打包成静态库。 + +```shell +gcc -c test1.c test2.c test3.c +ar rcs libtest.a test1.o test2.o test3.o +``` + +其中ar是一个备份压缩命令,可以将多个文件打包成一个备份文件(也叫归档文件),也可以从备份文件中提取成员文件。ar最常见的用法是将目标文件打包为静态链接库。 + +ar将目标文件打包成静态链接库的命令格式为: + +ar rcs _Sllfilename_ _Targetfilelist_ + +- _Sllfilename_ :静态库文件名。 +- _Targetfilelist_ :目标文件列表。 +- r: 替换库中已有的目标文件,或者加入新的目标文件。 +- c: 创建一个库,不管库是否存在,都将创建。 +- s: 创建目标文件索引,在创建较大的库时能提高速度。 + +示例:创建一个main.c文件来使用静态库 + +```shell +gcc main.c -L libraryDIR -ltest -o test.out +``` + +其中libraryDIR为libtest.a库的路径。 + +## 示例 + +### 使用GCC编译C程序示例 + +1. cd到代码目录,此处以目录“~/code”进行举例,如下所示: + + ```shell + cd ~/code + ``` + +2. 编写Hello World程序,保存为helloworld.c,此处以编译Hello World程序进行举例说明,示例如下: + + ```shell + vi helloworld.c + ``` + + 代码内容示例: + + ```c + #include + int main() + { + printf("Hello World!\n"); + return 0; + } + ``` + +3. 在代码目录,执行编译,使用命令: + + ```shell + gcc helloworld.c -o helloworld + ``` + + 编译执行未报错,表明执行通过。 + +4. 编译完成后,会生成helloworld文件,查看编译结果,示例如下: + + ```shell + # ./helloworld + Hello World! + ``` + +### 使用GCC创建和使用动态链接库示例 + +1. cd到代码目录,此处以目录“~/code”进行举例。并在该目录下创建src,lib,include子目录,分别用于存放源文件,动态库文件和头文件。 + + ```shell + cd ~/code + mkdir src lib include + ``` + +2. cd到~/code/src目录,创建2个函数add.c、sub.c,分别实现加、减。 + + ```shell + cd ~/code/src + vi add.c + vi sub.c + ``` + + add.c代码内容示例: + + ```shell + #include "math.h" + int add(int a, int b) + { + return a+b; + } + ``` + + sub.c代码内容示例: + + ```c + #include "math.h" + int sub(int a, int b) + { + return a-b; + } + ``` + +3. 将add.c、sub.c源文件创建为动态库libmath.so,并将该动态库存放在~/code/lib目录。 + + ```shell + gcc -fPIC -shared add.c sub.c -o ~/code/lib/libmath.so + ``` + +4. cd到~/code/include目录,创建1个头文件math.h,声明函数的头文件。 + + ```shell + cd ~/code/include + vi math.h + ``` + + math.h代码内容示例: + + ```c + #ifndef __MATH_H_ + #define __MATH_H_ + int add(int a, int b); + int sub(int a, int b); + #endif + ``` + +5. cd到~/code/src目录,创建一个调用add\(\)和sub\(\)的main.c函数。 + + ```shell + cd ~/code/src + vi main.c + ``` + + math.c代码内容示例: + + ```c + #include + #include "math.h" + int main() + { + int a, b; + printf("Please input a and b:\n"); + scanf("%d %d", &a, &b); + printf("The add: %d\n", add(a,b)); + printf("The sub: %d\n", sub(a,b)); + return 0; + } + ``` + +6. 将main.c和libmath.so一起编译成math.out。 + + ```shell + gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out + ``` + +7. 将动态链接库所在的路径加入到环境变量中。 + + ```shell + export LD_LIBRARY_PATH=~/code/lib:$LD_LIBRARY_PATH + ``` + +8. 执行math.out。 + + ```shell + ./math.out + ``` + + 执行结果如下所示: + + ```text + Please input a and b: + 9 2 + The add: 11 + The sub: 7 + ``` + +### 使用GCC创建和使用静态链接库示例 + +1. cd到代码目录,此处以目录“~/code”进行举例。并在该目录下创建src,lib,include子目录,分别用于存放源文件,静态库文件和头文件。 + + ```shell + cd ~/code + mkdir src lib include + ``` + +2. cd到~/code/src目录,创建2个函数add.c、sub.c,分别实现加、减。 + + ```shell + cd ~/code/src + vi add.c + vi sub.c + ``` + + add.c代码内容示例: + + ```c + #include "math.h" + int add(int a, int b) + { + return a+b; + } + ``` + + sub.c代码内容示例: + + ```c + #include "math.h" + int sub(int a, int b) + { + return a-b; + } + ``` + +3. 将add.c、sub.c源文件编译为目标文件add.o、sub.o。 + + ```shell + gcc -c add.c sub.c + ``` + +4. 将add.o、sub.o目标文件通过ar命令打包成静态库libmath.a,并将该静态库存放在~/code/lib目录。 + + ```shell + ar rcs ~/code/lib/libmath.a add.o sub.o + ``` + +5. cd到~/code/include目录,创建1个头文件math.h,声明函数的头文件。 + + ```shell + cd ~/code/include + vi math.h + ``` + + math.h代码内容示例: + + ```c + #ifndef __MATH_H_ + #define __MATH_H_ + int add(int a, int b); + int sub(int a, int b); + #endif + ``` + +6. cd到~/code/src目录,创建一个调用add\(\)和sub\(\)的main.c函数。 + + ```shell + cd ~/code/src + vi main.c + ``` + + math.c代码内容示例: + + ```c + #include + #include "math.h" + int main() + { + int a, b; + printf("Please input a and b:\n"); + scanf("%d %d", &a, &b); + printf("The add: %d\n", add(a,b)); + printf("The sub: %d\n", sub(a,b)); + return 0; + } + ``` + +7. 将main.c和libmath.a一起编译成math.out。 + + ```shell + gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out + ``` + +8. 执行math.out。 + + ```shell + ./math.out + ``` + + 执行结果如下所示: + + ```text + Please input a and b: + 9 2 + The add: 11 + The sub: 7 + ``` diff --git a/docs/zh/server/development/application_dev/using_jdk_for_compilation.md b/docs/zh/server/development/application_dev/using_jdk_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..3917899b1a43bfdf153e58558fa79cc2ece1ef8c --- /dev/null +++ b/docs/zh/server/development/application_dev/using_jdk_for_compilation.md @@ -0,0 +1,509 @@ +# 使用JDK编译 + +## 简介 + +JDK(Java Development Kit)是 Java 开发者进行 Java 开发所必须的软件包,包含 JRE(Java Runtime Environment)和编译、调测工具。openEuler在OpenJDK 的基础上进行了 GC 优化、并发稳定性增强、安全性增强等修改,提高了 Java 应用程序在 ARM 上的性能和稳定性。 + +## 基本规则 + +### 文件类型及工具 + +对于任何给定的输入文件,文件类型决定采用何种工具进行处理。JDK常用的文件类型如[表1](#table634145764320)所示,JDK常用的工具如[表2](#table103504146433)所示。 + +**表 1** JDK常用的文件类型 + + + + + + + + + + + + + + + + +

扩展名(后缀)

+

说明

+

.java

+

java语言源代码文件。

+

.class

+

java的字节码文件,是一种和任何具体机器环境及操作系统环境无关的中间代码。它是一种二进制文件,是Java 源文件由 Java 编译器编译后生成的目标代码文件。

+

.jar

+

java的jar压缩文件。

+
+ +**表 2** JDK常用的工具 + + + + + + + + + + + + + + + + +

工具名称

+

说明

+

java

+

Java运行工具,用于运行.class字节码文件或.jar文件。

+

javac

+

Java编程语言的编译器,将.java的源代码文件编译成.class的字节码文件。

+

jar

+

创建和管理Jar文件

+
+ +### java程序生成流程 + +通过JDK将java源代码文件生成并运行Java程序,需要经过编译和运行。 + +1. 编译:是指使用Java编译器(javac)将java源代码文件(.java文件)编译为.class的字节码文件。 +2. 运行:是指在Java虚拟机上执行字节码文件。 + +### JDK常用工具选项 + +#### javac编译选项 + +javac编译的命令格式为:**javac** \[_options_\] \[_sourcefiles_\] \[_classes_\] \[@_argfiles_\] + +其中: + +_options_ :命令选项。 + +_sourcefiles_ :一个或多个需要编译的源文件。 + +_classes_ :一个或多个要为注释处理的类。 + +@_argfiles_ :一个或多个列出选项和源文件的文件。这些文件中不允许有-J选项。 + +javac是java编译器,其 _options_ 参数取值很多,但有些大部分并不常用,常用的 _options_ 取值如[表3](#table1342946175212)所示。 + +**表 3** javac常用的编译选项 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

options取值

+

说明

+

示例

+

-d path

+

指定存放生成的类文件的路径

+

默认情况下,编译生成的类文件与源文件在同一路径下。使用-d选项可以将类文件输出到指定路径。

+

#使用-d选项将所有类文件输出到bin路径下

+

javac /src/*.java -d /bin

+

-s path

+

指定存放生成的源文件的路径

+

-

+

-cp path或-classpath path

+

搜索编译所需的class文件,指出编译所用到的class文件的位置。

+

#在Demo中要调用GetStringDemo类中的getLine()方法,而GetStringDemo类编译后的文件,即.class文件在bin目录下。

+

javac -cp bin Demo.java -d bin

+

-verbose

+

输出关于编译器正在执行的操作的消息,如加载的类信息和编译的源文件信息。

+

#输出关于编译器正在执行的操作的消息。

+

javac -verbose -cp bin Demo.java

+

-source sourceversion

+

指定查找输入源文件的位置。

+

-

+

-sourcepath path

+

用于搜索编译所需的源文件(即java文件),指定要搜索的源文件的位置,如jar、zip或其他包含java文件的目录。

+

-

+

-target targetversion

+

生成特定JVM版本的类文件。取值为1.1,1.2,1.3,1.4,1.5(或5),1.6(或6),1.7(或7),1.8(或8)。targetversion的缺省值与-source选项的sourceversion有关。sourceversion取值:

+
  • 1.2,targetversion为1.4;
  • 1.3,targetversion为1.4;
  • 1.5、1.6、1.7、未指定,targetversion为1.8。
  • 其他值,targetversionsourceversion取值相同。
+

-

+
+ +#### java运行选项 + +java运行的格式为: + +运行类文件:**java** \[_options_\] _classesname_ \[args\] + +运行jar文件:**java** \[_options_\] -jar _filename_ \[args\] + +其中: + +_options_ :命令选项,选项之间用空格分隔。 + +_classname_ :运行的.class文件名。 + +_filename_ :运行的.jar文件名。 + +args:传递给main\(\)函数的参数,参数之间用空格分隔。 + +java是运行java应用程序的工具,其 _options_ 参数取值很多,但有些大部分并不常用,常用的 _options_ 取值如[表4](#table371918587238)所示。 + +**表 4** java常用的运行选项 + + + + + + + + + + + + + + + + +

options取值

+

说明

+

示例

+

-cp path或-classpath path

+

指定要运行的文件所在的位置以及需要用到的类路径,包括jar、zip和class文件目录。

+

当路径有多个时,使用“:”分隔。

+

-

+

-verbose

+

输出关于编译器正在执行的操作的消息,如加载的类信息和编译的源文件信息。

+

#输出关于编译器正在执行的操作的消息。

+

java -verbose -cp bin Demo.java

+
+ +#### jar打包选项 + +jar的命令格式为:**jar** \{c | t | x | u\}\[vfm0M\] \[_jarfile_\] \[_manifest_\] \[-C _dir_\] _file_... + +jar命令参数说明如[表5](#table3691718114817)所示。 + +**表 5** jar命令参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

参数

+

说明

+

示例

+

c

+

创建jar文件包。

+

#把当前目录的hello.class文件打包到Hello.jar,且不显示打包的过程。如果Hello.jar文件还不存在,就创建它,否则首先清空它。

+

jar cf Hello.jar hello.class

+

t

+

列出jar文件包的内容列表。

+

#列出Hello.jar包含的文件清单。

+

jar tf Hello.jar

+

x

+

展开jar文件包的指定文件或者所有文件。

+

#解压Hello.jar 到当前目录,不显示任何信息。

+

jar xf Hello.jar

+

u

+

更新已存在的jar文件包,如添加文件到jar文件包中。

+

-

+

v

+

生成详细报告并打印到标准输出。

+

#把当前目录的hello.class文件打包到Hello.jar,并显示打包的过程。如果Hello.jar文件还不存在,就创建它,否则首先清空它。

+

jar cvf Hello.jar hello.class

+

f

+

指定jar文件名,通常这个参数是必须的。

+

-

+

m

+

指定需要包含的manifest清单文件。

+

-

+

0

+

只存储,不压缩,这样产生的jar文件包会比不用该参数产生的体积大,但速度更快。

+

-

+

M

+

不产生所有项的manifest清单文件,此参数会忽略m参数

+

#把当前目录的hello.class文件打包到Hello.jar,并显示打包的过程。如果Hello.jar文件还不存在,就创建它,否则首先清空它。但在创建Hello.jar时不产生manifest 文件。

+

jar cvfM Hello.jar hello.class

+

jarfile

+

.jar文件包,它是f参数的附属参数。

+

-

+

manifest

+

.mf的manifest清单文件,它是m参数的附属参数。

+

-

+

-C dir

+

转到指定dir下执行jar命令,只能配合参数c、t使用。

+

-

+

file

+

指定文件/路径列表,文件或路径下的所有文件(包括递归路径下的)都会被打入jar文件包中,或解压jar文件到路径下。

+

#把当前目录的所有class文件打包到Hello.jar,并显示打包的过程。如果Hello.jar文件还不存在,就创建它,否则首先清空它。

+

jar cvf Hello.jar *.class

+
+ +## 类库 + +java类库是以包的形式实现的,包是类和接口的集合。java编译器为每个类生成一个字节码文件,且文件名与类名相同,因此同名的类之间就有可能发生冲突。java语言中,把一组类和接口封装在一个包内,包可以有效地管理类名空间,位于不同包中的类即使同名也不会冲突,从而解决了同名类之间可能发生的冲突问题,为管理大量的类和接口提供了方便,也有利于类和接口的安全。 + +除java提供的许多包外,开发者也可以自定义包,把自己编写的类和接口等组成程序包的形式,以便后续使用。 + +自定义包需要先声明包,然后在使用包。 + +### 包的声明 + +包的声明格式为:package pkg1\[.pkg2\[.pkg3...\]\]; + +为了声明一个包,首先必须建立一个相应的目录结构,子目录与包名一致,然后在需要放入该包的类文件开头声明包,表示该文件的全部类都属于这个包。包声明中的“.”指明了目录的层次。如果源程序文件中没有package语句,则指定为无名包。无名包没有路径,一般情况下,java仍然会把源文件中的类存储在当前工作目录(即存放java源文件的目录)下。 + +包声明语句必须被加到源程序文件的起始部分,而且前面不能有注释和空格。如果在不同源程序文件中使用相同的包声明语句,就可以将不同源程序文件中的类都包含在相同的包中。 + +### 包的引用 + +在 Java 中,为了能使用java提供的包中的公用类,或者使用自定义的包中的类,有两种方法。 + +- 在要引用的类名前带上包名。 + + 如:name.A obj=new name.A \(\); + + 其中,name为包名,A为类名,obj为对象。表示程序中用name包中的A类定义一个对象obj。 + + 示例:新建一个example包中Test类的test对象。 + + ```shell + example.Test test = new example.Test(); + ``` + +- 在文件开头使用import来导入包中的类。 + + import语句的格式为:import pkg1\[.pkg2\[.pkg3...\]\].\(classname | \*\); + + 其中,pkg1\[.pkg2\[.pkg3...\]\]表明包的层次,classname为所要导入的类。如果要从一个包中导入多个类,则可以使用通配符“\*”来替代。 + + 示例:导入example包中的Test类。 + + ```java + import example.Test; + ``` + + 示例:将example 整个包导入。 + + ```java + import example.*; + ``` + +## 示例 + +### 编译不带包的java程序示例 + +1. cd到代码目录,此处以用户“~/code”进行举例。如下所示: + + ```shell + cd ~/code + ``` + +2. 编写Hello World程序,保存为HelloWorld.java,此处以编译Hello World程序进行举例说明。示例如下: + + ```shell + vi HelloWorld.java + ``` + + 代码内容示例: + + ```java + public class HelloWorld { + public static void main(String[] args) { + System.out.println("Hello World"); + } + } + ``` + +3. 在代码目录,执行编译,使用命令: + + ```shell + javac HelloWorld.java + ``` + + 编译执行未报错,表明执行通过。 + +4. 编译完成后,会生成 HelloWorld.class 文件,通过java命令可执行查看结果,示例如下: + + ```shell + # java HelloWorld + Hello World + ``` + +### 编译带包的java程序示例 + +1. cd到代码目录,此处以用户“~/code”进行举例。并在该目录下创建“~/code/Test/my/example”、“~/code/Hello/world/developers”、“~/code/Hi/openos/openeuler”子目录,分别用于存放源文件。 + + ```shell + cd ~/code + mkdir -p Test/my/example + mkdir -p Hello/world/developers + mkdir -p Hi/openos/openeuler + ``` + +2. cd到~/code/Test/my/example目录,创建Test.java。 + + ```shell + cd ~/code/Test/my/example + vi Test.java + ``` + + Test.java代码内容示例: + + ```java + package my.example; + import world.developers.Hello; + import openos.openeuler.Hi; + public class Test { + public static void main(String[] args) { + Hello me = new Hello(); + me.hello(); + Hi you = new Hi(); + you.hi(); + } + } + ``` + +3. cd到~/code/Hello/world/developers目录,创建Hello.java。 + + ```shell + cd ~/code/Hello/world/developers + vi Hello.java + ``` + + Hello.java代码内容示例: + + ```java + package world.developers; + public class Hello { + public void hello(){ + System.out.println("Hello, openEuler."); + } + } + ``` + +4. ~/code/Hi/openos/openeuler目录,创建Hi.java。 + + ```shell + cd ~/code/Hi/openos/openeuler + vi Hi.java + ``` + + Hi.java代码内容示例: + + ```java + package openos.openeuler; + public class Hi { + public void hi(){ + System.out.println("Hi, the global developers."); + } + } + ``` + +5. cd到~/code,使用javac编译源文件。 + + ```shell + cd ~/code + javac -classpath Hello:Hi Test/my/example/Test.java + ``` + + 执行完命令后,会在“~/code/Test/my/example”、“~/code/Hello/world/developers”、“~/code/Hi/openos/openeuler”目录下分别生成Test.class、Hello.class、Hi.class文件。 + +6. cd到~/code,使用java运行Test程序。 + + ```shell + cd ~/code + java -classpath Test:Hello:Hi my/example/Test + ``` + + 执行结果如下所示: + + ```text + Hello, openEuler. + Hi, the global developers. + ``` diff --git a/docs/zh/server/development/application_dev/using_make_for_compilation.md b/docs/zh/server/development/application_dev/using_make_for_compilation.md new file mode 100644 index 0000000000000000000000000000000000000000..98e0b61ccfdf0ebab20566f9f934087790b4362d --- /dev/null +++ b/docs/zh/server/development/application_dev/using_make_for_compilation.md @@ -0,0 +1,358 @@ +# 使用make编译 + +本章介绍make编译的一些基本知识,并通过示例进行实际演示。更多的make选项请通过**make --help**命令查询,或者查看GNU官方文档。 + +## 简介 + +GNU make实用程序(通常缩写为make)是一种用于控制从源文件生成可执行文件的工具。 make会自动确定复杂程序的哪些部分已更改并需要重新编译。 make使用称为Makefiles的配置文件来控制程序的构建方式。 + +## 基本规则 + +### 文件类型 + +makefile文件中可能用到的文件类型如[表1](#table634145764320)所示。 + +**表 1** 文件类型 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

扩展名(后缀)

+

说明

+

.c

+

C语言源代码文件。

+

.C,.cc或.cxx

+

C++源代码文件。

+

.m

+

Objective-C源代码文件。

+

.s

+

汇编语言源代码文件。

+

.i

+

已经预处理的C源代码文件。

+

.ii

+

已经预处理的C++源代码文件。

+

.S

+

已经预处理的汇编语言源代码文件。

+

.h

+

程序所包含的头文件。

+

.o

+

编译后的目标文件。

+

.so

+

动态链接库,它是一种特殊的目标文件。

+

.a

+

静态链接库。

+

.out

+

可执行文件,但可执行文件没有统一的后缀,系统从文件的属性来区分可执行文件和不可执行文件。如果没有给出可执行文件的名字,GCC将生成一个名为a.out的文件。

+
+ +### make工作流程 + +使用make由源代码文件生成可执行文件,需要经过如下步骤。 + +1. make命令会读入Makefile文件,包括当前目录下命名为"GNUmakefile" 、"makefile" 、"Makefile"的文件、被include的makefile文件、参数-f、\-\-file、\-\-makefile指定的规则文件。 +2. 初始化变量。 +3. 推导隐含规则,分析依赖关系,并创建依赖关系链。 +4. 根据依赖关系链,决定哪些目标需要重新生成。 +5. 执行生成命令,最终输出终极文件。 + +### make选项 + +make命令格式为:**make** \[_option_\]... \[_target_\]... + +其中: + +_option_ :参数选项。 + +_target_ :Makefile中指定的目标。 + +常用make的 _option_ 取值如[表2](#table261872312343)所示。 + +**表 2** 常用的make选项 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

options取值

+

说明

+

-C dir,--directory=dir

+

指定make在开始运行后的工作目录为dir

+

当存在多个 -C 选项的时候,make 的最终工作目录是第一个目录的相对路径。

+

-d

+

make在执行的过程中打印出所有的调试信息。使用-d选项可以显示make构造依赖关系链、重建目标过程中的所有信息。

+

-e,--environment-overrides

+

使用环境变量定义覆盖Makefile中的同名变量定义。

+

-f file,--file=file

+

--makefile=file

+

指定file文件为make 执行的Makefile文件。

+

-h,--help

+

打印帮助信息。

+

-i,--ignore-errors

+

执行过程中忽略规则命令执行的错误。

+

-k,--keep-going

+

执行命令错误时不终止make的执行,make 尽最大可能执行所有的命令,直至出现致命的错误才终止。

+

-n,--just-print,--dry-run

+

按实际运行时的执行顺序模拟执行命令(包括用@开头的命令),没有实际执行效果,仅仅用于显示执行过程。

+

-o file,--old-file=file,--assume-old=file

+

指定file文件不需要重建,即使它的依赖已经过期,同时不重建此依赖文件的任何目标。

+

-p,--print-data-base

+

命令执行之前,打印出make读取的Makefile的所有数据,同时打印出 make的版本信息。如果只需要打印这些数据信息,可以使用 “make -qp”命令,查看 make 执行之前预设的规则和变量,可使用命令“make -p -f /dev/null”。

+

-r,--no-builtin-rules

+

忽略内嵌的隐含规则的使用,同时忽略所有后缀规则的隐含后缀列表。

+

-R,--no-builtin-variables

+

忽略内嵌的隐含变量。

+

-s,--silent,--quiet

+

取消命令执行过程中的打印。

+

-S,--no-keep-going,--stop

+

取消 "-k" 的选项在递归的 make 过程中子 make 通过 "MAKEFLAGS" 变量继承了上层的命令行选项那个。我们可以在子 make 中使用“-S”选项取消上层传递的 "-k" 选项,或者取消系统环境变量 "MAKEFLAGS" 中 "-k"选项。

+

-t,--touch

+

更新所有的目标文件的时间戳到当前系统时间。防止 make 对所有过时目标文件的重建。

+

-v,--version

+

查看make的版本信息。

+
+ +## Makefile + +make是通过Makefile文件获取如何编译、链接和安装、清理的方法,从而实现将源代码文件生成可执行文件和其他相关文件的工具。因此,Makefile中描述了整个工程的编译和链接等规则,其中包含了哪些文件需要编译,哪些文件不需要编译,哪些文件需要先编译,哪些文件需要后编译,哪些文件需要重建等等。Makefile文件让工程编译实现了自动化,不需要每次都手动输入一堆源文件和参数。 + +本章简单介绍Makefile文件的结构和主要内容,更多Makefile的内容请通过**info make**命令查询 + +### Makefile结构 + +Makefile文件结构如下所示: + +_targets_:_prereguisites_ + +_command_ + +或者是: + +_targets_:_prerequisites_;_command_ + +_command_ + +其中: + +- _targets_ :目标,可以是目标文件、可执行文件或标签。 +- _prerequisites_ :依赖文件,生成targets需要的文件或者是目标。可以是多个,也可以没有。 +- _command_ :make需要执行的命令(任意的 shell 命令)。可以有多条命令,每一条命令占一行。 +- 目标和依赖文件之间要使用“:”分隔,命令的开始一定要按“Tab”。 + +Makefile文件结构表明了输出的目标,输出目标的依赖对象和生成目标需要执行的命令。 + +### Makefile主要内容 + +一个Makefile文件主要由以下内容组成。 + +- 显式规则 + + 明确写出来的依赖关系,如要生成的文件,文件的依赖文件,生成的命令。 + +- 隐含规则 + + 由make自动推导的规则,make命令支持自动推导功能。 + +- 变量的定义 +- 文件指示 + + 文件指示包括三部分: + + - include 其他 Makefile,如include xx.md。 + - 选择执行,如\#ifdef。 + - 定义多行命令,如define...endef。 + +- 注释 + + 以 “\#” 开头。 + +## 示例 + +### 使用Makefile实现编译的示例 + +1. cd到代码目录,此处以目录“~/code”进行举例。 + + ```shell + cd ~/code + ``` + +2. 创建1个头文件hello.h和2个函数hello.c、main.c。 + + ```c + vi hello.h + vi hello.c + vi main.c + ``` + + hello.h代码内容示例: + + ```c + #pragma once + #include + void hello(); + ``` + + hello.c代码内容示例: + + ```c + #include "hello.h" + void hello() + { + int i=1; + while(i<5) + { + printf("The %dth say hello.\n", i); + i++; + } + } + + ``` + + main.c代码内容示例: + + ```c + #include "hello.h" + #include + int main() + { + hello(); + return 0; + } + ``` + +3. 创建Makefile文件。 + + ```shell + vi Makefile + ``` + + Makefile文件内容示例: + + ```text + main:main.o hello.o + gcc -o main main.o hello.o + main.o:main.c + gcc -c main.c + hello.o:hello.c + gcc -c hello.c + clean: + rm -f hello.o main.o main + ``` + +4. 执行make命令。 + + ```shell + make + ``` + + 命令执行后,会打印Makefile中执行的命令。如果不需要打印该信息,可以在执行make命令时加上参数-s。 + + gcc -c main.c + + gcc -c hello.c + + gcc -o main main.o hello.o + +5. 执行./main目标。 + + ```shell + ./main + ``` + + 命令执行后,打印如下信息: + + The 1th say hello. + + The 2th say hello. + + The 3th say hello. + + The 4th say hello. diff --git a/docs/zh/server/development/fangtian/_toc.yaml b/docs/zh/server/development/fangtian/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..398bb734b1032fe43393662dfaf78d03da9f3e01 --- /dev/null +++ b/docs/zh/server/development/fangtian/_toc.yaml @@ -0,0 +1,10 @@ +label: FangTian视窗引擎 +isManual: true +description: FangTian视窗引擎的安装及开发使用指南。 +sections: + - label: FangTian视窗引擎 + href: ./overview.md + - label: FangTian环境配置 + href: ./fangtian_environment_configuration.md + - label: FangTian支持Wayland应用及鸿蒙应用 + href: ./fangtian_for_linux_waylan_and_openharmony_applications.md diff --git a/docs/zh/server/development/fangtian/fangtian_environment_configuration.md b/docs/zh/server/development/fangtian/fangtian_environment_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..88253cb9d998a5cac8f79924ddd6ea2699e10edf --- /dev/null +++ b/docs/zh/server/development/fangtian/fangtian_environment_configuration.md @@ -0,0 +1,81 @@ +# 安装与部署 + +本章介绍在 openEuler 中安装 FangTian 的方法。 + +## 软硬件要求 + +### 硬件要求 + +当前仅支持 x86和 AArch64 架构。 + +### 环境准备 + +安装 openEuler 系统,安装方法参考《[openEuler 安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md)》。 + +### FangTian 软件包安装 + + x86架构下: + + ```shell + sudo dnf install ft_multimedia ft_mmi ft_flutter ft_engine arkui-linux ft_utils + sudo dnf install ft_multimedia-devel ft_mmi-devel ft_flutter-devel ft_engine-devel + ``` + + AArch64架构下: + + ```shell + sudo dnf install ft_multimedia ft_mmi ft_flutter ft_engine ft_utils + sudo dnf install ft_multimedia-devel ft_mmi-devel ft_flutter-devel ft_engine-devel + ``` + +## 启动引擎 + +- 系统服务samgr的启动 + + 预设置:安装 binder,ashmem 等。 + + ```shell + sudo /usr/share/sa/pre_oneshot_samgr + ``` + + 可以直接拉起samgr。 + + ```shell + mkdir -p ~/tmp + sudo samgr > ~/tmp/samgr.log 2>&1 & + ``` + + 或者,自行配置为 service 再启动服务。 + + ```shell + sudo systemctl restart samgr + ``` + +- 引擎sa的启动 + + ```shell + sa_main /system/profile/ft/ft.xml > ~/tmp/ftsa.log 2>&1 & + ``` + + > 说明 + > + > - sa 代表一种系统能力,一个进程可包含多个 sa。ft.xml 配置了多个 sa,共同组成进程 ft。关于 samgr 及 sa 概念可以参考 OpenHarmony。 + > - 关于 sa 的配置 xml 及 sa_main samgr 均已在软件包安装时自动部署。 + +## 基于 FangTian 做简单 GUI 应用开发运行 + +C++ GUI 简单应用《[示例参考](https://gitee.com/openeuler/ft_engine/blob/master/samples/)》。 + +运行: + +```shell +desktop & +``` + +结果如下: + +![](./figures/desktop_simple_apps.png) + + > 说明 + > + > 开发者可以查看[FT接口](https://gitee.com/openeuler/ft_engine/wikis/1.0-alpha%E6%8E%A5%E5%8F%A3/1.0-alpha%20Interface%20Overview)进行应用的开发。 diff --git a/docs/zh/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md b/docs/zh/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md new file mode 100644 index 0000000000000000000000000000000000000000..ea1807eb1b75bddbd9cc1aeda1319f8093cfac3e --- /dev/null +++ b/docs/zh/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md @@ -0,0 +1,75 @@ +# Linux Wayland 应用及鸿蒙应用的支持 + +FangTian 视窗引擎融合了多个应用生态,可支持 Linux、鸿蒙应用在 openEuler 同时运行。 + +## Wayland应用的支持 + +### Wayland协议 + +FangTian 为了支持 Linux 原生应用,对 Wayland 应用做了兼容。由于 Wayland 协议庞杂,FangTian 当前主要兼容了 Core/Stable/Unstable 等。 + +### 应用运行 + +1. 在启动[引擎](./FangTian环境配置.md#启动引擎)之后,启动 wayland 适配器的 sa。 + + ```shell + mkdir -p ~/tmp + sa_main /system/profile/ft/ft_wl.xml > ~/tmp/ftwlsa.log 2>&1 & + ``` + +2. 配置 wl 环境。 + + ```shell + export XDG_SESSION_TYPE=wayland + export WAYLAND_DISPLAY="wayland-0" + export QT_QPA_PLATFORMTHEME=ukui + ``` + +3. Linux Wayland 应用的安装下载。 + + ```shell + sudo dnf install kylin-calculator deepin-terminal + ``` + +4. 运行结果如下 。 + +![](./figures/wayland_apps.png) + +## 鸿蒙应用的支持 + +### ArkUI框架 + +FangTian 当前支持 ArkUI 部分控件,如文本、按钮、图片等。开发者可以基于[DevEco Studio](https://developer.harmonyos.com/cn/develop/deveco-studio/)完成鸿蒙应用的开发。 + +### 应用代码 + +- [电子相册](https://gitee.com/openharmony/codelabs/tree/master/ETSUI/ElectronicAlbum) +- [简易计算器](https://gitee.com/openharmony/codelabs/tree/master/ETSUI/SimpleCalculator) + +### 安装运行 + +1. 从 DevEco Studio 复制应用 hap 到 openEuler 目录下,如`~/apps/tmp`。 + +2. 解压该 hap,如`eletronicAlbum.hap`。 + + ```shell + unzip eletronicAlbum.hap + ``` + + 解压之后的路径为`~/apps/tmp/eletronicAlbum`。 + +3. 在启动[引擎](./FangTian环境配置.md#启动引擎)之后,运行 hap。 + + ```shell + hap_executor ~/apps/tmp/eletronicAlbum + ``` + +4. 运行结果如下。 + +![](./figures/arkui_ele.png) + +### 限制条件 + +- 当前 ArkUI 控件支持不全,web、视频类等控件不可用,napi 接口需要自行开发、迁移。 + +- ArkUI 在该版本版本上仅支持 x86 架构。 diff --git a/docs/zh/server/development/fangtian/figures/arkui_ele.png b/docs/zh/server/development/fangtian/figures/arkui_ele.png new file mode 100644 index 0000000000000000000000000000000000000000..d2c8010cddaa99a852c072f7852f51e48c9b9675 Binary files /dev/null and b/docs/zh/server/development/fangtian/figures/arkui_ele.png differ diff --git a/docs/zh/server/development/fangtian/figures/desktop_simple_apps.png b/docs/zh/server/development/fangtian/figures/desktop_simple_apps.png new file mode 100644 index 0000000000000000000000000000000000000000..cf625a544183dafb9747ececc544722dd1e42f87 Binary files /dev/null and b/docs/zh/server/development/fangtian/figures/desktop_simple_apps.png differ diff --git a/docs/zh/server/development/fangtian/figures/wayland_apps.png b/docs/zh/server/development/fangtian/figures/wayland_apps.png new file mode 100644 index 0000000000000000000000000000000000000000..bb62dd4f352625b273b22b8681a9de34123eb0ca Binary files /dev/null and b/docs/zh/server/development/fangtian/figures/wayland_apps.png differ diff --git a/docs/zh/server/development/fangtian/overview.md b/docs/zh/server/development/fangtian/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..b303fcdf1e0174822b99c2accb6b4e8d77d987cf --- /dev/null +++ b/docs/zh/server/development/fangtian/overview.md @@ -0,0 +1,8 @@ +# FangTian 视窗引擎指南 + +本文档介绍基于 openEuler 系统的 FangTian 视窗引擎的安装及开发使用指南。 + +本文档适用于使用 openEuler 系统并希望了解和使用 FangTian 视窗引擎的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备以下经验和技能: + +* 熟悉 Linux 基本操作。 +* 了解 Linux GUI 开发、ArkUI 开发。 diff --git a/docs/zh/server/development/gcc/_toc.yaml b/docs/zh/server/development/gcc/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..feab2b14181576f5691b5884a99268c70ac91131 --- /dev/null +++ b/docs/zh/server/development/gcc/_toc.yaml @@ -0,0 +1,12 @@ +label: GCC用户指南 +isManual: true +description: GCC for openEuler 编译器基于开源 GCC 开发,聚焦于C、C++、Fortran语言的优化 +sections: + - label: 内核反馈优化特性 + href: ./kernel_fdo_user_guide.md + - label: 全场景链接时二进制库内联优化 + href: ./link_time_binary_library_inlining_optimization.md + - label: GCC插件框架特性用户指南 + href: ./pin_user_guide.md + - label: GCC优化特性 + href: ./gcc-optimization-user-guide.md diff --git a/docs/zh/server/development/gcc/gcc-optimization-user-guide.md b/docs/zh/server/development/gcc/gcc-optimization-user-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..4e284f27da4fd30a70c4c7e21a39b6056fbf9679 --- /dev/null +++ b/docs/zh/server/development/gcc/gcc-optimization-user-guide.md @@ -0,0 +1,279 @@ +# GCC 优化特性用户指南 + +## 简介 + +编译器优化特性对于提高应用程序的开发效率、运行性能和可维护性都非常重要。它是计算机科学领域的一个重要研究方向,也是软件开发过程中的重要环节之一。GCC for openEuler 在通用编译优化能力的基础上,对中后端性能优化技术进行了增强,包括指令优化、向量化增强、预取增强、数据流分析增强等优化。 + +## 安装与部署 + +### 软件要求 + +操作系统:openEuler 24.03 + +### 硬件要求 + +aarch64 架构 + +### 安装软件 + +按需安装 GCC 和相关组件即可,以 GCC 为例。 + +```shell +yum install gcc +``` + +## 使用方法 + +### CRC 优化 + +#### 说明 + +识别 CRC 软件循环代码,生成高效硬件指令。 + +#### 使用方法 + +在编译时增加 `-floop-crc` 选项。 + +注:`-floop-crc`选项需要和`-O3 -march=armv8.1-a`一起使用。 + +### If-conversion 增强 + +#### 说明 + +增强 If conversion 优化,使用更多的寄存器以减少冲突。 + +#### 使用方法 + +本优化是 RTL 优化 if-conversion 的一部分,使用如下编译选项控制优化启用。 + +`-fifcvt-allow-complicated-cmps` + +`--param=ifcvt-allow-register-renaming=[0,1,2]`数字用于控制优化范围。 + +注:此优化依赖`-O2`优化等级,以及与`--param=max-rtl-if-conversion-unpredictable-cost=48`、`--param=max-rtl-if-conversion-predictable-cost=48`共同使用。 + +### 乘法计算优化 + +#### 说明 + +Arm 相关指令合并优化,实现32位复杂组合的64位整形乘法逻辑的识别,并以高效的64位指令数输出。 + +#### 使用方法 + +使用`-fuaddsub-overflow-match-all`和`-fif-conversion-gimple`选项使能优化。 + +注:此优化需要`-O3`及以上优化等级。 + +### cmlt 指令生成优化 + +#### 说明 + +对一些四则运算生成`cmlt`指令,减少指令数。 + +#### 使用方法 + +使用选项`-mcmlt-arith`使能优化。 + +注:此优化需要`-O3`以上优化等级使用。 + +### 向量化优化增强 + +#### 说明 + +识别并简化向量化过程中生成的冗余指令,允许更短的循环进入向量化。 + +#### 使用方法 + +使用参数`--param=vect-alias-flexible-segment-len=1`使能,默认为0。 + +注:此优化需要`-O3`及以上优化等级。 + +### min max 和 uzp1/uzp2 指令联合优化 + +#### 说明 + +识别 `min max` 和 `uzp1/uzp2` 指令联合优化机会,减少指令数从而提升性能。 + +#### 使用方法 + +使用`-fconvert-minmax`选项使能`min max`优化,`uzp1/uzp2`指令优化在`-O3`以上等级默认使能。 + +注:依赖`-O3`及以上优化等级。 + +### ldp/stp 优化 + +#### 说明 + +识别某些性能表现差的 ldp/stp,将其拆分成2个 ldr 和 str。 + +#### 使用方法 + +使用`-fsplit-ldp-stp`选项使能优化,使用参数`--param=param-ldp-dependency-search-range=[1,32]`控制搜索范围,默认16。 + +注:依赖`-O1`及以上优化等级。 + +### AES指令优化 + +#### 说明 + +识别 AES 软件算法指令序列,使用硬件指令加速。 + +#### 使用方法 + +使用`-fcrypto-accel-aes`选项使能优化。 + +注:依赖`-O3`及以上优化等级。 + +### 间接调用提升 + +#### 说明 + +识别和分析程序中的间接调用,尝试将其优化为直接调用。 + +#### 使用方法 + +使用选项`-ficp -ficp-speculatively`使能优化。 + +注:此优化需要和`-O2 -flto -flto-partition=one`共同使用。 + +### IPA-prefetch + +#### 说明 + +识别循环中的间接访存,插入预取指令,从而减少间接访存的延迟。 + +#### 使用方法 + +通过选项`-fipa-prefetch -fipa-ic`使能优化。 + +注:此优化需要和`-O3 -flto`共同使用。 + +### -fipa-struct-reorg + +#### 说明 + +内存空间布局优化,将结构体成员在内存中的排布进行新的排列组合,来提高 cache 的命中率。 + +#### 使用方法 + +在选项中加入`-O3 -flto -flto-partition=one -fipa-struct-reorg`即可。 + +注:`-fipa-struct-reorg`选项,需要在`-O3 -flto -flto-partition=one`全局同时开启的基础上才使能。 + +### -fipa-reorder-fields + +#### 说明 + +内存空间布局优化,根据结构体中成员的占用空间大小,将成员从大到小排列,以减少边界对齐引入的 padding,来减少结构体整体占用的内存大小,以提高 cache 的命中率。 + +#### 使用方法 + +在选项中加入`-O3 -flto -flto-partition=one -fipa-reorder-fields`即可。 + +注:`-fipa-reorder-fields`选项,需要在`-O3 -flto -flto-partition=one`全局同时开启的基础上才使能。 + +### -ftree-slp-transpose-vectorize + +#### 说明 + +该选项在循环拆分阶段,增强对存在连续访存读的循环的数据流分析能力,通过插入临时数组拆分循环;SLP 矢量化阶段,新增对 grouped_stores 进行转置的 SLP 分析。 + +#### 使用方法 + +在选项中加入`-O3 -ftree-slp-transpose-vectorize`即可。 + +注:`-ftree-slp-transpose-vectorize`选项,需要在`-O3`开启的基础上才使能。 + +### LLC-prefetch + +#### 说明 + +通过分析程序中主要的执行路径,对主路径上的循环进行访存的复用分析,计算排序出 TOP 的热数据,并插入预取指令将数据先分配至 LLC 中,减少 LLC miss。 + +#### 使用方法 + +使能 LLC 特性,需开启 `-O2` 及以上优化等级,同时使用编译选项`-fllc-allocate`。 + +其他相关接口: + +| 选项 | 默认值 | 说明 | +| ---- | ---- | ---- | +| --param=mem-access-ratio=[0,100] | 20 | 循环内访存数对指令数的占比。| +| --param=mem-access-num=unsigned | 3 | 循环内访存数量。 | +| --param=outer-loop-nums=[1,10] | 1 | 允许扩展的外层循环的最大层数。 | +| --param=filter-kernels=[0,1] | 1 | 是否针对循环做路径串联筛选。 | +| --param=branch-prob-threshold=[50,100] | 80 | 高概率执行分支的概率阈值。 | +| --param=prefetch-offset=[1,999999] | 1024 | 预取偏移距离,一般为2的次幂。 | +| --param=issue-topn=unsigned | 1 | 预取指令个数。 | +| --param=force-issue=[0,1] | 0 | 是否执行强制预取,即静态模式。 | +| --param=llc-capacity-per-core=[0,999999] | 107 | 多分支预取下每个核平均分配的 LLC 容量。 | + +### -fipa-struct-sfc + +#### 说明 + +静态压缩结构体成员,从而减小结构体整体占用的内存大小,以提高 cache 命中率。 + +#### 使用方法 + +在选项中加入`-O3 -flto -flto-partition=one -fipa-reorder-fields -fipa-struct-sfc`即可,可在此基础上使用`-fipa-struct-sfc-bitfield`、`-fipa-struct-sfc-shadow`开启额外优化。 + +注:`-fipa-struct-sfc`选项,需要在`-O3 -flto -flto-partition=one`全局同时开启以及开启`-fipa-reorder-fields`或`-fipa-struct-reorg>=2`的基础上才能使能。 + +### -fipa-struct-dfc + +#### 说明 + +动态压缩结构体成员,克隆程序路径并启发式压缩结构体大小,根据运行时检查选择运行路径,以提高 cache 命中率。 + +#### 使用方法 + +在选项中加入`-O3 -flto -flto-partition=one -fipa-reorder-fields -fipa-struct-dfc`即可,可在此基础上使用`-fipa-struct-dfc-bitfield`、`-fipa-struct-dfc-shadow`开启额外优化。 + +注:`-fipa-struct-dfc`选项,需要在`-O3 -flto -flto-partition=one`全局同时开启以及开启`-fipa-reorder-fields`或`-fipa-struct-reorg>=2`的基础上才能使能。 + +### -fipa-alignment-propagation + +#### 说明 + +分析并传播局部变量地址对齐值,优化按位与运算。 + +#### 使用方法 + +在选项中加入`-O3 -fipa-alignment-propagation`即可。 + +注:`-fipa-alignment-propagation`选项,需要在`-O3`开启的基础上才使能。 + +### -fipa-localize-array + +#### 说明 + +将由 calloc 分配的全局指针变量转换为局部变量。 + +#### 使用方法 + +在选项中加入`-O3 -fipa-localize-array`即可。 + +注:`-fipa-localize-array`选项,需要在`-O3`开启的基础上才使能。 + +### -fipa-array-dse + +#### 说明 + +分析数组在函数之间的传递情况以及在被调用函数中的使用情况,消除冗余的数组写入。 + +#### 使用方法 + +在选项中加入`-O3 -fipa-array-dse`即可。 + +注:`-fipa-array-dse`选项,需要在`-O3`开启的基础上才使能。 + +### -ffind-with-sve + +#### 说明 + +识别 `std::find` 函数调用,尝试使用 SVE 指令优化。 + +#### 使用方法 + +在选项中加入 `-ffind-with-sve` 即可。 diff --git a/docs/zh/server/development/gcc/kernel_fdo_user_guide.md b/docs/zh/server/development/gcc/kernel_fdo_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..439dfc86813a151ede9f637cc6d66e26d6e7e937 --- /dev/null +++ b/docs/zh/server/development/gcc/kernel_fdo_user_guide.md @@ -0,0 +1,68 @@ +# 内核反馈优化特性用户指南 + +## 简介 + +内核反馈优化(PGO kernel)特性为内核提供了反馈优化能力的支持,使用户可以为不同的应用程序构建针对性优化的内核,在单应用场景下提高目标应用的性能。同时,该特性一并在openEuler GCC内提供了相应的编译支持,以及在A-FOT中提供了自动优化的功能,使用户能够便捷地使能内核反馈优化特性。 + +## 安装与部署 + +### 软件要求 + +* 操作系统:openEuler 23.09 + +### 硬件要求 + +* aarch64架构 +* x86_64架构 + +### 安装软件 + +安装内核源码、A-FOT和其他依赖软件包 + +```shell +yum install -y kernel-source A-FOT make gcc flex bison elfutils-libelf-devel diffutils openssl-devel dwarves +``` + +复制内核源码 + +```shell +cp -r /usr/src/linux-6.4.0-8.0.0.16.oe2309.aarch64 . +``` + +**注意:具体的版本号可能会有变化。** + +## 使用方法 + +用户可以通过A-FOT工具使能内核反馈优化,一键得到优化内核。将opt_mode指定Auto_kernel_PGO则为PGO kernel模式。所有配置选项也可以通过命令行指定,例如./a-fot --pgo_phase 1,另外-s、-n选项只能在命令行指定。PGO kernel相关的选项说明如下表所示。 + +| 序号 | 选项名称(配置文件) | 选项说明 | 默认值 | +| ---- | -------------------- | ------------------------------------------------------------ | ------------------------ | +| 1 | config_file | 配置文件路径;根据此文件内容读取用户的选项配置。 | ${afot_path}/a-fot.ini | +| 2 | opt_mode | 优化模式;工具将执行的优化模式,必须为AutoFDO、AutoPrefetch、AutoBOLT、Auto_kernel_PGO四者之一;分别代表自动反馈优化、自动预取、自动二进制优化和自动内核反馈优化。 | AutoPrefetch | +| 3 | pgo_mode | PGO模式;内核的反馈优化模式,GCOV或完整的PGO*,必须为arc或all;分别代表仅使用arc profile和使用arc+value profile。 | all | +| 4 | pgo_phase | 内核反馈优化的执行阶段;工具根据阶段执行不同的操作,必须为1或2;1代表编译插桩内核的阶段,2代表收集数据、编译优化内核的阶段。 | 1 | +| 5 | kernel_src | 内核源码目录;指定则工具进入编译内核,否则工具自动下载源码。 | 无(可选) | +| 6 | kernel_name | 内核构建的本地名;工具将根据阶段添加"-pgoing"或"-pgoed"后缀。 | kernel | +| 7 | work_path | 脚本工作目录;此目录用于存放日志文件、wrapper和profile。 | /opt(不能在/tmp目录下) | +| 8 | run_script | 应用执行脚本路径;此脚本为目标应用的执行脚本,需要用户完成编写;工具将后台运行此脚本以执行目标应用。 | /root/run.sh | +| 9 | gcc_path | GCC路径;工具调用真正编译器GCC的路径。 | /usr | +| 10 | -s | 安静模式;工具自动重启系统切换内核、执行第二阶段。 | 无 | +| 11 | -n | 不要让工具来编译内核;适用于执行环境和内核编译环境分离的场景。 | 无 | + +配置完编译选项后,可以使用如下命令进行A-FOT自动化优化内核: + +```shell +a-fot --config_file ./a-fot.ini -s +``` + +**注意:-s选项会让A-FOT工具自动重启机器切换内核,如果用户不希望自动进行这一项敏感操作,请去掉这一选项。但用户需要在重启后手动执行第二阶段(--pgo_phase 2)。** + +**注意:所有路径名请使用绝对路径。** + +**注意*:openEuler 23.09版本的内核暂不支持完整的PGO,请修改pgo_mode值为arc。** + +## 兼容性说明 + +此节主要列出当前一些特殊场景下的兼容性问题。本项目持续迭代中,会尽快进行修复,也欢迎广大开发者加入。 + +* openEuler 23.09版本的内核暂不支持完整的PGO,目前只支持arc模式。 diff --git a/docs/zh/server/development/gcc/link_time_binary_library_inlining_optimization.md b/docs/zh/server/development/gcc/link_time_binary_library_inlining_optimization.md new file mode 100644 index 0000000000000000000000000000000000000000..f1cc1398d10547db09c8a995886ab0a7a43abfb4 --- /dev/null +++ b/docs/zh/server/development/gcc/link_time_binary_library_inlining_optimization.md @@ -0,0 +1,56 @@ +# 全场景链接时二进制库内联优化 + +本特性支持全场景链接时的二进制内联,通过多版本二进制的组合输出,及LTO插件形式的多版本符号解析,支持不同版本编译器的LTO的内联优化;并设计跨模块的编译选项分析和匹配,适配不同编译模块的融合,实现全场景的链接时优化。 + +## 选项 -fmulti-version-lib= + +### 说明 + +该选项为链接时选项,与`-flto`结合使用,用于LTO链接时指示传入的库为多版本的LTO格式,需要编译器切换旧版本的LTO形式读取 (目前支持openEuler 2403 SP1、openEuler 2409 编译的LTO格式),用于兼容不同LTO的静态库或目标文件进行融合链接及优化编译。 + +### 使用方式 + +在选项中加入,如传入多个文件名通过逗号隔开: + +~~~bash +-flto -fmulti-version-lib=liba.a,libb.a +~~~ + +举例: + +~~~bash +# gcc for openEuler 24.09 +gcc -O2 -fPIC -flto -c fa.c -o fa.o +gcc-ar rcs liba.a fa.o + +# gcc for openEuler latest +gcc -O2 -fPIC -flto -fmulti-version-lib=liba.a main.c liba.a -o exe +~~~ + +## 选项 -finline-force= + +### 说明 + +该选项为链接时选项,与`-flto`结合使用,用于在LTO链接时,指示对传入的目标静态库或目标文件尝试进行内联,该选项将对目标文件中的函数尝试内联增强,增强以下内联扩展: + +- 架构选项的兼容,当调用函数和被调用函数使用的march/mcpu等信息不同时,尽可能将被调用函数的架构选项与调用函数的架构选项切换一致,并进行内联编译。 +- `inline`关键字,类似于被调用函数增加了`inline`关键字,指示在编译过程中能找到函数实体,就尽可能内联。 +- `always_inline`属性,类似于被调用函数增加了`__attribute__((always_inline))`属性。 + +### 使用方法 + +在选项中加入,如传入多个文件名通过逗号隔开: + +~~~bash +-flto -finline-force=liba.a,libb.a +~~~ + +注:`-finline-force`,不加目标文件名形式,仅用于全局内联调试分析,不直接使用。 + +举例: + +~~~bash +gcc -O2 -fPIC -flto -c fa.c -o fa.o +gcc-ar rcs liba.a fa.o +gcc -O2 -fPIC -flto -finline -force=liba.a main.c liba.a -o exe +~~~ diff --git a/docs/zh/server/development/gcc/overview.md b/docs/zh/server/development/gcc/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..84a82e187149c7b4ea3b45529e1b4b25fdfbe9a8 --- /dev/null +++ b/docs/zh/server/development/gcc/overview.md @@ -0,0 +1,3 @@ +# GCC for openEuler用户指南 + +GCC for openEuler编译器基于开源GCC(GNU Compiler Collection,GNU编译器套装)开发。开源GCC是一种支持多种编程语言的跨平台开源编译器,采用GPLv3(GNU General Public License, version 3)协议,是Linux系统上目前应用最广泛的C/C++编译器,基本被认为是跨平台编译器的事实标准。而GCC for openEuler在继承了开源GCC能力的基础上,聚焦于C、C++、Fortran语言的优化,增强自动反馈优化、软硬件协同、内存优化、自动向量化等特性,并适配国产硬件平台,如鲲鹏、飞腾、龙芯等,充分释放国产硬件算力。 diff --git a/docs/zh/server/development/gcc/pin_user_guide.md b/docs/zh/server/development/gcc/pin_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..b27d6a0e73626a60a14c686afadb56b9e8f55303 --- /dev/null +++ b/docs/zh/server/development/gcc/pin_user_guide.md @@ -0,0 +1,134 @@ +# 安装与部署 + +## 软件要求 + +* 操作系统:openEuler 24.03 + +## 硬件要求 + +* x86_64架构 +* ARM架构 + +## 环境准备 + +* 安装openEuler系统,安装方法参考 《[安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md)》。 + +### 安装依赖软件 + +#### 安装插件框架GCC客户端依赖软件 + +```shell +yum install -y grpc +yum install -y grpc-devel +yum install -y grpc-plugins +yum install -y protobuf-devel +yum install -y jsoncpp +yum install -y jsoncpp-devel +yum install -y gcc-plugin-devel +yum install -y llvm-mlir +yum install -y llvm-mlir-devel +yum install -y llvm-devel +``` + +#### 安装插件框架服务端依赖软件 + +```shell +yum install -y grpc +yum install -y grpc-devel +yum install -y grpc-plugins +yum install -y protobuf-devel +yum install -y jsoncpp +yum install -y jsoncpp-devel +yum install -y llvm-mlir +yum install -y llvm-mlir-devel +yum install -y llvm-devel +``` + +## 安装Pin + +### rpm构建 + +#### 构建插件框架GCC客户端 + +```shell +git clone https://gitee.com/src-openeuler/pin-gcc-client.git +cd pin-gcc-client +mkdir -p ~/rpmbuild/SOURCES +cp *.path pin-gcc-client.tar.gz ~/rpmbuild/SOURCES +rpmbuild -ba pin-gcc-client.spec +cd ~/rpmbuild/RPMS +rpm -ivh pin-gcc-client.rpm +``` + +#### 构建插件框架服务端 + +```shell +git clone https://gitee.com/src-openeuler/pin-server.git +cd pin-server +mkdir -p ~/rpmbuild/SOURCES +cp *.path pin-server.tar.gz ~/rpmbuild/SOURCES +rpmbuild -ba pin-server.spec +cd ~/rpmbuild/RPMS +rpm -ivh pin-server.rpm +``` + +### 编译构建 + +#### 构建插件框架GCC客户端 + +```shell +git clone https://gitee.com/openeuler/pin-gcc-client.git +cd pin-gcc-client +mkdir build +cd build +cmake ../ -DMLIR_DIR=${MLIR_PATH} -DLLVM_DIR=${LLVM_PATH} +make +``` + +#### 构建插件框架服务端 + +```shell +git clone https://gitee.com/openeuler/pin-server.git +cd pin-server +mkdir build +cd build +cmake ../ -DMLIR_DIR=${MLIR_PATH} -DLLVM_DIR=${LLVM_PATH} +make +``` + +## 使用方法 + +用户可以通过`-fplugin`和`-fplugin-arg-libpin_xxx`使能插件工具。 +命令如下: + +```shell +$(TARGET): $(OBJS) + $(CXX) -fplugin=${CLIENT_PATH}/build/libpin_gcc_client.so \ + -fplugin-arg-libpin_gcc_client-server_path=${SERVER_PATH}/build/pin_server \ + -fplugin-arg-libpin_gcc_client-log_level="1" \ + -fplugin-arg-libpin_gcc_client-arg1="xxx" +``` + +为了方便用户使用,可以通过`${INSTALL_PATH}/bin/pin-gcc-client.json`文件,进行插件配置。配置选项如下: + +`path` : 配置插件框架服务端可执行文件路径 + +`sha256file` : 配置插件工具的校验文件`xxx.sha256`路径 + +`timeout` : 配置跨进程通信超时时间,单位`ms` + +编译选项: + +`-fplugin`:指定插件客户端.so所在路径 + +`-fplugin-arg-libpin_gcc_client-server_path`:指定插件服务端可执行程序所在路径 + +`-fplugin-arg-libpin_gcc_client-log_level`:指定日志系统默认记录等级,取值`0~3`。默认为`1` + +`-fplugin-arg-libpin_gcc_client-argN`:用户可以根据插件工具要求,指定其他参数。argN代指插件工具要求的参数字段。 + +## 兼容性说明 + +此节主要列出当前一些特殊场景下的兼容性问题。本项目持续迭代中,会尽快进行修复,也欢迎广大开发者加入。 + +* 插件框架在`-flto`阶段使能时,不支持使用`make -j`多进程编译。建议改用`make -j1`进行编译。 diff --git a/docs/zh/server/development/unt/_toc.yaml b/docs/zh/server/development/unt/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..58a1be4c4aea8d86dd8d1427d7da5cde63bd1055 --- /dev/null +++ b/docs/zh/server/development/unt/_toc.yaml @@ -0,0 +1,6 @@ +label: UNT使用手册 +isManual: true +description: UNT(UDF Native Tool)是一个UDF自动native化工具,聚焦于将用户jar包中的UDF字节码自动转换为native二进制并自动化替代原始UDF运行于Flink等大数据引擎中,并在此基础上通过native侧优化达到加速目的 +sections: + - label: UNT使用手册 + href: ./unt_guide.md diff --git a/docs/zh/server/development/unt/unt_guide.md b/docs/zh/server/development/unt/unt_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..d2802d70f3fd023be68737bd5bb0e23b3c82a29c --- /dev/null +++ b/docs/zh/server/development/unt/unt_guide.md @@ -0,0 +1,592 @@ +# UNT用户指南 + +## 简介 + +### 特性介绍 + +Spark、Hive、Flink等大数据引擎中提供的Function有限,往往不能够满足客户需求,需要由客户自定义一些UDF来满足自己的业务需求。 + +以Flink DataSream为例,用户希望在享受开源标准带来的兼容性和灵活性的同时,获得更高的性能和更低的成本,当前的Flink引擎优化主要是基于开源的Flink Java工程进行改进,性能提升存在天花板,我们需要基于Native化引擎更大程度地提升系统性能,突破现有的性能瓶颈,同时保持对Flink的兼容性。Spark已经实现了类似的优化,但Flink尚未有类似的进展。Flink流处理业务非常广泛,其中80%以上的业务场景需要使用UDF,因此,我们面向Flink native引擎提供了一套UDF自动native化管理系统,该系统能够将用户加载的UDF字节码自动转换为native二进制并自动化替代原始UDF运行于Flink等大数据引擎中。 + +**UNT特性** + +- 实现了将业务jar包字节码自动转换为IR代码,而后根据大数据引擎UDF规则自动提取UDF代码,并解析UDF外部依赖。 +- 实现了从内存对象自动管理、硬件亲和加速等维度对UDF IR进行优化。 + - 建立UDF对象声明周期管理规则,基于该规则自动插入内存对象引用及释放代码。 + - 建立基础类对象池,将基础类内存申请接口自动替换为对象池对象获取接口。 + - 自动根据执行环境硬件匹配亲和库,并在IR中自动替换为硬件亲和库调用。 +- 实现了针对Java转c++的UDF翻译,自动将用户的原始java程序翻译成c++代码并编译。 + +### 约束与限制 + +在特性配置之前,请先了解UNT特性的使用限制。 + +1. 整体规格约束 + + **native翻译UDF Function类型约束**:支持Function类型白名单内的UDF native翻译。 + + **native翻译UDF成员方法语法约束**: + + ```text + - 支持Java类型翻译白名单内的类型native翻译。 + - 支持Java语句翻译白名单内的语句native翻译。 + - 支持Java关键字翻译白名单内的关键字native翻译。 + ``` + + **native翻译UDF成员对象类型约束**:native翻译UDF成员对象运行时类型必须与静态定义类型完全一致,否则UDF native翻译失败,回退至原生UDF。 + + **native翻译jar包打包约束**:nativa翻译的输入jar包必须是包含所有依赖的胖包。 + + **native翻译接口返回值约束**:父子类相同接口的返回值属性需相同(接口返回值属性为0代表返回值为空、基础类型、集合类元素或类对象成员,接口返回值属性为1代表其他情况)。 + + **native扫描UDF约束**:暂不支持扫描lambda形式的UDF。 + +2. Function类型白名单 + + 支持的Function类型: + + - FlatMapFunction + - KeySelector + - MapFunction + - ReduceFunction + - RichFilterFunction + - RichFlatMapFunction + +3. Java关键字翻译白名单 + + 支持的Java关键字: + + - abstract + - boolean + - break + - byte + - case + - char + - class + - continue + - default + - do + - while + - double + - if + - else + - for + - extends + - float + - final + - int + - implements + - import + - interface + - instanceof + - long + - new + - package + - private + - protected + - public + - return + - short + - static + - switch + - this + - void + - volatile + +4. Java类型翻译白名单 + + 支持的Java类型如下: + + - boolean + - byte + - char + - short + - int + - long + - double + - float + - Array + - null + - void + - Class + +5. Java语句翻译白名单 + + - InvokeStmt(函数/方法调用语句,不支持dynamicinvoke) + + 例子: + + ```java + public class DemoClass{ + public void print(int x){ + int a = increment(x); + System.out.println(a); + a = increment(x); + System.out.println(a); + } + public int increment(int x){ + return x+1; + } + } + ``` + + - IdentityStmt(this成员赋值) + + 例子: + + ```java + public class DemoClass{ + private int counter; + public void DemoClass(int counter){ + this.counter = counter; + } + } + ``` + + - AssignStmt(赋值语句) + + 例子: + + ```java + public class DemoClass{ + private int counter = 0; + public int updateCounter(){ + counter = counter + 1; + return counter; + } + } + ``` + + - IfStmt(if语句) + + 例子: + + ```java + public class DemoClass{ + public static void sampleMethod(int x){ + if(x % 2 == 0){ + System.out.println("Even"); + }else{ + System.out.println("Odd"); + } + } + } + ``` + + - Switch(switch语句) + + 例子: + + ```java + public class DemoClass{ + public void switchExample(int x){ + switch(x){ + case 1: + System.out.println("Input1"); + break; + case 2: + System.out.println("Input2"); + break; + default: + System.out.println("Input more than 2"); + break; + } + } + } + ``` + + - ReturnStmt(return语句) + + 例子: + + ```java + public class DemoClass{ + public int increment(int x){ + return x + 1; + } + } + ``` + + - GotoStmt(goto语句) + + 例子: + + ```java + public class DemoClass{ + public static void sampleMethod(){ + for(int i = 0; i < 5; i++){ + if(i == 3){ + break; + } + } + } + } + ``` + +## 安装与部署 + +### 软件要求 + +- jdk1.8 +- python3 +- maven3.6.3 + +### 硬件要求 + +- aarch64架构 +- x86_64架构 + +### 安装软件 + +UNT使用rpm方式安装部署。 + +```shell +rpm -ivh UNT-1.0-5.oe2403sp2.noarch.rpm +``` + +安装完成后会在`/opt/udf-trans-opt`目录下生成文件夹`udf-translator`,该目录即为UNT的工作目录。 + +```text +#目录结构 +bin:执行脚本所在目录 +conf:配置文件目录 +lib:依赖所在目录 +cpp:翻译完成的cpp源文件所在的目录,下级不同的jar包对应不同的目录 +log:翻译生成的日志记录 +output:翻译完成后编译生成的so所在目录,下级不同的jar包对应不同的jar目录 +``` + +同时会在`/usr/bin`下面生成`native_udf.py`文件,用于查看翻译相关信息 + +## 使用方法 + +UNT的翻译依赖于配置文件。 + +**配置文件及简介如下**: + +```text +conf/depend_class.properties:java侧与native侧类名映射关系配置 +conf/depend_include.properties:头文件路径配置 +conf/depend_interface.config:依赖接口配置 +``` + +**其中conf为相对目录,基目录配置说明可查看第4小节修改UNT用户配置** + +使用步骤如下: + +1. **扫描缺失接口** + + 使用`native_udf.py depend_info ${job_jar}`命令扫描缺失接口。 + + 扫描结果示例: + + ```text + java.lang.String + Methods: + int length() + ``` + + 示例显示缺失`String`的`length()`函数接口。 + +2. **实现缺失接口** + + 需要根据基础库编写规范实现native侧相关接口,如用户可以按如下方式声明String中的length()接口,用户可根据接口自行进行函数实现。 + + ```cpp + //String头文件 + class String : public Object + { + public: + int32_t length() const; + private: + std::string inner; + } + ``` + + ```cpp + //String cpp文件 + int32_t String::length() const + { + return static_cast(inner.size()); + } + ``` + + 实现完成后需要编译为`libbasictypes.a`文件,**注意,名字必须是`libbasictypes.a`**。 + +3. **增加接口配置文件** + + 实现接口后需要增加相应的接口配置文件。 + + - 在depend_class.properties文件中增加java到native的类名映射。 + + ```text + java.lang.String=String + ``` + + 该配置的key表示java中的String类,value表示native侧对应的类名。 + + - 在depend_include.properties文件中增加头文件路径配置。 + + ```text + java.lang.String=basictypes/String.h + ``` + + 该配置的key表示java中的String类,value表示native侧头文件所在的相对路径,**基目录配置说明可查看第4小节修改UNT用户配置**。 + + - 在depend_interface.config文件中增加依赖接口配置。 + + ```text + , 0 + ``` + + 该配置的第一个元素表示java中对应函数的签名,value表示其内存语义,内存语义相关信息请参考自开发native规范中内存语义规范相关内容。 + +4. **修改UNT用户配置** + + 该配置文件默认在`/opt/udf-trans-opt/udf-translator/conf/udf_tune.properties`目录下。 + + 配置文件内容为: + + ```text + basic_lib_path=/opt/udf-trans-opt/libbasictypes + tune_level=0 + regex_lib_type=1 + regex_lib_path=/usr/local/ksl/lib/libKHSEL_ops.a + compile_option= + ``` + + `basic_lib_path`用于配置基础库的基目录,该目录下存在三个子目录。 + + - `conf`目录:用于存放配置文件,此目录为配置文件的基目录。 + - `include`目录:用于存放第2小节中实现的native头文件,此目录为头文件的基目录。 + - `lib`目录:用于存放用户编译出来的.a静态依赖文件。 + + `tune_level`用于配置优化级别,各优化级别说明如下。 + + - level:0代表基础优化,即内存自动释放基础优化,后续的优化都会以此为基础。 + - level:1代表硬件加速优化,此时会读取硬件加速基础库接口配置,对接硬件加速基础库接口。 + - level:2代表内存申请释放加速优化。 + - level:4代表AI4C加速优化。 + + 上述优化中,除了基础优化默认与其他优化叠加,其余优化level数值相加即代表多个优化手段的叠加(每个level的数值必须为2的幂和)。 + + `regex_lib_type`用于配置是否进行正则库优化。 + + 配置为1表示开启正则库优化,配置为0表示不开启正则库优化,该配置在tune_level=1的条件下生效。 + + `regex_lib_path`用于配置正则库的链接路径。 + + 配置正则库优化的路径。 + + `compile_option`用于用户自定义编译选项,用户需要保证编译选项的正确性。 + +5. **使用翻译命令生成native源文件及二进制文件** + + ```text + bash /opt/udf-trans-opt/udf-translator/bin/udf_translate.sh {jar包路径} flink + ``` + + 执行完成后会在cpp目录下生成源文件,在output目录下生成so文件,在log目录下生成日志。 + +6. **查询翻译信息** + + - native_udf.py source_info ${job_jar} + + 支持用户指定job_jar查看其native源码文件位置。 + + - native_udf.py list ${job_jar} + + 支持用户指定job_jar查看native成功能UDF标识及其二进制文件信息。 + + 二进制文件生成在UNT安装路径下的output目录,子目录hash值可以通过source_info获取。 + + - native_udf.py depend_info ${job_jar} + + 支持用户指定job_jar查看依赖库接口信息。 + + 当前不支持lambda表达式的扫描。 + + - native_udf.py fail_info ${job_jar} + + 支持用户指定job_jar查看其native失败原因:如依赖接口缺失信息。 + + - native_udf.py tune_level ${level} + + 支持用户指定udf native优化级别。 + +## 自开发native规范 + +unt工具支持用户自行开发部分native代码,为了使自行开发的代码能够自动嵌入到翻译的代码中,请遵守以下规范。 + +1. 内存语义规范 + + 自行开发的代码需要保证除输出对象外,其余对象均已释放。除此之外,需要在`depend_interface.config`依赖接口配置文件中配置其内存语义,如果return的对象为“新创建”的,请在配置文件中标识该方法签名为“1”,否则标识该方法签名为“0”。 + + 例子1: + + ```java + int32_t String::length() const + { + return static_cast(inner.size()); + } + ``` + + 该length方法返回基础类型,不涉及到新创建的对象,因此配置为"0"。 + + ```text + , 0 + ``` + + 例子2: + + ```java + String *String::substring(const int32_t idx) const + { + std::string s = this->inner.substr(idx); + return new String(std::move(s)); + } + ``` + + 该substring方法返回String类型,且return的为新创建的对象,因此配置为"1"。 + + ```text + , 1 + ``` + +2. 继承规范 + + 所有类最终都应该继承自Object。 + + Object类描述如下: + + Object头文件: + + ```cpp + class Object + { + public: + Object(); + + Object(nlohmann::json jsonObj); + + virtual ~Object(); + + virtual int hashCode(); + + virtual bool equals(Object *obj); + + virtual std::string toString(); + + virtual Object *clone(); + + Object(const Object &obj); + + Object(Object &&obj); + + Object &operator=(const Object &obj); + + Object &operator=(Object &&obj); + + void putRefCount(); + + void getRefCount(); + + void setRefCount(uint32_t count); + + bool isCloned(); + + uint32_t getRefCountNumber(); + + public: + std::recursive_mutex mutex; + bool isClone = false; + bool isPool = false; + uint32_t refCount = 1; + } + ``` + + Object cpp文件: + + ```cpp + Object::Object() = default; + + Object::Object(nlohmann::json jsonObj) + { + return; + } + + Object::~Object() = default; + + int Object::hashCode() + { + return 0; + } + + bool Object::equals(Object *obj) + { + return false; + } + + std::string Object::toString() + { + return std::string(); + } + + Object * Object::clone() + { + return nullptr; + } + + Object::Object(const Object &obj) + { + this->refCount = obj.refCount; + this->isClone = obj.isClone; + } + + Object::Object(const Object &&obj) + { + this->refCount = obj.refCount; + this->isClone = obj.isClone; + } + + Object &Object::operator=(const Object &obj) + { + this->refCount = obj.refCount; + this->isClone = obj.isClone; + } + + Object &Object::operator=(Object &&obj) + { + this->refCount = obj.refCount; + this->isClone = obj.isClone; + } + + void Object::putRefCount() + { + if (__builtin_expect(--refCount != 0, true)) + { + return; + } + delete this; + } + + void Object::getRefCount() + { + ++refCount; + } + + void Object::setRefCount(uint32_t count) + { + refCount = count; + } + + bool Object::isCloned() + { + return isClone; + } + + uint32_t Object::getRefCountNumber() + { + return refCount; + } + ``` diff --git a/docs/zh/server/diversified_computing/dpu_offload/_toc.yaml b/docs/zh/server/diversified_computing/dpu_offload/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b3532fcd6004942e434555512ffea706269d4f3f --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/_toc.yaml @@ -0,0 +1,15 @@ +label: 直连聚合用户指南 +isManual: true +description: 介绍基于openEuler操作系统的容器管理面DPU无感卸载功能特性及安装部署方法 +sections: + - label: 直连聚合环境搭建 + href: ./libvirt_direct_connection_aggregation_environment_establishment.md + - label: qtfs共享文件系统架构 + href: ./qtfs_architecture_and_usage.md + - label: 容器管理面DPU无感卸载 + href: ./overview.md + sections: + - label: 容器管理面无感卸载部署介绍 + href: ./imperceptible_container_management_plane_offload.md + - label: 容器管理面无感卸载部署指导 + href: ./offload_deployment_guide.md diff --git a/docs/zh/server/diversified_computing/dpu_offload/config/client.json b/docs/zh/server/diversified_computing/dpu_offload/config/client.json new file mode 100644 index 0000000000000000000000000000000000000000..4aedf4c846914a6bc34dff1988c7794ddb1fa521 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/config/client.json @@ -0,0 +1,5 @@ +{ + "Protocol": "tcp", + "Ipaddr" : "192.168.10.11", + "Port" : "7777" +} diff --git a/docs/zh/server/diversified_computing/dpu_offload/config/prepare.sh b/docs/zh/server/diversified_computing/dpu_offload/config/prepare.sh new file mode 100644 index 0000000000000000000000000000000000000000..ccfe9402051a02451644345b39ef6aa2657bfe89 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/config/prepare.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +mkdir -p /another_rootfs/var/run/docker/containerd +iptables -t nat -N DOCKER + +echo "---------insmod qtfs ko----------" +# TEST_MODE: IP +insmod ${YOUR_PATH}/qtfs.ko qtfs_server_ip=${YOUR_SERVER_IP} qtfs_log_level=INFO # Enter the .ko file path and IP address. +nohup ${YOUR_PATH}/udsproxyd 1 ${YOUR_CLIENT_IP} 12121 ${YOUR_SERVER_IP} 12121 2>&1 & + +# TEST_MODE: vsock +# insmod ${YOUR_PATH}/qtfs.ko qtfs_server_vsock_cid=${YOUR_SERVER_VSOCK_CID} qtfs_log_level=INFO # Enter the .ko file path and IP address. +# nohup ${YOUR_PATH}/udsproxyd 1 ${YOUR_CLIENT_VSOCK_CID} 12121 ${YOUR_SERVER_VSOCK_CID} 12121 2>&1 & + +qtcfg -w udsconnect -x /var/run/rexec +qtcfg -w udsconnect -x /run/rexec + +mkdir /another_rootfs/local_proc/ +mount -t proc proc /another_rootfs/local_proc/ +mount --bind /var/run/ /another_rootfs/var/run/ +mount --bind /var/lib/ /another_rootfs/var/lib/ +mount --bind /etc /another_rootfs/etc +mount -t devtmpfs devtmpfs /another_rootfs/dev/ +mount -t sysfs sysfs /another_rootfs/sys +mkdir -p /another_rootfs/sys/fs/cgroup +mount -t tmpfs tmpfs /another_rootfs/sys/fs/cgroup +list="perf_event freezer files net_cls,net_prio hugetlb pids rdma cpu,cpuacct memory devices blkio cpuset" +for i in $list +do + echo $i + mkdir -p /another_rootfs/sys/fs/cgroup/$i + mount -t cgroup cgroup -o rw,nosuid,nodev,noexec,relatime,$i /another_rootfs/sys/fs/cgroup/$i +done + +mount -t qtfs -o proc /proc /another_rootfs/proc +echo "proc" +mount -t qtfs /sys /another_rootfs/sys +echo "cgroup" + +mkdir -p /another_rootfs/var/lib/docker/containers +mkdir -p /another_rootfs/var/lib/docker/containerd +mkdir -p /another_rootfs/var/lib/docker/overlay2 +mkdir -p /another_rootfs/var/lib/docker/image +mkdir -p /another_rootfs/var/lib/docker/tmp +mount -t qtfs /var/lib/docker/containers /another_rootfs/var/lib/docker/containers +mount -t qtfs /var/lib/docker/containerd /another_rootfs/var/lib/docker/containerd +mount -t qtfs /var/lib/docker/overlay2 /another_rootfs/var/lib/docker/overlay2 +mount -t qtfs /var/lib/docker/image /another_rootfs/var/lib/docker/image +mount -t qtfs /var/lib/docker/tmp /another_rootfs/var/lib/docker/tmp +mkdir -p /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mount -t qtfs /run/containerd/io.containerd.runtime.v1.linux/ /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /another_rootfs/var/run/docker/containerd +mount -t qtfs /run/docker/containerd /another_rootfs/run/docker/containerd +mkdir -p /another_rootfs/var/lib/containerd/io.containerd.runtime.v1.linux +mount -t qtfs /var/lib/containerd/io.containerd.runtime.v1.linux /another_rootfs/var/lib/containerd/io.containerd.runtime.v1.linux + +qtcfg -w udsconnect -x /another_rootfs/var/run/rexec +qtcfg -w udsconnect -x /another_rootfs/run/rexec diff --git a/docs/zh/server/diversified_computing/dpu_offload/config/rexec.service b/docs/zh/server/diversified_computing/dpu_offload/config/rexec.service new file mode 100644 index 0000000000000000000000000000000000000000..ee9e5e4895adb5c010e3f8d4db6652cfaed3d355 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/config/rexec.service @@ -0,0 +1,13 @@ +[Unit] +Description=Rexec_server Service +After=network.target + +[Service] +Type=simple +Environment=CMD_NET_ADDR=tcp://0.0.0.0:7777 +ExecStart=/usr/bin/rexec_server +ExecReload=/bin/kill -s HUP $MAINPID +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/docs/zh/server/diversified_computing/dpu_offload/config/server.json b/docs/zh/server/diversified_computing/dpu_offload/config/server.json new file mode 100644 index 0000000000000000000000000000000000000000..1d4a7bbbc1cbf086e18b147f3f27e6a15c2e322e --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/config/server.json @@ -0,0 +1,5 @@ +{ + "Protocol": "tcp", + "Ipaddr" : "0.0.0.0", + "Port" : "7777" +} diff --git a/docs/zh/server/diversified_computing/dpu_offload/config/server_start.sh b/docs/zh/server/diversified_computing/dpu_offload/config/server_start.sh new file mode 100644 index 0000000000000000000000000000000000000000..fd3655159ddb0fc6069dfa3ab802f4c9f8520c13 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/config/server_start.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +modprobe overlay +mkdir /var/lib/docker/containers +mkdir -p /var/lib/docker/containers +mkdir -p /var/lib/docker/containerd +mkdir -p /var/lib/docker/overlay2 +mkdir -p /var/lib/docker/tmp +mkdir -p /var/lib/docker/image +mkdir -p /var/run/docker/containerd +mkdir -p /run/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /var/run/docker/netns +mkdir -p /var/lib/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /run/user/0 +touch /var/run/docker/netns/default +# this should be done once +mount --bind /proc/1/ns/net /var/run/docker/netns/default + +function TaskClean() +{ + echo "Now do task clean..." + pkill engine + rmmod qtfs_server + echo "TaskClean done" +} + +trap "TaskClean exit" SIGINT + +mkdir -p /var/run/docker/containerd +mkdir -p /run/containerd/io.containerd.runtime.v1.linux/ + +# TEST_MODE: IP +insmod ${YOUR_PATH}/qtfs_server.ko qtfs_server_ip=${YOUR_SERVER_IP} qtfs_log_level=ERROR +nohup ${YOUR_PATH}/engine 16 1 ${YOUR_SERVER_IP} 12121 ${YOUR_CLIENT_IP} 12121 2>&1 & + +# TEST_MODE: vsock +# insmod ${YOUR_PATH}/qtfs_server.ko qtfs_server_vsock_cid=${YOUR_SERVER_VSOCK_CID} qtfs_log_level=ERROR +# nohup ${YOUR_PATH}/engine 16 1 ${YOUR_SERVER_VSOCK_CID} 12121 ${YOUR_CLIENT_VSOCK_CID} 12121 2>&1 & + +sleep 2 + +qtcfg -w udsconnect -x /var/run/rexec +qtcfg -w udsconnect -x /run/rexec +qtcfg -w udsconnect -x /var/run/containerd diff --git a/docs/zh/server/diversified_computing/dpu_offload/config/whitelist b/docs/zh/server/diversified_computing/dpu_offload/config/whitelist new file mode 100644 index 0000000000000000000000000000000000000000..b0be45f86276e89fa9fd0827ba06bbb27d158f62 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/config/whitelist @@ -0,0 +1,8 @@ +kill +taskset +qemu-kvm +rexec_shim +/usr/bin/taskset +/usr/bin/kill +/usr/bin/qemu-kvm +/usr/bin/rexec_shim diff --git a/docs/zh/server/diversified_computing/dpu_offload/figures/arch.png b/docs/zh/server/diversified_computing/dpu_offload/figures/arch.png new file mode 100644 index 0000000000000000000000000000000000000000..b6a7836fd6fab75009e781ac1ed96c73c352f75b Binary files /dev/null and b/docs/zh/server/diversified_computing/dpu_offload/figures/arch.png differ diff --git a/docs/zh/server/diversified_computing/dpu_offload/figures/offload-arch.png b/docs/zh/server/diversified_computing/dpu_offload/figures/offload-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..944900b42c13091e4ec40c6d51dc3c95088aa1b8 Binary files /dev/null and b/docs/zh/server/diversified_computing/dpu_offload/figures/offload-arch.png differ diff --git a/docs/zh/server/diversified_computing/dpu_offload/figures/qtfs-arch.png b/docs/zh/server/diversified_computing/dpu_offload/figures/qtfs-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..40fd7e28707642801ec0b984690a25c08e092ac4 Binary files /dev/null and b/docs/zh/server/diversified_computing/dpu_offload/figures/qtfs-arch.png differ diff --git a/docs/zh/server/diversified_computing/dpu_offload/imperceptible_container_management_plane_offload.md b/docs/zh/server/diversified_computing/dpu_offload/imperceptible_container_management_plane_offload.md new file mode 100644 index 0000000000000000000000000000000000000000..faad9b537f7195d28cb9c1753d272e6639603737 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/imperceptible_container_management_plane_offload.md @@ -0,0 +1,31 @@ +# 容器管理面无感卸载介绍 + +## 概述 + +在数据中心及云场景下,随着摩尔定律失效,通用处理单元CPU算力增长速率放缓,而同时网络IO类速率及性能不断攀升,二者增长速率差异形成的剪刀差,即当前通用处理器的处理能力无法跟上网络、磁盘等IO处理的需求。传统数据中心下越来越多的通用CPU算力被IO及管理面等占用,这部分资源损耗称之为数据中心税(Data-center Tax)。据AWS统计,数据中心税可能占据数据中心算力的30%以上,部分场景下甚至可能更多。 + +DPU的出现就是为了将这部分算力资源从主机CPU上解放出来,通过将管理面、网络、存储、安全等能力卸载到专有的处理器芯片(DPU)上进行处理加速,达成降本增效的结果。目前主流云厂商如AWS、阿里云、华为云都通过自研芯片完成管理面及相关数据面的卸载,达成数据中心计算资源100%售卖给客户。 + +管理面进程卸载到DPU可以通过对组件源码进行拆分达成,将源码根据功能逻辑拆分成独立运行的两部分,分别运行在主机和DPU,达成组件卸载的目的。但是这种做法有以下问题:一是影响组件的软件兼容性,组件后续版本升级和维护需要自己维护相关patch,带来一定的维护工作量;二是卸载工作无法被其他组件继承,后续组件卸载后仍需要进行代码逻辑分析和拆分等工作。为解决上述问题,本方案提出DPU的无感卸载,通过OS提供的抽象层,屏蔽应用在主机和DPU间跨主机访问的差异,让业务进程近似0改动达成卸载到DPU运行的目标,且这部分工作属于操作系统通用层,与上层业务无关,其他业务进行DPU卸载时也可以继承。 + +## 架构介绍 + +### 容器管理面DPU无感卸载架构 + +**图1**容器管理面DPU无感卸载架构 + +![offload-arch](./figures/offload-arch.png) + +如图1所示,容器管理面卸载后,dockerd、kubelet等管理进程运行在DPU侧,容器进程本身运行在HOST,进程之间的交互关系由系统层提供对应的能力来保证: + +* 通信层:DPU和主机之间可能通过PCIe或网络进行通信,需要基于底层物理连接提供通信接口层,为上层业务提供通信接口。 + +* 内核共享文件系统qtfs:容器管理面组件kubelet、dockerd与容器进程之间的主要交互通过文件系统进行;管理面工具需要为容器进程准备rootfs、volume等数据面路径;还需要在运行时通过proc文件系统、cgroup文件系统等控制和监控容器进程的资源及状态。共享文件系统的详细介绍参考《[共享文件系统介绍](qtfs_architecture_and_usage.md)》。 + +* 用户态卸载环境:用户态需要使用qtfs为容器管理面准备卸载后的运行时环境,将主机的容器管理及运行时相关目录远程挂载到DPU;另外由于需要挂载proc、sys、cgroup等系统管理文件系统,为防止对DPU原生系统功能的破坏,上述挂载动作都在chroot环境内完成。另外管理面(运行于DPU)和容器进程(运行于主机)之间仍存在调用关系,需要通过远程二进制执行工具(rexec)提供对应功能。 + +容器管理面无感卸载的操作步骤可参考《[部署指导文档](./offload_deployment_guide.md)》。 + +> ![](./public_sys-resources/icon-note.gif)**说明**: +> +> 上述操作指导涉及对容器管理面组件的少量改动和rexec工具修改,这些修改基于指定版本,其他版本可基于实际执行环境做适配修改。文档中提供的patch仅供验证指导使用,不具备实际商用的条件。 diff --git a/docs/zh/server/diversified_computing/dpu_offload/libvirt_direct_connection_aggregation_environment_establishment.md b/docs/zh/server/diversified_computing/dpu_offload/libvirt_direct_connection_aggregation_environment_establishment.md new file mode 100644 index 0000000000000000000000000000000000000000..ebc598f10bbfac071e86a27bf4c0c0c7b7e8de31 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/libvirt_direct_connection_aggregation_environment_establishment.md @@ -0,0 +1,425 @@ +# **1** 硬件准备 + +## 测试模式 + +需准备2台物理机(虚拟机当前未试过),网络互通。 + +其中一台作为DPU模拟,另一台作为HOST模拟。在本文档中用DPU和HOST指代这两台服务器。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>测试模式因为会暴露网络端口且不做连接认证,存在网络安全风险,仅能用于内部测试验证,不要用于实际生产环境。 + +## vsock模式 + +需要DPU加HOST,且DPU能支持通过virtio提供vsock通信方式。 + +目前还未基于真实的支持DPU vsock的环境调试过,本文档当前仅描述基于测试模式的方法,下面的内容依然默认使用测试模式。 + +# **2** libvirt卸载架构图 + +![arch](./figures/arch.png) + +# **3** 环境搭建 + +## **3.1** QTFS文件系统部署 + +可参考qtfs主页: + +QTFS建联需要关闭防火墙。 + +## **3.2** UDSPROXYD服务部署 + +### 3.2.1 简介 + +udsproxyd是一个跨主机的unix domain socket代理服务,需要分别部署在host和dpu上,在host和dpu上的udsproxyd组件是对等的关系,可以实现分布在host与dpu上的2个进程之间的uds通信,通信进程是无感的,也就是说如果这两个进程在同一主机内通过uds正常通信的功能,拉远到host和dpu之间也可以,不需要做代码适配,只需要作为client的一端加一个环境变量`LD_PRELOAD=libudsproxy.so`。udsproxyd作为一个跨主机的unix socket服务,本身可以用LD_PRELOAD=libudsproxy.so的方式对接使用,在qtfs的支持下也可以无感应用,这需要提前做好白名单相关配置,具体有两种方式,将在后面详述。 + +### 3.2.2 部署方式 + +首先,在dpu-utilities工程内编译udsproxyd: + +```bash + +cd qtfs/ipc + +make -j UDS_TEST_MODE=1 && make install + +``` + +当前最新版本下,qtfs server侧的engine服务已经整合了udsproxyd的能力,所以server侧若部署了qtfs后不需要再额外启动udsproxyd。client侧则单独拉起udsproxyd服务: + +```bash + +nohup /usr/bin/udsproxyd 2>&1 & + +``` + +参数解释: + +```bash + +thread num: 线程数量,目前只支持单线程,填1. + +addr: 本机使用的ip + +port:本机占用的port + +peer addr: udsproxyd对端的ip + +peer port: 对端port + +``` + +示例: + +```bash + +nohup /usr/bin/udsproxyd 1 192.168.10.10 12121 192.168.10.11 12121 2>&1 & + +``` + +如果未拉起qtfs的engine服务,想单独测试udsproxyd,则在server端也对等拉起udsproxyd即可: + +```bash + +nohup /usr/bin/udsproxyd 1 192.168.10.11 12121 192.168.10.10 12121 2>&1 & + +``` + +### 3.2.3 应用方式 + +#### 3.2.3.1 独立使用udsproxyd服务 + +需要在使用uds服务的unix socket应用程序的client端进程启动时添加LD_PRELOAD=libudsproxy.so环境变量,以接管glibc的connect api进行uds对接,在libvirt卸载场景中可以将libudsproxy.so拷贝到libvirt的chroot目录下的/usr/lib64中以提供给libvirtd服务使用,这一步在后面介绍。 + +#### 3.2.3.2 无感使用udsproxyd服务 + +首先为qtfs配置uds服务的白名单,这里说的白名单是unix socket的server端bind的sock文件地址,例如libvirt的虚拟机建立的unix socket的服务端文件地址都在/var/lib/libvirt下,则我们需要增加一条白名单路径为/var/lib/libvirt/,提供两种方式供选择: + +a) 通过配置工具qtcfg加载,进入qtfs/qtinfo目录编译工具: + +在qtfs的client端执行: + +```bash + +make role=client +make install + +``` + +在qtfs的server端执行: + +```bash + +make role=server +make install + +``` + +配置工具将会自动安装,然后使用qtcfg命令配置白名单,假设需要增加的白名单为"/var/lib/libvirt/",输入: + +```bash + +qtcfg -x /var/lib/libvirt/ + +``` + +查询白名单为: + +```bash + +qtcfg -z + +``` + +删除白名单为: + +```bash + +qtcfg -y 0 + +``` + +删除白名单时,参数为查询白名单时列出来的index序号。 + +b) 通过配置文件增加,这需要在qtfs或qtfs_server内核模块加载前配置,通过内核模块初始化时读取该文件进行白名单配置。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>白名单是为了防止不相干的unix socket链接也进行远程连接产生错误,或者浪费不必要的资源,所以白名单尽量设置得精确一些,比如本文中针对libvirt场景设置为/var/lib/libvirt/比较好,而直接将/var/lib/或/var/或直接将根目录加入的做法是有较大风险的。 + +## **3.3** REXEC服务部署 + +### 3.3.1 简介 + +rexec是一个用c语言开发的远程执行组件,分为rexec client和rexec server。server端为一个常驻服务进程,client端为一个二进制文件,client端被执行后会基于udsproxyd服务与server端建立uds连接,并由server常驻进程在server端拉起指定程序。在libvirt虚拟化卸载中,libvirtd卸载到DPU上,当它需要在HOST拉起虚拟机qemu进程时调起rexec client进行远程拉起。 + +### 3.3.2 部署方法 + +#### 3.3.2.1 配置环境变量与白名单 + +在host侧配置rexec server的白名单,将文件whitelist放置在/etc/rexec/目录下并修改权限为只读: + +```bash + +chmod 400 /etc/rexec/whitelist + +``` + +如果想仅用于测试,可以不进行白名单配置,删除此文件重启rexec_server进程后则没有白名单限制。 + +下载dpu-utilities代码后,进入qtfs/rexec主目录下,执行:`make && make install`即可安装rexec所需全部二进制到/usr/bin目录下,包括了:`rexec、rexec_server`两个二进制可执行文件。 + +在server端启动rexec_server服务之前,检查是否存在/var/run/rexec目录,没有则创建: + +```bash + +mkdir /var/run/rexec + +``` + +#### 3.3.2.2 服务方式 + +server端可以通过两种方式拉起rexec_server服务。 + +- 方式1: + +配置systemd服务 + +在/usr/lib/systemd/system/下增加rexec.service文件,内容如下: + +[rexec.service](./config/rexec.service) + +然后通过systemctl管理rexec服务。 + +首次配置服务时: + +```bash + +systemctl daemon-reload + +systemctl enable --now rexec + +``` + +后续重启新启动服务: + +```bash + +systemctl stop rexec + +systemctl start rexec + +``` + +- 方式2: + +手动后台拉起: + +```bash + +nohup /usr/bin/rexec_server 2>&1 & + +``` + +## **3.4** libvirt服务部署 + +### 3.4.1 HOST侧部署 + +HOST无需额外部署,只需要安装虚拟机启动环境以及libvirt即可(安装libvirt主要是为了创建对应的目录): + +```bash + +yum install -y qemu libvirt edk2-aarch64 #(arm环境虚拟机启动需要) + +``` + +HOST需要放置虚拟机镜像,后面通过qtfs挂载到client端共享给libvirt。 + +### 3.4.2 DPU侧部署 + +#### 3.4.2.1 创建chroot环境 + +a) 从openEuler官网下载qcow镜像,例如23.09版本。 + +b) 将qcow2挂载出来: + +```bash + +cd /root/ + +mkdir p2 new_root_origin new_root + +modprobe nbd maxport=8 + +qemu-nbd -c /dev/nbd0 xxx.qcow2 + +mount /dev/nbd0p2 /root/p2 + +cp -rf /root/p2/* /root/new_root_origin/ + +umount /root/p2 + +qemu-nbd -d /dev/nbd0 + +``` + +c) 此时new_root_origin有解压出来的镜像根目录,再将new_root绑定挂载到该目录上,作为chroot的根目录挂载点: + +```bash + +mount --bind /root/new_root_origin /root/new_root + +``` + +#### 3.4.2.2 安装libvirt + +此处介绍patch方式源码编译,如果计算提供rpm包则参考计算提供的安装方法。 + +a) 进入chroot环境,安装编译环境和常用工具: + +```bash + +yum groupinstall "Development tools" -y +yum install -y vim meson qemu qemu-img strace edk2-aarch64 tar + +``` + +其中edk2-aarch64是arm环境下虚拟机启动需要的。 + +b) 安装libvirt编译需要的依赖包: + +```bash + +yum install -y rpcgen python3-docutils glib2-devel gnutls-devel libxml2-devel libpciaccess-devel libtirpc-devel yajl-devel systemd-devel dmidecode glusterfs-api numactl + +``` + +c)下载libvirt-x.x.x。源码包:。 + +d) 获取直连聚合libvirt patch: + + + +e)将源码包解压到chroot环境下的目录,如/home。将patch打上。 + +f) 进入libvirt-x.x.x目录。 + +```bash + +meson build --prefix=/usr -Ddriver_remote=enabled -Ddriver_network=enabled -Ddriver_qemu=enabled -Dtests=disabled -Ddocs=enabled -Ddriver_libxl=disabled -Ddriver_esx=disabled -Dsecdriver_selinux=disabled -Dselinux=disabled + +``` + +g) 安装成功。 + +```bash + +ninja -C build install + +``` + +#### 3.4.2.3 启动libvirtd服务 + +libvirt直连聚合卸载模式,需要从chroot内启动libvirtd服务,首先需要把chroot之外的libvirtd服务停掉。 + +a) 放置虚拟机跳板脚本在chroot环境下的/usr/bin和/usr/libexec下:[qemu-kvm](./scripts/qemu-kvm)。替换原同名二进制,这个跳板脚本就是用于调用rexec拉起远端虚拟机。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>virsh使用的xml中,\下面的\需要填qemu-kvm,如果是填的其他,则需要修改为qemu-kvm,或者将跳板脚本替换\指代的二进制,且跳板脚本内容需要对应地更改。 + +b) 将udsproxyd编译时附带产生的libudsproxy.so拷贝到本chroot目录下/usr/lib64下,如果配置qtfs的uds白名单方式使用udsproxyd服务,则不需要。 + +c) 将前面rexec编译产生的rexec二进制放置到本chroot的/usr/bin/目录下。 + +d) 配置chroot的挂载环境,需要挂载一些目录,使用如下配置脚本: + +- [virt_start.sh](./scripts/virt_start.sh)为配置脚本,virt_start.sh脚本中需要手动修改qtfs ko dir为编译的ko位置,host ip address为正确的host地址。 + +- [virt_umount.sh](./scripts/virt_umount.sh)为消除配置脚本。 + +e) 脚本中挂载目录位置都是按照本文档前文创建目录位置与名称为准,如果有修改需要同步适配修改脚本。 + +f) 配置好chroot环境后,进入chroot环境,手动拉起libvirtd。 + +未配置qtfs使用udsproxyd白名单的拉起方式: + +```bash + +LD_PRELOAD=/usr/lib64/libudsproxy.so virtlogd -d +LD_PRELOAD=/usr/lib64/libudsproxy.so libvirtd -d + +``` + +如果已配置qtfs使用udsproxyd白名单,则不需要增加LD_PRELOAD前缀: + +```bash + +virtlogd -d +libvirtd -d + +``` + +查看是否已配置白名单的方式,在chroot之外的窗口,执行: + +```bash + +qtcfg -z + +``` + +查看列举出来的白名单是否包含/var/lib/libvirt/。 + +## **3.5** 拉起虚拟机 + +服务部署完成后,即可以在DPU侧进行虚拟机的生命周期管理。 + +### 3.5.1 虚拟机define + +a) 将虚拟机启动镜像放置在HOST侧某目录,例如: + +```bash + +/home/VMs/Domain_name + +``` + +b) 使用qtfs将这个目录挂载到DPU侧: + +```bash + +mount -t qtfs /home/VMs /home/VMs + +``` + +c)xml中使用`/home/VMs/Domain_name`作为启动镜像,这样在DPU和HOST侧看到的都是同一个镜像文件(Domain_name是虚拟机domain的名字)。 + +d) 检查xml中\是否指向了跳板脚本。 + +e) 执行以下命令。 + +```bash + +virsh define xxx.xml + +``` + +### 3.5.2 虚拟机start + +```bash + +virsh start domain + +``` + +# **4** 环境重置 + +由于libvirt在DPU和HOST之间共享了部分目录,卸载环境时需要先将这部分目录全部umount。一般先停掉libvirtd和virtlogd进程,调用virt_umount脚本即可。如果HOST还有虚拟机运行,也需要先杀掉才能umount。 + +# **5** 部分问题定位思路 + +1、 libvirt编译失败:检查依赖包安装是否完全,如果chroot挂载了外部目录或者host目录,也可能导致编译失败,需先解除挂载。 + +2、 QTFS挂载失败:可能server端engine进程没拉起、防火墙没关导致qtfs建联失败。 + +3、 虚拟机define失败:检查xml里的项目仿真器是否指向跳板脚本、虚拟机镜像是否已经通过qtfs挂载到DPU上可见,且路径与HOST一致。 + +4、 虚拟机启动失败:libvirtd和virtlogd服务是否拉起、rexec服务是否拉起、跳板进程是否拉起、是否qemu-kvm拉起时报错。 diff --git a/docs/zh/server/diversified_computing/dpu_offload/offload_deployment_guide.md b/docs/zh/server/diversified_computing/dpu_offload/offload_deployment_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..3d943885d0909842a85c5760f54f56e7e556068a --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/offload_deployment_guide.md @@ -0,0 +1,167 @@ +# 容器管理面无感卸载部署指导 + +> ![](./public_sys-resources/icon-note.gif)**说明**: +> +> 本指导涉及对容器管理面组件的少量改动和rexec工具修改,这些修改基于指定版本,其他版本可基于实际执行环境做适配修改。文档中提供的patch仅供验证指导使用,不具备实际商用的条件。 +> +> +> 当前共享文件系统之间通信通过网络完成,可通过网络互连的两台物理机器或VM模拟验证。 +> +> 建议用户验证前先搭建可正常使用的kubernetes集群和容器运行环境,针对其中单个节点的管理面进程进行卸载验证,卸载环境(DPU)可选择一台具备网络连接的物理机或VM。 + +## 简介 + +容器管理面,即kubernetes、dockerd、containerd、isulad等容器的管理工具,而容器管理面卸载,即是将容器管理面卸载到与容器所在机器(以下称为HOST)之外的另一台机器(当前场景下是指DPU,一个具备独立运行环境的硬件集合)上运行。 + +我们使用共享文件系统qtfs将HOST上与容器运行相关的目录挂载到DPU上,使得容器管理面工具(运行在DPU)可以访问到这些目录,并为容器(运行在HOST)准备运行所需要的环境,此处,因为需要挂载远端的proc和sys等特殊文件系统,所以,我们创建了一个专门的rootfs以作为kubernetes、dockerd的运行环境(以下称为`/another_rootfs`)。 + +并且通过rexec执行容器的拉起、删除等操作,使得可以将容器管理面和容器分离在不同的两台机器上,远程对容器进行管理。 + +## 相关组件补丁介绍 + +### rexec介绍 + +rexec是一个用go语言开发的远程执行工具,基于docker/libchan下的[rexec](https://github.com/docker/libchan/tree/master/examples/rexec)示例工具改造而成,实现远程调用远端二进制的功能,为方便使用在rexec中增加了环境变量传递和监控原进程退出等能力。 + +rexec工具的具体使用方式为在服务器端用`CMD_NET_ADDR=tcp://0.0.0.0:<端口号> rexec_server`的方式拉起rexec服务进程,然后在客户端用`CMD_NET_ADDR=tcp://<服务端ip>:<端口号> rexec [要执行的指令]`的方式启动,便可以调用rexec_server执行需要执行的指令,并等待指令执行结果返回。 + +### dockerd相关改动介绍 + +对dockerd的改动基于18.09版本。 + +在containerd中,暂时注释掉了通过hook调用libnetwork-setkey的部分,此处不影响容器的拉起。并且,为了docker load的正常使用,注释掉了在mounter_linux.go 中mount函数中一处错误的返回。 + +最后,因为在容器管理面的运行环境中,将`/proc`挂在了服务端的proc文件系统,而本地的proc文件系统则挂载在了`/local_proc`,所以,dockerd以及containerd中的对`/proc/self/xxx`或者`/proc/getpid()/xxx`或者相关的文件系统访问的部分,我们统统将`/proc`改为了`/local_proc`。 + +### containerd相关改动介绍 + +对于containerd的改动基于containerd-1.2-rc.1版本。 + +在获取mountinfo时,因为`/proc/self/mountinfo`只能获取到dockerd本身在本地的mountinfo,而无法获取到服务端的mountinfo,所以,将其改为了`/proc/1/mountinfo`,使其通过获取服务端1号进程mountinfo的方式得到服务端的mountinfo。 + +在contaienrd-shim中,将与containerd通信的unix socket改为了用tcp通信,containerd通过`SHIM_HOST`环境变量获取containerd-shim所运行环境的ip,即服务端ip。用shim的哈希值计算出一个端口号,并以此作为通信的端口,来拉起containerd-shim. + +并且,将原来的通过系统调用给contaienr-shim发信号的方式,改为了通过远程调用kill指令的方式向shim发信号,确保了docker杀死容器的行为可以正确的执行。 + +### kubernetes相关改动介绍 + +kubelet暂不需要功能性改动,可能会遇到容器QoS管理器首次设置失败的错误,该错误不影响后续Pods拉起流程,暂时忽略该报错。 + +## 容器管理面卸载操作指南 + +在服务器端和客户端,都要拉起rexec_server。服务器端拉起rexec_server,主要是用于客户端创建容器时用rexec拉起containerd-shim,而客户端拉起rexec_server,则是为了执行containerd-shim对dockerd和containerd的调用。 + +### 服务器端 + +创建容器管理面所需要的文件夹,然后插入qtfs_server.ko,并拉起engine进程。 + +此外在服务器端,还需要创建rexec脚本/usr/bin/dockerd。 + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://<客户端ip>: rexec /usr/bin/dockerd $* +``` + +### 客户端 + +需要准备一个rootfs,作为dockerd与containerd的运行环境,通过如下的脚本,将dockerd、containerd所需要的服务端目录挂载到客户端。并且,需要确保在以下脚本中被挂载的远程目录在服务端和客户端都存在。 + +``` shell +#!/bin/bash +mkdir -p /another_rootfs/var/run/docker/containerd +iptables -t nat -N DOCKER +echo "---------insmod qtfs ko----------" +insmod /YOUR/QTFS/PATH/qtfs.ko qtfs_server_ip=<服务端ip> qtfs_log_level=INFO + +# chroot环境内的proc使用DPU的proc共享文件系统替换,需要将本机真实proc文件系统挂载到local_proc下使用 +mount -t proc proc /another_rootfs/local_proc/ + +# 将chroot内环境与外部环境bind,方便进行配置和运行 +mount --bind /var/run/ /another_rootfs/var/run/ +mount --bind /var/lib/ /another_rootfs/var/lib/ +mount --bind /etc /another_rootfs/etc + +mkdir -p /another_rootfs/var/lib/isulad + +# 在chroot环境内创建并挂载dev、sys和cgroup文件系统 +mount -t devtmpfs devtmpfs /another_rootfs/dev/ +mount -t sysfs sysfs /another_rootfs/sys +mkdir -p /another_rootfs/sys/fs/cgroup +mount -t tmpfs tmpfs /another_rootfs/sys/fs/cgroup +list="perf_event freezer files net_cls,net_prio hugetlb pids rdma cpu,cpuacct memory devices blkio cpuset" +for i in $list +do + echo $i + mkdir -p /another_rootfs/sys/fs/cgroup/$i + mount -t cgroup cgroup -o rw,nosuid,nodev,noexec,relatime,$i /another_rootfs/sys/fs/cgroup/$i +done + +## common system dir +mount -t qtfs -o proc /proc /another_rootfs/proc +echo "proc" +mount -t qtfs /sys /another_rootfs/sys +echo "cgroup" + +# 挂载容器管理面所需要的共享目录 +mount -t qtfs /var/lib/docker/containers /another_rootfs/var/lib/docker/containers +mount -t qtfs /var/lib/docker/containerd /another_rootfs/var/lib/docker/containerd +mount -t qtfs /var/lib/docker/overlay2 /another_rootfs/var/lib/docker/overlay2 +mount -t qtfs /var/lib/docker/image /another_rootfs/var/lib/docker/image +mount -t qtfs /var/lib/docker/tmp /another_rootfs/var/lib/docker/tmp +mkdir -p /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mount -t qtfs /run/containerd/io.containerd.runtime.v1.linux/ /another_rootfs/run/containerd/io.containerd.runtime.v1.linux/ +mkdir -p /another_rootfs/var/run/docker/containerd +mount -t qtfs /var/run/docker/containerd /another_rootfs/var/run/docker/containerd +mount -t qtfs /var/lib/kubelet/pods /another_rootfs/var/lib/kubelet/pods +``` + +在/another_rootfs中,需要创建以下脚本,用来支持部分跨主机操作。 + +* /another_rootfs/usr/local/bin/containerd-shim + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://<服务端ip>: /usr/bin/rexec /usr/bin/containerd-shim $* +``` + +* /another_rootfs/usr/local/bin/remote_kill + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://<服务端ip>: /usr/bin/rexec /usr/bin/kill $* +``` + +* /another_rootfs/usr/sbin/modprobe + +``` shell +#!/bin/bash +CMD_NET_ADDR=tcp://<服务端ip>: /usr/bin/rexec /usr/sbin/modprobe $* +``` + +在chroot到dockerd和containerd运行所需的rootfs后,用如下的命令拉起dockerd和containerd。 + +* containerd + +``` shell +#!/bin/bash +SHIM_HOST=<服务端ip> containerd --config /var/run/docker/containerd/containerd.toml --address /var/run/containerd/containerd.sock +``` + +* dockerd + +``` shell +#!/bin/bash +SHIM_HOST=<服务端ip> CMD_NET_ADDR=tcp://<服务端ip>: /usr/bin/dockerd --containerd /var/run/containerd/containerd.sock +``` + +* kubelet + +在chroot环境内使用原参数拉起kubelet即可。 + +因为我们已经将/var/run/和/another_rootfs/var/run/绑定在了一起,所以可以在正常的rootfs下,通过docker来访问docker.sock接口进行容器管理。 + +至此,完成容器管理面卸载到DPU,可以通过docker相关操作进行容器创建、删除等操作,也可以通过kubectl在当前节点进行pods调度和销毁,且实际容器业务进程运行在HOST侧。 + +> ![](./public_sys-resources/icon-note.gif)**说明**: +> +> 本指导所述操作只涉及容器管理面进程卸载,不包含容器网络和数据卷volume等卸载,如有相关需求,需要通过额外的网络或存储卸载能力支持。本指导支持不带网络和存储的容器跨节点拉起。 diff --git a/docs/zh/server/diversified_computing/dpu_offload/overview.md b/docs/zh/server/diversified_computing/dpu_offload/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..518deb0158764ba6e51207b29543f8ebaf513294 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/overview.md @@ -0,0 +1,11 @@ +# 容器管理面DPU无感卸载指南 + +本文档介绍基于openEuler操作系统的容器管理面DPU无感卸载功能特性及安装部署方法,该特性可以通过操作系统提供的统一抽象层,屏蔽容器管理面跨主机资源访问的差异,实现容器管理面业务无感卸载到DPU上。 + +本文档适用于使用openEuler系统并希望了解和使用操作系统内核及容器的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备以下经验和技能: + +- 熟悉Linux基本操作 + +- 熟悉linux内核文件系统相关基础机制 + +- 对kubernetes和docker有一定了解,熟悉docker及kubernetes部署及使用 \ No newline at end of file diff --git a/docs/zh/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif b/docs/zh/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/diversified_computing/dpu_offload/qtfs_architecture_and_usage.md b/docs/zh/server/diversified_computing/dpu_offload/qtfs_architecture_and_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..8088f480ee8008714ab9c3fa066be15c2864bcda --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/qtfs_architecture_and_usage.md @@ -0,0 +1,69 @@ +# qtfs + +## 介绍 + +qtfs是一个共享文件系统项目,可部署在host-dpu的硬件架构上,也可以部署在2台服务器之间。以客户端服务器的模式工作,使客户端能通过qtfs访问服务端的指定文件系统,得到本地文件访问一致的体验。 + +qtfs的特性: + ++ 支持挂载点传播; + ++ 支持proc、sys、cgroup等特殊文件系统的共享; + ++ 支持远程文件读写的共享; + ++ 支持在客户端对服务端的文件系统进行远程挂载; + ++ 支持特殊文件的定制化处理; + ++ 支持远端fifo、unix-socket等,并且支持epoll,使客户端和服务端像本地通信一样使用这些文件; + ++ 支持基于host-dpu架构通过PCIe协议底层通信,性能大大优于网络; + ++ 支持内核模块形式开发,无需对内核进行侵入式修改。 + +## 软件架构 + +软件大体框架图: + +![qtfs-arch](./figures/qtfs-arch.png) + +## 安装教程 + +目录说明: + ++ **qtfs**: 客户端内核模块相关代码,直接在该目录下编译客户端ko。 + ++ **qtfs_server**: 服务端内核模块相关代码,直接在该目录下编译服务端ko和相关程序。 + ++ **qtinfo**: 诊断工具,支持查询文件系统的工作状态以及修改log级别等。 + ++ **demo**、**test**、**doc**: 测试程序、演示程序以及项目资料等。 + ++ 根目录: 客户端与服务端通用的公共模块代码。 + +首先找两台服务器(或虚拟机)配置内核编译环境: + + 1. 要求内核版本在5.10或更高版本。 +  2. 安装内核开发包:yum install kernel-devel。 + +服务端安装: + + 1. cd qtfs_server + 2. make clean && make + 3. insmod qtfs_server.ko qtfs_server_ip=x.x.x.x qtfs_server_port=12345 qtfs_log_level=WARN + 4. ./engine 4096 16 + +客户端安装: + + 1. cd qtfs + 2. make clean && make + 3. insmod qtfs.ko qtfs_server_ip=x.x.x.x qtfs_server_port=12345 qtfs_log_level=WARN + +## 使用说明 + +安装完成后,客户端通过挂载把服务端的文件系统让客户端可见,例如: + + mount -t qtfs / /root/mnt/ + +客户端进入"/root/mnt"后便可查看到server端的所有文件,以及对其进行相关操作。 diff --git a/docs/zh/server/diversified_computing/dpu_offload/scripts/qemu-kvm b/docs/zh/server/diversified_computing/dpu_offload/scripts/qemu-kvm new file mode 100644 index 0000000000000000000000000000000000000000..e869371be109b57f59709fc23bc5b1cb2002cfbf --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/scripts/qemu-kvm @@ -0,0 +1,3 @@ +#!/bin/bash + +exec /usr/bin/rexec /usr/bin/qemu-kvm $* diff --git a/docs/zh/server/diversified_computing/dpu_offload/scripts/virt_start.sh b/docs/zh/server/diversified_computing/dpu_offload/scripts/virt_start.sh new file mode 100644 index 0000000000000000000000000000000000000000..06ca194b7a639a947b6e395f116beeba7c897459 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/scripts/virt_start.sh @@ -0,0 +1,48 @@ +#!/bin/bash +insmod ./qtfs.ko qtfs_server_ip=192.168.10.11 qtfs_log_level=NONE + +systemctl stop libvirtd + +if [ ! -d "/root/new_root/local_proc" ]; then + mkdir -p /root/new_root/local_proc +fi +if [ ! -d "/root/new_root/local" ]; then + mkdir -p /root/new_root/local +fi +mount -t proc proc /root/new_root/local_proc/ +mount -t proc proc /root/new_root/local/proc +mount -t sysfs sysfs /root/new_root/local/sys +mount --bind /var/run/ /root/new_root/var/run/ +mount --bind /var/lib/ /root/new_root/var/lib/ +mount --bind /var/cache/ /root/new_root/var/cache +mount --bind /etc /root/new_root/etc + +mkdir -p /root/new_root/home/VMs/ +mount -t qtfs /home/VMs/ /root/new_root/home/VMs/ + +mount -t qtfs /var/lib/libvirt /root/new_root/var/lib/libvirt + +mount -t devtmpfs devtmpfs /root/new_root/dev/ +mount -t hugetlbfs hugetlbfs /root/new_root/dev/hugepages/ +mount -t mqueue mqueue /root/new_root/dev/mqueue/ +mount -t tmpfs tmpfs /root/new_root/dev/shm + +mount -t sysfs sysfs /root/new_root/sys +mkdir -p /root/new_root/sys/fs/cgroup +mount -t tmpfs tmpfs /root/new_root/sys/fs/cgroup +list="perf_event freezer files net_cls,net_prio hugetlb pids rdma cpu,cpuacct memory devices blkio cpuset" +for i in $list +do + echo $i + mkdir -p /root/new_root/sys/fs/cgroup/$i + mount -t cgroup cgroup -o rw,nosuid,nodev,noexec,relatime,$i /root/new_root/sys/fs/cgroup/$i +done + +## common system dir +mount -t qtfs -o proc /proc /root/new_root/proc +echo "proc" + +mount -t qtfs /sys /root/new_root/sys +echo "cgroup" +mount -t qtfs /dev/pts /root/new_root/dev/pts +mount -t qtfs /dev/vfio /root/new_root/dev/vfio diff --git a/docs/zh/server/diversified_computing/dpu_offload/scripts/virt_umount.sh b/docs/zh/server/diversified_computing/dpu_offload/scripts/virt_umount.sh new file mode 100644 index 0000000000000000000000000000000000000000..4adddec913c23069c6bffddec0bf1770f8c5ce71 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_offload/scripts/virt_umount.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +umount /root/new_root/dev/hugepages +umount /root/new_root/etc +umount /root/new_root/home/VMs +umount /root/new_root/local_proc +umount /root/new_root/local/proc +umount /root/new_root/var/lib/libvirt +umount /root/new_root/var/lib +umount /root/new_root/* +umount /root/new_root/dev/pts +umount /root/new_root/dev/mqueue +umount /root/new_root/dev/shm +umount /root/new_root/dev/vfio +umount /root/new_root/dev +rmmod qtfs + +umount /root/new_root/sys/fs/cgroup/* +umount /root/new_root/sys/fs/cgroup +umount /root/new_root/sys diff --git a/docs/zh/server/diversified_computing/dpu_os/_toc.yaml b/docs/zh/server/diversified_computing/dpu_os/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4985e0235e0aadef8badd5da2e810e5a26ec1145 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_os/_toc.yaml @@ -0,0 +1,10 @@ +label: DPU-OS +isManual: true +description: 介绍基于openEuler操作系统裁剪构建DPU-OS镜像的方法以及部署验证方法 +sections: + - label: DPU-OS背景与需求 + href: ./dpu_os_background_and_requirements.md + - label: DPU-OS裁剪指导 + href: ./dpu_os_tailoring_guide.md + - label: 验证与部署 + href: ./verification_and_deployment.md diff --git a/docs/zh/server/diversified_computing/dpu_os/dpu_os_background_and_requirements.md b/docs/zh/server/diversified_computing/dpu_os/dpu_os_background_and_requirements.md new file mode 100644 index 0000000000000000000000000000000000000000..45b0da57057ff349d2b53fb0f68b6b88273fde6d --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_os/dpu_os_background_and_requirements.md @@ -0,0 +1,67 @@ +# DPU-OS背景与需求 + +## 概述 + +在数据中心及云场景下,摩尔定律失效,通用处理单元CPU算力增长速率放缓,而网络IO类速率及性能不断攀升,二者增长速率差异形成剪刀差,即当前通用处理器的处理能力无法跟上网络、磁盘等IO处理的需求。传统数据中心下越来越多的通用CPU算力被IO及管理面等处理占用,这部分资源损耗称之为数据中心税(Datacenter Tax)。据AWS统计,数据中心税可能占据数据中心算力的30%以上,部分场景下甚至可能更多。 + +DPU (Data Processing Unit) 的出现就是为了将这部分算力资源从主机CPU上解放出来,通过将管理面、网络、存储、安全等能力卸载到专有的处理器芯片上进行处理加速,达成降本增效的结果。目前主流云厂商如AWS、阿里云、华为云都通过自研芯片完成管理面及相关数据面的卸载,实现数据中心计算资源100%售卖给客户。 + +目前DPU发展非常火热,云厂商及大数据在相关场景下对DPU存在较强烈的需求,国内也有很多DPU初创公司推出不同的DPU产品。在这一背景下,云和大数据等厂商需要考虑如何整合使用不同DPU产品,而DPU厂商也面临对不同客户交付时设备驱动适配客户指定操作系统的问题。openEuler作为国内领先的开源开放操作系统,通过基于openEuler构建的DPU-OS,解决DPU厂商及客户之间的适配问题。另外DPU上OS用于承载部分业务加速的需求,需要对DPU-OS进行性能优化加速,可以基于openEuler构建DPU相关加速能力,内置在DPU-OS中,构建DPU相关软件生态。 + +## DPU-OS需求分析及设计 + +### DPU现状及对OS需求 + +DPU普遍具有以下特点和问题: + +* DPU通用处理能力资源受限 + + 当前DPU仍处在发展早期阶段,硬件上仍在不断演进,而且由于DPU供电限制,当前硬件规格普遍较低。主流DPU中通用处理器CPU核数普遍较少,约8-24CPU,且单核处理能力较弱。内存大小受限,普遍在16-32GB。DPU本地存储空间为几十到几百GB不等。运行于DPU之上的操作系统也需要考虑这些限制。 + +* DPU-OS安装方式多样 + + 当前DPU厂商及产品多种多样,对应操作系统的安装部署方式也不尽相同,包括PXE网络安装、U盘安装或其他自定义安装方式(由HOST下发安装镜像)。 + +* DPU性能需求 + + DPU的应用场景决定其对性能有强烈需求,相比于通用服务器操作系统,DPU-OS可能对内核特性或功能组件有特殊要求,比如用于设备直通热迁移的vDPA特性、厂商特定驱动适配支持、DPU进程的无感卸载特性、定制优化的用户态数据面加速工具如DPDK/SPDK/OVS、DPU管理监控相关的工具类组件。 + +针对以上DPU现状,提出对DPU-OS的需求如下: + +* 极致轻量的DPU-OS安装包 + + 通过裁剪openEuler系统镜像,减少非必要安装包的空间占用;通过优化系统服务,减少资源底噪开销。 + +* 裁剪配置及工具支持 + + 提供裁剪配置及裁剪工具支持,客户或DPU厂商可根据各自需求进行定制;openEuler提供ISO参考实现。 + +* 定制化内核及系统,提供极致性能 + + 通过定制内核及相关驱动,提供DPU竞争力内核特性;定制化加速类组件,使能DPU硬件加速能力;优化系统配置提供更优性能;通过DPU相关管理控制工具,方便用户统一管理。 + +#### DPU-OS设计 + +**图1**DPU-OS整体设计 + +![dpuos-arch](./figures/dpuos-arch.png) + +如图1所示,DPU-OS分为五层设计: + +* 内核层:通过定制内核config,裁剪非必需内核特性及模块,达成内核轻量级效果;使能特定内核特性提供高性能DPU内核能力。 + +* 驱动层:对openEuler原生驱动进行裁剪定制,选择最小集合;DPU厂商相关底层驱动集成,原生支持部分DPU硬件产品。 + +* 系统配置层:通过对系统sysctl、proc进行配置,为DPU相关业务提供最优性能。 + +* 外围包层:对openEuler外围包进行裁剪定制,选择最小集合;提供DPU相关的定制工具集合。 + +* 系统服务层:通过优化系统原生服务启动项,减少非必要系统服务运行,保证系统运行时底噪最小化。 + +通过上述五层设计达成轻量化、极致性能DPU-OS的目标。该方案为相对长期设计,且对DPU相关软硬件生态有较强的依赖;当前第一阶段先实现基于openEuler imageTailor进行裁剪。 + +DPU-OS的裁剪步骤可参考[DPU-OS裁剪指导文档](./dpu_os_tailoring_guide.md),验证与部署可参考[DPU-OS部署验证指导文档](./verification_and_deployment.md)。 + +> ![](./public_sys-resources/icon-note.gif)**说明**: +> +> 当前阶段DPU-OS先基于openEuler现有内核及外围包,使用镜像裁剪工具imageTailor进行裁剪,提供轻量化OS安装镜像。后续可根据实际诉求,进行相关内核及外围包特性的开发及集成。 diff --git a/docs/zh/server/diversified_computing/dpu_os/dpu_os_tailoring_guide.md b/docs/zh/server/diversified_computing/dpu_os/dpu_os_tailoring_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..f04cdb77d28380066ecb30d3cf8a6de4b74da6f2 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_os/dpu_os_tailoring_guide.md @@ -0,0 +1,65 @@ +# DPU-OS裁剪指导 + +本文档主要介绍`imageTailor`的使用方法并结合[dpu-utilities仓库](https://gitee.com/openeuler/dpu-utilities/tree/master/dpuos)的`dpuos`配置文件裁剪得到`dpuos`的安装镜像,具体步骤如下: + +## 准备imageTailor和所需的rpm包 + +参照[imageTailor使用指导文档](https://docs.openeuler.org/zh/docs/24.03_LTS_SP1/docs/TailorCustom/imageTailor%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97.html)安装好`imageTailor`工具并将裁剪所要用到的rpm包准备好。 + +可以使用openEuler提供安装镜像作为镜像裁剪所需要rpm包源,`openEuler-{version}-everything-debug-aarch64-dvd.iso`中的rpm比较全但是此镜像很大,可以用镜像`openEuler-{version}-aarch64-dvd.iso`中的rpm包和一个`install-scripts.noarch`实现。 + +`install-scripts.noarch`包括可以从everything包中获取,或者在系统中通过yum下载: + +```bash +yum install -y --downloadonly --downloaddir=./ install-scripts +``` + +### 拷贝dpuos相关的配置文件 + +`imageTailor`工具默认安装在`/opt/imageTailor`路径下。执行下面的命令将`dpuos`的配置拷贝到对应的路径下,拷贝时选择对应架构目录。当前DPU-OS裁剪配置库支持x86_64和aarch64两种架构。 + +```bash +cp -rf custom/cfg_dpuos /opt/imageTailor/custom +cp -rf kiwi/minios/cfg_dpuos /opt/imageTailor/kiwi/minios/cfg_dpuos +``` + +#### 修改其他配置文件 + +* 修改`kiwi/eulerkiwi/product.conf`,增加一行`dpuos`相关配置: + +``` +dpuos PANGEA EMBEDDED DISK GRUB2 install_mode=install install_media=CD install_repo=CD selinux=0 +``` + +* 修改`kiwi/eulerkiwi/minios.conf`,增加一行`dpuos`的相关配置: + +``` +dpuos kiwi/minios/cfg_dpuos yes +``` + +* 修改`repos/RepositoryRule.conf`,增加一行`dpuos`的相关配置: + +``` +dpuos 1 rpm-dir euler_base +``` + +#### 设置密码 + +进入到`/opt/imageTailor`子目录下,修改下面3个文件的密码: + +* `custom/cfg_dpuos/usr_file/etc/default/grub` + +* `custom/cfg_dpuos/rpm.conf` + +* `kiwi/minios/cfg_dpuos/rpm.conf` + +密码生成及修改方法可详见openEuler imageTailor手册[配置初始密码](https://docs.openeuler.org/zh/docs/24.03_LTS_SP1/docs/TailorCustom/imageTailor%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97.html#%E9%85%8D%E7%BD%AE%E5%88%9D%E5%A7%8B%E5%AF%86%E7%A0%81)章节。 + +#### 执行裁剪命令 + +执行下面的命令进行裁剪,最后裁剪出来的iso在`/opt/imageTailor/result`路径下: + +```bash +cd /opt/imageTailor +./mkdliso -p dpuos -c custom/cfg_dpuos --sec --minios force +``` diff --git a/docs/zh/server/diversified_computing/dpu_os/figures/dpuos-arch.png b/docs/zh/server/diversified_computing/dpu_os/figures/dpuos-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..453370ab07858a13a6c40f8d22e3f608e9ec6b4c Binary files /dev/null and b/docs/zh/server/diversified_computing/dpu_os/figures/dpuos-arch.png differ diff --git a/docs/zh/server/diversified_computing/dpu_os/overview.md b/docs/zh/server/diversified_computing/dpu_os/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..da40e928858c43a4b6d54e59995ad58897b40f8f --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_os/overview.md @@ -0,0 +1,11 @@ +# 概述 + +本文档介绍DPU-OS的背景需求及整体设计思想,并介绍基于openEuler操作系统裁剪构建DPU-OS镜像的方法以及部署验证方法。该特性基于openEuler生态构建轻量化以及极致性能的DPU-OS,为DPU场景及用户提供DPU-OS参考实现。 + +本文档适用于使用openEuler系统并希望了解和使用DPU的社区开发者、DPU厂商及客户。使用人员需要具备以下经验和技能: + +- 熟悉Linux基本操作。 + +- 熟悉Linux系统构建及部署的相关基础知识和操作。 + +- 对openEuler ImageTailor镜像裁剪工具有一定了解。 diff --git a/docs/zh/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif b/docs/zh/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/diversified_computing/dpu_os/verification_and_deployment.md b/docs/zh/server/diversified_computing/dpu_os/verification_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..7d4264b74db49fa9c2cdaca04f34207f380463f3 --- /dev/null +++ b/docs/zh/server/diversified_computing/dpu_os/verification_and_deployment.md @@ -0,0 +1,38 @@ +# 验证与部署 + +DPU-OS制作完成后可以安装部署进行验证。由于目前DPU硬件还不成熟,也可以通过VirtualBox拉起虚拟机进行相关部署验证。 + +## 在VirtualBox上部署DPU-OS + +本章节展示了如何在VirtualBox虚拟机管理程序上安装部署DPU-OS。 + +### 验证准备 + +在开始部署 DPU-OS 之前,需要做如下准备工作: + +- 获取 DPU-OS ISO +- 安装有VirtualBox的宿主机 + +#### 初步安装与启动 + +##### 创建虚拟机 + +通过VirtualBox创建新的虚拟机: + +- 选择虚拟机配置,CPU及内存建议2CPU+4GB内存以上 + +- 创建虚拟机磁盘,磁盘大小建议60GB以上 + +- 系统扩展属性部分,勾选启动EFI + +- 存储设置部分,光驱配置选择本地DPU-OS ISO作为光驱文件 + +- 其他网络或显示设置可自定义 + +##### 启动虚拟机 + +启动新建的虚拟机,启动项选择`Install from ISO`进行DPU-OS安装,安装过程自动进行无需手动干预,安装完成后自动重启。 + +选择启动项 `Boot From Local Disk`,启动后即可进入DPU-OS。密码为DPU-OS制作时指定的密码。 + +通过上述步骤,即可完成DPU-OS的本地部署验证。 diff --git a/docs/zh/server/high_availability/ha/_toc.yaml b/docs/zh/server/high_availability/ha/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9bd87d05bad2f0672268761f37fd7539b8610d0f --- /dev/null +++ b/docs/zh/server/high_availability/ha/_toc.yaml @@ -0,0 +1,8 @@ +label: HA用户指南 +isManual: true +description: 安装和使用 HA 高可用集群 +sections: + - label: HA 安装与部署 + href: ./ha_installation_and_deployment.md + - label: HA 使用实例 + href: ./ha_usecase_examples.md diff --git a/docs/zh/server/high_availability/ha/figures/2.png b/docs/zh/server/high_availability/ha/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/2.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-add-resource copy.png b/docs/zh/server/high_availability/ha/figures/HA-add-resource copy.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-add-resource copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-add-resource.png b/docs/zh/server/high_availability/ha/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-add-resource.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-apache-show copy.png b/docs/zh/server/high_availability/ha/figures/HA-apache-show copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-apache-show copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-apache-show.png b/docs/zh/server/high_availability/ha/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-apache-show.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-apache-suc copy.png b/docs/zh/server/high_availability/ha/figures/HA-apache-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-apache-suc copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-apache-suc.png b/docs/zh/server/high_availability/ha/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-apache-suc.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-api copy.png b/docs/zh/server/high_availability/ha/figures/HA-api copy.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-api copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-api.png b/docs/zh/server/high_availability/ha/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-api.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-clone copy.png b/docs/zh/server/high_availability/ha/figures/HA-clone copy.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-clone copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-clone-suc copy.png b/docs/zh/server/high_availability/ha/figures/HA-clone-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-clone-suc copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-clone-suc.png b/docs/zh/server/high_availability/ha/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-clone-suc.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-clone.png b/docs/zh/server/high_availability/ha/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-clone.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-corosync.png b/docs/zh/server/high_availability/ha/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-corosync.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-firstchoice copy.png b/docs/zh/server/high_availability/ha/figures/HA-firstchoice copy.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-firstchoice copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-firstchoice-cmd copy.png b/docs/zh/server/high_availability/ha/figures/HA-firstchoice-cmd copy.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-firstchoice-cmd copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-firstchoice-cmd.png b/docs/zh/server/high_availability/ha/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-firstchoice-cmd.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-firstchoice.png b/docs/zh/server/high_availability/ha/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-firstchoice.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group copy.png b/docs/zh/server/high_availability/ha/figures/HA-group copy.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-new copy.png b/docs/zh/server/high_availability/ha/figures/HA-group-new copy.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-new copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-new-suc copy.png b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-new-suc.png b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-new-suc2 copy.png b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc2 copy.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc2 copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-new-suc2.png b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-new-suc2.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-new.png b/docs/zh/server/high_availability/ha/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-new.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-suc copy.png b/docs/zh/server/high_availability/ha/figures/HA-group-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-suc copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group-suc.png b/docs/zh/server/high_availability/ha/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group-suc.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-group.png b/docs/zh/server/high_availability/ha/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-group.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-home-page copy.png b/docs/zh/server/high_availability/ha/figures/HA-home-page copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-home-page copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-home-page.png b/docs/zh/server/high_availability/ha/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-home-page.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-login.png b/docs/zh/server/high_availability/ha/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-login.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-mariadb copy.png b/docs/zh/server/high_availability/ha/figures/HA-mariadb copy.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-mariadb copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-mariadb-suc copy.png b/docs/zh/server/high_availability/ha/figures/HA-mariadb-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-mariadb-suc copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-mariadb-suc.png b/docs/zh/server/high_availability/ha/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-mariadb-suc.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-mariadb.png b/docs/zh/server/high_availability/ha/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-mariadb.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-nfs copy.png b/docs/zh/server/high_availability/ha/figures/HA-nfs copy.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-nfs copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-nfs-suc copy.png b/docs/zh/server/high_availability/ha/figures/HA-nfs-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-nfs-suc copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-nfs-suc.png b/docs/zh/server/high_availability/ha/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-nfs-suc.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-nfs.png b/docs/zh/server/high_availability/ha/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-nfs.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-pacemaker.png b/docs/zh/server/high_availability/ha/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-pacemaker.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-pcs-status copy.png b/docs/zh/server/high_availability/ha/figures/HA-pcs-status copy.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-pcs-status copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-pcs-status.png b/docs/zh/server/high_availability/ha/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-pcs-status.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-pcs.png b/docs/zh/server/high_availability/ha/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-pcs.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-qdevice copy.png b/docs/zh/server/high_availability/ha/figures/HA-qdevice copy.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-qdevice copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-qdevice.png b/docs/zh/server/high_availability/ha/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-qdevice.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-refresh copy.png b/docs/zh/server/high_availability/ha/figures/HA-refresh copy.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-refresh copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-refresh.png b/docs/zh/server/high_availability/ha/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-refresh.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-vip copy.png b/docs/zh/server/high_availability/ha/figures/HA-vip copy.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-vip copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-vip-suc copy.png b/docs/zh/server/high_availability/ha/figures/HA-vip-suc copy.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-vip-suc copy.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-vip-suc.png b/docs/zh/server/high_availability/ha/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-vip-suc.png differ diff --git a/docs/zh/server/high_availability/ha/figures/HA-vip.png b/docs/zh/server/high_availability/ha/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/HA-vip.png differ diff --git a/docs/zh/server/high_availability/ha/figures/image.png b/docs/zh/server/high_availability/ha/figures/image.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/image.png differ diff --git a/docs/zh/server/high_availability/ha/figures/image3.png b/docs/zh/server/high_availability/ha/figures/image3.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/image3.png differ diff --git a/docs/zh/server/high_availability/ha/figures/image4.png b/docs/zh/server/high_availability/ha/figures/image4.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/image4.png differ diff --git a/docs/zh/server/high_availability/ha/figures/image5.png b/docs/zh/server/high_availability/ha/figures/image5.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/server/high_availability/ha/figures/image5.png differ diff --git a/docs/zh/server/high_availability/ha/ha.md b/docs/zh/server/high_availability/ha/ha.md new file mode 100644 index 0000000000000000000000000000000000000000..d50a900579f9f517ac0985bf7f7631185f91b509 --- /dev/null +++ b/docs/zh/server/high_availability/ha/ha.md @@ -0,0 +1,3 @@ +# HA 用户指南 + +本节主要描述HA的安装和使用。 diff --git a/docs/zh/server/high_availability/ha/ha_installation_and_deployment.md b/docs/zh/server/high_availability/ha/ha_installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..65c0e4ecb69fea6ddfa2f516f50f25f39a78aa6a --- /dev/null +++ b/docs/zh/server/high_availability/ha/ha_installation_and_deployment.md @@ -0,0 +1,201 @@ +# HA的安装与部署 + +本文介绍如何安装和部署HA高可用集群。 + +## 安装与部署 + +### 环境准备 + +需要至少两台安装了openEuler 24.03 的物理机/虚拟机(现以两台为例),安装方法参考《[安装指南](../../installation_upgrade/installation/installation_on_servers.md)》。 + +### 修改主机名称及/etc/hosts文件 + +**注**:两台主机均需要进行以下操作,现以其中一台为例,下文中使用的IP仅供参考。** + +在使用HA软件之前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中。 + +1. 修改主机名 + + ```sh + # hostnamectl set-hostname ha1 + ``` + +2. 编辑`/etc/hosts`文件并写入以下字段 + + ```text + 172.30.30.65 ha1 + 172.30.30.66 ha2 + ``` + +### 配置yum源 + +成功安装系统后,会默认配置好yum源,文件位置存放在`/etc/yum.repos.d/openEuler.repo`文件中,HA软件包会用到以下源: + +```Conf +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-{version}/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### 安装HA软件包组件 + +```sh +# yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### 设置hacluster用户密码 + +```sh +# passwd hacluster +``` + +### 修改`/etc/corosync/corosync.conf`文件 + +```Conf +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### 管理服务 + +#### 关闭防火墙 + +1. 执行如下命令,关闭防火墙。 + + ```sh + # systemctl stop firewalld + ``` + +2. 修改`/etc/selinux/config`文件中SELINUX状态为disabled。 + + ```sh + # SELINUX=disabled + ``` + +#### 管理pcs服务 + +1. 启动pcs服务: + + ```sh + # systemctl start pcsd + ``` + +2. 查询pcs服务状态: + + ```sh + # systemctl status pcsd + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pcs.png) + +#### 管理pacemaker服务 + +1. 启动pacemaker服务: + + ```sh + # systemctl start pacemaker + ``` + +2. 查询pacemaker服务状态: + + ```sh + # systemctl status pacemaker + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pacemaker.png) + +#### 管理corosync服务 + +1. 启动corosync服务: + + ```sh + # systemctl start corosync + ``` + +2. 查询corosync服务状态: + + ```sh + # systemctl status corosync + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-corosync.png) + +### 节点鉴权 + +注:**任选一个节点上执行即可** + +```sh +# pcs host auth ha1 ha2 +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器(建议使用:Chrome,Firefox),在浏览器导航栏中输入`https://localhost:2224`即可。 + +- 以下界面为原生管理平台 + +![](./figures/HA-login.png) + +若安装社区新开发的管理平台请参考文档[https://gitee.com/openeuler/ha-api/blob/master/docs/build.md](https://gitee.com/openeuler/ha-api/blob/master/docs/build.md) + +- 以下为社区新开发的管理平台 + +![](./figures/HA-api.png) + +想了解如何快速使用HA高可用集群,以及添加一个实例。请参考[HA的使用实例文档](./ha_usecase_examples.md)。 diff --git a/docs/zh/server/high_availability/ha/ha_usecase_examples.md b/docs/zh/server/high_availability/ha/ha_usecase_examples.md new file mode 100644 index 0000000000000000000000000000000000000000..8fff8af0b4e2594ae1e95ebb4052fce4491712d8 --- /dev/null +++ b/docs/zh/server/high_availability/ha/ha_usecase_examples.md @@ -0,0 +1,248 @@ +# HA使用实例 + +本章介绍如何快速使用HA高可用集群,以及添加一个实例。若不了解怎么安装,请参考[HA的安装与部署文档](./ha_installation_and_deployment.md)。 + +## 快速使用指南 + +以下操作均以社区新开发的管理平台为例。 + +### 登录页面 + +用户名为`hacluster`,密码为该用户在主机上设置的密码。 + +![](./figures/HA-api.png) + +### 主页面 + +登录系统后显示主页面,主页面由四部分组成:侧边导航栏、顶部操作区、资源节点列表区以及节点操作浮动区。 + +以下将详细介绍这四部分的特点与使用方法。 + +![](./figures/HA-home-page.png) + +#### 导航栏 + +侧边导航栏由两部分组成:高可用集群软件名称和 logo 以及系统导航。系统导航由三项组成:【系统】、【集群配置】和【工具】。【系统】是默认选项,也是主页面的对应项,主要展示系统中所有资源的相关信息以及操作入口;【集群配置】下设【首选项配置】和【心跳配置】两项;【工具】下设【日志下载】和【集群快捷操作】两项,点击后以弹出框的形式出现。 + +#### 顶部操作区 + +登录用户是静态显示,鼠标滑过用户图标,出现操作菜单项,包括【刷新设置】和【退出登录】两项,点击【刷新设置】,弹出【刷新设置】对话框,包含【刷新设置】选项,可以设置系统的自动刷新模式,包括【不自动刷新】、【每 5 秒刷新】和【每 10 秒刷新】三种选择,默认选择【不自动刷新】、【退出登录】即可注销本次登录,系统将自动跳到登录页面,此时,如果希望继续访问系统,则需要重新进行登录。 + +![](./figures/HA-refresh.png) + +#### 资源节点列表区 + +资源节点列表集中展现系统中所有资源的【资源名】、【状态】、【资源类型】、【服务】、【运行节点】等资源信息,以及系统中所有的节点和节点的运行情况等节点信息。同时提供资源的【添加】、【编辑】、【启动】、【停止】、【清理】、【迁移】、【回迁】、【删除】和【关系】操作。 + +#### 节点操作浮动区 + +节点操作浮动区域默认是收起的状态,每当点击资源节点列表表头中的节点时,右侧会弹出节点操作扩展区域,如图所示,该区域由收起按钮、节点名称、停止和备用四个部分组成,提供节点的【停止】和【备用】操作。点击区域左上角的箭头,该区域收起。 + +### 首选项配置 + +以下操作均可用命令行配置,现只做简单示例,若想使用更多命令可以使用``pcs --help``进行查询。 + +- 命令行方式 + + ```sh + # pcs property set stonith-enabled=false + # pcs property set no-quorum-policy=ignore + ``` + + 执行如下命令,可以查看全部配置。 + + ```sh + # pcs property + ``` + + ![](./figures/HA-firstchoice-cmd.png) + +- 图形界面方式 + 点击侧边导航栏中的【首选项配置】按钮,弹出【首选项配置】对话框。将No Quorum Policy和Stonith Enabled由默认状态改为如下对应状态;修改完成后,点击【确定】按钮完成配置。 + + ![](./figures/HA-firstchoice.png) + +### 添加资源 + +#### 添加普通资源 + +1. 点击【添加普通资源】,弹出【创建资源】对话框。 + 其中资源的所有必填配置项均在【基本】页面内,选择【基本】页面内的【资源类型】后会进一步给出该类资源的其他必填配置项以及选填配置项。 + +2. 填写资源配置信息。 + 对话框右侧会出现灰色文字区域,对当前的配置项进行解释说明。全部必填项配置完毕后,点击【确定】按钮即可创建普通资源,点击【取消】按钮,取消本次添加动作。 + 【实例属性】、【元属性】或者【操作属性】页面中的选填配置项为选填项,不配置不会影响资源的创建过程,可以根据场景需要可选择修改,否则将按照系统缺省值处理。 + +下面以Apache为例,分别以命令行方式和图形界面方式介绍添加资源的方法。 + +- 命令行方式 + + ```sh + # pcs resource create httpd ocf:heartbeat:apache + ``` + + 查看资源运行状态 + + ```sh + # pcs status + ``` + + ![](./figures/HA-pcs-status.png) + +- 图形界面方式 + +1. 填写资源名称和资源类型,如下图所示。 + + ![](./figures/HA-add-resource.png) + +2. 回显为如下,则资源添加成功并启动,运行于其中一个节点上,例如ha1。 + + ![](./figures/HA-apache-suc.png) +3. 访问apache界面成功。 + + ![](./figures/HA-apache-show.png) + +#### 添加组资源 + +>**须知:** +> 添加组资源时,集群中需要至少存在一个普通资源。 + +1. 点击【添加组资源】,弹出【创建资源】对话框。 + 【基本】页面内均为必填项,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-group.png) + + > **注意:** + > 组资源的启动是按照子资源的顺序启动的,所以选择子资源时需要注意按照顺序选择。 + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-group-suc.png) + +#### 添加克隆资源 + +1. 点击【添加克隆资源】,弹出【创建资源】对话框。 + 【基本】页面内填写克隆对象,资源名称会自动生成,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-clone.png) + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-clone-suc.png) + +### 编辑资源 + +- 启动资源:资源节点列表中选中一个目标资源,要求:该资源处于非运行状态。对该资源执行启动动作。 +- 停止资源:资源节点列表中选中一个目标资源,要求:该资源处于运行状态。对该资源执行停止操作。 +- 清理资源:资源节点列表中选中一个目标资源,对该资源执行清理操作。 +- 迁移资源:资源节点列表中选中一个目标资源,要求:该资源为处于运行状态的普通资源或者组资源,执行迁移操作可以将资源迁移到指定节点上运行。 +- 回迁资源:资源节点列表中选中一个目标资源,要求:该资源已经完成迁移动作,执行回迁操作,可以清除该资源的迁移设置,资源重新迁回到原来的节点上运行。(点击按钮后,列表中该资源项的变化状态与启动资源时一致。) +- 删除资源:资源节点列表中选中一个目标资源,对该资源执行删除操作。 + +### 设置资源关系 + +资源关系即为目标资源设定限制条件,资源的限制条件分为三种:资源位置、资源协同和资源顺序。 + +- 资源位置:设置集群中的节点对于该资源的运行级别,由此确定启动或者切换时资源在哪个节点上运行,运行级别按照从高到低的顺序依次为:Master Node、Slave 1。 +- 资源协同:设置目标资源与集群中的其他资源是否运行在同一节点上,同节点资源表示该资源与目标资源必须运行在相同节点上,互斥节点资源表示该资源与目标资源不能运行在相同的节点上。 +- 资源顺序:设置目标资源与集群中的其他资源启动时的先后顺序,前置资源是指目标资源运行之前,该资源必须已经运行;后置资源是指目标资源运行之后,该资源才能运行。 + +## 高可用mysql实例配置 + +### 配置虚拟IP + +1. 在首页中点击“添加”,再选择添加普通资源,并按如下进行配置。 + + ![](./figures/HA-vip.png) + +2. 资源创建成功并启动,运行于其中一个节点上,例如ha1。 +3. 可以ping通并连接,登录后可正常执行各种操作;资源切换到ha2运行;能够正常访问。如下图所示。 + ![](./figures/HA-vip-suc.png) + +### 配置NFS存储 + +另找一台机器作为nfs服务端进行配置,操作步骤如下: + +1. 安装软件包 + + ```sh + # yum install -y nfs-utils rpcbind + ``` + +2. 关闭防火墙 + + ```sh + # systemctl stop firewalld && systemctl disable firewalld + ``` + +3. 修改/etc/selinux/config文件中SELINUX状态为disabled + + ```Conf + SELINUX=disabled + ``` + +4. 启动服务 + + ```sh + # systemctl start rpcbind && systemctl enable rpcbind + # systemctl start nfs-server && systemctl enable nfs-server + ``` + +5. 服务端创建一个共享目录 + + ```sh + # mkdir -p /test + ``` + +6. 修改NFS配置文件 + + ```sh + # vim /etc/exports + # /test *(rw,no_root_squash) + ``` + +7. 重新加载服务 + + ```sh + # systemctl reload nfs + ``` + +8. 客户端安装软件包,需要先安装mysql,可以将nfs挂载到mysql数据路径。 + + ```sh + # yum install -y nfs-utils mariadb-server + ``` + +9. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置NFS资源。 + + ![](./figures/HA-nfs.png) + +10. 资源创建成功并启动,运行于其中一个节点上,例如ha1;nfs成功挂载到`/var/lib/mysql`路径下。资源切换到ha2运行;nfs从ha1节点取消挂载,并自动在ha2节点上挂载成功。如下图所示。 + + ![](./figures/HA-nfs-suc.png) + +### 配置mysql + +1. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置mysql资源。 + + ![](./figures/HA-mariadb.png) + +2. 若回显为如下,则资源添加成功。 + + ![](./figures/HA-mariadb-suc.png) + +### 添加上述资源为组资源 + +1. 按资源启动顺序添加三个资源 + + 在首页中依次点击“添加”,“添加组资源”,并按如下进行配置组资源。 + + ![](./figures/HA-group-new.png) + +2. 组资源创建成功并启动,若回显与上述三个普通资源成功现象一致,则资源添加成功。 + + ![](./figures/HA-group-new-suc.png) + +3. 将ha1节点备用,成功迁移到ha2节点,运行正常。 + + ![](./figures/HA-group-new-suc2.png) diff --git a/docs/zh/server/installation_upgrade/installation/_toc.yaml b/docs/zh/server/installation_upgrade/installation/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dae98f65cea9cc62760b178d8aef43d5edbba426 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/_toc.yaml @@ -0,0 +1,38 @@ +label: 安装指南 +isManual: true +description: 安装 openEuler 操作系统 +sections: + - label: 安装在服务器 + href: ./installation_on_servers.md + sections: + - label: 安装准备 + href: ./installation_preparations.md + - label: 安装方式介绍 + href: ./installation_modes.md + - label: 安装指导 + href: ./installation_guide.md + - label: 使用kickstart自动化安装 + href: ./using_kickstart_for_automatic_installation.md + - label: 安装在树莓派 + href: ./install_pi.md + sections: + - label: 安装准备 + href: ./installation_preparations_1.md + - label: 安装方式介绍 + href: ./installation_modes_1.md + - label: 安装指导 + href: ./installation_guide_1.md + - label: 更多资源 + href: ./more_resources.md + - label: 安装在RISC-V + href: ./risc_v.md + sections: + - label: 在QEMU上安装 + href: ./risc_v_qemu.md + - label: 在PioneerBox上安装 + href: ./risc_v_pioneer1.3.md + - label: 在LicheePiA上安装 + href: ./risc_v_licheepi4a.md + - label: riscv-olk6.6同源版本指南 + href: ./riscv_olk6.6_homologous_version.md + \ No newline at end of file diff --git a/docs/zh/server/installation_upgrade/installation/common_questions_and_solutions.md b/docs/zh/server/installation_upgrade/installation/common_questions_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..15c8297e3a11bf895bc2d773ce45b009596a70fa --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/common_questions_and_solutions.md @@ -0,0 +1,341 @@ +# 常见问题与解决方法 + +## 问题1:安装openEuler时选择第二盘位为安装目标,操作系统无法启动 + +### 问题现象 + +安装操作系统时,直接将系统安装到第二块磁盘sdb,重启系统后启动失败。 + +### 原因分析 + +当安装系统到第二块磁盘时,MBR和GRUB会默认安装到第二块磁盘sdb。这样会有下面两种情况: + +1. 如果第一块磁盘中有完整系统,则加载第一块磁盘中的系统启动。 +2. 如果第一块磁盘中没有完好的操作系统,则会导致硬盘启动失败。 + +以上两种情况都是因为BIOS默认从第一块磁盘sda中加载引导程序启动系统,如果sda没有系统,则会导致启动失败。 + +### 解决方法 + +有以下两种解决方案: + +- 当系统处于安装过程中,在选择磁盘(选择第一块或者两块都选择)后,指定引导程序安装到第一块盘sda中。 +- 当系统已经安装完成,若BIOS支持选择从哪个磁盘启动,则可以通过修改BIOS中磁盘启动顺序,尝试重新启动系统。 + +## 问题2:openEuler开机后进入emergency模式 + +### 问题现象 + +openEuler系统开机后进入emergency模式,如下图所示: + +![](./figures/zh-cn_image_0229291264.jpg) + +### 原因分析 + +操作系统文件系统损坏导致磁盘挂载失败,或者io压力过大导致磁盘挂载超时(超时时间为90秒)。 + +系统异常掉电、物理磁盘io性能低等情况都可能导致该问题。 + +### 解决方法 + +1. 用户直接输入root帐号的密码,登录系统。 +2. 使用fsck工具,检测并修复文件系统,然后重启。 + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > fsck(file system check)用来检查和维护不一致的文件系统。若系统掉电或磁盘发生问题,可利用fsck命令对文件系统进行检查。 用户可以通过 `fsck.ext3 -h`、`fsck.ext4 -h` 命令查看fsck的使用方法。 + +另外,如果用户需要取消磁盘挂载超时时间,可以直接在“/etc/fstab”文件中添加“x-systemd.device-timeout=0”。如下: + +```sh +# /etc/fstab +# Created by anaconda on Mon Sep 14 17:25:48 2015 +# +# Accessible filesystems, by reference, are maintained under '/dev/disk' +# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info +# +/dev/mapper/openEuler-root / ext4 defaults,x-systemd.device-timeout=0 0 0 +UUID=afcc811f-4b20-42fc-9d31-7307a8cfe0df /boot ext4 defaults,x-systemd.device-timeout=0 0 0 +/dev/mapper/openEuler-home /home ext4 defaults 0 0 +/dev/mapper/openEuler-swap swap swap defaults 0 0 +``` + +## 问题3:系统中存在无法激活的逻辑卷组时,重装系统失败 + +### 问题现象 + +由于磁盘故障,系统中存在无法激活的逻辑卷组,重装系统出现异常。 + +### 原因分析 + +安装时有激活逻辑卷组的操作,无法激活时会抛出异常。 + +### 解决方法 + +重装系统前如果系统中存在无法激活的逻辑卷组,为了避免重装系统过程出现异常,需在重装前将逻辑卷组恢复到正常状态或者清除这些逻辑卷组。举例如下: + +- 恢复逻辑卷组状态 + 1. 使用以下命令清除vg激活状态, 防止出现“Can't open /dev/sdc exclusively mounted filesystem”。 + + ```sh + # vgchange -a n testvg32947 + ``` + + 2. 根据备份文件重新创建pv。 + + ```sh + # pvcreate --uuid JT7zlL-K5G4-izjB-3i5L-e94f-7yuX-rhkLjL --restorefile /etc/lvm/backup/testvg32947 /dev/sdc + ``` + + 3. 恢复vg信息。 + + ```sh + # vgcfgrestore testvg32947 + ``` + + 4. 重新激活vg。 + + ```sh + # vgchange -ay testvg32947 + ``` + +- 清除逻辑卷组 + + ```sh + # vgchange -a n testvg32947 + # vgremove -y testvg32947 + ``` + +## 问题4:选择安装源出现异常 + +### 问题现象 + +选择安装源后出现:"Error checking software selection"。 + +### 原因分析 + +这种现象是由于安装源中的软件包依赖存在问题。 + +### 解决方法 + +检查安装源是否存在异常。使用新的安装源。 + +## 问题5:如何手动开启kdump服务 + +### 问题现象 + +执行systemctl status kdump命令,显示状态信息如下,提示无预留内存。 + +![](./figures/zh-cn_image_0229291280.png) + +### 原因分析 + +kdump服务需要系统预留一段内存用于运行kdump内核,而当前系统没有为kdump服务预留内存,所以无法运行kdump服务。 + +### 解决方法 + +已安装操作系统的场景 + +1. 修改/boot/efi/EFI/openEuler/grub.cfg,添加crashkernel=1024M,high。 +2. 重启系统使配置生效。 +3. 执行如下命令,检查kdump状态: + + ```sh + # systemctl status kdump + ``` + + 若回显如下,即kdump的状态为active,说明kdump已使能,操作结束。 + + ![](./figures/zh-cn_image_0229291272.png) + +### 参数说明 + +kdump内核预留内存参数说明如下: + +**表 1** crashkernel参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

内核启动参数

+

描述

+

缺省值

+

备注

+

crashkernel=X

+

在4G以下的物理内存预留X大小的内存给kdump使用。

+

无,用户根据实际情况调整。

+

该配置方法只在4G以下内存预留,必须保证4G以下连续可用内存足够预留。

+

crashkernel=X@Y

+

在Y起始地址预留X大小的内存给kdump使用。

+

无,用户根据实际情况调整。

+

需要确保Y起始地址的X大小内存未被其他模块预留。

+

crashkernel=X,high

+

在4G以下的物理内存中预留256M大小,在4G以上预留X大小内存给kdump使用。

+

无,用户根据实际情况调整,推荐值为1024M,high。

+

确保4G以下内存有256M连续可用内存,4G以上有连续X大小内存可预留。实际预留内存大小为256M+X。

+

crashkernel=X,low

+

crashkernel=Y,high

+

在4G以下的物理内存中预留X大小,在4G以上预留Y大小内存给kdump使用。

+

无,用户根据实际情况调整。

+

需要确保4G以下有X大小连续可用内存,4G以上有Y大小连续可用内存。实际预留内存大小为X+Y。

+
+ +## 问题6:多块磁盘组成逻辑卷安装系统后,再次安装不能只选其中一块磁盘 + +### 问题现象 + +在安装系统时,如果之前的系统选择多块磁盘组成逻辑卷进行安装,再次安装时,如果只选择了其中的一块或几块磁盘,没有全部选择,在保存配置时提示配置错误,如[图1](#fig115949762617)所示。 + +**图 1** 配置错误提示 +![](./figures/Configuration_error_prompt.png) + +### 原因分析 + +之前的逻辑卷包含了多块磁盘,只在一块磁盘上安装会破坏逻辑卷。 + +### 解决方法 + +因为多块磁盘组成逻辑卷相当于一个整体,所以只需要删除对应的卷组即可。 + +1. 按“Ctrl+Alt+F2”可以切换到命令行,执行如下命令找到卷组。 + + ```sh + # vgs + ``` + + ![](./figures/zh-cn_image_0231657950.png) + +2. 执行如下命令,删除卷组。 + + ```sh + # vgremove euleros + ``` + +3. 执行如下命令,重启安装程序即可生效。 + + ```sh + # systemctl restart anaconda + ``` + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 图形模式下也可以按“Ctrl+Alt+F6”回到图形界面,点击[图1](#fig115949762617)右下角的**Refresh**刷新存储配置生效。 + +## 问题7:x86物理机UEFI模式由于security boot安全选项问题无法安装 + +### 问题现象 + +x86物理机安装系统时,由于设置了BIOS选项security boot 为enable(默认是disable),导致系统一直停留在“No bootable device”提示界面,无法继续安装,如[图2](#fig115949762618)所示。 + +**图 2** “No bootable device”提示界面 +![](./figures/No-bootable-device.png) + +### 原因分析 + +开启security boot后,主板会验证引导程序及操作系统 ,若没有用对应的私钥进行签名,则无法通过主板上内置公钥的认证。 + +### 解决方法 + +进入BIOS,设置security boot为disable,重新安装即可。 + +1. 系统启动时,按“F11”,输入密码 `Admin@9000` 进入BIOS。 + + ![](./figures/BIOS.png) + +2. 选择进入Administer Secure Boot。 + + ![](./figures/security.png) + +3. 设置Enforce Secure Boot为Disabled。 + + ![](./figures/select.png) + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 设置Secure Boot Status为Disable之后,保存退出,重新安装即可。 + +## 问题8:安装openEuler时,软件选择页面选择“服务器-性能工具”,安装后messages日志有pmie_check报错信息 + +### 问题现象 + +安装系统时软件选择勾选服务器-性能工具,会安装pcp相关软件包,正常安装并重启后,/var/log/messages日志文件中会产生报错:pmie_check failed in /usr/share/pcp/lib/pmie。 + +### 原因分析 + +anaconda不支持在chroot环境中安装selinux策略模块,当安装pcp-selinux时,postin脚本安装pcp相关selinux策略模块执行失败,从而导致重启后产生报错。 + +### 解决办法 + +完成安装并重启后,以下方法选择其一。 + +1. 执行如下命令,安装 selinux 策略模块 `pcpupstream`。 + + ```sh + # /usr/libexec/pcp/bin/selinux-setup /var/lib/pcp/selinux install "pcpupstream" + ``` + +2. 重新安装 `pcp-selinux`。 + + ```sh + # sudo dnf reinstall pcp-selinux + ``` + +## 问题9:在两块已经安装了系统的磁盘上进行重复选择,并自定义分区时,安装失败 + +### 问题现象 + +用户在安装操作系统过程中,存在两块都已经安装过的磁盘,此时如果先选择一块盘,进行自定义分区,然后点击取消按钮,再选择第二块盘,并进行自定义分区时,会出现安装失败。 + +![](./figures/cancle_disk.png) +![](./figures/custom_paratition.png) + +### 原因分析 + +用户存在两次选择磁盘的操作,当前点击取消后,再选择第二块磁盘,磁盘信息不正确,导致安装失败。 + +### 解决方法 + +直接选择目标磁盘进行自定义分区,请勿频繁取消操作,如果一定要进行取消重选建议重新安装。 + +### issue访问链接 + + + +## 问题10:安装LSI MegaRAID卡的物理机kdump无法生成vmcore + +### 问题现象 + +部署好kdump服务后,手动执行`echo c > /proc/sysrq-trigger`命令或由于kernel故障导致kernel宕机,触发kdump启动second kernel过程中,MegaRAID驱动报错“BRCM Debug mfi stat 0x2d,data len requested/completed 0x200/0x0”,报错信息如下图,最终导致无法生成vmcore。 + +![](./figures/Megaraid_IO_Request_uncompleted.png) + +### 原因分析 + +由于默认配置了reset_devices启动参数,second kernel启动过程中会触发设备复位(reset_devices)操作,设备复位操作导致MegaRAID控制器或磁盘状态故障,转储vmcore文件时访问MegaRAID卡的磁盘报错,进而无法生成vmcore。 + +### 解决方法 + +在物理机`etc/sysconfig/kdump`文件中将second kernel默认启动参数`reset_devices`删除,可以规避second kernel启动过程中由于MegaRAID卡驱动复位设备所致IO请求未完成问题,以成功生成vmcore。 +![](./figures/reset_devices.png) diff --git a/docs/zh/server/installation_upgrade/installation/common_questions_and_solutions_1.md b/docs/zh/server/installation_upgrade/installation/common_questions_and_solutions_1.md new file mode 100644 index 0000000000000000000000000000000000000000..7b83916fdc52af37e51d6565a4d0e97e120ef30d --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/common_questions_and_solutions_1.md @@ -0,0 +1,66 @@ +# 常见问题与解决方法 + +## 问题1:树莓派启动失败 + +### 问题现象 + +将 openEuler 发布的树莓派镜像刷写入 SD 卡后,树莓派启动失败。 + +### 原因分析 + +刷写 openEuler 发布的树莓派镜像后,树莓派启动失败,大致有以下几种情况: + +1. 下载的镜像文件不完整,请确保该镜像通过完整性校验。 +2. 镜像写入 SD 卡过程中出现问题,多出现在 Windows 环境下使用应用软件刷写镜像到 SD 卡的情况。 + +### 解决方法 + +将完整的镜像重新刷写入 SD 卡。 + +## 问题2:nmcli 命令连接 Wi-Fi 失败 + +### 问题现象 + +执行 `nmcli dev wifi connect SSID password PWD` 命令连接 Wi-Fi 失败。例如提示 `Error: Connection activation failed: (7) Secrets were required, but not provided.` 等错误。 + +### 原因分析 + +执行的命令缺少密码。注意,如果密码中包含特殊字符,需要使用单引号将密码括起来。如果使用 nmcli 命令行连接 Wi-Fi 失败,建议使用 nmtui 字符界面进行连接。 + +### 解决方法 + +执行 `nmtui` 命令进入到 nmtui 字符界面,按照以下步骤连接 Wi-Fi。 + +1. 选择 `Edit a connection`,按 `Enter` 进入编辑网络连接窗口。 +2. 按下键盘右方向键选择 `Add`,按 `Enter` 进入新建网络连接窗口。 +3. 连接类型选择 `Wi-Fi` ,然后按下键盘右方向键选择 `Create`,按 `Enter` 进入 Wi-Fi 编辑连接信息的界面。 +4. Wi-Fi 连接信息界面主要需要编辑以下内容,其他信息根据实际情况而定。编辑结束后选择 `OK`,按 `Enter` 完成编辑并回退到编辑网络连接窗口。 + 1. `Profile name` 栏输入该 Wi-Fi 连接的名称,这里可以使用默认名称,如 `Wi-Fi connection 1`; + 2. `Device` 栏输入要使用的无线网卡接口,这里输入 `wlan0`; + 3. `SSID` 栏输入要连接的 Wi-Fi 的 SSID; + 4. `Security` 栏选择 Wi-Fi 密码加密方式,这里根据实际情况选择,例如选择 `WPA & WPA2 Personal`; + 5. `Password` 栏输入 Wi-Fi 密码。 + +5. 选择 `Back` 回退到最初的 nmtui 字符界面。 +6. 选择 `Activate a connection`,按 `Enter` 进入激活网络连接窗口。 +7. 查看添加的 Wi-Fi 连接是否已激活(已激活的连接名称前有 `*` 标记)。如果未激活,选择该 Wi-Fi 连接,然后按下键盘右方向键选择 `Activate`,按 `Enter` 激活该连接。待激活完成后,选择 `Back`,按 `Enter` 退出该激活界面,回退到最初的 nmtui 字符界面。 +8. 选择 `Quit`,然后按下键盘右方向键选择 `OK`,按 `Enter` 退出 nmtui 字符界面。 + +## 问题3:tensorflow包及相关包安装失败 + +### 问题现象 + +使用yum安装tensorflow及相关包时失败。 + +### 原因分析 + +tensorflow的依赖包暂时未升级至适配tensorflow==2.12.1的版本,因此需要通过pip手动安装其依赖软件。 + +### 解决方法 + +1. yumdownloader下载tensorflow的rpm包:yumdownloader python3-tensorflow。 +2. 使用rpm --nodeps安装这个包:rpm -ivh --nodeps python3-tensorflow。 +3. 安装tensorflow依赖包。 + 1. 使用pip安装依赖:`pip3 install tensorflow-estimator==2.12.0 keras==2.12.0 protobuf==3.20.3`。 + 2. 使用yum安装其他依赖软件:`yum install python3-termcolor python3-future python3-numpy python3-six python3-astunparse python3-google-pasta python3-opt-einsum python3-typing-extensions python3-wrapt python3-h5py python3-grpcio python3-absl-py python3-flatbuffers python3-gast`。 +4. 直接用yum下载相关包,例如python-keras-rl2,直接执行 `yum install python-keras-rl2`。 diff --git a/docs/zh/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png b/docs/zh/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..29fc332ed3ecdc70b2a031d2633a6ec4ec5a9f0b Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Automatic_installation_complete.png b/docs/zh/server/installation_upgrade/installation/figures/Automatic_installation_complete.png new file mode 100644 index 0000000000000000000000000000000000000000..f2169685ef202bae133ae74fec620ec64aea46df Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Automatic_installation_complete.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/BIOS.png b/docs/zh/server/installation_upgrade/installation/figures/BIOS.png new file mode 100644 index 0000000000000000000000000000000000000000..d5a96738001c5a910174c030af583bb09ff29ce6 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/BIOS.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png b/docs/zh/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..9e87cfaf1bdee860b3cbc35150decd8db492f8aa Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Configuration_error_prompt.png b/docs/zh/server/installation_upgrade/installation/figures/Configuration_error_prompt.png new file mode 100644 index 0000000000000000000000000000000000000000..a4eb734b3b84247bb2aa897e74898e8b5375aec8 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Configuration_error_prompt.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Disk_encryption_password.png b/docs/zh/server/installation_upgrade/installation/figures/Disk_encryption_password.png new file mode 100644 index 0000000000000000000000000000000000000000..c76b59d3214da2c55119f0300103be0b9c2d8792 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Disk_encryption_password.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Image_dialog_box.png b/docs/zh/server/installation_upgrade/installation/figures/Image_dialog_box.png new file mode 100644 index 0000000000000000000000000000000000000000..e72253b3d16d4388fa051c73b94e8923020ad467 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Image_dialog_box.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Installation_source.png b/docs/zh/server/installation_upgrade/installation/figures/Installation_source.png new file mode 100644 index 0000000000000000000000000000000000000000..b2ff6ff142722b27b4aa474ca246f5aedc278df8 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Installation_source.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Installation_wizard.png b/docs/zh/server/installation_upgrade/installation/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..fc3a96c0cd4b5a2ece94a0b3fc484720440adace Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Installation_wizard.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Keyboard_layout.png b/docs/zh/server/installation_upgrade/installation/figures/Keyboard_layout.png new file mode 100644 index 0000000000000000000000000000000000000000..12447c247e913ff4460dc2e736b1ece57a8d128b Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Keyboard_layout.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Manual_partitioning.png b/docs/zh/server/installation_upgrade/installation/figures/Manual_partitioning.png new file mode 100644 index 0000000000000000000000000000000000000000..4ff41957f520ee0abdf55fbe90cd92dd0ea35f1f Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Manual_partitioning.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Manual_partitioning1.png b/docs/zh/server/installation_upgrade/installation/figures/Manual_partitioning1.png new file mode 100644 index 0000000000000000000000000000000000000000..4097e12f77be60a965c4b00b57d41c19c90619d8 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Manual_partitioning1.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png b/docs/zh/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png new file mode 100644 index 0000000000000000000000000000000000000000..9f5a9e0f03055c59148830c8f8894196acd6861f Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/NetworkandHostName.png b/docs/zh/server/installation_upgrade/installation/figures/NetworkandHostName.png new file mode 100644 index 0000000000000000000000000000000000000000..5d77ccbe602dd1ce565e77c48e27628cc9ec591a Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/NetworkandHostName.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/No-bootable-device-page.png b/docs/zh/server/installation_upgrade/installation/figures/No-bootable-device-page.png new file mode 100644 index 0000000000000000000000000000000000000000..944c658d621f00b18e4aa75eaca420d76c08715c Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/No-bootable-device-page.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/No-bootable-device.png b/docs/zh/server/installation_upgrade/installation/figures/No-bootable-device.png new file mode 100644 index 0000000000000000000000000000000000000000..944c658d621f00b18e4aa75eaca420d76c08715c Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/No-bootable-device.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Partition_expansion.png b/docs/zh/server/installation_upgrade/installation/figures/Partition_expansion.png new file mode 100644 index 0000000000000000000000000000000000000000..37a6ef7a2371a9a5518f6d2ce0dc6d36fc71fe1b Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Partition_expansion.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png b/docs/zh/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png new file mode 100644 index 0000000000000000000000000000000000000000..682f555c3a6da63e1cf6e6eed402e2851c4a7ebb Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/Target_installation_position.png b/docs/zh/server/installation_upgrade/installation/figures/Target_installation_position.png new file mode 100644 index 0000000000000000000000000000000000000000..5dcf04a4bfa256efef32a1cf7dd146161030381d Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/Target_installation_position.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/cancle_disk.png b/docs/zh/server/installation_upgrade/installation/figures/cancle_disk.png new file mode 100644 index 0000000000000000000000000000000000000000..ff0e9a143fc14dc725d0b1e770bd54ce874aeec6 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/cancle_disk.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/choice.png b/docs/zh/server/installation_upgrade/installation/figures/choice.png new file mode 100644 index 0000000000000000000000000000000000000000..0e40f5fd8d73dbcbad6bdcec5d56d3883d54023a Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/choice.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/choicelanguage.png b/docs/zh/server/installation_upgrade/installation/figures/choicelanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..51dfe50057e0652a34b5c94192c411c356133b24 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/choicelanguage.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/choosesoftware.png b/docs/zh/server/installation_upgrade/installation/figures/choosesoftware.png new file mode 100644 index 0000000000000000000000000000000000000000..e9f4dbfb6de56498a46752cbebe88ab623366160 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/choosesoftware.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/confignetwork1.png b/docs/zh/server/installation_upgrade/installation/figures/confignetwork1.png new file mode 100644 index 0000000000000000000000000000000000000000..d46f71cc21fb8f2defab62c08ba5537f225be328 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/confignetwork1.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/createuser.png b/docs/zh/server/installation_upgrade/installation/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..a280f355f07f34e590bfcb5c33a16b2201051857 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/createuser.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/custom_paratition.png b/docs/zh/server/installation_upgrade/installation/figures/custom_paratition.png new file mode 100644 index 0000000000000000000000000000000000000000..0f46bc9fcfbf57cd986661029c6b2c037dac2919 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/custom_paratition.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/dateandtime.png b/docs/zh/server/installation_upgrade/installation/figures/dateandtime.png new file mode 100644 index 0000000000000000000000000000000000000000..10ff8aceeb1789333833f79a668214eb69e50643 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/dateandtime.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/installation_overview.png b/docs/zh/server/installation_upgrade/installation/figures/installation_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..fb9c052855bd920532c0cf69c658eaadab628f5f Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/installation_overview.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/installation_procedure.png b/docs/zh/server/installation_upgrade/installation/figures/installation_procedure.png new file mode 100644 index 0000000000000000000000000000000000000000..06a9d14a166bdfe86c5eec0be7929a7a99c5ea45 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/installation_procedure.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/installsource.png b/docs/zh/server/installation_upgrade/installation/figures/installsource.png new file mode 100644 index 0000000000000000000000000000000000000000..df788bdb010a1e711eef0446348587dce7b55b95 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/installsource.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/languagesupport.png b/docs/zh/server/installation_upgrade/installation/figures/languagesupport.png new file mode 100644 index 0000000000000000000000000000000000000000..322a38cfea59362ae595ff204d907ae1fd41dc30 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/languagesupport.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/reset_devices.png b/docs/zh/server/installation_upgrade/installation/figures/reset_devices.png new file mode 100644 index 0000000000000000000000000000000000000000..70cc2e0138dd48950f4704bd3f1160448d5058a1 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/reset_devices.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/restart_icon.png b/docs/zh/server/installation_upgrade/installation/figures/restart_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..a1b02b2dff42c90845d2491192507ea6967352e3 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/restart_icon.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/restarticon.png b/docs/zh/server/installation_upgrade/installation/figures/restarticon.png new file mode 100644 index 0000000000000000000000000000000000000000..33bf7cd2e435ff04f3947eb39ba20019b12bf2d2 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/restarticon.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg b/docs/zh/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg new file mode 100644 index 0000000000000000000000000000000000000000..8a00c4fd2033954b1d0d99eb376ea5c1436db7fb Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/root_password.png b/docs/zh/server/installation_upgrade/installation/figures/root_password.png new file mode 100644 index 0000000000000000000000000000000000000000..fe285fc2bfd682e1ef3799e62ef2786507e49372 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/root_password.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/security.png b/docs/zh/server/installation_upgrade/installation/figures/security.png new file mode 100644 index 0000000000000000000000000000000000000000..59ac7bfcef796fc32d0127a9d6095d32cb282fb2 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/security.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/select.png b/docs/zh/server/installation_upgrade/installation/figures/select.png new file mode 100644 index 0000000000000000000000000000000000000000..0e40f5fd8d73dbcbad6bdcec5d56d3883d54023a Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/select.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/select_software.png b/docs/zh/server/installation_upgrade/installation/figures/select_software.png new file mode 100644 index 0000000000000000000000000000000000000000..4b1384943d2770317396be452b137b6602d1dfea Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/select_software.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/selectlanguage.png b/docs/zh/server/installation_upgrade/installation/figures/selectlanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..4351e637cb673e156864cf5110e68efb3c3e1f2b Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/selectlanguage.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/sourceftp.png b/docs/zh/server/installation_upgrade/installation/figures/sourceftp.png new file mode 100644 index 0000000000000000000000000000000000000000..6866700da46d0a283cb1585dc425feb79337f726 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/sourceftp.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/sourcenfs.png b/docs/zh/server/installation_upgrade/installation/figures/sourcenfs.png new file mode 100644 index 0000000000000000000000000000000000000000..430d9433904fef0ac833495ec1ae704acdd9026f Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/sourcenfs.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/startparam.png b/docs/zh/server/installation_upgrade/installation/figures/startparam.png new file mode 100644 index 0000000000000000000000000000000000000000..661febc759a150367509505577ea7ea216f911be Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/startparam.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/target_install_position.png b/docs/zh/server/installation_upgrade/installation/figures/target_install_position.png new file mode 100644 index 0000000000000000000000000000000000000000..5dcf04a4bfa256efef32a1cf7dd146161030381d Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/target_install_position.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png new file mode 100644 index 0000000000000000000000000000000000000000..2418510f855facae4b47129840894490a1eac7ca Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png new file mode 100644 index 0000000000000000000000000000000000000000..d67b599b9ab74017c0800529053befed3efab8a7 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg new file mode 100644 index 0000000000000000000000000000000000000000..3f0a0658e08010f4f453e558a41e31257783b416 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png new file mode 100644 index 0000000000000000000000000000000000000000..deefef68670d64c131e4c41911a01236158f1dd1 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png new file mode 100644 index 0000000000000000000000000000000000000000..e0ad8102bddd886c3bd7a306b088e8a52e2b99c9 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png new file mode 100644 index 0000000000000000000000000000000000000000..5754e734c48b23ace2a4fbf1302b820077cd7b71 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png new file mode 100644 index 0000000000000000000000000000000000000000..4ffcb081e2c8f82bcc49a65a939f2cd8bd6f949b Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png new file mode 100644 index 0000000000000000000000000000000000000000..86c61a4b8e2a5795baff2fc74629924d01d7b97b Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png differ diff --git a/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png new file mode 100644 index 0000000000000000000000000000000000000000..bea985ef710c57aeba16600067304b1005ad92e8 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png differ diff --git a/docs/zh/server/installation_upgrade/installation/install_pi.md b/docs/zh/server/installation_upgrade/installation/install_pi.md new file mode 100644 index 0000000000000000000000000000000000000000..8481d337ff33f15514737f643fd0b2b6e578a1bf --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/install_pi.md @@ -0,0 +1,3 @@ +# 安装在树莓派 + +本文是介绍 openEuler 操作系统安装在树莓派的方法,使用本手册的用户需要具备基础的 Linux 系统管理知识。 diff --git a/docs/zh/server/installation_upgrade/installation/installation.md b/docs/zh/server/installation_upgrade/installation/installation.md new file mode 100644 index 0000000000000000000000000000000000000000..73d369e0dabf5156dd4b7d120a8d93331981a7c6 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation.md @@ -0,0 +1,5 @@ +# 安装指南 + +本文档主要介绍openEuler操作系统安装方法,以指导用户顺利完成openEuler操作系统安装。 + +本文档适用于所有使用openEuler操作系统的用户,特别是初次使用或想了解openEuler的用户,包括系统工程师、管理员及维护人员等。使用本手册的用户需要具备基础的Linux系统管理知识。 diff --git a/docs/zh/server/installation_upgrade/installation/installation_guide.md b/docs/zh/server/installation_upgrade/installation/installation_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..c20335b45a05671ee5ca60cb3a8b03198d505f8f --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation_guide.md @@ -0,0 +1,325 @@ +# 安装指导 + +本章以光盘安装为例介绍安装openEuler,其他安装方式除在启动安装时的引导方式不同外,待启动安装后安装流程相同,在此不再说明。 + +## 启动安装 + +### 使用光盘引导安装 + +在服务器的光驱中加载openEuler安装镜像,重启服务器,具体步骤如下。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>在安装开始前,需要保证服务器启动选项为光驱优先。安装步骤以BMC挂载虚拟光驱进行光盘安装的操作举例。通过物理光驱安装的操作简单,启动安装后的流程相同,在此不再说明。 + +1. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 + + **图 1** 光驱图标 + ![](./figures/CD-ROM_drive_icon.png) + + 弹出镜像对话框,如下图所示。 + + **图 2** 镜像对话框 + ![](./figures/Image_dialog_box.png) + +2. 在镜像对话框中,选择“镜像文件”,并单击“...”。弹出“打开”对话框。 +3. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 +4. 在工具栏中,单击重启工具重启设备,如下图所示。 + + **图 3** 重启图标 + ![](./figures/restarticon.png) + +### 安装引导界面 + +系统使用引导介质完成引导后会显示引导菜单。该引导菜单除启动安装程序外还提供一些选项。安装系统时,默认采用“Test this media & install openEuler {version}”方式进行安装。如果要选择默认选项之外的选项,请使用键盘中的“↑”和“↓”方向键进行选择,并在选项为高亮状态时按“Enter”。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler {version}”自动进入安装界面。 +>- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 + +**图 4** 安装引导界面 +![](./figures/Installation_wizard.png) + +安装引导选项说明如下: + +- Install openEuler {version} —— 在您的服务器上使用图形用户界面模式安装。 + +- Test this media & install openEuler {version} —— 默认选项,在您的服务器上使用图形用户界面模式安装,但在启动安装程序前会进行安装介质的完整性检查。 + +- Troubleshooting —— 问题定位模式,系统无法正常安装时使用。进入问题定位模式后,有如下两个选项。 + - Install openEuler {version} in basic graphics mode —— 简单图形安装模式,该模式下在系统启动并运行之前不启动视频驱动程序。 + - Rescue the openEuler system —— 救援模式,用于修复系统。该模式下输出定向到VNC或BMC(Baseboard Management Controller)端,串口不可用。 + +在安装引导界面,按“e”进入已选选项的参数编辑界面,按“c”进入命令行模式。 + +### 图形化模式安装 + +在“安装引导界面”中选择“Test this media & install openEuler {version}”进入图形化模式安装。 + +可以通过键盘操作图形化安装程序。 + +- “Tab”、“Shift Tab”:界面控件(按钮、区域框、复选框等)间的移动。 +- “↑”、“↓”方向键:列表里的移动。 +- “←”、“→”方向键:水平工具条和表条间移动。 +- “空格”、“Enter”:选择或删除高亮显示的选项、展开或折叠下拉菜单。 +- “Alt”+“快捷键”:选择快捷键所在的控件,其中快捷键可通过按住Alt高亮(加下划线)显示。 + +## 设置安装程序语言 + +启动安装后,在进入安装程序主界面之前,系统会提示用户设置安装过程中使用的语言。当前默认为英语,用户可根据实际情况进行调整,如[图5](#zh-cn_topic_0186390093_zh-cn_topic_0122145864_fig144630179151)所示,选择“中文”。 + +**图 5** 选择语言 +![](./figures/selectlanguage.png) + +完成设置后,单击“继续”,进入安装设置主界面。 + +如果您想退出安装,可以单击“退出”并在弹出的“您确定要退出安装程序吗?”对话框中单击“是”重新进入“安装引导界面”。 + +## 进入安装界面 + +系统安装程序正常启动后,会进入[图6](#zh-cn_topic_0186390094_zh-cn_topic_0122145883_fig5969171592212)所示的安装设置主界面。用户可以进行时间、语言、安装源、网络、安装位置等相关设置。 + +部分配置项会有告警符号,用户完成该选项配置后,告警符号消失。当界面上不存在告警符号时,用户才能单击“开始安装”进行系统安装。 + +如果您想退出安装,可以单击“退出”并在弹出的“您确定要退出安装程序吗?”对话框中单击“是”重新进入“安装引导界面”。 + +**图 6** 安装概览 +![](./figures/installation_overview.png) + +## 设置键盘 + +在“安装概览”页面中选择“键盘”,用户可以在系统中添加或者删除多个键盘布局。 + +- 要查看键盘布局,请在左侧选框中单击选中该键盘布局,然后单击下面的“键盘”按钮。 +- 要测试键盘布局,请在左侧选框中添加键盘布局,然后在右上角键盘图标处进行点击切换为目标键盘,单击右侧文本框内部,输入文本以确认所选键盘布局可正常工作。 + +**图 7** 键盘布局 +![](./figures/Keyboard_layout.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置系统语言 + +在“安装概览”页面中选择“语言支持”,设置系统的语言。如[图8](#zh-cn_topic_0186390098_zh-cn_topic_0122145772_fig187301927172619)所示,用户也可根据实际情况进行调整,选择“中文”。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>若选择“中文”,系统安装完成后,使用VNC登录不支持中文显示,使用串口登录支持中文显示,使用SSH登录时是否支持中文显示与使用的SSH客户端有关。若选择“English”,则无影响。 + +**图 8** 语言支持 +![](./figures/languagesupport.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置时间和日期 + +在“安装概览”页面中选择“时间和日期”,设置系统的时区、日期、时间等。 + +设置时区时,用户可通过页面顶部的“地区”和“城市”下拉菜单中进行选择,如[图9](#zh-cn_topic_0186390096_zh-cn_topic_0122145900_fig1260162652312)所示。 + +如果您所在城市没有出现在下拉菜单中,请选择同一时区中离您最近的城市。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 手动设置时区时,请先关闭右上角“网络时间”同步开关。 +>- 如需使用网络时间,请保证网络能连通远程NTP服务器,设置网络具体请参见“[设置网络和主机名](#设置网络和主机名)”。 + +**图 9** 日期和时间 +![](./figures/dateandtime.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置安装源 + +在“安装概览”页面中选择“安装源”,指定安装源的位置。 + +- 当使用完整光盘安装,安装程序会自动探测并显示安装源信息,用户直接使用默认配置即可,不需要进行设置,如[图10](#zh-cn_topic_0186390100_zh-cn_topic_0144427079_fig93633295132)所示。 + + **图 10** 安装源 + ![](./figures/Installation_source.png) + +- 当使用网络源进行安装的时候,需设置网络源的URL。 + + - http或https方式 + + http或https方式的安装源如下图所示。输入框内容以实际版本发布的安装源地址为准,如`https://repo.openeuler.org/openEuler-{version}/OS/$basearch/`,其中 version 为版本号,$basearch为CPU架构,可根据实际情况输入。 + + ![](./figures/installsource.png) + + 如果https服务器使用的是私有证书,则需要在安装引导界面按“e”进入已选选项的参数编辑界面,在参数中增加inst.noverifyssl参数。 + + - ftp方式 + + ftp方式的安装源如下图所示,输入框内容根据的ftp地址输入。 + + ![](./figures/sourceftp.png) + + ftp服务器需要用户自己搭建,将iso镜像进行挂载,挂载出的文件拷贝到ftp的共享目录中。其中x86_64为CPU架构,可根据实际情况使用镜像。 + + - nfs方式 + + nfs方式的安装源如下图所示,输入框内容根据的nfs地址输入。 + + ![](./figures/sourcenfs.png) + + nfs服务器需要用户自己搭建,将iso镜像进行挂载,挂载出的文件拷贝到nfs的共享目录中。其中x86_64为CPU架构,可根据实际情况使用镜像。 + +安装过程中,如果“设置安装源”有疑问,可参考“《[选择安装源出现异常](https://docs.openeuler.openatom.cn/zh/docs/common/faq/server/installation_faq1.html#%E9%97%AE%E9%A2%984-%E9%80%89%E6%8B%A9%E5%AE%89%E8%A3%85%E6%BA%90%E5%87%BA%E7%8E%B0%E5%BC%82%E5%B8%B8)》”。 + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 选择安装软件 + +在“安装概览”页面中选择“软件选择”,指定需要安装的软件包。 + +用户需要根据实际的业务需求,在左侧选择一个“最小安装”,在右侧选择安装环境的附加选项,如[图11](#zh-cn_topic_0186390261_zh-cn_topic_0122145865_fig03031519101414)所示。 + +**图 11** 软件选择 +![](./figures/choosesoftware.png) + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 +>- 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附加选项处选择是否安装ovs等组件。 + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置安装目的地 + +在“安装概览”页面中选择“安装目的地”,设置操作系统的安装磁盘及分区。 + +在[图12](#fig1195417125015)所示的页面中您可以看到计算机中的本地可用存储设备。 + +**图 12** 安装目标位置 +![](./figures/Target_installation_position.png) + +### 存储配置 + +在“安装目标位置”界面,您需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log、/var/log/audit、/home、/tmp。 分区建议如[表1](#table1)所示。 +>- 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 +>- 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 + +**表1** 磁盘分区建议 + + +| 分区类型 | 逻辑挂载点 | 分区大小 | 说明 | +| --- | --- | --- | --- | +| 主分区 | / | 20G | 根目录,用于安装操作系统。 | +| 主分区 | /boot | 1G | 引导分区。 | +| 主分区 | /swap | 16G | 交换分区。 | +| 逻辑分区 | /home | 1G | 存放本地用户数据。 | +| 逻辑分区 | /tmp | 10G | 存放临时文件。 | +| 逻辑分区 | /var | 5G | 存放守护进程和其他系统服务进程的动态数据。 | +| 逻辑分区 | /var/log | 10G | 存放系统日志数据。 | +| 逻辑分区 | /var/log/audit | 2G | 存放系统审计日志数据。 | +| 逻辑分区 | /usr| 5G | 存放可共享和只读的应用程序。 | +| 逻辑分区 | /var/tmp | 5G | 存放系统重启过程中可以保留的临时文件。 | +| 逻辑分区 | /opt | 剩余磁盘空间大小。 | 用于安装应用软件。 | + +**自动**分区 + +如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。设置完成后,请单击“完成”返回“安装概览”页面。 + +**自定义**分区 + +若用户需进行手动分区,选择“自定义”按钮,并单击左上角“完成”,出现手动分区界面。 + +在“手动分区”界面可以通过如下两种方式进行分区,分区完成后如[图13](#fig1277151815248)所示。 + +- 自动创建:在界面单击“点击这里自动创建它们”,系统会根据可用的存储空间,自动分出5个挂载点:/boot、/、/home、/boot/efi、/swap。 + +- 手动创建:单击“![](./figures/zh-cn_image_0229291243.png)”添加新挂载点,建议每个挂载点的期望容量不超过可用空间。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >若设置的挂载点期望容量超过了可用空间,系统将剩余的可用空间全部分配给该挂载点。 + +**图 13** 手动分区 +![](./figures/Manual_partitioning.png) + +>![](./public_sys-resources/icon-note.gif) **说明:** +> 如果选择非UEFI引导,则不需要/boot/efi分区。若选择UEFI引导,则必须有/boot/efi分区。 + +设置完成后,请单击左上角”完成“按钮,弹出“更改摘要”对话框,提示更改产生的变更信息。 + +点击“接受更改”,返回“安装概览”页面。 + +## 设置网络和主机名 + +在“安装概览”页面中选择“网络和主机名”,设置系统的网络功能。 + +安装程序会自动探测可本地访问的接口。探测到的接口列在左侧方框中,右侧显示相应的接口详情,如[图14](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig123700157297)所示。用户可以通过页面右上角的开关,来开启或者关闭网络接口。开关默认是关闭状态,若设置安装源选择的是在网络上安装,需要开启开关。用户还可以单击“配置”以配置选中的接口。勾选“自动以优先级连接”选项,即可将该网卡设置为开机自启动,如[图15](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig6)所示。 + +用户可在页面下方“主机名”字段输入主机名。主机名可以是完全限定域名(FQDN),其格式为hostname.domainname;也可以是简要主机名,其格式为hostname。 + +**图 14** 网络和主机名 +![](./figures/NetworkandHostName.png) + +**图 15** 配置网络 +![](./figures/confignetwork1.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置Root帐户 + +在“安装概览”页面中选择“Root帐户”,弹出设置“Root帐户”界面,如[图16](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,根据[密码复杂度](#密码复杂度)输入密码并再次输入密码进行确认。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- Root帐户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root帐户。 +> +>- 在“Root帐户”界面若选择“禁用Root帐户”则Root帐户将禁用。 + +**图 16** root帐户 +![](./figures/root_password.png) + +### 密码复杂度 + +用户设置的Root用户密码或新创建用户的密码均需要满足密码复杂度要求,否则会导致密码设置或用户创建失败。设置密码的复杂度的要求如下: + +1. 口令长度至少8个字符。 +2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 +3. 口令不能和帐号一样。 +4. 口令不能使用字典词汇。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >在已装好的openEuler环境中,可以通过`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt`命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 + +完成设置后,单击左上角的“完成”返回“安装概览”页面。 + +## 创建用户 + +在“安装概览”页面中选择“创建用户”,弹出“创建用户”的界面如[图17](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图18](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 + +**图 17** 创建用户 +![](./figures/createuser.png) + +**图 18** 高级用户配置 +![](./figures/Advanced_User_Configuration.png) + +完成设置后,单击左上角的“完成”返回“安装概览”页面。 + +## 开始安装 + +在安装界面上完成所有必填选项的配置后,界面上的警告会消失。此时,用户可以单击“开始安装”进行系统安装。 + +## 安装过程 + +开始安装后会出现进度页面,显示安装进度及所选软件包写入系统的进度,如[图19](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1590863119306)所示。 + +>![](./figures/zh-cn_image_0229291229.png) +>若系统安装过程中,单击“退出”,或复位、下电服务器,则安装过程被中断,系统将不可用,需要重新进行安装。 + +**图 19** 安装过程 +![](./figures/installation_procedure.png) + +## 安装完成 + +安装过程执行完成后,openEuler完成安装,单击“重启系统”后,系统将重新启动。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 如果当前使用物理光盘安装操作系统,且在重启过程中安装光盘没有自动弹出,请手动取出光盘,则可以直接进入openEuler命令行登录界面。 +> - 如果当前使用虚拟光驱安装操作系统,则需要修改服务器的启动项为“硬盘”,然后重启服务器,则可以直接进入openEuler命令行登录界面。 diff --git a/docs/zh/server/installation_upgrade/installation/installation_guide_1.md b/docs/zh/server/installation_upgrade/installation/installation_guide_1.md new file mode 100644 index 0000000000000000000000000000000000000000..c7bca2c0d99ceed232d449151321600a9c9ae0b8 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation_guide_1.md @@ -0,0 +1,166 @@ +# 安装指导 + +本章介绍将“[树莓派镜像刷写入 SD 卡](./installation_modes_1.md)”后,启用树莓派的主要过程。 + +## 启动系统 + +将刷写镜像后的 SD 卡插入树莓派,通电启用。 + +树莓派硬件相关信息请参考[树莓派官网](https://www.raspberrypi.org/)。 + +## 登录系统 + +登录树莓派有以下两种方式: + +1. 本地登录 + + 树莓派连接显示器(树莓派视频输出接口为 Micro HDMI)、键盘、鼠标后,启动树莓派,可以看到树莓派启动日志输出到显示器上。待树莓派启动成功,输入用户名(root)和密码(openeuler)登录。 + +2. ssh 远程登录 + + 树莓派默认采用 DHCP 的方式自动获取 IP。如果树莓派连接已知路由器,可登录路由器查看,新增的 IP 即为树莓派 IP。例如,树莓派对应 IP 为:192.168.31.109,使用命令 `ssh root@192.168.31.109` 后输入密码 `openeuler`,即可远程登录树莓派。 + +## 配置系统 + +### 扩展根目录分区 + +默认根目录分区空间比较小,在使用之前,需要对分区进行扩容。 + +请按照以下步骤扩展根目录分区: + +1. 在 root 权限下执行 `fdisk -l` 命令查看磁盘分区信息。命令和回显如下: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 5044223 3450880 1.7G 83 Linux + ``` + + SD 卡对应盘符为 /dev/mmcblk0,包括 3 个分区,分别为 + + - /dev/mmcblk0p1:引导分区 + - /dev/mmcblk0p2:交换分区 + - /dev/mmcblk0p3:根目录分区 + + 这里我们需要将根目录分区 `/dev/mmcblk0p3` 进行扩容。 + +2. 在 root 权限下执行 `fdisk /dev/mmcblk0` 命令进入到交互式命令行界面,按照以下步骤扩展分区,如[图 1](#zh-cn_topic_0151920806_f6ff7658b349942ea87f4521c0256c315)所示。 + + 1. 输入 `p`,查看分区信息。 + + 记录分区 `/dev/mmcblk0p3` 的起始扇区号,即 `/dev/mmcblk0p3` 分区信息中 `Start` 列的值,示例中为 `1593344`。 + + 2. 输入 `d`,删除分区。 + 3. 输入 `3` 或直接按【**Enter**】,删除序号为 `3` 的分区,即 `/dev/mmcblk0p3` 分区。 + 4. 输入 `n`,创建新的分区。 + 5. 输入 `p` 或直接按【**Enter**】,创建 `Primary` 类型的分区。 + 6. 输入 `3` 或直接按【**Enter**】,创建序号为 `3` 的分区,即 `/dev/mmcblk0p3` 分区。 + 7. 输入新分区的起始扇区号,即第 `1` 步中记录的起始扇区号,示例中为 `1593344`。 + + >![](./public_sys-resources/icon-notice.gif) **须知:** + >请勿直接按【**Enter**】或使用默认参数。 + + 8. 按【**Enter**】,使用默认的最后一个扇区号作为新分区的终止扇区号。 + 9. 输入【**N**】,不修改扇区标记。 + 10. 输入【**W**】,保存分区设置并退出交互式命令行界面。 + + **图 1** 分区扩容 + ![](./figures/Partition_expansion.png) + +3. 在 root 权限下执行 `fdisk -l` 命令查看磁盘分区信息,以确保磁盘分区正确。命令和回显如下: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 31116287 29522944 14.1G 83 Linux + ``` + +4. 在 root 权限下执行 `resize2fs /dev/mmcblk0p3`,增大未加载的文件系统大小。 +5. 执行 `df -lh` 命令查看磁盘空间信息,以确保根目录分区已扩展。 + + >![](./public_sys-resources/icon-notice.gif) **须知:** + >如果根目录分区未扩展,可执行 `reboot` 命令重启树莓派之后再在 root 权限下执行 `resize2fs /dev/mmcblk0p3`。 + +### 连接 Wi-Fi + +请按照以下步骤连接 Wi-Fi: + +1. 查看 IP 和网卡信息 + + `ip a` + + 获取无线网卡 wlan0 信息: + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41570sec preferred_lft 41570sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 + link/ether e2:e6:99:89:47:0c brd ff:ff:ff:ff:ff:ff + ``` + +2. 扫描可以连接的 Wi-Fi 信息 + + `nmcli dev wifi` + +3. 连接 Wi-Fi + + 在 root 权限下执行 `nmcli dev wifi connect password ` 命令连接 Wi-Fi。 + + 其中,`SSID` 为上一步扫描到的可供连接的 Wi-Fi 的 SSID,`PWD` 为对应 Wi-Fi 的密码。例如,`SSID` 为 `openEuler-wifi`,密码为 `12345678`,则连接该 Wi-Fi 命令为:`nmcli dev wifi connect openEuler-wifi password 12345678`,连接成功: + + ``` + Device 'wlan0' successfully activated with '26becaab-4adc-4c8e-9bf0-1d63cf5fa3f1'. + ``` + +4. 查看 IP 和无线网卡信息 + + `ip a` + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41386sec preferred_lft 41386sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether dc:a6:32:50:de:58 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.110/24 brd 192.168.31.255 scope global dynamic noprefixroute wlan0 + valid_lft 43094sec preferred_lft 43094sec + inet6 fe80::394:d086:27fa:deba/64 scope link noprefixroute + valid_lft forever preferred_lft forever + ``` diff --git a/docs/zh/server/installation_upgrade/installation/installation_modes.md b/docs/zh/server/installation_upgrade/installation/installation_modes.md new file mode 100644 index 0000000000000000000000000000000000000000..6b126004152e14a321f8331952fdc8b55aeb6643 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation_modes.md @@ -0,0 +1,180 @@ +# 安装方式介绍 + +>![](./public_sys-resources/icon-notice.gif) **须知:** +> +>- 支持的服务器型号可参考“[硬件兼容支持](./installation_preparations.md#硬件兼容支持)”;虚拟化平台仅支持openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台和华为公有云的x86虚拟化平台。 +>- 安装方式当前仅支持光盘、USB盘安装、网络安装、qcow2镜像安装和私有镜像安装。其中仅华为公有云的x86虚拟化平台支持私有镜像安装。 + +## 通过光盘安装 + +本节介绍如何使用或者制作光盘安装源,并介绍相应的操作步骤,指导用户进行安装。 + +### 准备安装源 + +如果您获取的是系统安装光盘,那么可以直接使用光盘安装系统。如果您获取的是系统ISO镜像,可以通过刻录软件将系统的ISO镜像刻录到DVD中,使用刻录完成的DVD安装系统。 + +### 启动安装 + +根据以下步骤启动安装程序: + +>![](./public_sys-resources/icon-note.gif) **说明:** +>您需要先设置您的系统优先从光盘进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的“CD/DVD-ROM Drive”选项调整到首位。 + +1. 断开所有安装不需要的驱动器,比如USB。 +2. 启动您的计算机系统。 +3. 在计算机中插入安装光盘。 +4. 重启计算机系统。 + +在短暂的延迟后会出现图形化引导界面,该界面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动以默认选项开始运行。 + +## 通过USB盘安装 + +本节介绍如何制作USB盘安装源,并介绍基本的操作步骤,指导用户进行安装。 + +### 准备安装源 + +您需要注意USB盘容量的大小,它必须有足够的空间放下整个镜像,建议USB盘空间大于16G。 + +1. 将USB盘连接到该系统中,并执行 dmesg 命令查看相关的日志信息。在该日志的最后可以看到刚刚连接的USB盘所生成的一组信息,应类似如下: + + ```sh + [ 170.171135] sd 5:0:0:0: [sdb] Attached SCSI removable disk + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >连接的USB盘名称以sdb进行举例。 + +2. 切换为root用户。使用su命令,需要输入相应的密码。 + + ```sh + su - root + ``` + +3. 确保USB盘没有被挂载。使用如下命令进行查询: + + ```sh + # findmnt /dev/sdb + ``` + + - 如果执行此命令后无输出,表明未挂载,可以继续执行下一步。 + + - 如果输出以下信息,表明USB盘已经自动挂载。 + + ```sh + # findmnt /dev/sdb + TARGET SOURCE FSTYPE OPTIONS + /mnt/iso /dev/sdb iso9660 ro,relatime + ``` + + 此时,您需要使用umount命令卸载该设备。 + + ```sh + # umount /mnt/iso + ``` + +4. 使用dd命令将ISO安装镜像直接写入USB盘: + + ```sh + # dd if=/path/to/image.iso of=/dev/device bs=blocksize + ``` + + 使用您下载的ISO镜像文件的完整路径替换 /path/to/image.iso,使用之前由 dmesg 命令给出的设备名称替换device,同时设置合理的块大小(例如:512k)替换 blocksize,这样可以加快写入进度。 + + 例如:如果该ISO镜像文件位于 /home/testuser/Downloads/openEuler-{version}-aarch64-dvd.iso,同时探测到的设备名称为sdb,则该命令如下: + + ```sh + # dd if=/home/testuser/Downloads/openEuler-{version}-aarch64-dvd.iso of=/dev/sdb bs=512k + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >如isolinux描述,由mkisofs命令创建的ISO 9660 文件系统会通过BIOS固件启动,但只能从CD、DVD和BD等介质启动。所以在使用dd命令制作x86的启动U盘前需要使用 isohybrid -u your.iso 对iso进行处理,然后正常使用dd命令将iso写入u盘即可(该问题仅影响x86)。 + +5. 等待镜像写入完成,拔掉USB盘。 + + 镜像写入过程中不会有进度显示,当\#号再次出现时,执行如下命令将数据同步写入磁盘。退出root帐户,拔掉USB盘。此时,您可以使用该USB盘作为系统的安装源。 + + ```bash + # sync + ``` + +### 启动安装 + +请根据以下步骤启动安装程序: + +>![](./public_sys-resources/icon-note.gif) **说明:** +>您需要先设置您的系统优先从USB进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的USB选项调整到首位。 + +1. 断开所有安装不需要的驱动器。 +2. 打开您的计算机系统。 +3. 在计算机中插入USB盘。 +4. 重启计算机系统。 + +在短暂的延迟后会出现图形化引导界面,该界面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动以默认选项开始运行。 + +## 使用PXE通过网络安装 + +要使用 PXE 引导,您需要正确配置服务器以及您的计算机需拥有支持 PXE 的网络接口。 + +如果目标硬件安装有支持PXE的网络接口卡,我们可以配置它从其他网络系统的文件而不是本地介质(如光盘)来引导计算机并执行Anaconda安装程序。 + +对于PXE网络安装,客户机通过支持PXE的网卡,向网络发送请求DHCP信息的广播,请求IP地址等信息。DHCP服务器给客户机提供一个IP地址和其他网络信息如域名服务器、ftp服务器(它提供启动安装程序所必须的文件)的IP地址或主机名,以及服务器上文件的位置。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>此处不详细讨论 TFTP、DHCP、HTTP 等服务器配置,相关详细配置请参考“《[全自动化安装指导](./using_kickstart_for_automatic_installation.md)》”。 + +## 通过qcow2镜像安装 + +本节介绍如何使用或者制作qcow2镜像,并介绍相应的操作步骤,指导用户进行安装。 + +### 制作qcow2镜像 + +1. 安装qemu-img软件包。 + + ```sh + # dnf install -y qemu-img + ``` + +2. 使用qemu-img工具的create命令,创建镜像文件,命令格式为: + + ```sh + qemu-img create -f -o + ``` + + 其中,各参数含义如下: + + - _imgFormat_ :镜像格式,取值为raw、qcow2等。 + - _fileOption_ :文件选项,用于设置镜像文件的特性,如指定后端镜像文件,压缩,加密等特性。 + - _fileName_ :文件名称。 + - _diskSize_ :磁盘大小,用于指定块磁盘设备的大小,支持的单位有K、M、G、T,分别代表KiB、MiB、GiB、TiB。 + + 例如,创建一个磁盘设备大小为32GB、格式为qcow2的镜像文件openEuler-imge.qcow2,命令和回显如下: + + ```sh + $ qemu-img create -f qcow2 openEuler-image.qcow2 32G + Formatting 'openEuler-image.qcow2', fmt=qcow2 size=34359738368 cluster_size=65536 lazy_refcounts=off refcount_bits=16 + ``` + +### 启动安装 + +根据以下步骤启动安装程序: + +1. 准备qcow2镜像文件。 +2. 准备虚拟机网络。 +3. 准备UEFI引导工具集EDK II。 +4. 准备虚拟机XML配置文件。 +5. 创建虚拟机。 +6. 启动虚拟机。 + +各步骤详细的操作请参考《[虚拟化用户指南](https://gitee.com/openeuler/Virt-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/virtualization_platform/virtualization/introduction_to_virtualization.md)》。 + +## 通过私有镜像安装 + +本节介绍如何使用或者制作私有镜像,并介绍相应的操作步骤,指导用户进行安装。 + +### 制作私有镜像 + +制作私有镜像的方法请参见[《镜像服务用户指南》](https://support.huaweicloud.com/usermanual-ims/zh-cn_topic_0013901628.html)。 + +### 启动安装 + +华为公有云的x86虚拟化平台的启动请参见《[弹性云服务器 ECS的用户指南](https://support.huaweicloud.com/wtsnew-ecs/index.html)》。 diff --git a/docs/zh/server/installation_upgrade/installation/installation_modes_1.md b/docs/zh/server/installation_upgrade/installation/installation_modes_1.md new file mode 100644 index 0000000000000000000000000000000000000000..31b5c7e5de8719b6ddce94bb7059c5256a2ba155 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation_modes_1.md @@ -0,0 +1,94 @@ +# 安装方式介绍 + +>![](./public_sys-resources/icon-notice.gif) **须知:** +> +>- 硬件仅支持树莓派 3B/3B+/4B/400。 +>- 采用刷写镜像到 SD 卡方式安装。本章节提供 Windows/Linux/Mac 上刷写镜像的操作方法。 +>- 本章节使用的镜像是参考“[安装准备](./installation_preparations_1.md)”获取 openEuler 的树莓派版本镜像。 + +## Windows 下刷写镜像 + +本节以 Windows 10 为例,介绍如何在 Windows 环境下将镜像刷写到 SD 卡。 + +### 格式化 SD 卡 + +请按照以下步骤格式化 SD 卡: + +1. 下载并安装格式化 SD 卡工具,以下操作以 SD Card Formatter 格式化工具为例。 +2. 打开 SD Card Formatter,在 “Select card” 中选择需要格式化的 SD 卡的盘符。 + + 若 SD 卡之前未安装过镜像,盘符只有一个。在 “Select card” 中选择需要格式化的 SD 卡对应盘符。 + + 若 SD 卡之前安装过镜像,盘符会有一个或多个。例如,SD 卡对应三个盘符:E、G、H。在 “Select card” 中选择需要格式化的 SD 卡对应 boot 分区盘符 E。 + +3. 在 “Formatting options” 中选择格式化方式。默认为 “Quick format”。 +4. 单击“Format”开始格式化。界面通过进度条显示格式化进度。 +5. 格式化完成后会弹出 “Formatting was successfully completed” 的提示框,单击“确定”完成格式化。 + +### 写入 SD 卡 + +>![](./public_sys-resources/icon-notice.gif) **须知:** +>如果获取的是压缩后的镜像文件“openEuler-{version}-raspi-aarch64.img.xz”,需要先将压缩文件解压得到 “openEuler-{version}-raspi-aarch64.img”镜像文件。 + +请按照以下步骤将“openEuler-{version}-raspi-aarch64.img”镜像文件写入 SD 卡: + +1. 下载并安装刷写镜像的工具,以下操作以 Win32 Disk Imager 工具为例。 +2. 右键选择“以管理员身份运行”,打开 Win32 Disk Imager。 +3. 在“映像文件”中选择 img 格式的镜像文件路径。 +4. 在“设备”中选择待写入的 SD 卡盘符。 +5. 单击“写入”,界面通过任务进度条显示写入 SD 卡的进度。 +6. 写入完成后会弹出 “写入成功” 的提示框,单击“OK”完成写入。 + +## Linux 下刷写镜像 + +本节介绍如何在 Linux 环境下将镜像刷写到 SD 卡。 + +### 查看磁盘分区信息 + +在 root 权限下执行 `fdisk -l` 获取 SD 卡磁盘信息,例如 SD 卡对应磁盘为 /dev/sdb。 + +### 卸载 SD 卡挂载点 + +1. 执行 `df -lh` 命令查看当前已挂载的卷。 +2. 如果 SD 卡对应的分区未挂载,则跳过该步骤;如果 SD 卡对应分区已挂载,如 SD 卡对应的两个分区 /dev/sdb1 和 /dev/sdb3 已挂载,则需要卸载对应分区,在 root 权限下执行以下命令: + + `umount /dev/sdb1` + + `umount /dev/sdb3` + +### 写入 SD 卡 + +1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-{version}-raspi-aarch64.img.xz` 命令将压缩文件解压得到“openEuler-{version}-raspi-aarch64.img”镜像文件;否则,跳过该步骤。 +2. 将镜像 `openEuler-{version}-raspi-aarch64.img` 刷写入 SD 卡,在 root 权限下执行以下命令: + + `dd bs=4M if=openEuler-{version}-raspi-aarch64.img of=/dev/sdb` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >一般情况下,将块大小设置为 4M。如果写入失败或者写入的镜像无法使用,可以尝试将块大小设置为 1M 重新写入,但是设置为 1M 比较耗时。 + +## Mac 下刷写镜像 + +本节介绍如何在 Mac 环境下将镜像刷写到 SD 卡。 + +### 查看磁盘分区信息 + +在 root 权限下执行 `diskutil list` 获取 SD 卡磁盘信息,例如 SD 卡对应磁盘为 /dev/disk3。 + +### 卸载 SD 卡挂载点 + +1. 执行 `df -lh` 命令查看当前已挂载的卷。 +2. 如果 SD 卡对应的分区未挂载,则跳过该步骤;如果 SD 卡对应分区已挂载,如 SD 卡对应的两个分区 /dev/disk3s1 和 /dev/disk3s3 已挂载,则需要卸载对应分区,在 root 权限下执行以下命令: + + `diskutil umount /dev/disk3s1` + + `diskutil umount /dev/disk3s3` + +### 写入 SD 卡 + +1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-{version}-raspi-aarch64.img.xz` 命令将压缩文件解压得到“openEuler-{version}-raspi-aarch64.img”镜像文件;否则,跳过该步骤。 +2. 将镜像 `openEuler-{version}-raspi-aarch64.img` 刷入 SD 卡,在 root 权限下执行以下命令: + + `dd bs=4m if=openEuler-{version}-raspi-aarch64.img of=/dev/disk3` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >一般情况下,将块大小设置为 4M。如果写入失败或者写入的镜像无法使用,可以尝试将块大小设置为 1M 重新写入,但是设置为 1M 比较耗时。 diff --git a/docs/zh/server/installation_upgrade/installation/installation_on_servers.md b/docs/zh/server/installation_upgrade/installation/installation_on_servers.md new file mode 100644 index 0000000000000000000000000000000000000000..5c112feb9d12020e68916a01fba015125822929e --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation_on_servers.md @@ -0,0 +1,3 @@ +# 安装在服务器 + +本文是介绍 openEuler 操作系统安装在服务器的方法,使用本手册的用户需要具备基础的 Linux 系统管理知识。 diff --git a/docs/zh/server/installation_upgrade/installation/installation_preparations.md b/docs/zh/server/installation_upgrade/installation/installation_preparations.md new file mode 100644 index 0000000000000000000000000000000000000000..4af04c5fbdb4b05f0fe92a93ed794e27ae2d1a43 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation_preparations.md @@ -0,0 +1,114 @@ +# 安装准备 + +介绍安装前需要考虑软硬件兼容性状况,以及相关的配置和准备工作。 + +## 获取安装源 + +在安装开始前,您需要获取openEuler的发布包和校验文件。 + +请按以下步骤获取openEuler的发布包和校验文件: + +1. 登录[openEuler社区](https://openeuler.org)网站。 +2. 单击页面上的“下载”按钮。 +3. 在“获取openEuler”标签下,选择一个版本并进入“社区发行版”页面。点击“所有版本”查看完整版本列表。 +4. 在版本列表的“openEuler 24.03 LTS SP1”版本处单击“前往下载”按钮,进入 openEuler 24.03 LTS SP1 版本下载列表。 +5. 根据实际待安装环境的架构和场景选择需要下载的 openEuler 的发布包和校验文件。 + 1. 若为AArch64架构。 + 1. 单击“aarch64”。 + 2. 若选择本地安装,选择“Offline Standard ISO”或者“Offline Everything ISO”对应的“立即下载”将发布包“openEuler-24.03-LTS-SP1-aarch64-dvd.iso”下载到本地。 + 3. 若选择网络安装,选择“Network Install ISO”将发布包“openEuler-24.03-LTS-SP1-netinst-aarch64-dvd.iso”下载到本地。 + 2. 若为x86_64架构。 + 1. 单击“x86_64”。 + 2. 若选择本地安装,选择“Offline Standard ISO”或者“Offline Everything ISO”对应的“立即下载”将发布包“openEuler-24.03-LTS-SP1-x86_64-dvd.iso”下载到本地。 + 3. 若选择网络安装,选择“Network Install ISO”将发布包“openEuler-24.03-LTS-SP1-netinst-x86_64-dvd.iso”下载到本地。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 网络安装方式的 iso 发布包较小,在有网络的安装环境可以选择网络安装方式。 +> - AArch64架构的发布包支持UEFI模式,x86_64架构的发布包支持UEFI模式和Legacy模式。 + +## 发布包完整性校验 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>本章节以AArch64架构的发布包完整性校验为例,x86_64架构的发布包完整性校验的操作方法相同。 + +### 简介 + +为了检查软件包在传输或存储过程中是否因网络或设备问题而不完整,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 + +这里通过对比校验文件中记录的校验值和手动方式计算的iso文件校验值,判断软件包是否完整。若两个值相同,说明iso文件完整,否则,iso完整性被破坏,请重新获取iso发布包。 + +### 前提条件 + +在校验发布包完整性之前,需要准备如下文件: + +- iso文件:openEuler-24.03-LTS-SP1-aarch64-dvd.iso。 + +- 校验文件:iso对应完整性校验值,复制保存对应的iso值。 + +### 操作指导 + +文件完整性校验操作步骤如下: + +1. 计算文件的sha256校验值。linux执行命令如下: + + ``` + sha256sum openEuler-24.03-LTS-SP1-aarch64-dvd.iso + ``` + + windows执行命令如下: + + ``` + certutil -hashfile openEuler-24.03-LTS-SP1-aarch64-dvd.iso + ``` + + 命令执行完成后,输出校验值。 + +2. 对比步骤 1 计算的校验值与刚刚复制的 SHA256 值是否一致 + + 如果校验值一致说明iso文件完整,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 + +## 物理机的安装要求 + +若需要在物理机环境上安装openEuler操作系统,则物理机需要满足如下的硬件兼容性和最小硬件要求。 + +### 硬件兼容支持 + +openEuler安装时,应注意硬件兼容性方面的问题,当前已支持的服务器类型请参考[兼容性列表](https://www.openeuler.org/zh/compatibility/)。 + +### 最小硬件要求 + +openEuler所需的最小硬件要求如[表2](#tff48b99c9bf24b84bb602c53229e2541)所示。 + +**表 2** 最小硬件要求 + +| 部件名称 | 最小硬件要求 | +| :---- | :---- | +| 架构 | AArch64或x86_64 | +| CPU | 2个CPU | +| 内存 | 大于等于4GB(为了获得更好的应用体验,建议大于等于8GB) | +| 硬盘 | 大于等于32GB(为了获得更好的应用体验,建议大于等于120GB) | + +## 虚拟机的安装要求 + +若需要在虚拟机环境上安装openEuler操作系统,则虚拟机需要满足如下的虚拟化平台兼容性和最小虚拟化要求。 + +### 虚拟化平台兼容性 + +openEuler安装时,应注意虚拟化平台兼容性的问题,当前已支持的虚拟化平台为: + +- openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台。 +- 华为公有云的x86虚拟化平台。 + +### 最小虚拟化空间要求 + +openEuler所需的最小虚拟化空间要求如[表3](#tff48b99c9bf24b84bb602c53229e2542)所示。 + +**表 3** 最小虚拟化空间要求 + +| 部件名称 | 最小虚拟化空间要求 | +| :---- | :---- | +| 架构 | AArch64或x86_64 | +| CPU | 2个CPU | +| 内存 | 不小于4GB(为了获得更好的应用体验,建议不小于8GB) | +| 硬盘 | 不小于32GB(为了获得更好的应用体验,建议不小于120GB) | diff --git a/docs/zh/server/installation_upgrade/installation/installation_preparations_1.md b/docs/zh/server/installation_upgrade/installation/installation_preparations_1.md new file mode 100644 index 0000000000000000000000000000000000000000..f696f47ee56834a8e24c70667503eff6def49102 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/installation_preparations_1.md @@ -0,0 +1,100 @@ +# 安装准备 + +介绍安装前需要考虑软硬件兼容性状况,以及相关的配置和准备工作。 + +## 获取安装源 + +在安装开始前,您需要获取 openEuler 发布的树莓派镜像及其校验文件。 + +1. 登录[openEuler Repo](https://repo.openeuler.org/)网站。 +2. 在版本列表单击“openEuler 24.03 LTS”,进入openEuler 24.03 LTS下载列表。 +3. 单击“raspi_img”,进入树莓派镜像的下载列表。 +4. 单击“openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz”,将 openEuler 发布的树莓派镜像下载到本地。 +5. 单击“openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum”,将 openEuler 发布的树莓派镜像的校验文件下载到本地。 + +## 镜像完整性校验 + +### 简介 + +为了防止软件包在传输过程中由于网络原因或者存储设备原因出现下载不完整的问题,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 + +这里通过对比校验文件中记录的校验值和手动方式计算的文件校验值,判断软件包是否完整。若两个值相同,说明下载的文件完整,否则,下载的文件完整性被破坏,请重新获取软件包。 + +### 前提条件 + +在校验镜像文件的完整性之前,需要准备如下文件: + +镜像文件:openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz + +校验文件:openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum + +### 操作指导 + +文件完整性校验操作步骤如下: + +1. 获取校验文件中的校验值。执行命令如下: + + ```shell + cat openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum + ``` + +2. 计算文件的 sha256 校验值。执行命令如下: + + ```shell + sha256sum openEuler-24.03-LTS-SP1-raspi-aarch64.img.xz + ``` + + 命令执行完成后,输出校验值。 + +3. 对比步骤 1 和步骤 2 计算的校验值是否一致。 + + 如果校验值一致说明下载的文件完整性没有被破坏,如果校验值不一致,则可以确认文件完整性已被破坏,需要重新获取。 + +## 安装要求 + +在树莓派环境上安装 openEuler 操作系统,则树莓派需要满足如下的硬件兼容性和最小硬件要求。 + +### 硬件兼容支持 + +openEuler 树莓派版本镜像目前支持树莓派 3B、3B+ 和 4B。 + +### 最小硬件要求 + +openEuler 树莓派版本镜像所需的最小硬件要求如[表1](#tff48b99c9bf24b84bb602c53229e2542)所示。 + +**表 1** 最小硬件要求 + + + + + + + + + + + + + + + + + + + + + + +

部件名称

+

最小硬件要求

+

说明

+

树莓派版本

+
  • 树莓派 3B
  • 树莓派 3B+
  • 树莓派 4B
  • 树莓派 400
+

-

+

内存

+

不小于 2GB(为了获得更好的应用体验,建议至少 4GB)

+

-

+

硬盘

+

为了获得更好的应用体验,建议不小于 8GB

+

-

+
diff --git a/docs/zh/server/installation_upgrade/installation/more_resources.md b/docs/zh/server/installation_upgrade/installation/more_resources.md new file mode 100644 index 0000000000000000000000000000000000000000..8782e7d2468b4bbb59dbef0bfc93384de20cdce9 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/more_resources.md @@ -0,0 +1,4 @@ +# 参考资料 + +- [如何构建树莓派镜像文件](https://gitee.com/openeuler/raspberrypi/blob/master/documents/openEuler镜像的构建.md) +- [如何使用树莓派](https://gitee.com/openeuler/raspberrypi/blob/master/documents/树莓派使用.md) \ No newline at end of file diff --git a/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-note.gif b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/installation_upgrade/installation/risc_v.md b/docs/zh/server/installation_upgrade/installation/risc_v.md new file mode 100644 index 0000000000000000000000000000000000000000..4736fcd8f9da1d1ee9c42e66815f69af5826812e --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/risc_v.md @@ -0,0 +1,3 @@ +# 安装在 RISC-V + +本文是介绍 openEuler 操作系统在 RISC-V 架构的安装方法,使用本手册的用户需要具备基础的 Linux 系统管理知识。 diff --git a/docs/zh/server/installation_upgrade/installation/risc_v_licheepi4a.md b/docs/zh/server/installation_upgrade/installation/risc_v_licheepi4a.md new file mode 100644 index 0000000000000000000000000000000000000000..282bffb1a52911fc07d3ee644b3737f86eced6a3 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/risc_v_licheepi4a.md @@ -0,0 +1,108 @@ +# 在 Licheepi4A 上安装 + +## 硬件准备 + +- `Sipeed LicheePi 4A` 设备 1 台(`8 GB` 或 `16 GB` 款均可) + +- 显示器一台 + +- `USB` 键盘及鼠标一套 + +- 串口操作所需设备/组件(可选) + +- `RJ45` 网线 1 条以上及路由器/交换机等设备供有线网络连接使用 + +## 设备固件 + +`LicheePi4A` 不同内存版本需要使用不同的固件。 + +- `u-boot-with-spl-lpi4a.bin` 为 8 GB 版本的 u-boot 文件。 +- `u-boot-with-spl-lpi4a-16g.bin` 为 16 GB 版本的 u-boot 文件。 + +以下的烧录方式以 `16GB + 128GB` 核心板为例,假设你已经下载好了 `base` 镜像和对应的固件文件。 + +## 烧录方法 + +### 烧录工具 + +主要利用 `fastboot` 烧录,可以从 `https://dl.sipeed.com/shareURL/LICHEE/licheepi4a/07_Tools` 下载 `burn_tools.zip`,压缩包内包含了针对 `Windows/macOS/Linux` 三个系统的烧录工具。 + +### 设置硬件进入烧录模式 + +> 请先注意检查底板的拨码开关是否为 EMMC 启动模式,在确认无误之后即可烧录。 + +按住板上的 `BOOT` 按键不放,然后插入 `USB-C` 线缆上电(线缆另一头接 `PC` ),即可进入 `USB` 烧录模式。 + +在 `Windows` 下使用设备管理器查看,会出现 `USB download gadget` 设备。 + +在 `Linux` 下,使用 `lsusb` 查看设备,会显示以下设备:`ID 2345:7654 T-HEAD USB download gadget`。 + +### Windows 下驱动安装 + +> 注意: +> 我们提供下载的镜像内并未包含 Windows 侧的驱动程序。你可以从[这里](https://dl.sipeed.com/shareURL/LICHEE/licheepi4a/07_Tools)下载 burn_tools.zip,在压缩包内找到 windows/usb_driver-fullmask 的文件夹,这个文件夹内的文件是 Windows 系统下需要安装的驱动。 + +Windows 下烧录时,需要先进入高级启动模式,禁用数字签名。才能正常安装下面的驱动。禁用数字签名请按照下面的步骤操作。 + +#### Windows 10 + +1. 进入 `Windows 10` 的设置,点击"更新和安全"。 +2. 点击左侧的**恢复**,之后在右边点击高级启动下面的**重新启动**,此时电脑会重新启动。如果当前有未完成的工作,请先保存后再执行。 + +#### Windows 11 + +1. 进入 `Windows 11` 的设置,找到**系统**菜单之后,点击**恢复**。 + +2. 之后在右边点击高级启动下面的"重新启动",此时电脑会重新启动。如果当前有未完成的工作,请先保存后再执行。 + +##### 重启之后 + +1. 点击`疑难解答`,然后点击`高级` -> `启动设置`,随后系统将再次重启。 + +2. 重启之后会进入启动设置,在这里我们需要选择`禁用强制驱动程序签名`。通常这个选项为数字 7,但实际可能有变。在按下对应选项的数字后,系统会再次重新启动。 + +3. 在重启进入系统之后,我们可以开始安装驱动了。打开`设备管理器`,找到`其它设备`内的 `USB download gadget`,双击该设备。 + +4. 点击`常规`选项卡下方的`更新驱动程序`。 + +5. 随后,在`浏览计算机上的驱动程序`页面粘贴你复制的 `usb_driver-fullmask` 目录的路径。 + +6. 点击下一步,此时驱动可以被安装成功。 + +### 烧录镜像 + +进入烧录模式后,我们就可以使用 fastboot 进行烧录操作,在 macOS 或者 Linux 下,若 fastboot 为自行安装的,则你可能需要先赋予 fastboot 可执行权限。 + +#### Windows 系统步骤 + +请先将 `fastboot` 添加至系统环境变量 `PATH` 内,或者将 `fastboot` 放置于同一目录下。不要忘记将镜像也解压。随后打开 `PowerShell`,执行以下命令: + +``` bash +# 将这里的文件替换成跟板子版本对应的 u-boot 文件 +fastboot flash ram u-boot-with-spl-lpi4a-16g.bin +fastboot reboot +# 在执行重启命令之后,等待 5 秒钟后继续执行 +# 将这里的文件替换成跟板子版本对应的 u-boot 文件 +fastboot flash uboot u-boot-with-spl-lpi4a-16g.bin +fastboot flash boot openEuler-24.03-LTS-SP1-riscv64-lpi4a-base-boot.ext4 +fastboot flash root openEuler-24.03-LTS-SP1-riscv64-lpi4a-base-root.ext4 +``` + +#### Linux/macOS 系统步骤 + +你可能需要在 `fastboot` 指令前加入 `sudo` 指令。 + +``` bash +# 将这里的文件替换成跟板子版本对应的 u-boot 文件 +fastboot flash ram u-boot-with-spl-lpi4a-16g.bin +fastboot reboot +# 在执行重启命令之后,等待 5 秒钟后继续执行 +# 将这里的文件替换成跟板子版本对应的 u-boot 文件 +fastboot flash uboot u-boot-with-spl-lpi4a-16g.bin +fastboot flash boot openEuler-24.03-LTS-SP1-riscv64-lpi4a-base-boot.ext4 +fastboot flash root openEuler-24.03-LTS-SP1-riscv64-lpi4a-base-root.ext4 +``` + +## 硬件可用性 + +官方发布版本基于 [openEuler kernel6.6 同源版本](./riscv_olk6.6_homologous_version.md) 构建,并非所有内核模块都完整支持。该版本强调官方生态体验完整一致,如果需要更完善的硬件功能,需要使用第三方发布版本。 diff --git a/docs/zh/server/installation_upgrade/installation/risc_v_pioneer1.3.md b/docs/zh/server/installation_upgrade/installation/risc_v_pioneer1.3.md new file mode 100644 index 0000000000000000000000000000000000000000..c2004f61b41cb8fe378a7044c6711810b7a7920c --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/risc_v_pioneer1.3.md @@ -0,0 +1,103 @@ +# Pioneer Box 上安装 + +## 硬件准备 + +- `Milk-V Pioneer v1.3` 版本设备 1 台,或主板(及必需外设) 1 套 + +- `m.2 NVMe` 固态硬盘 1 块 + +> 若原先有数据则需格式化清除(个人资料请注意备份)。 +> +> 若有 `PCIe` 转接卡,则可通过转接卡置于设备 `PCIe` 第一槽位(较推荐)。 +> +> 若无 `PCIe` 转接卡,则可置于板载 `NVMe` 接口。 + +- `AMD R5 230` 显卡 1 块 + +> 置于设备 `PCIe` 第二槽位。 + +- `U 盘` 1 个 + +> 大小应为 `16GiB` 以上。 + +- `microSD 卡` 1 张 + +> 大小应为 `4GiB` 以上。 + +- 显示器 1 台(显示接口需与显卡对应) + +- `USB` 键盘及鼠标 1 套 + +- 串口操作所需设备/组件(可选) + +- `RJ45` 网线 1 条以上及路由器/交换机等设备供有线网络连接使用 + +> 推荐使用设备板载 `RJ45` 网口而非厂家附送的 `PCIe` 电口网卡。 +> +> 设备出厂未附送 `Wi-Fi` 网卡,不具备 `Wi-Fi` 或蓝牙连接能力。如有需要请自备对应设备。 + +## 镜像种类 + +### ISO + +> `ISO` 镜像支持 `UEFI` 方式启动,对应下文的 **UEFI 版**固件。 + +从官网下载页面获取 `ISO` 文件(如 `openEuler-24.03-LTS-SP1-riscv64-dvd.iso`),并将其烧录至 **U盘** 中即可。 + +- 推荐使用 `Balena Etcher` 软件进行图形化烧录 [从 `https://github.com/balena-io/etcher/releases/latest` 下载],烧写过程此处略过 +- 命令行环境下也可采用 `dd` 方式进行烧录,参考命令如下: + +``` txt +~$ sudo dd if=openEuler-24.03-LTS-SP1-riscv64-dvd.iso of=/dev/sda bs=512K iflag=fullblock oflag=direct conv=fsync status=progress +``` + +### Image + +> `Image` 镜像支持 `Legacy` 方式启动,对应下文的**非 UEFI 版**固件 + +从官网下载页面获取内含镜像 `Image` 的 `ZIP` 压缩包(如 `openEuler-24.03-LTS-SP1-riscv64-sg2042.img.zip`),并将其直接烧录至 **SD Card** 或 **固态硬盘** 中即可。 + +## 设备固件 + +> 因设备出厂固件目前并未支持 `UEFI`,`ISO` 版本使用者需先手动替换固件为基于 `EDK2` 的 `UEFI` 版固件。 +> +从官网下载页面 **嵌入式分类** 中下载设备固件压缩包:`sg2042_firmware_uefi.zip`,解压后烧录其中 `img` 文件至 **SD Card** + +```txt +~$ sudo dd if=firmware_single_sg2042-master.img of=/dev/sda bs=512K iflag=fullblock oflag=direct conv=fsync status=progress +261619712 字节 (262 MB,250 MiB) 已复制,20 s,13.1 MB/s 268435456 字节 (268 MB,256 MiB) 已复制,20.561 s,13.1 MB/s + +输入了 512+0 块记录 +输出了 512+0 块记录 +268435456 字节 (268 MB,256 MiB) 已复制,20.5611 s,13.1 MB/s +``` + +> 因设备出厂固件版本较老,Image 镜像使用者如果想要使用较新版本的固件,可以更新**非 UEFI 版**固件。 +> +从官网下载页面 **嵌入式分类** 中下载设备固件压缩包:`sg2042_firmware_uboot.zip`,参考 UEFI 版固件的操作,解压后烧录其中 img 文件至 **SD Card**。 + +烧录完成后,请将 **SD Card** 插入设备的卡槽中。 + +## 启动前检查 + +`ISO` 版本使用者需检查: + +- 载有 `UEFI` 版固件的 `microSD 卡`是否插入设备卡槽中。 + + > `UEFI` 版固件目前尚无法手动调整或指定启动顺序,敬请谅解。 + +- 如使用设备原厂附送固态硬盘,或硬盘上存在另一可启动的 `RISC-V` 操作系统,则需卸下固态硬盘进行格式化或更换内容为空的另一块固态硬盘,以避免启动顺序上的干涉。 + +`Image` 版本需检查: + +- 如使用设备原厂附送固态硬盘,或硬盘上存在另一可启动的 `RISC-V` 操作系统,则需卸下固态硬盘进行格式化或更换内容为空的另一块固态硬盘,以避免启动顺序上的干涉。 + +## 使用须知 + +`ISO` 版本使用者: + +- 由于当前版本 `UEFI` 固件的局限性,启动时若显卡插入 `PCIe` 槽位,`Grub2` 启动菜单可能需要花费较长时间 (~15s) 才能加载完成且响应较为迟缓。 + +`Image` 版本使用者: + +- 由于当前出厂固件的局限性,设备启动时 `RISC-V` 串口回显并不完整,操作系统未加载完成时串口输出即会关闭。需将显卡插入 `PCIe` 槽位并连接显示器才能观察到完整的启动过程。 diff --git a/docs/zh/server/installation_upgrade/installation/risc_v_qemu.md b/docs/zh/server/installation_upgrade/installation/risc_v_qemu.md new file mode 100644 index 0000000000000000000000000000000000000000..928d4dbeb3b7b59c87ae2c36f8803bcc4910bfce --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/risc_v_qemu.md @@ -0,0 +1,71 @@ +# 在 QEMU 上安装 + +## 固件 + +### 标准 EFI 固件 + +自下载页面下载如下二进制: + +``` text +RISCV_VIRT_CODE.fd +RISCV_VIRT_VARS.fd +``` + +或者根据《[官方文档](https://github.com/tianocore/edk2/tree/master/OvmfPkg/RiscVVirt)》本地自行编译最新 EDK2 OVMF 固件。 + +### 具备 Penglai TEE 支持的 EFI 固件 + +自下载页面下载如下二进制: + +``` text +fw_dynamic_oe_2403_penglai.bin +``` + +## QEMU 版本 + +>为了支持 UEFI ,需使用 8.1 版本以上的 QEMU。 +> +>编译时需要安装 libslirp 依赖库(包名根据发行版不同而不同,openEuler 为 libslirp-devel)并添加 --enable-slirp 参数。 + +``` text +~$ qemu-system-riscv64 --version +QEMU emulator version 8.2.2 +Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers +``` + +## qcow2 镜像 + +获取ISO文件(如 `openEuler-24.03-LTS-SP1-riscv64.qcow2.xz`) + +``` bash +~$ ls *.qcow2.xz +openEuler-24.03-LTS-SP1-riscv64.qcow2.xz +``` + +## 获取启动脚本 + +自下载页面获取启动脚本 + +- start_vm.sh: 默认脚本,需要手动安装桌面。 +- start_vm_penglai.sh:蓬莱 TEE 功能支持脚本。 + +脚本参数 + +- ssh_port:本地 SSH 转发端口,默认为 12055。 +- vcpu:QEMU 执行时线程数量,默认为 8 核心,可随需要调整。 +- memory:QEMU 执行时分配内容数量,默认为 8GiB,可随需要调整。 +- fw: 为启动固件 payload。 +- drive:虚拟磁盘路径,可随需要调整。 +- bios(可选): 启动固件,可以用来装载使能了 penglai TEE 的固件。 + +## 创建虚拟硬盘文件 + +创建新的虚拟硬盘文件,如下列例子中虚拟硬盘的大小为 40GiB。 +> 请勿使用先前存有数据的 qcow2 虚拟硬盘文件,以避免启动过程出现预期之外的情况。 +> +> 请确保当前目录中有且仅有一个 qcow2 虚拟硬盘文件,以避免启动脚本识别出错。 +> + +``` bash +~$ qemu-img create -f qcow2 qemu.qcow2 40G +``` diff --git a/docs/zh/server/installation_upgrade/installation/riscv_olk6.6_homologous_version.md b/docs/zh/server/installation_upgrade/installation/riscv_olk6.6_homologous_version.md new file mode 100644 index 0000000000000000000000000000000000000000..56805fd8b7e7c7ef00350f5874ee643cfa87b69c --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/riscv_olk6.6_homologous_version.md @@ -0,0 +1,54 @@ +# RISCV-OLK6.6同源版本指南 + +## RISCV-OLK6.6 同源计划 + +目前各个 RISC-V SoC 厂商维护的 kernel 版本并不一致,而 openEuler 系统要求每个版本统一内核。这导致基于各种开发板发布的各种操作系统版本都是内核不一致的第三方版本,增大了维护的难度并且带来了生态的分裂。riscv-kernel 目标是针对 RISC-V 架构在 openEuler 建立统一的 kernel 生态,共享欧拉生态建设与影响。该项目处于开发中,欢迎各方力量积极贡献。 + +目前项目主要依托在 的 OLK-6.6 分支进行开发,并且会进一步回合到 OLK 的源码仓和制品仓上。 + +![riscv-olk6.6](figures/riscv-olk6.6.jpg) +目前项目已经基本完成 SG2042 的同源工作,并且完成 TH1520 的基础同源工作。 + +## 支持的特性 + +- SG2042 验证平台:MilkV Pioneer 1.3 + +- TH1520 验证平台:LicheePi4A + +### Milk-V Pioneer 特性列表 + +| Features | Status | +| ----------------------- | :----: | +| 64 Core CPU | O | +| PCIe Network Card | O | +| PCIe Graghic Card | O | +| PCIe Slots | O | +| 4x DDR4 128GB RAM | O | +| USB | O | +| Reset | O | +| eMMC | O | +| Micro USB debug console | O | +| micro SD card | O | +| SPI flash | O | +| RVV 0.71 | X | + +### LicheePi 4A 特性列表 + +| Features | Status | +| ---------------- | :----: | +| 4 Core CPU | O | +| RAM | O | +| eMMC | O | +| Ethernet | O | +| WIFI | X | +| GPU IMG BXM-4-64 | X | +| NPU 4TOPS@INT8 | X | +| DSP | X | +| USB | O | +| MicroSD | O | +| GPIO | O | +| PWM-fan | O | +| PVT Sensor | O | +| Reboot | O | +| Poweroff | O | +| cpufreq | O | diff --git a/docs/zh/server/installation_upgrade/installation/using_kickstart_for_automatic_installation.md b/docs/zh/server/installation_upgrade/installation/using_kickstart_for_automatic_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..0c3bf3072c65066e1719a23d137508968156a156 --- /dev/null +++ b/docs/zh/server/installation_upgrade/installation/using_kickstart_for_automatic_installation.md @@ -0,0 +1,350 @@ +# 使用kickstart自动化安装 + +## 总体介绍 + +### 概述 + +用户可以使用kickstart工具进行openEuler系统的自动化安装,包括如下两种方式: + +- 半自动化安装:安装人员不需要手动设定操作系统的键盘、语言、分区等具体属性(通过kickstart实现自动化),但是需要手动指定kickstart文件的位置。 +- 全自动化安装:实现操作系统的安装过程全自动化。 + +### 优缺点对比 + +使用kickstart工具进行半自动化安装和全自动化安装的优缺点对比如[表1](#table1388812373315)所示,用户可以自行选择安装方式。 + +**表 1** 优缺点对比 + + + + + + + + + + + + + + + + +

安装方式

+

优点

+

缺点

+

半自动化安装

+

不需要准备tftp,pxe,dhcp等服务

+

需要手动指定kickstart文件的位置

+

全自动化安装

+

操作系统的全自动化安装

+

需要配置tftp,dhcpd,pxe等服务

+
+ +### 背景知识 + +**kickstart** + +kickstart是一种无人值守的安装方式。它的工作原理是在安装过程中记录典型的需要人工干预填写的各种参数,并生成一个配置文件(ks.cfg),在安装过程中,安装程序首先会去查找ks配置文件,如果找到合适的参数,就采用所找到的参数;如果没有找到合适的参数,便需要安装者手工设定。所以,如果kickstart文件涵盖了安装过程中需要设定的所有参数,安装者只需要告诉安装程序从何处取ks.cfg文件,就能实现系统安装的自动化。 + +kickstart 安装提供一个安装过程自动化的方法,可以是部分自动化,也可以是完全自动化。 + +**PXE** + +PXE(Pre-boot Execution Environment,预启动执行环境),工作于Client/Server的网络模式,支持PXE的客户端在启动过程中,能够从DHCP服务器获取IP,结合TFTP(Trivial File Transfer Protocol)等协议可以实现客户端的网络引导和安装。 + +**TFTP** + +TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议用来实现客户机与服务器之间的简单文件传输,它提供不复杂、开销不大的文件传输服务。 + +## 半自动化安装指导 + +### 环境要求 + +使用kickstart进行openEuler系统的半自动化安装的环境要求如下: + +- 物理机/虚拟机(虚拟机创建可参考对应厂商的资料)。包括使用kickstart工具进行自动化安装的计算机和被安装的计算机。 +- httpd:存放kickstart文件。 +- ISO:openEuler-{version}-aarch64-dvd.iso。 + +### 操作步骤 + +使用kickstart进行openEuler系统的半自动化安装的操作步骤如下: + +**环境准备** + +>![](./public_sys-resources/icon-note.gif) **说明:** +>安装之前,请确保http服务器的防火墙处于关闭状态。关闭防火墙可参照如下命令: +> +>```shell +>iptables -F +>``` + +1. httpd的安装与服务启动。 + + ``` + # dnf install httpd -y + # systemctl start httpd + # systemctl enable httpd + ``` + +2. kickstart文件的准备。 + + ``` + # mkdir /var/www/html/ks + # vim /var/www/html/ks/openEuler-ks.cfg ===>根据已安装openEuler系统自动生成的anaconda-ks.cfg修改得到 + ==================================== + ***以下内容需要根据实际需求进行修改*** + #version=DEVEL + ignoredisk --only-use=sda + autopart --type=lvm + # Partition clearing information + clearpart --none --initlabel + # Use graphical install + graphical + # Use CDROM installation media + cdrom + # Keyboard layouts + keyboard --vckeymap=cn --xlayouts='cn' + # System language + lang zh_CN.UTF-8 + + # Network information + network --bootproto=dhcp --device=enp4s0 --ipv6=auto --activate + network --hostname=openeuler.com + # Root password + rootpw --iscrypted $6$fQE83lxEZ48Or4zc$j7/PlUMHn29yTjCD4Fi44WTZL/RzVGxJ/7MGsZMl6QfE3KjIVT7M4UrhFXbafvRq2lUddAFcyWHd5WRmXfEK20 + # Run the Setup Agent on first boot + firstboot --enable + # Do not configure the X Window System + skipx + # System services + services --disabled="chronyd" + # System timezone + timezone Asia/Shanghai --utc --nontp + + %packages + @^minimal-environment + @standard + + %end + + %anaconda + pwpolicy root --minlen=8 --minquality=1 --notstrict --nochanges --notempty + pwpolicy user --minlen=8 --minquality=1 --notstrict --nochanges --emptyok + pwpolicy luks --minlen=8 --minquality=1 --notstrict --nochanges --notempty + %end + + %post + #enable kdump + sed -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg + %end + ===================================== + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >密码密文生成方式: + > + >``` + ># python3 + >Python 3.7.0 (default, Apr 1 2019, 00:00:00) + >[GCC 7.3.0] on linux + >Type "help", "copyright", "credits" or "license" for more information. + >>>> import crypt + >>>> passwd = crypt.crypt("myPasswd") + >>>> print (passwd) + >$6$63c4tDmQGn5SDayV$mZoZC4pa9Jdt6/ALgaaDq6mIExiOO2EjzomB.Rf6V1BkEMJDcMddZeGdp17cMyc9l9ML9ldthytBEPVcnboR/0 + >``` + +3. 将ISO镜像文件挂载到需要安装openEuler计算机的光驱上。 + + 另外,也可以选择NFS等网络安装,kickstart文件中需要指定安装源位置(默认是cdrom)。 + +**安装系统** + +1. 启动系统进入安装选择界面。 + 1. 在“[启动安装](./安装指导.html#启动安装)”中的“安装引导界面”中选择“Install openEuler {version}”,并按下“e”键。 + 2. 启动参数中追加“inst.ks= ip/ks/openEuler-ks.cfg”。 + + ![](./figures/startparam.png) + + 3. 按“Ctrl+x”,开始系统的自动安装。 + +2. 确认系统安装完毕。 + + 系统安装完毕以后会自动重启,如果优先从光驱启动,会再次进入到安装界面,此时关闭计算机,调整启动顺序(优先从硬盘启动)。 + + ![](./figures/Automatic_installation_complete.png) + +## 全自动化安装指导 + +### 环境要求 + +使用kickstart进行openEuler系统的全自动化安装的环境要求如下: + +- 物理机/虚拟机(虚拟机创建可参考对应厂商的资料)。包括使用kickstart工具进行自动化安装的计算机和被安装的计算机。 +- httpd:存放kickstart文件。 +- tftp:提供vmlinuz和initrd文件。 +- dhcpd/PXE:提供DHCP服务。 +- ISO:openEuler-{version}-aarch64-dvd.iso。 + +### 操作步骤 + +使用kickstart进行openEuler系统的全自动化安装的操作步骤如下: + +**环境准备** + +>![](./public_sys-resources/icon-note.gif) **说明:** +>安装之前,请确保http服务器的防火墙处于关闭状态。关闭防火墙可参照如下命令: +> +>```shell +>iptables -F +>``` + +1. httpd的安装与服务启动。 + + ``` + # dnf install httpd -y + # systemctl start httpd + # systemctl enable httpd + ``` + +2. tftp的安装与配置。 + + ``` + # dnf install tftp-server -y + # vim /etc/xinetd.d/tftp + service tftp + { + socket_type = dgram + protocol = udp + wait = yes + user = root + server = /usr/sbin/in.tftpd + server_args = -s /var/lib/tftpboot + disable = no + per_source = 11 + cps = 100 2 + flags = IPv4 + } + # systemctl start tftp + # systemctl enable tftp + # systemctl start xinetd + # systemctl status xinetd + # systemctl enable xinetd + ``` + +3. 安装源的制作。 + + ``` + # mount openEuler-{version}-aarch64-dvd.iso /mnt + # cp -r /mnt/* /var/www/html/openEuler/ + ``` + +4. 设置和修改kickstart配置文件 openEuler-ks.cfg,参考[3](#zh-cn_topic_0151920754_l1692f6b9284e493683ffa2ef804bc7ca)安装源的目录,此处选择http安装源。 + + ``` + #vim /var/www/html/ks/openEuler-ks.cfg + ==================================== + ***以下内容根据实际需求进行修改*** + #version=DEVEL + ignoredisk --only-use=sda + autopart --type=lvm + # Partition clearing information + clearpart --none --initlabel + # Use graphical install + graphical + # Keyboard layouts + keyboard --vckeymap=cn --xlayouts='cn' + # System language + lang zh_CN.UTF-8 + #Use http installation source + url --url=http://192.168.122.1/openEuler/ + %post + #enable kdump + sed -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg + %end + ... + ``` + +5. 修改pxe配置文件grub.cfg, 可参考如下内容(注意:openEuler当前不支持bls格式的cfg文件)。 + + ``` + # cp -r /mnt/images/pxeboot/* /var/lib/tftpboot/ + # cp /mnt/EFI/BOOT/grubaa64.efi /var/lib/tftpboot/ + # cp /mnt/EFI/BOOT/grub.cfg /var/lib/tftpboot/ + # ls /var/lib/tftpboot/ + grubaa64.efi grub.cfg initrd.img TRANS.TBL vmlinuz + # vim /var/lib/tftpboot/grub.cfg + set default="1" + + function load_video { + if [ x$feature_all_video_module = xy ]; then + insmod all_video + else + insmod efi_gop + insmod efi_uga + insmod ieee1275_fb + insmod vbe + insmod vga + insmod video_bochs + insmod video_cirrus + fi + } + + load_video + set gfxpayload=keep + insmod gzio + insmod part_gpt + insmod ext2 + + set timeout=60 + + + ### BEGIN /etc/grub.d/10_linux ### + menuentry 'Install openEuler {version} ' --class red --class gnu-linux --class gnu --class os { + set root=(tftp,192.168.122.1) + linux /vmlinuz ro inst.geoloc=0 console=ttyAMA0 console=tty0 rd.iscsi.waitnet=0 inst.ks=http://192.168.122.1/ks/openEuler-ks.cfg + initrd /initrd.img + } + ``` + +6. DHCP的配置(可以使用dnsmasq代替 )。 + + ``` + # dnf install dhcp -y + # + # DHCP Server Configuration file. + # see /usr/share/doc/dhcp-server/dhcpd.conf.example + # see dhcpd.conf(5) man page + # + # vim /etc/dhcp/dhcpd.conf + ddns-update-style interim; + ignore client-updates; + filename "grubaa64.efi";    # pxelinux 启动文件位置; + next-server 192.168.122.1;  # (重要)TFTP Server 的IP地址; + subnet 192.168.122.0 netmask 255.255.255.0 { + option routers 192.168.122.1; # 网关地址 + option subnet-mask 255.255.255.0; # 子网掩码 + range dynamic-bootp 192.168.122.50 192.168.122.200; # 动态ip范围 + default-lease-time 21600; + max-lease-time 43200; + } + # systemctl start dhcpd + # systemctl enable dhcpd + ``` + +**安装系统** + +1. 在“Start boot option”界面按下“F2”选择从网络pxe启动,开始自动化安装。 + + ![](./figures/zh-cn_image_0229291270.png) + + ![](./figures/zh-cn_image_0229291286.png) + + ![](./figures/zh-cn_image_0229291247.png) + +2. 进入系统全自动化安装界面。 +3. 确认系统安装完毕。 + + ![](./figures/Automatic_installation_complete.png) diff --git a/docs/zh/server/installation_upgrade/upgrade/_toc.yaml b/docs/zh/server/installation_upgrade/upgrade/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6c60e745618d6dea6c65b51dd503c2f7ea591e54 --- /dev/null +++ b/docs/zh/server/installation_upgrade/upgrade/_toc.yaml @@ -0,0 +1,6 @@ +label: 升级指南 +isManual: true +description: 升级 openEuler 操作系统 +sections: + - label: 升降级指导 + href: ./openEuler_22.03_lts_upgrade_and_downgrade_guide.md diff --git a/docs/zh/server/installation_upgrade/upgrade/images/LTS_version.png b/docs/zh/server/installation_upgrade/upgrade/images/LTS_version.png new file mode 100644 index 0000000000000000000000000000000000000000..84132f5825f1bdc743736ab2c65cd23c7ec9afa9 Binary files /dev/null and b/docs/zh/server/installation_upgrade/upgrade/images/LTS_version.png differ diff --git a/docs/zh/server/installation_upgrade/upgrade/images/SP1_repo.png b/docs/zh/server/installation_upgrade/upgrade/images/SP1_repo.png new file mode 100644 index 0000000000000000000000000000000000000000..42336cddfc122937e4ac2a8ce07182fa166ce942 Binary files /dev/null and b/docs/zh/server/installation_upgrade/upgrade/images/SP1_repo.png differ diff --git a/docs/zh/server/installation_upgrade/upgrade/images/SP1_version.png b/docs/zh/server/installation_upgrade/upgrade/images/SP1_version.png new file mode 100644 index 0000000000000000000000000000000000000000..d22f8523c22dbd094d21ccdfb86446062b63b5ea Binary files /dev/null and b/docs/zh/server/installation_upgrade/upgrade/images/SP1_version.png differ diff --git a/docs/zh/server/installation_upgrade/upgrade/openEuler_22.03_lts_upgrade_and_downgrade_guide.md b/docs/zh/server/installation_upgrade/upgrade/openEuler_22.03_lts_upgrade_and_downgrade_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..dcf40152d2b356cf962088e5e6f39b0e69667dd2 --- /dev/null +++ b/docs/zh/server/installation_upgrade/upgrade/openEuler_22.03_lts_upgrade_and_downgrade_guide.md @@ -0,0 +1,74 @@ +# 升级指南 + +本文档以openEuler-22.03-LTS到openEuler-22.03-LTS-SP1的升降级为例,其他版本同理。 + +## **1**. **系统安装** + +获取openEuler-22.03-LTS镜像,参考安装指南,完成openEuler操作系统的安装。 + +查看当前环境openEuler、kernel版本 + +![LTS_version](./images/LTS_version.png) + +## **2**. **升级操作** + +### 2.1 新增openEuler-22.03-LTS-SP1 repo源 (openEuler-22.03-LTS-SP1.repo) + +```bash +vi /etc/yum.repos.d/openEuler-22.03-LTS-SP1.repo +``` + + 输入以下openEuler-22.03-LTS-SP1 repo源信息并保存退出 + +```bash +SP1_OS、SP1_everything、SP1_EPOL、SP1_debuginfo、SP1_source、SP1_update +``` + +![SP1_repo](./images/SP1_repo.png) + +### 2.2 执行升级 + +```bash +dnf update | tee update_log +``` + +```bash +补充说明: +1、安装报错时,通过执行 dnf update --skip-broken -x conflict_pkg1 |tee update_log 规避安装冲突问题,如果有多个包冲突,添加多个-x conflict_pkg1 -x conflict_pkg2 -x conflict_pkg3,待升级完成后,对跳过的软件包单独进行分析、验证、升级; +2、参数释义: +--allowerasing 通过卸载已安装的软件包解决依赖关系 +--skip-broken 通过跳过软件包解决依赖问题 +-x 跟--skip-broken配合使用,后边跟需要跳过的软件包名 +``` + +### 2.4 重启系统 + +```bash +reboot +``` + +## **3**. **升级结果验证** + +查看当前环境的openEuler、kernel版本 + +![SP1_version](./images/SP1_version.png) + +## **4**. **降级操作** + +### 4.1 执行降级 + +```bash +dnf downgrade | tee downgrade_log +``` + +### 4.2 重启系统 + +```bash +reboot +``` + +## **5**. **降级结果验证** + +查看当前环境的openEuler、kernel版本 + +![LTS_version](./images/LTS_version.png) diff --git a/docs/zh/server/maintenance/_toc.yaml b/docs/zh/server/maintenance/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..26e47050f798bd8c52241cb10b5c9fa91769aa62 --- /dev/null +++ b/docs/zh/server/maintenance/_toc.yaml @@ -0,0 +1,9 @@ +label: 运维指南 +isManual: true +description: 运维指南 +sections: + - label: 运维指南 + href: ./overview.md + sections: + - label: 运维概述 + href: ./operation_and_maintenance_overview.md diff --git a/docs/zh/server/maintenance/aops/_toc.yaml b/docs/zh/server/maintenance/aops/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..76327c859fd0f117b2596c71ed8ae9be71808fdd --- /dev/null +++ b/docs/zh/server/maintenance/aops/_toc.yaml @@ -0,0 +1,20 @@ +label: A-Ops用户指南 +isManual: true +description: 使用 A-Ops 智能运维框架进行故障快速定位、配置项统筹管理等 +sections: + - label: 部署A-Ops + href: ./deploying_aops.md + - label: 使用A-Ops智能定位框架 + href: ./aops_intelligent_positioning_framework_user_manual.md + - label: A-Ops漏洞管理模块使用手册 + href: ./aops_vulnerability_management_module_user_manual.md + - label: 使用热补丁dnf插件 + href: ./dnf_command_usage.md + - label: 配置溯源服务 + href: ./configuration_tracing_service_user_manual.md + - label: 社区热补丁制作发布流程 + href: ./community_hotpatch_creation_and_release_process.md + - label: A-Ops资产管理使用手册 + href: ./aops_asset_management_user_manual.md + - label: 一键化部署介绍 + href: ./quick_deployment_of_aops.md diff --git a/docs/zh/server/maintenance/aops/aops_asset_management_user_manual.md b/docs/zh/server/maintenance/aops/aops_asset_management_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..0a9986a1c5fb862f7405863980448962743e7fec --- /dev/null +++ b/docs/zh/server/maintenance/aops/aops_asset_management_user_manual.md @@ -0,0 +1,111 @@ +# AOps资产管理使用手册 + +参照[AOps部署指南](deploying_aops.md)部署AOps前后端服务后,即可使用AOps资产管理功能,纳管集群主机。 + +主机纳管是使用AOps进行智能运维的第一步,后续用户按需部署的漏洞管理、配置溯源及故障诊断服务均面向纳管的主机进行操作。 + +下文将为大家介绍如何使用资产管理功能,逐步纳管集群主机。 + +## 1. 登录 + +首先使用默认的admin账号进行登录,密码为changeme + +![登陆界面](./figures/资产管理/登陆界面.png) + +这里也支持用户注册新账号,或是用gitee账号第三方登录。 + +登录后会直接切入数据看板界面,后续纳管主机并漏洞扫描后,可以在右侧页面主窗口右上角内看到CVE整体数量的分布统计。 + +![工作台详情](./figures/资产管理/工作台.png) + +## 2. 纳管集群主机 + +资产管理界面用于对集群中服务器的纳管(添加、编辑和删除),支持单台主机和批量主机的添加操作。 + +当前资产管理模块分为以下两个界面: + +- 主机管理 +- 主机组管理 + +纳管时需先创建主机组,再将主机添加至对应主机组中,便于后续对主机分组查看和管理。 + +### 2.1 添加主机组 + +进入资产管理的主机组管理子页面,点击右侧添加主机组按钮,即可添加主机组的名称和描述。 + +![主机组管理](./figures/资产管理/主机组管理列表.png) + +![添加主机组](./figures/资产管理/添加主机组.png) + +后续添加主机后,可以查看该主机组的主机列表: + +![主机组内主机查看](./figures/资产管理/主机组内主机查看.png) + +### 2.2 添加主机 + +进入主机管理页面,可以看到当前所有纳管的主机。其中也可以看到各主机的在线状态。 + +![主机列表查看](./figures/资产管理/主机列表.png) + +此页面支持如下操作: + +- 添加单台主机 +- 批量添加主机 +- 主机的批量删除 +- 支持使用所属主机组、管理节点的主机过滤,同时可满足对主机名称的排序 + +#### 2.2.1 添加单台主机 + +点击“添加主机”按钮,即可对单台主机进行添加。 + +![主机管理-添加](./figures/资产管理/主机管理-添加.png) + +支持如下操作: + +- 快捷添加主机组(同主机组管理中的添加功能) +- 登录认证方式支持主机密码模式(需提供账号和密码)和主机密钥模式(需提供可登录的密钥,**注意此处的密钥为私钥**) + +注:管理节点/监控节点暂无本质区别,用户可按需指定。 + +#### 2.2.2 批量添加主机 + +针对大集群的场景,一个个添加主机过于麻烦。这里我们提供了上传excel的方式,将主机批量添加。 + +![主机管理-批量添加](./figures/资产管理/批量添加主机.png) + +下载模板并按照格式填写主机注册所需信息后,选择文件进行上传。 + +![主机管理-批量添加](./figures/资产管理/批量添加-文件解析.png) + +格式解析无误后,点击提交,即可看到添加结果。若添加失败会有相应提示。 + +![主机管理-批量添加](./figures/资产管理/批量添加-添加结果.png) + +支持如下操作: + +- 在线下载批量导入主机模板,支持的类型有xls、xlsx、csv三种格式的文件 +- 通过新增上传解析文件内容,数据回显至前端展示 +- 支持单主机的数据调整或删除 +- 点击提交后,可查看主机添加的结果 + +## 3 编辑主机 + +添加主机完毕后,若密码或密钥不对导致连接失败,或其他信息需要变更,可以点击主机列表中的编辑按钮进行编辑: + +![主机管理-批量添加](./figures/资产管理/主机编辑界面.png) + +## 4 查看主机详情 + +客户端部署了aops-ceres命令行工具后,在主机列表点击主机可以查看该主机的一些基础信息。 + +![主机详情](./figures/资产管理/主机详情.png) + +若部署了prometheus服务以及客户端的采集器(node-exporter或gala-gopher等),可以在下方选择并展示主机的指标波形。 + +![指标波形](./figures/资产管理/指标波形.png) + +点击插件页签,可以看到node-exporter插件的各采集探针,按需开启或关闭。 + +点击场景识别后,系统会根据客户端的应用生成该主机的场景,并推荐检测该场景所需开启的插件以及采集项。 + +![插件开关](./figures/资产管理/插件开关.png) \ No newline at end of file diff --git a/docs/zh/server/maintenance/aops/aops_intelligent_positioning_framework_user_manual.md b/docs/zh/server/maintenance/aops/aops_intelligent_positioning_framework_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..d052e9aacd205fe50a5b0b794ab0bd9e91f28d3b --- /dev/null +++ b/docs/zh/server/maintenance/aops/aops_intelligent_positioning_framework_user_manual.md @@ -0,0 +1,109 @@ +# AOps 智能定位框架使用手册 + +参照[AOps部署指南](deploying_aops.md)部署AOps前后端服务,并参照[AOps资产管理使用手册](./aops_asset_management_user_manual.md)纳管了主机后,即可使用AOps智能定位框架。 + +智能定位框架包含了**智能定位**和**配置溯源**两部分,下文会从页面的维度进行AOps智能定位框架功能的介绍。 + +## 1. 智能定位 + +AOps项目的智能定位策略采用内置网络诊断应用作为模板,生成个性化工作流的策略进行检测和诊断。 + +“应用”作为工作流的模板,描述了检测中各步骤的串联情况,内置各步骤中使用的检测模型的推荐逻辑。用户在生成工作流时,可根据各主机的采集项、场景等信息,定制出工作流的详细信息。 + +### 1.1 工作流列表页面 + +![工作流](./figures/故障诊断/工作流.jpg) + +支持操作: + +- 查看当前工作流列表,支持按照主机组、应用和状态进行筛选,并支持分页操作 +- 查看当前应用列表 + +### 1.2 工作流详情页面 + +![工作流详情](./figures/故障诊断/工作流详情.jpg) + +支持操作: + +- 查看工作流所属主机组、主机数量、状态等基础信息 +- 查看单指标检测、多指标检测、集群故障诊断各步骤的详细算法模型信息 +- 修改检测各步骤应用的模型 +- 执行、暂停和删除工作流 + +修改某检测步骤的模型时,用户可根据模型名或标签搜索系统内置的模型库,选中模型后点击右下角“应用”按钮进行更改。 + +![修改模型](./figures/故障诊断/修改模型.png) + +### 1.3 应用详情页面 + +![app详情](./figures/故障诊断/应用.png) + +支持操作: + +- 查看应用的整体流程 +- 基于应用创建工作流 + +创建工作流时,点击右上角的“创建工作流”按钮,并在右侧弹出的窗口中输入工作流的名称和描述,选择要检测的主机组。选中主机组后,下方会列出该主机组的所有主机,用户可选中部分主机后移到右侧的列表,最后点击创建,即可在工作流列表中看到新创建的工作流。 + +![app详情](./figures/故障诊断/app详情.jpg) + +![创建工作流](./figures/故障诊断/创建工作流.jpg) + +### 1.4 告警 + +启动工作流后,会根据工作流的执行周期定时触发诊断,每次诊断结果若为异常,则会作为一条告警存入数据库,同时也会反映在前端告警页面中。 + +![告警](./figures/故障诊断/告警.jpg) + +支持操作: + +- 查看当前告警总数 +- 查看各主机组的告警数量 +- 查看告警列表 +- 告警确认 +- 查看告警详情 +- 下载诊断报告 + +点击操作列“确认”可进行告警确认,告警确认后,将不在列表中显示 + +![告警确认](./figures/故障诊断/告警确认.jpg) + +点击操作列“异常详情”后,可以根据主机维度查看告警详情,包括异常数据项的展示以及根因节点、根因异常的判断等。 + +![告警详情](./figures/故障诊断/告警详情.jpg) + +## 2. 配置溯源 + +AOps项目的配置溯源用于对目标主机配置文件内容的变动进行检测记录,对于文件配置错误类引发的故障起到很好的支撑作用。 + +### 2.1 创建业务域 + +![](./figures/chuangjianyewuyu.png) + +### 2.2 添加业务域纳管node + +![](./figures/tianjianode.png) + +### 2.3 添加业务域配置 + +![](./figures/xinzengpeizhi.png) + +### 2.4 查询预期配置 + +![](./figures/chakanyuqi.png) + +### 2.5 删除配置 + +![](./figures/shanchupeizhi.png) + +### 2.6 查询实际配置 + +![](./figures/chaxunshijipeizhi.png) + +### 2.7 配置校验 + +![](./figures/zhuangtaichaxun.png) + +### 2.8 配置同步 + +暂未提供 diff --git a/docs/zh/server/maintenance/aops/aops_vulnerability_management_module_user_manual.md b/docs/zh/server/maintenance/aops/aops_vulnerability_management_module_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..3e481798fff00b8250063a05253da8b027ec33dd --- /dev/null +++ b/docs/zh/server/maintenance/aops/aops_vulnerability_management_module_user_manual.md @@ -0,0 +1,286 @@ +# AOps漏洞管理模块使用手册 + +参照[AOps部署指南](deploying_aops.md)部署AOps前后端服务,并参照[AOps资产管理使用手册](aops_asset_management_user_manual.md)纳管了主机后,即可使用AOps漏洞管理模块。 + +A-Ops智能运维工具的智能补丁管理模块(**apollo**)主要集成了**漏洞扫描、CVE修复、任务回退**、**热补丁移除**等核心功能: + +- 支持对openEuler已修复并发布的漏洞进行手动/定时扫描。漏洞的详细信息通过**在线/离线**同步社区发布的安全公告进行获取。当前聚焦于内核漏洞的处理,后续支持用户态软件包漏洞。 + +- 支持漏洞批量修复。修复过程中,客户端会命令行调用基于dnf原生框架的dnf hotpatch插件,实现**冷补丁(需重启)/热补丁(免重启)**的修复。此插件将底层冷、热补丁的管理封装成统一的入口,方便单机用户的使用和集群的调用。 + +- 支持通过任务粒度回退或移除热补丁的形式,将系统恢复至原状态。 + +下文将按照漏洞修复的工作流来进行A-Ops智能补丁管理功能的介绍。 + +## 1. 配置repo源 + +openEuler的漏洞信息通过安全公告对外发布,同时在update源中发布修复所用的软件包及相应元数据。配置了update源后即可在命令行通过dnf updateinfo list cves命令或dnf hot-updateinfo list cves(需安装A-Ops的dnf热补丁插件)进行漏洞的扫描。 + +默认的openEuler系统安装后自带对应OS版本的冷补丁update源。对于自定义或离线场景,用户可以通过设置repo来自行配置冷/热补丁的update源。 + +### 1.1 Repo源添加 + +漏洞管理界面用于对目标主机存在的CVE进行监控与修复。 + +当前漏洞管理模块分为以下三个界面: + +- 主机列表界面 +- CVEs界面 +- 任务列表界面 + +进入漏洞管理的主机管理子页面,可以从主机粒度看到当前纳管的所有主机的**已修复和未修复漏洞**情况: + +![主机列表界面](./figures/漏洞管理/主机列表界面.png) + +点击下方CVE REPO的加号框,随后在弹出界面中,输入REPO源名称与REPO内容,点击右下角“确定”按钮即可进行repo源的添加: + +![添加REPO源](./figures/漏洞管理/添加repo源.png) + +若不清楚格式,可以点击下载模板按钮查看。注意baseurl和gpgkey要配置为客户端OS版本的对应地址。用户也可以直接上传编辑好的repo文件。 + +新建repo完毕后,即可在CVE REPO列表中进行查看或删除。 + +### 1.2 Repo设置 + +新建repo源后,点击右上角“设置repo”的按钮,可以创建一个任务,为勾选的主机进行批量的repo设置。 + +![设置repo](./figures/漏洞管理/设置repo源.png) + +点击“创建”或“立即执行”后会生成一个repo设置任务,执行完毕后即可在主机列表界面看到已设置好该repo源。 + +## 2. 漏洞扫描 + +确认好主机上已配置好repo源(或使用默认安装时自带的repo源)后,我们就可以为主机进行批量扫描了。直接点击右侧的漏洞扫描,默认扫描全部主机。用户也可以勾选部分主机进行扫描。 + +除了手动扫描,用户也可以配置后台定时任务,进行每日定时扫描。 + +![漏洞扫描](./figures/漏洞管理/漏洞扫描.png) + +扫描完毕后,若用户在创建用户时配置了邮箱信息,apollo会将漏洞情况邮件发送给用户。 + +![邮件通知](./figures/漏洞管理/邮件通知.png) + +## 3. 漏洞查看 + +### 3.1 主机详情信息界面 + +扫描完毕后,除了上文的主机列表可以看到每个主机的已修复和未修复的CVE数量,还可以点击某台主机查看详细的CVE信息: + +![主机详情](./figures/漏洞管理/主机详情.png) + +支持如下操作: + +- 查看主机基本信息与CVE个数 +- 查看该主机未修复CVE和已修复CVE列表,支持导出。未修复CVE展开后可以看到受影响的RPM包及支持的修复方法,已修复CVE展开后可以看到修复使用的RPM。 +- 生成CVE修复任务(切换至“未修复”时,才可支持CVE修复任务创建),可支持CVE粒度的任务创建,同时也可具体到特定的rpm包修复 +- 生成热补丁移除任务(切换至“已修复”时,才可支持生成热补丁移除任务) +- 单机漏洞扫描 + +### 3.2 CVE列表界面 + +上文介绍了从主机维度查看漏洞情况,我们也可以从**漏洞维度**去查看我们重点关注的漏洞。 + +点击CVEs子页面,可以看到未修复和已修复两个页签,下方详细介绍了每个CVE的发布时间、影响软件包、严重性等信息,展开后则能看到描述信息及受影响的rpm包和支持的修复方式。 + +![CVEs列表](./figures/漏洞管理/cve列表.png) + +支持如下操作: + +- 查看所有CVE信息(CVE严重性进行筛选、CVE ID、发布时间、CVSS分数、主机数量进行排序,可根据CVE ID或软件包名称进行检索) +- 切换至“未修复”列表 + - 展开某CVE可以看到受影响的RPM包和支持的修复方法,以及该组合对应的主机 + - 右侧按钮为“生成修复任务”,支持生成**CVE修复任务** + +- 切换至“已修复”列表 + - 展开某CVE可以看到修复使用的RPM及对应的主机 + - 右侧按钮为“热补丁移除”,针对热补丁修复的CVE,可生成**热补丁移除任务** + +- 上传安全公告 + +这里对安全公告的上传简单说明: + +apollo支持定时从openEuler官网下载安全公告信息,针对无法连接外网的环境,提供了安全公告的手动上传功能。当前社区仅对社区软件包受影响的CVE发布了安全公告,用户可以从以下地址下载安全公告并上传压缩包:[https://repo.openeuler.org/security/data/cvrf/](https://gitee.com/link?target=https%3A%2F%2Frepo.openeuler.org%2Fsecurity%2Fdata%2Fcvrf%2F) + +![上传安全公告](./figures/漏洞管理/上传安全公告.png) + +社区也提供了安全公告订阅,订阅后会收到邮件通知:[https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/](https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/) + +### 3.3 CVE详情信息 + +和主机详情界面类似,在CVE列表界面点击某一个CVE即可进入CVE详情界面。可以看到此漏洞影响的所有主机和已修复这个漏洞的主机。 + +![CVE详情](./figures/漏洞管理/CVE详情界面.png) + +支持如下操作: + +- 查看CVE基本信息 +- 查看关联CVE数量,即影响同样源码包(如kernel)的CVE +- 查看受此CVE影响的主机列表以及单个主机上受此CVE影响的rpm包列表 +- 支持点击主机名称跳转至**主机详情页** +- 选择“未修复”列表,右侧按钮为“生成修复任务,支持**生成CVE修复任务** +- 选择“已修复”列表,右侧按钮为“热补丁移除任务”,支持**生成热补丁移除任务** + +## 4. 漏洞修复 + +### 4.1 生成修复任务 + +在CVE列表、CVE详情、主机详情界面均可进行漏洞的批量修复。这里以CVE列表界面为示例,选中CVE点击“生成修复任务”按钮,右侧会出现弹窗。不选中CVE则默认修复全部CVE。 + +其中针对热补丁,有2个按钮: + +- 是否accept:勾选后会在重启后自动激活此次修复使用的热补丁 + +- 冷补丁收编:勾选后,会同步生成热补丁对应的冷补丁的修复任务 + +![生成修复任务](./figures/漏洞管理/生成修复任务.png) + +需额外注意: + +- 为了方便执行以及后续的任务回滚,生成任务时会自动将冷、热补丁的修复动作拆分成两个任务,可以通过任务名进行分辨。 + +### 4.2 执行修复任务 + +生成任务后可以点击立即跳转到该任务详情,或点击左侧的任务子页面,进入任务列表界面: + +![任务列表](./figures/漏洞管理/任务列表.png) + +点击刚才生成的修复任务,可以看到此任务的基础信息,以及下方的主机以及该主机要修复的软件包信息。点击右侧的执行按钮即可执行。 + +![任务详情界面](./figures/漏洞管理/任务详情.png) + +**注意**:针对同一台主机,**热补丁任务应优先与冷补丁任务执行**。由于内核热补丁只能应用在指定版本内核,若先安装冷补丁再安装热补丁,aops客户端会报错,以防重启后内核切换、热补丁失效导致的漏洞重新暴露。而先安装热补丁再安装冷补丁时,客户端调用的dnf upgrade-en 命令会确保冷补丁包含了当前热补丁修复的漏洞。 + +### 4.3 任务报告查看 + +执行完毕后,可以看到任务的“上次执行时间”发生更新,并出现“查看报告”按钮。点击查看报告,即可查看各主机的执行情况,如执行结果、执行失败的原因等: + +![修复任务报告](./figures/漏洞管理/修复任务报告.png) + +## 5. 修复任务回滚 + +进入修复任务详情,点击生成回滚任务,即可对该修复任务进行回退: + +![生成回滚任务](./figures/漏洞管理/生成回滚任务.png) + +进入回滚任务详情,与修复任务相反,可以看见当前已安装的软件包(修复时安装的rpm),以及回退后的目标软件包(修复前的rpm)。执行时点击“执行”按钮即可。 + +![回滚任务详情](./figures/漏洞管理/回滚任务详情.png) + +## 6. 热补丁移除任务 + +若对已安装的热补丁不满意,可以在任意“已修复”的列表,勾选使用热补丁修复的CVE或主机,生成热补丁移除任务。 + +与回滚任务相比,热补丁移除任务只针对热补丁,且不支持对热补丁的升降级处理,只通过dnf操作将热补丁rpm进行移除。 + +![生成热补丁移除任务](./figures/漏洞管理/生成热补丁移除任务.png) + +## 7.定时任务配置 + +主体的漏洞处理过程在前台完成之后,用户还可以在apollo服务端针对后台的定时任务进行编辑,修改后`systemctl restart aops-apollo`重启服务生效。 + +定时任务主要包含3种类型任务,定时任务配置文件位于 /etc/aops/apollo_crontab.ini,内容如下: + +```ini +[cve_scan] +# timed task name +id = cve scan +# value between 0-6, for example, 0 means Monday, 0-6means everyday. +day_of_week = 0-6 +# value between 0-23, for example, 2 means 2:00 in a day. +hour = 2 +# value is true or false, for example, true means with service start. +auto_start = true + +[download_sa] +id = download sa +day_of_week = 0-6 +hour = 3 +auto_start = true +cvrf_url = https://repo.openeuler.org/security/data/cvrf + +[correct_data] +id = correct data +day_of_week = 0-6 +hour = 4 +auto_start = true +service_timeout_threshold_min = 15 +``` + +### 7.1 定时巡检,执行漏洞扫描 + +**定时扫描cve任务的参数** + +- id + + > 定时任务的名称,不能与其他定时任务名称重复,不建议修改。 + +- day_of_week + + > 定时任务在一周中的第几天启动,取值范围0-6,0-6表示每天,0表示周一,以此类推。 + +- hour + + > 任务启动的时间,取值范围0-23,与24小时制时间格式一致。 + +- auto_start + + > 任务是否跟随服务启动,true表示同时启动,false表示不同时启动。 + +- 其他 + + > 如果要精确到分钟,秒,需要添加minute(取值范围0-59)和second(取值范围0-59)。 + > + > **示例** + > + > ```ini + > minute = 0 + > second = 0 + > ``` + +**修改配置文件示例** + +> 打开配置文件 + +```shell +vim /etc/aops/apollo_crontab.ini +``` + +> 修改定时任务执行时机 + +```ini +[cve_scan] +id = cve scan +day_of_week = 5 +hour = 2 +auto_start = true +``` + +### 7.2 定时下载安全公告 + +相同字段含义和使用与[cve_scan]一样。 + +- cvrf_url + + > 获取安全公告详细信息的基础url,**暂不支持修改。** + +### 7.3 定时校正异常数据 + +相同字段含义和使用与[cve_scan]一样。 + +- service_timeout_threshold_min + + > 判断异常数据的阈值,取值为正整数,建议最小值为15。 + +**修改配置文件示例** + +> 打开配置文件 + +```shell +vim /etc/aops/apollo_crontab.ini +``` + +> 设置异常数据阈值 + +```ini +service_timeout_threshold_min = 15 +``` diff --git a/docs/zh/server/maintenance/aops/community_hotpatch_creation_and_release_process.md b/docs/zh/server/maintenance/aops/community_hotpatch_creation_and_release_process.md new file mode 100644 index 0000000000000000000000000000000000000000..d51a70181c598d840b1247f39370ed67bcae2918 --- /dev/null +++ b/docs/zh/server/maintenance/aops/community_hotpatch_creation_and_release_process.md @@ -0,0 +1,274 @@ +# 社区热补丁制作发布流程 + +## 制作内核态/用户态热补丁 + +> 热补丁仓库: + +### 场景1. 在src-openEuler/openEuler仓下评论pr制作新版本热补丁 + +> 制作内核态热补丁需在**openEuler/kernel**仓评论pr。 +> +> 制作用户态热补丁需在src-openEuler仓评论pr,现在支持**src-openEuler/openssl,src-openEuler/glibc,src-openEuler/systemd**。 + +#### 1. 在已合入pr下评论制作热补丁 + +- 从src-openeuler仓【支持openssl, glibc, systemd】评论已合入pr制作新版本热补丁。 + +```shell +/makehotpatch [软件包版本号] [ACC/SGL] [patch list] [cve/bugfix/feature] [issue id] [os_branch] +``` + +命令说明:使用多个patch用','分隔,需注意patch的先后顺序。 + +![image-20230629114903593](./image/src-openEuler仓评论.png) + +- 从openeuler仓【支持kernel】评论已合入pr制作新版本热补丁。 + +```shell +/makehotpatch [软件包版本号] [ACC/SGL] [cve/bugfix/feature] [issue id] [os_branch] +``` + +![image-20230816105443658](./image/src-openEuler仓评论.png) + +评论后,门禁触发hotpatch_meta仓创建热补丁issue以及同步该pr。 + +#### 2. hotpatch_metadata仓自动创建热补丁issue、同步该pr + +pr评论区提示启动热补丁制作流程。 + +![image-20230816105627657](./image/启动热补丁工程流程.png) + +随后,hotpatch_meta仓自动创建热补丁issue,并在hotpatch_meta仓同步该pr。 + +> 热补丁issue用于跟踪热补丁制作流程。 +> +> hotpatch_meta仓用于触发制作热补丁。 + +![image-20230816105850831](./image/热补丁issue链接和pr链接.png) + +点击查看热补丁issue链接内容。 + +![image-20230816110430216](./image/热补丁issue初始内容.png) + +点击查看在hotpatch_meta仓自动创建的pr。 + +![image-20230816110637492](./image/hotpatch-fix-pr.png) + +#### 3. 触发制作热补丁 + +打开hotpatch_meta仓自动创建的pr,评论区可以查看热补丁制作信息。 + +![image-20230816110919823](./image/热补丁pr触发流程.png) + +查看热补丁制作结果。 + +如果热补丁制作失败,可以根据相关日志信息、下载chroot环境自行修改patch进行调试,重新修改pr提交后或者评论 /retest直到热补丁可以被成功制作。 + +![image-20230816111330743](./image/热补丁pr制作失败.png) + +![image-20230816111452301](./image/热补丁pr的chroot环境.png) + +如果热补丁制作成功,可以通过Download link下载热补丁进行自验。 + +![image-20230816111007667](./image/热补丁pr制作结果.png) + +打开Download link链接。 + +![image-20230816112118423](./image/热补丁自验下载链接.png) + +进入Packages目录,可以下载制作成功的热补丁。 + +![image-20230816112420115](./image/热补丁自验包下载链接.png) + +**若热补丁制作成功,可以对热补丁进行审阅**。 + +### 场景2、从hotpatch_meta仓提pr制作新版本热补丁 + +> hotpatch_meta仓地址: + +#### 1. 提pr + +在hotpatch_metadata仓提pr。 + +(1)阅读readme,根据热补丁issue模版和元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板创建热补丁。 + +![image-20230817095228204](./image/热补丁仓提pr说明.png) + +pr内容: + +- patch文件。 +- 如果没有相应热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件,则手动创建;否则修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 + +#### 2. 触发制作热补丁 + +**若热补丁制作成功,可以对热补丁进行审阅**。 + +### 场景3、从hotpatch_metadata仓提pr修改热补丁 + +> hotpatch_meta仓地址: +> +> 从hotpatch_meta仓提pr只能修改还未正式发布的热补丁。 + +#### 1. 提pr + +在hotpatch_meta仓提pr。 + +(1)如果修改过程涉及元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml文件内容变动,请阅读readme,按照元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板进行修改。 + +![image-20230817095228204](./image/热补丁仓提pr说明.png) + +> 如果需要修改元数据文件中的热补丁issue字段内容,请确保添加的热补丁Issue已经存在。 +> 用户不允许修改热补丁元数据文件中已被正式发布的热补丁的相关内容。 + +pr内容: + +- patch文件。 +- 修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 + +#### 2. 触发制作热补丁 + +**若热补丁制作成功,可以对热补丁进行审阅**。 + +## 审阅热补丁 + +### 1. 审阅热补丁pr + +确认可发布,合入pr。 + +![image-20230816112957179](./image/同意合入pr.png) + +### 2. pr合入,回填热补丁issue + +自动在热补丁issue页面补充热补丁路径,包含src.rpm/arm架构/x86架构的rpm包,以及对应hotpatch.xml,用于展示热补丁信息。 + +> 如果一个架构失败,强行合入,也可只发布单架构的包。 + +![image-20230816115813395](./image/热补丁issue回填.png) + +- 查看热补丁元数据内容。 + +> 热补丁元数据用于管理查看热补丁相关历史制作信息。 + +hotmetadata_ACC.xml格式示例: + +```xml + + + Managing Hot Patch Metadata + + + + 源码包下载路径(需要reealse正式路径) + x86_64架构debuginfo包下载路径(需要reealse正式路径) + aarch64架构debuginfo包下载路径(需要reealse正式路径) + 本次需要制作热补丁的patch包名1 + 本次需要制作热补丁的patch包名2 + ... + + + + 热补丁issue链接 + + + + +``` + +hotmetadata_SGL.xml格式示例: + +```xml + + + Managing Hot Patch Metadata + + + + 源码包下载路径(需要realse正式路径) + x86_64架构debuginfo包下载路径(需要reealse正式路径) + aarch64架构debuginfo包下载路径(需要reealse正式路径) + 本次需要制作热补丁的patch包名1 + 本次需要制作热补丁的patch包名2 + ... + + + + 热补丁issue链接 + + + + +``` + +> 注意:src_rpm的download_link均来自openeuler的repo仓下正式发布的rpm包。 + +![image-20230817100308392](./image/ACC的hotpatchmetadata文件示例.png) + +### 3. 修改热补丁Issue + +- 将热补丁issue状态修改为”已完成“。 +- 为热补丁issue添加hotpatch标签。 + +## 发布热补丁 + +### 1、收集热补丁发布需求 + +在release-management仓库每周update需求收集的issue下方,手动评论start-update命令,此时会收集待发布的热补丁和待发布的修复cve的冷补丁。后台会在hotpatch_meta仓库根据hotpatch标签查找已完成的热补丁issue。 + +### 2、生成热补丁安全公告 + +社区根据收集到的热补丁issue信息,生成热补丁安全公告xml文件。 + +> 热补丁安全公告地址: + +- 在热补丁安全公告文件新增HotPatchTree字段,记录和公告相关漏洞的热补丁,每个补丁按架构和CVE字段区分(Type=ProductName 记录分支,Type=ProductArch 记录补丁具体的rpm包)。 + +![image-20230908163914778](./image/image-20230908163914778.png) + +### 3、Majun平台上传文件到openEuler官网,同步生成updateinfo.xml文件 + +社区将生成的安全公告上传到openEuler官网,同时基于所收集的热补丁信息生成updateinfo.xml文件。 + +![image-20230908164216528](./image/image-20230908164216528.png) + +updateinfo.xml文件样例: + +```xml + + + + openEuler-HotPatchSA-2023-1001 + An update for kernel is now available for openEuler-22.03-LTS-SP3 + Important + openEuler + + + + + A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).(CVE-2023-3389) + + + openEuler + + patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.aarch64.rpm + + + patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.x86_64.rpm + + + + + +``` + +### 4、openEuler官网可以查看更新的热补丁信息 + +> openEuler官网安全公告: + +以”HotpatchSA“关键词搜索热补丁安全公告,打开安全公告查看发布热补丁详细信息。 + +![image-20230908163402743](./image/image-20230908163402743.png) + +### 5、获取热补丁相关文件 + +社区将热补丁相关文件同步至openEuler的repo源下,可以在各个分支的hotpatch_update目录下获取相应文件。 +> openEuler的repo地址: diff --git a/docs/zh/server/maintenance/aops/configuration_tracing_service_user_manual.md b/docs/zh/server/maintenance/aops/configuration_tracing_service_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..75d6cc50263724998a78b7fb13795fc457aa8ae2 --- /dev/null +++ b/docs/zh/server/maintenance/aops/configuration_tracing_service_user_manual.md @@ -0,0 +1,161 @@ +# gala-ragdoll的使用指导 + +============================ + +## 安装 + +### 手动安装 + +- 通过yum挂载repo源实现 + + 配置yum源:openEuler-24.03-LTS 和 openEuler-24.03-LTS:Epol,repo源路径:/etc/yum.repos.d/openEuler.repo。 + + ```ini + [everything] # openEuler-24.03-LTS 官方发布源 + name=openEuler-24.03-LTS + baseurl=https://repo.openeuler.org/openEuler-24.03-LTS/everything/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=https://repo.openeuler.org/openEuler-24.03-LTS/everything/$basearch/RPM-GPG-KEY-openEuler + + [Epol] # openEuler-24.03-LTS:Epol 官方发布源 + name=Epol + baseurl=https://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=https://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler + ``` + + 然后执行如下指令下载以及安装gala-ragdoll及其依赖。 + + ```shell + yum install gala-ragdoll # A-Ops 配置溯源 + yum install python3-gala-ragdoll + + yum install gala-spider # A-Ops 架构感知 + yum install python3-gala-spider + ``` + +- 通过安装rpm包实现。先下载gala-ragdoll-vx.x.x-x.oe1.aarch64.rpm,然后执行如下命令进行安装(其中x.x-x表示版本号,请用实际情况替代) + + ```shell + rpm -ivh gala-ragdoll-vx.x.x-x.oe1.aarch64.rpm + ``` + +### 使用Aops部署服务安装 + +#### 编辑任务列表 + +修改部署任务列表,打开gala_ragdoll步骤开关: + +```yaml +--- +step_list: + ... + gala_ragdoll: + enable: false + continue: false + ... +``` + +#### 编辑主机清单 + +具体步骤参见[部署管理使用手册]章节2.2.2.10章节gala-ragdoll模块主机配置 + +#### 编辑变量列表 + +具体步骤参见[部署管理使用手册]章节2.2.2.10章节gala-ragdoll模块变量配置 + +#### 执行部署任务 + +具体步骤参见[部署管理使用手册]章节3执行部署任务 + +### 配置文件介绍 + +```/etc/yum.repos.d/openEuler.repo```是用来规定yum源地址的配置文件,该配置文件内容为: + +```shell +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### yang模型介绍 + +`/etc/yum.repos.d/openEuler.repo`采用yang语言进行表示,参见`gala-ragdoll/yang_modules/openEuler-logos-openEuler.repo.yang`; +其中增加了三个拓展字段: + +| 拓展字段名称 | 拓展字段格式 | 样例 | +| ------------ | ---------------------- | ----------------------------------------- | +| path | OS类型:配置文件的路径 | openEuler:/etc/yum.repos.d/openEuler.repo | +| type | 配置文件类型 | ini、key-value、json、text等 | +| spacer | 配置项和配置值的中间键 | “ ”、“=”、“:”等 | + +附:yang语言的学习地址: + +### 通过配置溯源创建域 + +#### 查看配置文件 + +gala-ragdoll中存在配置溯源的配置文件 + +```shell +[root@openeuler-development-1-1drnd ~]# cat /etc/ragdoll/gala-ragdoll.conf +[git] // 定义当前的git信息:包括git仓的目录和用户信息 +git_dir = "/home/confTraceTestConf" +user_name = "user" +user_email = "email" + +[collect] // A-OPS 对外提供的collect接口 +collect_address = "http://192.168.0.0:11111" +collect_api = "/manage/config/collect" + +[ragdoll] +port = 11114 + +``` + +#### 创建配置域 + +![](./figures/配置溯源/chuangjianyewuyu.png) + +#### 添加配置域纳管node + +![](./figures/配置溯源/tianjianode.png) + +#### 添加配置域配置 + +![](./figures/配置溯源/xinzengpeizhi.png) + +#### 查询预期配置 + +![](./figures/配置溯源/chakanyuqi.png) + +#### 删除配置 + +![](./figures/配置溯源/shanchupeizhi.png) + +#### 查询实际配置 + +![](./figures/配置溯源/chaxunshijipeizhi.png) + +#### 配置校验 + +![](./figures/配置溯源/zhuangtaichaxun.png) + +#### 配置同步 + +![](./figures/配置溯源/peizhitongbu.png) + +#### 配置文件追溯 + +##### 打开监控开关 + +![](./figures/配置溯源/chuangjianyewuyu.png) + +##### 配置文件修改记录追溯 + +![](./figures/配置溯源/conf_file_trace.png) diff --git a/docs/zh/server/maintenance/aops/deploying_aops.md b/docs/zh/server/maintenance/aops/deploying_aops.md new file mode 100644 index 0000000000000000000000000000000000000000..4cbc97890ee6940a1e6e703850d9f6924ca6a597 --- /dev/null +++ b/docs/zh/server/maintenance/aops/deploying_aops.md @@ -0,0 +1,940 @@ +# 一、A-Ops服务介绍 + +A-Ops是用于提升主机整体安全性的服务,通过资产管理、漏洞管理、配置溯源等功能,识别并管理主机中的信息资产,监测主机中的软件漏洞、排查主机中遇到的系统故障,使得目标主机能够更加稳定和安全的运行。 + +下表是A-Ops服务涉及模块的说明: + +| 模块 | 说明 | +| ---------- | ---------------------------------------------------- | +| aops-ceres | A-Ops服务的客户端。
提供采集主机数据与管理其他数据采集器(如gala-gopher)的功能。
响应管理中心下发的命令,处理管理中心的需求与操作。 | +| aops-zeus | A-Ops基础应用管理中心,主要负责与其他模块的中转站,默认端口:11111
对外提供基本主机管理服务,主机与主机组的添加、删除等功能依赖此模块实现。 | +| aops-hermes | A-Ops可视化操作界面,展示数据信息,提升服务易用性。 | +| aops-apollo | A-Ops漏洞管理模块相关功能依赖此服务实现,默认端口:11116
识别客户机周期性获取openEuler社区发布的安全公告,并更新到漏洞库中。
通过与漏洞库比对,检测出系统和软件存在的漏洞。 | +| aops-vulcanus | A-Ops工具库,**除aops-ceres与aops-hermes模块外,其余模块须与此模块共同安装使用**。 | +| aops-tools | 提供基础环境一键部署脚本、数据库表初始化,安装后在/opt/aops/scripts目录下可见。
| +| gala-ragdoll | A-Ops配置溯源模块,通过git监测并记录配置文件的改动,默认端口:11114 | +| dnf-hotpatch-plugin | dnf插件,使得dnf工具可识别热补丁信息,提供热补丁扫描及热补丁修复功能。 | + +# 二、部署环境要求 + +建议采用4台 openEuler 24.03-LTS 机器部署,其中3台用于配置服务端,1台用于纳管(aops服务纳管的主机),**且repo中需要配置update源**([FAQ:配置update源](#Q6、配置update源)),具体用途以及部署方案如下: + ++ 机器A:部署mysql、redis、elasticsearch等,主要提供数据服务支持,建议内存8G+。 ++ 机器B:部署A-Ops的资产管理zeus服务+前端展示服务,提供完整的业务功能支持,建议内存6G+。 ++ 机器C:部署A-Ops的漏洞管理配置溯源(gala-ragdoll),提供漏洞管理服务,建议内存4G+。 ++ 机器D:部署A-Ops的客户端,用作一个被AOps服务纳管监控的主机(需要监管的机器中都可以安装aops-ceres)。 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ------------------------------------- | +| 机器A | 192.168.1.1 | mysql,elasticsearch, redis | +| 机器B | 192.168.1.2 | aops-zeus,aops-hermes,aops-diana | +| 机器C | 192.168.1.3 | aops-apollo,gala-ragdoll,aops-diana | +| 机器D | 192.168.1.4 | aops-ceres,dnf-hotpatch-plugin | + +> 每台机器在部署前,请先**关闭防火墙和SELinux**。 + +- 关闭防火墙 + +```shell +systemctl stop firewalld +systemctl disable firewalld +systemctl status firewalld +setenforce 0 + +``` + +- 禁用SELinux + +```shell +# 修改/etc/selinux/config文件中SELINUX状态为disabled + +vi /etc/selinux/config +SELINUX=disabled + +# 更改之后,按下ESC键,键盘中输入 :wq 保存修改的内容 +``` + +注:此SELINUX状态配置在系统重启后生效。 + +# 三、服务端部署 + +## 3.1、 资产管理 + +使用资产管理功能需部署aops-zeus、aops-hermes、mysql、redis服务。 + +### 3.1.1、节点信息 + +| 机器编号 | 配置IP|部署模块| +| -------- | -------- | -------- | +| 机器A | 192.168.1.1 |mysql,redis| +| 机器B | 192.168.1.2 |aops-zeus,aops-hermes| + +### 3.1.2、部署步骤 + +#### 3.1.2.1、 部署mysql + +- 安装mysql + +```shell +yum install mysql-server -y +``` + +- 修改mysql配置文件 + +```bash +vim /etc/my.cnf +``` + +- 在mysqld配置节下新增bind-address,值为本机ip + +```ini +[mysqld] +bind-address=192.168.1.1 +``` + +- 重启mysql服务 + +```bash +systemctl restart mysqld +``` + +- 设置mysql数据库的root用户访问权限 + +```mysql +[root@localhost ~] mysql + +mysql> show databases; +mysql> use mysql; +mysql> select user,host from user; -- 此处出现host为localhost时,说明mysql只允许本机连接,外网和本地软件客户端则无法连接。 + ++---------------+-----------+ +| user | host | ++---------------+-----------+ +| root | localhost | +| mysql.session | localhost | +| mysql.sys | localhost | ++---------------+-----------+ +3 rows in set (0.00 sec) +``` + +```mysql +mysql> update user set host = '%' where user='root'; -- 设置允许root用户任意IP访问。 +mysql> flush privileges; -- 刷新权限 +mysql> exit +``` + +#### 3.1.2.2、 部署redis + +- 安装redis + +```shell +yum install redis -y +``` + +- 修改配置文件 + +```shell +vim /etc/redis.conf +``` + +- 绑定IP + +```ini +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 lookback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES +# JUST COMMENT THE FOLLOWING LINE. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 192.168.1.1 # 此处添加机器A的真实IP +``` + +- 启动redis服务 + +```shell +systemctl start redis +``` + +#### 3.1.2.3、 部署prometheus + +- 安装prometheus + +```shell +yum install prometheus2 -y +``` + +- 修改配置文件 + +```shell +vim /etc/prometheus/prometheus.yml +``` + +- 被纳管的客户端**gala-gopher**地址添加至prometheus监控节点 + + > 本指南中机器D用于部署客户端,故添加机器D的gala-gopher地址 + > + > 修改**targets**配置项 + +```yml +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The job name is added as a label `job=` to any timeseries scraped from this config. + - job_name: 'prometheus' + + # metrics_path defaults to '/metrics' + # scheme defaults to 'http'. + + static_configs: + - targets: ['localhost:9090', '192.168.1.4:8888'] +``` + +- 启动prometheus服务 + +```shell +systemctl start prometheus +``` + +#### 3.1.2.4、 部署aops-zeus + +- 安装aops-zeus + +```bash +yum install aops-zeus -y +``` + +- 修改配置文件 + +```bash +vim /etc/aops/zeus.ini +``` + +- 将配置文件中各服务的地址修改为真实地址,本指南中aops-zeus部署于机器B,故需把IP地址配为机器B的ip地址 + +```ini +[zeus] +ip=192.168.1.2 // 此处ip修改为机器B真实ip +port=11111 + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/zeus.log +http-timeout=600 +harakiri=600 +processes=2 // 生成指定数目的worker/进程 +gevent=100 // gevent异步核数 + +[mysql] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=100 +pool_recycle=7200 + +[agent] +default_instance_port=8888 + +[redis] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=6379 + +[apollo] +ip=192.168.1.3 // 此处ip修改为部署apollo服务的真实ip(建议apollo与zeus分开部署)。若不使用apollo的漏洞管理功能则可以不配置 +port=11116 +``` + +> **mysql数据库设置为密码模式**,请参阅[FAQ:密码模式下mysql服务配置链接字符串](#Q5、mysql设置为密码模式) + +- 启动aops-zeus服务 + +```shell +systemctl start aops-zeus +``` + +**注意:服务启动前请确保已 [初始化aops-zeus数据库](#3125-初始化aops-zeus数据库)** + +> zeus服务启动失败,且报错内容包含mysql数据库连接失败,请排查是否设置mysql密码,如果是请参阅[FAQ:密码模式下mysql服务启动失败](#Q5、mysql设置为密码模式) + +#### 3.1.2.5、 初始化aops-zeus数据库 + +- 执行数据库初始化 + +```shell +cd /opt/aops/scripts/deploy +bash aops-basedatabase.sh init zeus +``` + +**注意:在未安装aops-tools工具包时,也可获取sql脚本通过mysql加载的方式初始化(sql脚本路径:/opt/aops/database/zeus.sql)** + +[FAQ:密码模式下mysql数据库初始化](#Q5、mysql设置为密码模式) + +[FAQ:/opt/aops/scripts/deploy目录不存在](#Q7、/opt/aops/scripts/deploy目录不存在) + +#### 3.1.2.6、 部署aops-hermes + +- 安装aops-hermes + +```shell +yum install aops-hermes -y +``` + +- 修改配置文件 + +```shell +vim /etc/nginx/aops-nginx.conf +``` + +- 服务配置展示 + + > 服务都部署在机器B,需将ngxin代理访问的各服务地址配置为机器B的真实ip + +```ini + # 保证前端路由变动时nginx仍以index.html作为入口 + location / { + try_files $uri $uri/ /index.html; + if (!-e $request_filename){ + rewrite ^(.*)$ /index.html last; + } + } + # 此处修改为aops-zeus部署机器真实IP + location /api/ { + proxy_pass http://192.168.1.2:11111/; + } + # 此处IP对应gala-ragdoll的IP地址,涉及到端口为11114的IP地址都需要进行调整 + location /api/domain { + proxy_pass http://192.168.1.3:11114/; + rewrite ^/api/(.*) /$1 break; + } + # 此处IP对应aops-apollo的IP地址 + location /api/vulnerability { + proxy_pass http://192.168.1.3:11116/; + rewrite ^/api/(.*) /$1 break; + } +``` + +- 开启aops-hermes服务 + +```shell +systemctl start aops-hermes +``` + +## 3.2、 漏洞管理 + +CVE管理模块在[资产管理](#31-资产管理)模块的基础上实现,在部署CVE管理模块前须完成[资产管理](#31-资产管理)模块的部署,然后再部署aops-apollo。 + +数据服务部分aops-apollo服务的运行需要**mysql、elasticsearch、redis**数据库的支持。 + +### 3.2.1、 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ------------- | +| 机器A | 192.168.1.1 | elasticsearch | +| 机器C | 192.168.1.3 | aops-apollo | + +### 3.2.2、 部署步骤 + +[部署步骤](#312部署步骤) + +#### 3.2.2.1、 部署elasticsearch + +- 生成elasticsearch的repo源 + +```shell +echo "[aops_elasticsearch] +name=Elasticsearch repository for 7.x packages +baseurl=https://artifacts.elastic.co/packages/7.x/yum +gpgcheck=1 +gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch +enabled=1 +autorefresh=1 +type=rpm-md" > "/etc/yum.repos.d/aops_elascticsearch.repo" +``` + +- 安装elasticsearch + +```shell +yum install elasticsearch-7.14.0-1 -y +``` + +- 修改elasticsearch配置文件 + +```shell +vim /etc/elasticsearch/elasticsearch.yml +``` + +```yml +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: node-1 +``` + +```yml +# ---------------------------------- Network ----------------------------------- +# +# By default Elasticsearch is only accessible on localhost. Set a different +# address here to expose this node on the network: +# +# 此处修改为机器A真实ip +network.host: 192.168.1.1 +# +# By default Elasticsearch listens for HTTP traffic on the first free port it +# finds starting at 9200. Set a specific HTTP port here: +# +http.port: 9200 +# +# For more information, consult the network module documentation. +# +``` + +```yml +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +cluster.initial_master_nodes: ["node-1"] +# 跨域配置 +http.cors.enabled: true +http.cors.allow-origin: "*" +``` + +- 重启elasticsearch服务 + +```shell +systemctl restart elasticsearch +``` + +#### 3.2.2.2、 部署aops-apollo + +- 安装aops-apollo + +```shell +yum install aops-apollo -y +``` + +- 修改配置文件 + +```bash +vim /etc/aops/apollo.ini +``` + +- 将apollo.ini配置文件中各服务的地址修改为真实地址 + +```ini +[apollo] +ip=192.168.1.3//此处修改为机器C的真实IP +port=11116 +host_vault_dir=/opt/aops +host_vars=/opt/aops/host_vars + +[zeus] +ip=192.168.1.2 //此处修改为机器B的真实IP +port=11111 + +# hermes info is used to send mail. +[hermes] +ip=192.168.1.2 //此处修改为部署aops-hermes的真实IP,以机器B的IP地址为例 +port=80 //此处改为hermes服务实际使用端口 + +[cve] +cve_fix_function=yum +# value between 0-23, for example, 2 means 2:00 in a day. +cve_scan_time=2 + +[mysql] +ip=192.168.1.1 //此处修改为机器A的真实IP +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=100 +pool_recycle=7200 + +[elasticsearch] +ip=192.168.1.1 //此处修改为机器A的真实IP +port=9200 +max_es_query_num=10000000 + +[redis] +ip=192.168.1.1 //此处修改为机器A的真实IP +port=6379 + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/apollo.log +http-timeout=600 +harakiri=600 +processes=2 +gevent=100 + +``` + +> **mysql数据库设置为密码模式**,请参阅[密码模式下mysql服务配置链接字符串](#Q5、mysql设置为密码模式) + +- 启动aops-apollo服务 + +```shell +systemctl start aops-apollo +``` + +**注意:服务启动前请确保已 [初始化aops-apollo数据库](#3223初始化aops-apollo数据库)** + +> apollo服务启动失败,且报错内容包含mysql数据库连接失败,请排查是否设置mysql密码,如果是请参阅[密码模式下mysql服务启动失败](#Q5、mysql设置为密码模式) + +#### 3.2.2.3、初始化aops-apollo数据库 + +- apollo数据库初始化 + +```shell +cd /opt/aops/scripts/deploy +bash aops-basedatabase.sh init apollo +``` + +**注意:在未安装aops-tools工具包时,也可获取sql脚本通过mysql加载的方式初始化(sql脚本路径:/opt/aops/database/apollo.sql)** + +[FAQ:密码模式下mysql数据库初始化](#Q5、mysql设置为密码模式) + +[FAQ:/opt/aops/scripts/deploy目录不存在](#Q7、/opt/aops/scripts/deploy目录不存在) + +## 3.3、 配置溯源 + +A-Ops配置溯源在机器管理的基础上依赖gala-ragdoll实现,同样在部署gala-ragdoll服务之前,须完成[资产管理](#31-资产管理)部分的部署。 + +### 3.3.1、 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ------------ | +| 机器C | 192.168.1.3 | gala-ragdoll | + +### 3.3.2、 部署步骤 + +[部署步骤](#312部署步骤) + +#### 3.3.2.1、 部署gala-ragdoll + +- 安装gala-ragdoll + +```shell +yum install gala-ragdoll python3-gala-ragdoll -y +``` + +- 修改配置文件 + +```shell +vim /etc/ragdoll/gala-ragdoll.conf +``` + +> **将collect节点collect_address中IP地址修改为机器B的地址,collect_api与collect_port修改为实际接口地址** + +```ini +[git] +git_dir = "/home/confTraceTest" +user_name = "user_name" +user_email = "user_email" + +[collect] +collect_address = "http://192.168.1.2" //此处修改为机器B的真实IP +collect_api = "/manage/config/collect" //此处接口原为示例值,需修改为实际接口值/manage/config/collect +collect_port = 11111 //此处修改为aops-zeus服务的实际端口 + +[sync] +sync_address = "http://192.168.1.2" +sync_api = "/manage/config/sync" //此处接口原为示例值,需修改为实际接口值/manage/config/sync +sync_port = 11111 + +[objectFile] +object_file_address = "http://192.168.1.2" +object_file_api = "/manage/config/objectfile" //此处接口原为示例值,需修改为实际接口值/manage/config/objectfile +object_file_port = 11111 + +[ragdoll] +port = 11114 +``` + +- 启动gala-ragdoll服务 + +```shell +systemctl start gala-ragdoll +``` + +## 3.4、 异常检测 + +异常检测模块依赖[机器管理](#31-资产管理)服务,故在部署异常检测功能前须完成[机器管理](#31-资产管理)模块部署,然后再部署aops-diana。 + +基于分布式部署考虑,aops-diana服务需在机器B与机器C同时部署,分别扮演消息队列中的生产者与消费者角色。 + +数据服务部分aops-diana服务的运行需要**mysql、elasticsearch、kafka**以及**prometheus**的支持。 + +### 3.4.1、 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ---------- | +| 机器A | 192.168.1.1 | kafka | +| 机器B | 192.168.1.2 | aops-diana | +| 机器C | 192.168.1.3 | aops-diana | + +### 3.4.2、 部署步骤 + +[部署步骤](#312部署步骤) + +[部署elasticsearch](#3221-部署elasticsearch) + +#### 3.4.2.1、 部署kafka + +kafka使用zooKeeper用于管理、协调代理,在应用**kafka**服务时需要同步部署**zookeeper**服务。 + +- 安装zookeeper + +```shell +yum install zookeeper -y +``` + +- 启动zookeeper服务 + +```shell +systemctl start zookeeper +``` + +- 安装kafka + +```shell +yum install kafka -y +``` + +- 修改kafka配置文件 + +```shell +vim /opt/kafka/config/server.properties +``` + +- 修改**listeners**为本机ip + +```yaml +############################# Socket Server Settings ############################# + +# The address the socket server listens on. It will get the value returned from +# java.net.InetAddress.getCanonicalHostName() if not configured. +# FORMAT: +# listeners = listener_name://host_name:port +# EXAMPLE: +# listeners = PLAINTEXT://your.host.name:9092 +listeners=PLAINTEXT://192.168.1.1:9092 +``` + +- 后台运行kafka服务 + +```shell +cd /opt/kafka/bin +nohup ./kafka-server-start.sh ../config/server.properties & + +# 查看nohup所有的输出出现A本机ip 以及kafka启动成功INFO +tail -f ./nohup.out +``` + +#### 3.4.2.2、 部署diana + +- 安装aops-diana + +```shell +yum install aops-diana -y +``` + +- 修改配置文件 + + > 机器B与机器C中aops-diana分别扮演不同的角色,通过**配置文件的差异来区分两者扮演角色的不同** + +```shell +vim /etc/aops/diana.ini +``` + +(1)机器C中aops-diana以**executor**模式启动,**扮演kafka消息队列中的消费者角色**,配置文件需修改部分如下所示 + +```ini +[diana] +ip=192.168.1.3 // 此处ip修改为机器C真实ip +port=11112 +mode=executor // 该模式为executor模式,用于常规诊断模式下的执行器,扮演kafka中消费者角色。 +timing_check=on + +[default_mode] +period=60 +step=60 + +[elasticsearch] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=9200 +max_es_query_num=10000000 + +[mysql] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=100 +pool_recycle=7200 + +[redis] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=6379 + +[prometheus] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=9090 +query_range_step=15s + +[agent] +default_instance_port=8888 + +[zeus] +ip=192.168.1.2 // 此处ip修改为机器B真实ip +port=11111 + +[consumer] +kafka_server_list=192.168.1.1:9092 // 此处ip修改为机器A真实ip +enable_auto_commit=False +auto_offset_reset=earliest +timeout_ms=5 +max_records=3 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID +result_name=CHECK_RESULT + +[producer] +kafka_server_list = 192.168.1.1:9092 // 此处ip修改为机器A真实ip +api_version = 0.11.5 +acks = 1 +retries = 3 +retry_backoff_ms = 100 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/diana.log +http-timeout=600 +harakiri=600 +processes=2 +threads=2 +``` + +> **mysql数据库设置为密码模式**,请参阅[FAQ:密码模式下mysql服务配置链接字符串](#Q5、mysql设置为密码模式) + +(2)机器B中diana以**configurable**模式启动,**扮演kafka消息队列中的生产者角色**,aops-hermes中关于aops-diana的端口配置以该机器ip与端口为准,配置文件需修改部分如下所示 + +```ini +[diana] +ip=192.168.1.2 // 此处ip修改为机器B真实ip +port=11112 +mode=configurable // 该模式为configurable模式,用于常规诊断模式下的调度器,充当生产者角色。 +timing_check=on + +[default_mode] +period=60 +step=60 + +[elasticsearch] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=9200 +max_es_query_num=10000000 + +[mysql] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=3306 +database_name=aops +engine_format=mysql+pymysql://@%s:%s/%s +pool_size=100 +pool_recycle=7200 + +[redis] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=6379 + +[prometheus] +ip=192.168.1.1 // 此处ip修改为机器A真实ip +port=9090 +query_range_step=15s + +[agent] +default_instance_port=8888 + +[zeus] +ip=192.168.1.2 // 此处ip修改为机器B真实ip +port=11111 + +[consumer] +kafka_server_list=192.168.1.1:9092 // 此处ip修改为机器A真实ip +enable_auto_commit=False +auto_offset_reset=earliest +timeout_ms=5 +max_records=3 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID +result_name=CHECK_RESULT + +[producer] +kafka_server_list = 192.168.1.1:9092 // 此处ip修改为机器A真实ip +api_version = 0.11.5 +acks = 1 +retries = 3 +retry_backoff_ms = 100 +task_name=CHECK_TASK +task_group_id=CHECK_TASK_GROUP_ID + +[uwsgi] +wsgi-file=manage.py +daemonize=/var/log/aops/uwsgi/diana.log +http-timeout=600 +harakiri=600 +processes=2 +threads=2 +``` + +> **mysql数据库设置为密码模式**,请参阅[FAQ:密码模式下mysql服务配置链接字符串](#Q5、mysql设置为密码模式) + +- 启动aops-diana服务 + +```shell +systemctl start aops-diana +``` + +**注意:服务启动前请确保已 [初始化aops-diana数据库](#3423初始化aops-diana数据库)** + +> diana服务启动失败,且报错内容包含mysql数据库连接失败,请排查是否设置mysql密码,如果是请参阅[FAQ:密码模式下mysql服务启动失败](#Q5、mysql设置为密码模式) + +#### 3.4.2.3、初始化aops-diana数据库 + +- diana数据库初始化 + +```shell +cd /opt/aops/scripts/deploy +bash aops-basedatabase.sh init diana +``` + +**注意:在未安装aops-tools工具包时,也可获取sql脚本通过mysql加载的方式初始化(sql脚本路径:/opt/aops/database/diana.sql)** + +[FAQ:密码模式下mysql数据库初始化](#Q5、mysql设置为密码模式) + +[FAQ:/opt/aops/scripts/deploy目录不存在](#Q7、/opt/aops/scripts/deploy目录不存在) + +## 3.5、客户端安装 + +aops-ceres作为A-Ops模块的客户端,通过ssh协议与AOps管理中心进行数据交互,提供采集主机信息、响应并处理中心命令等功能。 + +### 3.5.1、 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ---------- | +| 机器D | 192.168.1.4 | aops-ceres | + +### 3.5.2、 部署客户端 + +```shell +yum install aops-ceres dnf-hotpatch-plugin -y +``` + +## FAQ + +### Q1、最大连接数(MaxStartups) + +批量添加主机接口服务执行过程中会受到aops-zeus安装所在主机sshd服务配置中最大连接数(MaxStartups)的限制,会出现部分主机不能连接的情况,如有大量添加主机的需求,可考虑临时调增该数值。关于该配置项的修改可参考[ssh文档](https://www.man7.org/linux/man-pages/man5/sshd_config.5.html)。 + +### Q2、504网关超时 + +部分http访问接口执行时间较长,web端可能返回504错误,可向nginx配置中添加proxy_read_timeout配置项,并适当调大该数值,可降低504问题出现概率。 + +### Q3、防火墙 + +若防火墙不方便关闭,请设置放行服务部署过程涉及的所有接口,否则会造成服务不可访问,影响A-Ops的正常使用。 + +### Q4、elasticasearch访问拒绝 + +elasticsearch分布式部署多节点时,需调整配置跨域部分,允许各节点访问。 + +### Q5、mysql设置为密码模式 + +- **服务配置mysql链接字符串** + +mysql数据库链接设置密码模式(例如用户名为**root**,密码为**123456**),则需要调整[mysql]配置节下engine_format配置项(apollo、zeus同步调整),数据格式如下: + +```ini +[mysql] +egine_format=mysql+pymysql://root:123456@%s:%s/%s +``` + +- **初始化脚本aops-basedatabase.sh修改** + +aops-basedatabase.sh脚本需要调整145行代码实现 + +> aops-basedatabase.sh调整前内容如下: + +```shell +database = pymysql.connect(host='$mysql_ip', port=$port, database='mysql', autocommit=True,client_flag=CLIENT.MULTI_STAT EMENTS) +``` + +> aops-basedatabase.sh调整后内容如下: + +```shell +database = pymysql.connect(host='$mysql_ip', port=$port, database='mysql', password='密码', user='用户名', autocommit=True, client_flag=CLIENT.MULTI_STATEMENTS) +``` + +- **服务启动时数据库连接错误** + +**/usr/bin/aops-vulcanus**脚本需要调整178行代码实现 + +> /usr/bin/aops-vulcanus调整前内容如下: + +```shell +connect = pymysql.connect(host='$mysql_ip', port=$port, database='$aops_database') +``` + +> /usr/bin/aops-vulcanus调整后内容如下: + +```shell +connect = pymysql.connect(host='$mysql_ip', port=$port, database='$aops_database', password='密码', user='用户名') +``` + +**注意:当服务器不是以root用户登录时,需添加user="root"或mysql允许链接的用户名** + +### Q6、配置update源 + +```shell +echo "[update] +name=update +baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/update/$basearch/ +enabled=1 +gpgcheck=0 +[update-epol] +name=update-epol +baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/update/main/$basearch/ +enabled=1 +gpgcheck=0" > /etc/yum.repos.d/openEuler-update.repo +``` + +> 注意: 其中**openEuler-24.03-LTS** 根据部署的系统版本具体调整,或可直接参与openeuler官网中针对repo源配置介绍 + +### Q7、/opt/aops/scripts/deploy目录不存在 + +在执行数据库初始化时,提示不存在`/opt/aops/scripts/deploy`文件目录,执行安装aops-tools工具包 + +```shell +yum install aops-tools -y +``` diff --git a/docs/zh/server/maintenance/aops/dnf_command_usage.md b/docs/zh/server/maintenance/aops/dnf_command_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..2db281c1f4fcc865ae2553772dd729ed3ed33785 --- /dev/null +++ b/docs/zh/server/maintenance/aops/dnf_command_usage.md @@ -0,0 +1,758 @@ +# dnf插件命令使用手册 + +将dnf-hotpatch-plugin安装部署完成后,可使用dnf命令调用A-ops ceres中的冷/热补丁操作,命令包含热补丁扫描(dnf hot-updateinfo),热补丁状态设置及查询(dnf hotpatch ),热补丁应用(dnf hotupgrade),内核升级前kabi检查(dnf upgrade-en)。本文将介绍上述命令的具体使用方法。 + +>热补丁包括ACC/SGL(accumulate/single)类型 +> +>- ACC:增量补丁。目标高版本热补丁包含低版本热补丁所修复问题。 +>- SGL_xxx:单独补丁,xxx为issue id,如果有多个issue id,用多个'_'拼接。目标修复issue id相关问题。 + +## 热补丁扫描 + +`dnf hot-updateinfo`命令支持扫描热补丁并指定cve查询相关热补丁,命令使用方式如下: + +```shell +dnf hot-updateinfo list cves [--available(default) | --installed] [--cve [cve_id]] + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Hot-updateinfo command-specific options: + --available + cves about newer versions of installed packages + (default) + --installed + cves about equal and older versions of installed packages +``` + +- `list cves` + +1、查询主机所有可修复的cve和对应的冷/热补丁。 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 +CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2023-1112 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64 +``` + +2、查询主机所有已修复的cve和对应的冷/热补丁 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --installed +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-36298 Important/Sec. - patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_36298-1-1.x86_64 +``` + +2、指定cve查询对应的可修复冷/热补丁。 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-30594 +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 +``` + +3、cve不存在时列表为空。 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-3089 +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +``` + +## 热补丁状态及转换图 + +- 热补丁状态图 + + NOT-APPLIED: 热补丁尚未应用。 + + DEACTIVED: 热补丁未被激活。 + + ACTIVED: 热补丁已被激活。 + + ACCEPTED: 热补丁已被激活,后续重启后会被自动应用激活。 + + ![热补丁状态转换图](./figures/syscare热补丁状态图.png) + +## 热补丁状态查询和切换 + +`dnf hotpatch`命令支持查询、切换热补丁的状态,命令使用方式如下: + +```shell +dnf hotpatch + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +Hotpatch command-specific options: + --list [{cve, cves}] show list of hotpatch + --apply APPLY_NAME apply hotpatch + --remove REMOVE_NAME remove hotpatch + --active ACTIVE_NAME active hotpatch + --deactive DEACTIVE_NAME + deactive hotpatch + --accept ACCEPT_NAME accept hotpatch +``` + +- 使用`dnf hotpatch`命令查询热补丁状态 + + - 使用`dnf hotpatch --list`命令查询当前系统中可使用的热补丁状态并展示。 + + ```shell + [root@localhost ~]# dnf hotpatch --list + Last metadata expiration check: 0:09:25 ago on 2023年12月29日 星期五 10时26分45秒. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - 使用`dnf hotpatch --list cves`查询漏洞(CVE-id)对应热补丁及其状态并展示。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves + Last metadata expiration check: 0:11:05 ago on 2023年12月29日 星期五 10时26分45秒. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - `dnf hotpatch --list cves --cve `筛选指定CVE对应的热补丁及其状态并展示。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2022-30594 + Last metadata expiration check: 0:12:25 ago on 2023年12月29日 星期五 10时26分45秒. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - 使用`dnf hotpatch --list cves --cve `查询无结果时展示为空。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2023-1 + Last metadata expiration check: 0:13:11 ago on 2023年12月29日 星期五 10时26分45秒. + ``` + +- 使用`dnf hotpatch --apply `命令应用热补丁,可使用 `dnf hotpatch --list`查询应用后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:13:55 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED +[root@openEuler ~]# dnf hotpatch --apply kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna apply this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +apply hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED +``` + +- 使用`dnf hotpatch --deactive `停用热补丁,可使用`dnf hotpatch --list`查询停用后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --deactive kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:19:00 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna deactive this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +deactive hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:19:12 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux DEACTIVED +``` + +- 使用`dnf hotpatch --remove `删除热补丁,可使用`dnf hotpatch --list`查询删除后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --remove kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:20:12 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna remove this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +remove hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:20:23 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED +``` + +- 使用`dnf hotpatch --active `激活热补丁,可使用`dnf hotpatch --list`查询激活后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --active kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna active this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +active hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED +``` + +- 使用`dnf hotpatch --accept `接收热补丁,可使用`dnf hotpatch --list`查询接收后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --accept kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:14:19 ago on 2023年12月29日 星期五 10时47分38秒. +Gonna accept this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +accept hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:14:34 ago on 2023年12月29日 星期五 10时47分38秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACCEPTED +``` + +## 热补丁应用 + +`hotupgrade`命令根据cve id和热补丁名称进行热补丁修复,同时也支持全量修复。命令使用方式如下: + +```shell +dnf hotupgrade [--cve [cve_id]] [PACKAGE ...] [--takeover] [-f] + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +command-specific options: + --takeover + kernel cold patch takeover operation + -f + force retain kernel rpm package if kernel kabi check fails + PACKAGE + Package to upgrade +``` + +- 使用`dnf hotupgrade PACKAGE`安装目标热补丁。 + + - 使用`dnf hotupgrade PACKAGE`安装目标热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 当目标热补丁已经应用激活,使用`dnf hotupgrade PACKAGE`安装目标热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:28:35 ago on 2023年12月29日 星期五 10时47分38秒. + The hotpatch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'vmlinux' + Package patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 is already installed. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - 使用`dnf hotupgrade PACKAGE`安装目标热补丁,自动卸载激活失败的热补丁。 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 + Last metadata expiration check: 0:30:30 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch failed: redis-6.2.5-1/ACC-1-1. + Error: Operation failed + + Caused by: + 0. Transaction "Apply patch 'redis-6.2.5-1/ACC-1-1'" failed + + Caused by: + Cannot match any patch named "redis-6.2.5-1/ACC-1-1" + + Gonna remove unsuccessfully activated hotpatch rpm. + Remove package succeed: patch-redis-6.2.5-1-ACC-1-1.x86_64. + ``` + +- 使用`--cve `指定cve_id安装CVE对应的热补丁 + + - 使用`dnf hotupgrade --cve CVE-2022-30594`安装CVE对应的热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-30594 + Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 使用`dnf hotupgrade --cve CVE-2022-2021`安装CVE对应的热补丁,对应的CVE不存在。 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-2021 + Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2022-2021 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - 使用`dnf hotupgrade --cve `指定cve_id安装时,该CVE对应的ACC低版本热补丁已安装时,删除低版本热补丁,安装高版本ACC热补丁包。 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 0:00:48 ago on 2024年01月02日 星期二 11时21分55秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx (Install messages and process upgrade) + Complete! + Apply hot patch succeed: kernel-5.10.0-153.12.0.92.oe2203sp2/ACC-1-3. + [root@openEuler tmp]# + ``` + + - 指定cve_id安装时,该CVE对应的最高版本热补丁包已存在 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2023-1070 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + +- 使用`dnf hotupgrade`进行热补丁全量修复 + - 热补丁未安装时,使用`dnf hotupgrade`命令安装所有可安装热补丁。 + + - 当部分热补丁已经安装时,使用`dnf hotupgrade`命令进行全量修复,将保留已安装的热补丁,然后安装其他热补丁 + +- 使用`--takeover`进行内核热补丁收编 + + - 使用`dnf hotupgrade PACKAGE --takeover`安装热补丁,收编相应内核冷补丁;由于目标内核冷补丁kabi检查失败,进行自动卸载;accept热补丁,使热补丁重启后仍旧生效;恢复内核默认引导启动项。 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to Kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + No available kernel cold patch for takeover, gonna accept available kernel hot patch. + Accept hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 使用`dnf hotupgrade PACKAGE --takeover -f`安装热补丁,如果内核冷补丁kabi检查未通过,使用`-f`强制保留内核冷补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + ``` + +## 内核升级前kabi检查 + +`dnf upgrade-en` 命令支持内核冷补丁升级前kabi检查,命令使用方式如下: + +```shell +dnf upgrade-en [PACKAGE] [--cve [cve_id]] + +upgrade with KABI(Kernel Application Binary Interface) check. If the loaded +kernel modules have KABI compatibility with the new version kernel rpm, the +kernel modules can be installed and used in the new version kernel without +recompling. + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Upgrade-en command-specific options: + PACKAGE + Package to upgrade +``` + +- 使用`dnf upgrade-en PACKAGE`安装目标冷补丁 + + - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查未通过,输出kabi差异性报告,自动卸载目标升级kernel包。 + + ```shell + [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2206.1.0.0153.oe1.x86_64 + Last metadata expiration check: 1:51:54 ago on 2023年12月29日 星期五 13时49分39秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + kvm_apic_write_nodecode : 0x56c989a1 != 0x24c9db31 + kvm_complete_insn_gp : 0x99c2d256 != 0xcd8014bd + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + ``` + + - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查通过 + + ```shell + [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2201.1.0.0132.oe1.x86_64 + Last metadata expiration check: 2:02:10 ago on 2023年12月29日 星期五 13时49分39秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2201.1.0.0132.oe1.x86_64: + [Success] Here are 81 loaded kernel modules in this system, 81 pass, 0 fail. + ``` + +- 使用`dnf upgrade-en` 进行全量修复 + +​ 全量修复如果包含目标kernel的升级,输出根据不同的kabi检查情况与`dnf upgrade-en PACKAGE`命令相同。 + +## 使用场景说明 + +本段落介绍上述命令的使用场景及顺序介绍,需要提前确认本机的热补丁repo源和相应冷补丁repo源已开启。 + +- 热补丁修复。 + +使用热补丁扫描命令查看本机待修复cve。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +找到提供热补丁的相应cve,发现CVE-2021-1、CVE-2021-11、CVE-2021-2和CVE-2021-22可用热补丁修复。 + +在安装补丁前测试功能,基于redis.conf配置文件启动redis服务。 + +```shell +[root@openEuler ~]# sudo redis-server ./redis.conf & +[1] 285075 +[root@openEuler ~]# 285076:C 25 Mar 2023 12:09:51.503 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo +285076:C 25 Mar 2023 12:09:51.503 # Redis version=255.255.255, bits=64, commit=00000000, modified=0, pid=285076, just started +285076:C 25 Mar 2023 12:09:51.503 # Configuration loaded +285076:M 25 Mar 2023 12:09:51.504 * Increased maximum number of open files to 10032 (it was originally set to 1024). +285076:M 25 Mar 2023 12:09:51.504 * monotonic clock: POSIX clock_gettime + _._ + _.-``__ ''-._ + _.-`` `. `_. ''-._ Redis 255.255.255 (00000000/0) 64 bit + .-`` .-```. ```\/ _.,_ ''-._ + ( ' , .-` | `, ) Running in standalone mode + |`-._`-...-` __...-.``-._|'` _.-'| Port: 6380 + | `-._ `._ / _.-' | PID: 285076 + `-._ `-._ `-./ _.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | https://redis.io + `-._ `-._`-.__.-'_.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | + `-._ `-._`-.__.-'_.-' _.-' + `-._ `-.__.-' _.-' + `-._ _.-' + `-.__.-' + +285076:M 25 Mar 2023 12:09:51.505 # Server initialized +285076:M 25 Mar 2023 12:09:51.505 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. +285076:M 25 Mar 2023 12:09:51.506 * Ready to accept connections + +``` + +安装前测试功能。 + +```shell +[root@openEuler ~]# telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: expected '$', got ' ' +Connection closed by foreign host. +``` + +指定修复CVE-2021-1,确认关联到对应的热补丁包,显示安装成功。 + +```shell +[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 +Last metadata expiration check: 0:01:39 ago on 2024年01月02日 星期二 20时16分45秒. +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-1.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +使用dnf hotpatch --list确认该热补丁是否安装成功,确认Status为ACTIVED。 + +```shell +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:04:43 ago on 2024年01月02日 星期二 20时16分45秒. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED +redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED +redis-6.2.5-1/ACC-1-1/redis-server ACTIVED +``` + +确认该cve是否已被修复,由于CVE-2021-1所使用的热补丁包patch-redis-6.2.5-1-ACC-1-1.x86_64同样修复CVE-2021-11,CVE-2021-1和CVE-2021-11都不予显示。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:08:48 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-1076 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26607 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +激活后测试功能,对比激活前回显内容。 + +```shell +[root@openEuler ~]# telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: unauthenticated multibulk length +Connection closed by foreign host. +``` + +使用dnf hotpatch --remove指定热补丁手动卸载。 + +```shell +[root@openEuler ~]# dnf hotpatch --remove redis-6.2.5-1 +Last metadata expiration check: 0:11:52 ago on 2024年01月02日 星期二 20时16分45秒. +Gonna remove this hot patch: redis-6.2.5-1 +remove hot patch 'redis-6.2.5-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:12:00 ago on 2024年01月02日 星期二 20时16分45秒. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-cli NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED +``` + +使用热补丁扫描命令查看本机待修复cve,确认CVE-2021-1和CVE-2021-11正常显示。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 安装高版本ACC热补丁 + +指定安装热补丁包patch-redis-6.2.5-1-ACC-1-2.x86_64。 + +```shell +[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-2.x86_64 +Last metadata expiration check: 0:36:12 ago on 2024年01月02日 星期二 20时16分45秒. +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-2.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +使用热补丁扫描命令查看本机待修复cve,由于patch-redis-6.2.5-1-ACC-1-2.x86_64比patch-redis-6.2.5-1-ACC-1-1.x86_64的热补丁版本高,低版本热补丁对应的CVE-2021-1和CVE-2021-11,以及高版本热补丁对应的CVE-2021-2和CVE-2021-22都被修复。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 热补丁目标软件包版本大于本机安装版本 + +查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-33、CVE-2021-3相关信息。 + +```xml + + openEuler-HotPatchSA-2023-3 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.5-2-ACC.(CVE-2021-3, CVE-2021-33) + + + openEuler + + patch-redis-6.2.5-2-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.5-2-ACC-1-1.x86_64.rpm + + + + +``` + +package中的name字段"patch-redis-6.2.5-2-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.5-2源码版本,检查本机redis安装版本。 + +```shell +[root@openEuler ~]# rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` + +由于本机安装版本不匹配,大于本机安装版本,该热补丁包名不显示,以'-'显示。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 热补丁目标软件包版本小于本机安装版本。 + +查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-44、CVE-2021-4相关信息。 + +```xml + + openEuler-HotPatchSA-2023-4 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.4-1-ACC.(CVE-2021-44, CVE-2021-4) + + + openEuler + + patch-redis-6.2.4-1-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.4-1-ACC-1-1.x86_64.rpm + + + + +``` + +package中的name字段"patch-redis-6.2.4-1-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.4-1源码版本,检查本机redis安装版本。 + +```shell +[root@openEuler ~]# rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` + +由于本机安装版本不匹配,小于本机安装版本,该CVE不予显示。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` diff --git "a/docs/zh/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" "b/docs/zh/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..047c6f1bfe3e38c66d34285563d910f6f3bd07e1 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" differ diff --git a/docs/zh/server/maintenance/aops/figures/chakanyuqi.png b/docs/zh/server/maintenance/aops/figures/chakanyuqi.png new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/chakanyuqi.png differ diff --git a/docs/zh/server/maintenance/aops/figures/chaxunshijipeizhi.png b/docs/zh/server/maintenance/aops/figures/chaxunshijipeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/chaxunshijipeizhi.png differ diff --git a/docs/zh/server/maintenance/aops/figures/chuangjianyewuyu.png b/docs/zh/server/maintenance/aops/figures/chuangjianyewuyu.png new file mode 100644 index 0000000000000000000000000000000000000000..4f5b8de2d2c4ddb9bfdfba1ac17258a834561e2d Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/chuangjianyewuyu.png differ diff --git "a/docs/zh/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" "b/docs/zh/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" new file mode 100644 index 0000000000000000000000000000000000000000..ab16e9d3661db3fd4adc6c605b2d2d08e79fdc1c Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..c5a0768be63a98ef7ccc4a56996a8c715f7090af Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f151965a21d11dd7a3e215cc4ef23d70d059f4b1 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git a/docs/zh/server/maintenance/aops/figures/group.PNG b/docs/zh/server/maintenance/aops/figures/group.PNG new file mode 100644 index 0000000000000000000000000000000000000000..584fd1f7195694a3419482cace2a71fa1cd9a3ec Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/group.PNG differ diff --git a/docs/zh/server/maintenance/aops/figures/icon-note.gif b/docs/zh/server/maintenance/aops/figures/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/icon-note.gif differ diff --git a/docs/zh/server/maintenance/aops/figures/shanchupeizhi.png b/docs/zh/server/maintenance/aops/figures/shanchupeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/shanchupeizhi.png differ diff --git "a/docs/zh/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" "b/docs/zh/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..5823a116f384801e1197350f151b4d04ef519ac4 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/server/maintenance/aops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbd0600fc5c913198dfe1e1bf2aba9c652576a98 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git a/docs/zh/server/maintenance/aops/figures/tianjianode.png b/docs/zh/server/maintenance/aops/figures/tianjianode.png new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/tianjianode.png differ diff --git a/docs/zh/server/maintenance/aops/figures/xinzengpeizhi.png b/docs/zh/server/maintenance/aops/figures/xinzengpeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/xinzengpeizhi.png differ diff --git a/docs/zh/server/maintenance/aops/figures/zhuangtaichaxun.png b/docs/zh/server/maintenance/aops/figures/zhuangtaichaxun.png new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and b/docs/zh/server/maintenance/aops/figures/zhuangtaichaxun.png differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..bd179be46c9e711d7148ee44dc56f4a7a02f56bf Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..23ff4e5fddb87ac157b1002a70c47d9b4c76b873 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1a2b45e860914a1ac0cfb6908b02fb5cad4cbd60 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..89ac88e154275d4be8179d773e7093f2357f425f Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..57844f772853c541f7a1328b007a9b6ae4d5caf0 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5b4830b47897a0d51be28238a879a70b1de9ca3b Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..17fb5b13034e1fc5276c68583fed1952415b0b5f Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..458e023847bb2ad1f198f5a2dd1691748038137e Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa34bb909ee7c86a95126c13fa532ce93410a931 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..05859540cb88e11bd8dedaeb8e03253254574c40 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..f556e0e7e3c4096a89597cb08ba29133375aab07 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..801c7f917d717499c86708b419101be3773348ac Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..0719bb8c0b71d0503d5d3a7d8e9e83da71169c64 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..21c9468ce4378bcadf537e543c756cf7a1347499 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..9cfd080d1a658544c559e83429a14b35dc931fc6 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..7ca43b0a82b7c4dd3e43a5e46cf3b4a79d55d033 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..b9acfbcd7d8e3b2b551c8bb9700142dfba681afe Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..6bc8cc31e05d06dbd5ee4c0f62f281683db048da Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..3bf992f586f7fb4d87bc01cc29f961755a315c9d Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..f73ccaf984e8ab55f8b78f7da5a570ce43685221 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..b183298d96b8ced8954852540c891310aeda05be Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8aa813bc228326b3e8db19e303e03507873a893 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ccebe84f60b21737414b2cb3f972472114a40c5 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..619cc6d42b646df3d9c4e601f40a6ec452712668 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..34b1d4095b8c017f3c66ebfb3c44d114bc8d6ca7 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5f8a3a95705145787e7aaf9c8d1fff404892240 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..b8f0a87e00d73961907167fcbe43d82b60caf445 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" new file mode 100644 index 0000000000000000000000000000000000000000..ce25657a0627e9dfc3dc9ebf323e086103c2ecdf Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2f2e2e67a98a16e1ad464c794a8ef45ebb229d7f Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..94c9b65719050b79d2cdb9d1e8f67c459925cda7 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..7e4f0da4e88da6f18495a4fb23bd400d0da0a8da Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..1ee8f7bb2456efe6318074f46f5008da355a2cb1 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" new file mode 100644 index 0000000000000000000000000000000000000000..a916eebf306cca9ffa54f733143a0ac2c44313a4 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..31684136510cfe6248adf9b8cd086140ab5b26ef Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..df3991eb16d32d9f2296fbb36873ff26bc82fa18 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..c83daeeb5f8a4d9ab4f40e3debbe7a96f427ce74 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..5ab697c8f9c292097356a26140750f7f615c5d81 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" new file mode 100644 index 0000000000000000000000000000000000000000..4bde1fd7330491fda6f4ed73a2be2e8c0bfabc8d Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..2890e4934ba903324ea134d3ebee85307665270e Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..24f94c0a9ff05897b01786aa4bc8adfe4bc8db09 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" new file mode 100644 index 0000000000000000000000000000000000000000..8849a2fc81dbd14328c6c66c53033164a0b67b52 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1e518157f8def332adfa5516b37fdb89768499c Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8c229bf41b27f1fe6629106957fd5e47851096d Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" differ diff --git "a/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" differ diff --git a/docs/zh/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png b/docs/zh/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png new file mode 100644 index 0000000000000000000000000000000000000000..c810b26ad0c052960dfdf4bfd78e9224ce465318 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png differ diff --git "a/docs/zh/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" "b/docs/zh/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..790df6fd5781ca008124cff14635165a71abf126 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" differ diff --git a/docs/zh/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png b/docs/zh/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png new file mode 100644 index 0000000000000000000000000000000000000000..6ef6ef9bd126e6c2007389065bbecc1cfdd97f5b Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png differ diff --git a/docs/zh/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png b/docs/zh/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png new file mode 100644 index 0000000000000000000000000000000000000000..a2a29d2e1b62f7df409e87d03f2525ba8355f77e Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png differ diff --git a/docs/zh/server/maintenance/aops/image/hotpatch-fix-pr.png b/docs/zh/server/maintenance/aops/image/hotpatch-fix-pr.png new file mode 100644 index 0000000000000000000000000000000000000000..d10fd1ec44416f6b59cfd21cca8721d001f7ed19 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/hotpatch-fix-pr.png differ diff --git a/docs/zh/server/maintenance/aops/image/hotpatch-pr-1.png b/docs/zh/server/maintenance/aops/image/hotpatch-pr-1.png new file mode 100644 index 0000000000000000000000000000000000000000..1dc5269655c51b355d3cd89b71c6688fbb0d8d5d Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/hotpatch-pr-1.png differ diff --git a/docs/zh/server/maintenance/aops/image/hotpatch-pr-success.png b/docs/zh/server/maintenance/aops/image/hotpatch-pr-success.png new file mode 100644 index 0000000000000000000000000000000000000000..48ea807e03c0f8e6efbceacbbc583c6ac3b3c865 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/hotpatch-pr-success.png differ diff --git a/docs/zh/server/maintenance/aops/image/hotpatch-pr.png b/docs/zh/server/maintenance/aops/image/hotpatch-pr.png new file mode 100644 index 0000000000000000000000000000000000000000..159fd2b7bc76e002554722d1f0f12070a2bd2e19 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/hotpatch-pr.png differ diff --git a/docs/zh/server/maintenance/aops/image/hotpatch-xml.PNG b/docs/zh/server/maintenance/aops/image/hotpatch-xml.PNG new file mode 100644 index 0000000000000000000000000000000000000000..f1916620d3cc7b1c29059bcc5513fdc7ee94127b Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/hotpatch-xml.PNG differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230525193235084.png b/docs/zh/server/maintenance/aops/image/image-20230525193235084.png new file mode 100644 index 0000000000000000000000000000000000000000..9850a11a0dcfeed69099635f3147a2230fe6faa5 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230525193235084.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230525193254541.png b/docs/zh/server/maintenance/aops/image/image-20230525193254541.png new file mode 100644 index 0000000000000000000000000000000000000000..73bfbaa15a2584611ac06839965eca2869b89991 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230525193254541.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230527165206707.png b/docs/zh/server/maintenance/aops/image/image-20230527165206707.png new file mode 100644 index 0000000000000000000000000000000000000000..7d7f0992fc048777340678974d38b3c193269385 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230527165206707.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230527165700642.png b/docs/zh/server/maintenance/aops/image/image-20230527165700642.png new file mode 100644 index 0000000000000000000000000000000000000000..2c4500cb54ba0225704020160d72b4aaf265d3f7 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230527165700642.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230527165823568.png b/docs/zh/server/maintenance/aops/image/image-20230527165823568.png new file mode 100644 index 0000000000000000000000000000000000000000..7b26b545bc7d37f09eca7736f30d2eb3a6062890 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230527165823568.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230527165845170.png b/docs/zh/server/maintenance/aops/image/image-20230527165845170.png new file mode 100644 index 0000000000000000000000000000000000000000..9719210a961a18b639d56cbf88b8586370930b4c Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230527165845170.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230527165922876.png b/docs/zh/server/maintenance/aops/image/image-20230527165922876.png new file mode 100644 index 0000000000000000000000000000000000000000..56ff3380d12b9c1002881eca98e32a49cc292b9a Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230527165922876.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230527170343909.png b/docs/zh/server/maintenance/aops/image/image-20230527170343909.png new file mode 100644 index 0000000000000000000000000000000000000000..57c343360f278b2f67b77d37114a1f567a3ce63a Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230527170343909.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230607161425282.png b/docs/zh/server/maintenance/aops/image/image-20230607161425282.png new file mode 100644 index 0000000000000000000000000000000000000000..d2fbca2a23e80edff661d05065987ede1cc7e8af Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230607161425282.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230607163358749.png b/docs/zh/server/maintenance/aops/image/image-20230607163358749.png new file mode 100644 index 0000000000000000000000000000000000000000..191c36b65058ce8dea6bb2f1fe10a85b0177f2cf Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230607163358749.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230607172021782.png b/docs/zh/server/maintenance/aops/image/image-20230607172021782.png new file mode 100644 index 0000000000000000000000000000000000000000..d25c3ebfb1aefe5d8f36b0b153afa64efd88dd63 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230607172021782.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230612113428096.png b/docs/zh/server/maintenance/aops/image/image-20230612113428096.png new file mode 100644 index 0000000000000000000000000000000000000000..48b59b5e6cb4043703de96066c8d67e85eed4f16 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230612113428096.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230612113626330.png b/docs/zh/server/maintenance/aops/image/image-20230612113626330.png new file mode 100644 index 0000000000000000000000000000000000000000..9d3621022deb02b267c3eb29315a7fe33c1f095e Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230612113626330.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230908163402743.png b/docs/zh/server/maintenance/aops/image/image-20230908163402743.png new file mode 100644 index 0000000000000000000000000000000000000000..c17667178689c6384a039bf0f8025ea7eb360236 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230908163402743.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230908163914778.png b/docs/zh/server/maintenance/aops/image/image-20230908163914778.png new file mode 100644 index 0000000000000000000000000000000000000000..a06c7e49b32286ceec9ff0e9a08f73a76c179daf Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230908163914778.png differ diff --git a/docs/zh/server/maintenance/aops/image/image-20230908164216528.png b/docs/zh/server/maintenance/aops/image/image-20230908164216528.png new file mode 100644 index 0000000000000000000000000000000000000000..15fbc694603837095244451d4f5d7e7af70789be Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/image-20230908164216528.png differ diff --git "a/docs/zh/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/zh/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..29223cbddc39f8fcc0b725a3ed83495709e05f78 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" differ diff --git a/docs/zh/server/maintenance/aops/image/patch-file.PNG b/docs/zh/server/maintenance/aops/image/patch-file.PNG new file mode 100644 index 0000000000000000000000000000000000000000..f587a48c2be945beaadecf44a6d711da14be50c6 Binary files /dev/null and b/docs/zh/server/maintenance/aops/image/patch-file.PNG differ diff --git "a/docs/zh/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/zh/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..ba3a44433117f0a23fc6048cd3b093fe6af7250c Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" "b/docs/zh/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" new file mode 100644 index 0000000000000000000000000000000000000000..2c2e2dd78242f538c21809614e917bef769256ba Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" "b/docs/zh/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2914c3eef44bb3d3528686b44157a5f9276da9c6 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" new file mode 100644 index 0000000000000000000000000000000000000000..044be7ccd001ddc2bb69ba53b34f3c2a72511f39 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" new file mode 100644 index 0000000000000000000000000000000000000000..779c2fddcb02968358492e70f6aa9261be26fe48 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..d97fbd1fbb5a20b97ec88989f3c7a0776bb9cdc0 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..3acf2e93550e4962d0a5f927fd6fd0460a64b889 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..5b167be8a40762823223ccdd700d5b62f7e1aa38 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" new file mode 100644 index 0000000000000000000000000000000000000000..a96a4d229b54b301bbf4e7f7a2c41ea1e9faf43d Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..d77335d0097f7504f0c37dd8aca1691d9f1f0a23 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa74c2859588ff2a49d6341dd2a2ac6fe2049eac Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..404ac733fae66bda9ceac2d6c2fa18897c58dc70 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" differ diff --git "a/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..6d32e8874e8e5e7f7fb5c350fca0063da9a77176 Binary files /dev/null and "b/docs/zh/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" differ diff --git a/docs/zh/server/maintenance/aops/overview.md b/docs/zh/server/maintenance/aops/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..25c3aa9f994f68a7c56c22dd44d477005886761f --- /dev/null +++ b/docs/zh/server/maintenance/aops/overview.md @@ -0,0 +1,3 @@ +# A-Ops用户指南 + +本文介绍A-Ops智能运维框架以及智能定位、配置溯源等服务的安装与使用方法,使用户能够快速了解并使用A-Ops。用户能够借由A-Ops降低系统集群的运维成本,实现系统故障快速定位、配置项统筹管理等功能。 diff --git a/docs/zh/server/maintenance/aops/quick_deployment_of_aops.md b/docs/zh/server/maintenance/aops/quick_deployment_of_aops.md new file mode 100644 index 0000000000000000000000000000000000000000..8842d32874d097538d17bbaa4f9cd18579156610 --- /dev/null +++ b/docs/zh/server/maintenance/aops/quick_deployment_of_aops.md @@ -0,0 +1,104 @@ +# 一、一键化部署介绍 + +Aops服务一键化部署采用docker容器技术,搭配docker-compose容器编排,简化部署难度,实现一键启动和暂停。 + +# 二、环境要求 + +建议使用2台openEuler 24.03-LTS及以上机器完成部署(单台机器内存8G+),具体用途及部署方案如下: + +- 机器A用于部署mysql、elasticsearch、kafka、redis、prometheus等,主要提供数据服务支持; +- 机器B用于部署A-Ops服务端,提供业务功能支持。部署A-Ops前端服务,提供展示、操作; + +| 机器编号 | 配置IP | 部署服务 | +| -------- | ----------- | -------------------------------------------- | +| 机器A | 192.168.1.1 | mysql elasticsearch redis kafka prometheus | +| 机器B | 192.168.1.2 | aops-zeus aops-diana aops-apollo aops-hermes | + +# 三、配置环境部署 + +## 1. 关闭机器A防火墙 + +```shell +systemctl stop firewalld +systemctl disable firewalld +systemctl status firewalld +``` + +## 2. 安装docker docker-compose + +```shell +dnf install docker docker-compose +# 设置docker开机启动 +systemctl enable docker +``` + +## 3. 安装aops-vulcanus aops-tools + +```shell +dnf install aops-vulcanus aops-tools +``` + +> **说明:安装aops相关组件需要配置[EPOL源](https://dl-cdn.openeuler.openatom.cn/openEuler-24.03-LTS-SP1/EPOL/)。** + +## 4. 执行一键化部署 + +- 执行部署脚本 + +```shell +cd /opt/aops/scripts/deploy/container +# 执行run.sh部署脚本 +bash run.sh +``` + +> 进入交互式命令行 +> +> ```shell +> 1. Build the docker container (build). +> 2. Start the container orchestration service (start-service/start-env). +> 3. Stop all container services (stop-service/stop-env). +> run.sh: line 74: read: `Enter to exit the operation (Q/q).': not a valid identifier +> Select an operation procedure to continue: +> +> ``` +> +> **build**: 部署基础服务(mysql、kafka等)不需要执行build操作 +> +> **start-service**: 启动A-Ops服务及前端应用 +> +> **start-env**: 启动基础服务,包括mysql、redis、kafka等 +> +> **stop-service**: 停止A-Ops服务及前端应用 +> +> **stop-env**: 停止基础服务(数据会依然保留) +> +> **Q/q**: 退出命令交互模式 + +- 部署A-Ops服务端 + +```shell +# 切换在机器B上执行部署脚本 +cd /opt/aops/scripts/deploy/container +bash run.sh +# 交互式命令中执行start-service +``` + +- 更改服务配置文件 + +> **注意:当A-Ops服务和基础服务在同一台机器上部署时,则无需调整配置文件即可使用。若部署方案与本文档中类似(机器A、B),则需要将所有的配置文件中连接基础服务的配置项更改为机器A的ip** +> +> **默认的mysql连接字符串中使用无密码模式,基础服务的mysql配置了默认密码“123456”,视具体情况调整** + +```shell +# 调整 apollo.ini diana.ini zeus.ini配置文件中连接mysql、elasticsearch、kafka、redis的ip地址 +cd /etc/aops/ +``` + +- **FAQ** + +​ **1. elasticsearch基础服务无法正常启动** + +查看/opt/es文件夹的权限,默认权限需要调整为777,可执行 "chmod -R 777 /opt/es" 。 + +​ **2. prometheus 基础服务无法正常启动** + +查看/etc/prometheus目录下是否存在prometheus.yml配置文件,如果不存在,请添加配置文件。 diff --git a/docs/zh/server/maintenance/common_skills/_toc.yaml b/docs/zh/server/maintenance/common_skills/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f8e86be91d888dededb470d98e3a8d8fa0f4ddad --- /dev/null +++ b/docs/zh/server/maintenance/common_skills/_toc.yaml @@ -0,0 +1,8 @@ +label: 常用技能 +isManual: true +description: 运维常用配置及命令 +sections: + - label: 信息收集 + href: ./information_collection.md + - label: 常用配置 + href: ./common_configurations.md diff --git a/docs/zh/server/maintenance/common_skills/common_configurations.md b/docs/zh/server/maintenance/common_skills/common_configurations.md new file mode 100644 index 0000000000000000000000000000000000000000..3cacbee69f1118e5d84a8ffdaa67a0d7268aa1c9 --- /dev/null +++ b/docs/zh/server/maintenance/common_skills/common_configurations.md @@ -0,0 +1,558 @@ +# 常用技能 + +## 配置网络 + +1. 配置IP地址 + +使用IP命令为接口配置地址,**interface-name**为网卡名称。 + +``` +ip addr [ add | del ] address dev interface-name +``` + +2. 配置静态地址 + +```shell +# 配置静态IP地址 +ip address add 192.168.0.10/24 dev enp3s0 + +# 查看配置结果,在root权限使用如下命令 +ip addr show dev enp3s0 + +# 结果如下 +2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 +link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff +inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 +valid_lft 9547sec preferred_lft 9547sec +inet 192.168.0.10/24 scope global enp3s0 +valid_lft forever preferred_lft forever +inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute +valid_lft forever preferred_lft forever +``` + +3. 配置静态路由 + +静态路由,可使用 `ip route add` 命令**在路由表中添加**,使用 `ip route del` 命令删除。常用的 `ip route` 命令格式如下: + +```shell +ip route [ add | del | change | append | replace ] destination-address +``` + +- **在主机地址中添加一个静态路由**,在 root 权限下,使用以下命令格式: + +```shell +ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] +``` + +- **在网络中添加一个静态路由**,在root权限下运行以下命令格式: + +```shell +ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] +``` + +4. 通过ifcfg文件配置网络 + +通过在root权限下**修改ifcfg文件**实现,在/etc/sysconfig/network-scripts/目录中生成名为ifcfg-enp4s0的文件中,修改参数配置,示例如下: + +```shell +TYPE=Ethernet +PROXY_METHOD=none +BROWSER_ONLY=no +BOOTPROTO=none +IPADDR=192.168.0.10 +PREFIX=24 +DEFROUTE=yes +IPV4_FAILURE_FATAL=no +IPV6INIT=yes +IPV6_AUTOCONF=yes +IPV6_DEFROUTE=yes +IPV6_FAILURE_FATAL=no +IPV6_ADDR_GEN_MODE=stable-privacy +NAME=enp4s0static +UUID=xx +DEVICE=enp4s0 +ONBOOT=yes +``` + +## 管理RPM包 + +**RPM**的全名是**Red Hat Package Manager**,本意是Red Hat 软件包管理。在**openEuler、Fedora 、Redhat、Mandriva、SuSE、YellowDog**等主流发行版本,以及在这些版本基础上二次开发出来的发行版采用。 + + **RPM**以数据库记录的方式将需要的软件安装到Linux主机的一套管理程序,特点是将要安装的软件**先编译并打包**,通过包装好的软件中默认的数据库记录,记录这个软件在安装的时候需要的依赖属性模块,在用户的Linux主机安装时,**RPM**会先根据软件里的记录数据,查询Linux主机的依赖属性软件是否满足: + +- 若满足则予以安装。 +- 若不满足则不安装。 + +安装时将该软件的信息全部写入RPM的数据库中以便后续查询、验证与卸载。 + +![zh-cn_other_0000001337581224](./images/zh-cn_other_0000001337581224.jpeg) + +1. rpm包默认安装路径 + +通常情况下,**RPM**采用系统默认的安装路径(默认安装路径可以通过命令查询,后续章节中将会详细介绍),所有安装文件都会按照类别分散到如下表格所示的目录中。 + +**表 1** RPM安装路径及其含义 + +|安装路径|含义| +|--|--| +|/etc/|配置文件安装目录。| +|/usr/bin/|可执行命令安装目录。| +|/usr/lib/|程序所使用的函数库保存位置。| +|/usr/share/doc|基本软件使用手册保存位置。| +|/usr/share/man/|帮助文件保存位置。| + +**注意:** RPM包支持手动指定安装路径,但此方式不推荐使用。通过手动指定安装路径后,所有的安装文件会集中安装到指定位置,且系统中用来查询安装路径的命令也无法使用(需手动配置才能被系统识别)。 + +2. rpm命令选项 + +**操作1. 软件包RPM签名检查** + +Linux机器安装RPM包之前,需要检查PGP签名,确保签名的完整性和来源无问题后,使用RPM命令中的以下选项来验证有效性。 + +``` +rpm --checksig nano-2.3.1-10.el7.x86_64.rpm +``` + +**操作2. 安装RPM包** + +Linux系统中安装RPM包时,请在rpm命令中使用 **-i** 选项。 + +``` +rpm -ivh nano-2.3.1-10.el7.x86_64.rpm +``` + +- **-i** : 安装软件包 +- **-v**: 详细信息 +- **-h**: 套件安装时列出标记 + +**操作3. 查询已安装的RPM包** + +查询Linux系统中已经安装的RPM包(dnf),可以在rpm命令中使用 **-q** 选项。 + +``` +rpm -q dnf +``` + +- **-q:** 查询操作 + +如果系统未安装给定的包,会出现以下错误信息。 + +``` +# rpm -q dnf +package dnf is not installed +``` + +**操作4. 查询所有已安装的RPM包** + +查询Linux系统中安装的所有RPM包,请在rpm命令中使用 **-qa** 选项。 + +``` +# rpm -qa +dracut-config-rescue-055-7.oe2203sp2.x86_64 +parted-3.5-1.oe2203sp2.x86_64 +irqbalance-1.8.0-9.oe2203sp2.x86_64 +...... +``` + +**注意**:一般在使用 **-qa** 选项时,会配合管道符 “|” 一起使用,提升查找的准确率。 + +**操作5. 查看已安装的RPM包详细信息** + +在rpm命令中使用 **-qi** 选项来验证系统中安装的RPM包的详细信息。 + +``` +# rpm -qi python3 +Name : python3 +Version : 3.9.9 +Release : 24.oe2203sp2 +Architecture: x86_64 +Install Date: Wed 30 Mar 2022 08:30:23 AM UTC +Group : Unspecified +Size : 35916839 +License : Python +Signature : RSA/SHA1, Wed 30 Mar 2022 03:29:30 AM UTC, Key ID d557065eb25e7f66 +Source RPM : python3-3.9.9-24.oe2203sp2.x86_64.rpm +Build Date : Tue 15 Mar 2022 12:00:00 AM UTC +Build Host : obs-worker1639015616-x86-0001 +Packager : http://openeuler.org +Vendor : http://openeuler.org +URL : https://www.python.org/ +Summary : Interpreter of the Python3 programming language +Description : +Python combines remarkable power with very clear syntax. It has modules, +classes, exceptions, very high level dynamic data types, and dynamic +typing. There are interfaces to many system calls and libraries, as well +as to various windowing systems. New built-in modules are easily written +in C or C++ (or other languages, depending on the chosen implementation). +Python is also usable as an extension language for applications written +in other languages that need easy-to-use scripting or automation interfaces. + +This package Provides python version 3. +``` + +**操作6. 查看未安装的RPM包所有文件** + +查看未安装的RPM包的文件列表,可以在rpm命令中使用 **-qlp** 选项。 + +``` +# rpm -qlp pkgship-2.2.0-10.oe2203sp2.noarch.rpm +/etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-pkgship-2.2.0-10.oe2203sp2.noarch +/etc/ima/digest_lists/0-metadata_list-compact-pkgship-2.2.0-10.oe2203sp2.noarch +/etc/pkgship/auto_install_pkgship_requires.sh +/etc/pkgship/conf.yaml +/etc/pkgship/package.ini +...... +``` + +**操作7. 查看未安装的RPM包依赖项** + +查看未安装的RPM包编译的依赖包列表,可以在rpm命令中使用 **-qRp** 选项。 + +``` +# rpm -qRp pkgship-2.2.0-10.oe2203sp2.noarch.rpm +/bin/bash +/bin/sh +/usr/bin/python3 +config(pkgship) = 2.2.0-10.oe2203sp2 +python3 +python3-Flask-Limiter +...... +``` + +**操作8. 验证所有已安装的RPM包** + +验证已安装的RPM包时,将包中安装的文件信息与**rpm数据库**中存储的包元数据中获取的文件的信息进行比较,可以通过在rpm命令中使用 **-Va** 选项。 + +``` +# rpm -Va +S.5....T. c /root/.bashrc +.......T. c /etc/yum.repos.d/openEuler.repo +S.5....T. c /etc/issue +S.5....T. c /etc/issue.net +S.5....T. c /etc/csh.login +S.5....T. c /etc/profile +.M....G.. g /var/log/lastlog +.M....... c /boot/grub2/grubenv +...... +``` + +rpm -Va命令相关输出字段及其含义: + +|字段|含义| +|--|--| +|S|文件长度发生变化。| +|M|文件的访问权限或文件类型发生变化。| +|5|MD5校验和发生变化。| +|D|设备节点的属性发生变化。| +|L|文件的符号链接发生变化。| +|U|文件/子目录/ 设备节点的owner发生变化。| +|G|文件/子目录/ 设备节点的group发生变化。| +|T|文件最后一次的修改时间发生变化。| + +**操作9. 查看特定文件的RPM包** + +在Linux上找到一个提供特定二进制文件的RPM包,可以在rpm命令中使用 **-qf** 选项。 + +``` +# rpm -qf /usr/share/doc/pkgship +pkgship-2.2.0-10.oe2203sp2.noarch.rpm +``` + +**操作10. 查看已安装RPM包中的文件** + +查看特定RPM包的安装文件列表,可以在rpm命令中使用 **-ql** 选项。 + +``` +# rpm -ql dnf +/etc/bash_completion.d/dnf +/etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-dnf-4.14.0-14.oe2203sp2.noarch +/etc/ima/digest_lists/0-metadata_list-compact-dnf-dnf-4.14.0-14.oe2203sp2.noarch +/usr/bin/dnf +/usr/lib/systemd/system/dnf-makecache.service +/usr/lib/systemd/system/dnf-makecache.timer +/usr/share/doc/dnf +/usr/share/doc/dnf/AUTHORS +/usr/share/doc/dnf/README.rst +/usr/share/licenses/dnf +/usr/share/licenses/dnf/COPYING +/usr/share/licenses/dnf/PACKAGE-LICENSING +/var/cache/dnf +``` + +**操作11. 查看最近安装的RPM包** + +Linux是一个多用户操作系统,在使用过程中,其他用户可能已经安装了部分软件包。如需在系统中找到最近安装的包,可以在rpm命令中使用 **-qa** **--last** 选项。 + +``` +# rpm -qa --last +ntp-4.2.8p15-11.oe2203sp2.x86_64 +ntpstat-0.6-4.oe2203sp2.noarch +ntp-help-4.2.8p15-11.oe2203sp2.noarch +``` + +**操作12. 只查看已安装RPM包的文档** + +可以从Linux Man页面获得任何命令的帮助(**/usr/share/doc/Package\_Name-Version\_Number/docs**\* 文档存放路径),查看安装的RPM包相关联的文档列表,请在rpm命令中使用 **-qdf** 选项,并输入**二进制文件路径**。 + +``` +# rpm -qdf /usr/bin/grep +/usr/share/doc/grep/NEWS +/usr/share/doc/grep/README +/usr/share/doc/grep/THANKS +/usr/share/doc/grep/TODO +/usr/share/info/grep.info.gz +/usr/share/man/man1/egrep.1.gz +/usr/share/man/man1/fgrep.1.gz +/usr/share/man/man1/grep.1.gz +``` + +**操作13. 升级已安装的RPM包** + +通过使用 **-Uvh** 选项和rpm命令,可以轻松地将已经安装的rpm包升级到最新版本。 + +``` +# rpm -Uvh pkgship-2.2.0-10.oe2203sp2.noarch.rpm +Preparing... ################################# [100%] +``` + +**注意**:升级安装的RPM包时,会删除旧RPM包,安装新RPM包。 + +**操作14. 移除已安装的RPM包** + +删除安装在系统上的rpm包,请在rpm命令中使用 **-ev** 或 **-e** 选项。 + +```shell +rpm -ev pkgship +``` + +**操作15. 重建损坏的RPM数据库** + +在尝试使用**yum update**命令更新系统时,可能会收到一条错误消息(**RPM数据库已损坏**),如果收到该信息,请在RPM命令中使用 **--rebuilddb** 选项。 + +```shell +rm /var/lib/rpm/__db* +rpm --rebuilddb +``` + +**操作16. 检查特定包的漏洞是否已修复** + +可以通过在rpm命令中使用 **--changelog** 选项并输入相应的**CVE**来实现。 + +```shell +rpm -q --changelog python-2.6.6 | grep -i "CVE-2019-9636" +``` + +**操作17. 导入RPM GPG密钥** + +默认情况下,当向Linux系统添加新的存储库时,GPG密钥将自动导入。同时,也可在RPM命令中添加**--import** 手动导入RPM GPG密钥,用于从存储库下载时检查包的完整性。 + +```shell +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-OpenEuler-24.03-LTS-SP1 +``` + +3. dnf命令 + +dnf命令及其相关概述 + +|命令|概述| +|--|--| +|repolist|显示已配置的软件repo源。| +|install|Linux上安装单个或多个软件包。| +|upgrade|升级Linux上的一个或多个软件包。| +|list|列出一个或一组软件包。| +|info|显示关于软件包或软件包组的详细信息。| +|updateinfo|显示关于包的公告信息。| +|search|在软件包详细信息中搜索指定字符串。| +|check-update|检查是否有软件包升级。| +|remove|从系统中移除一个或多个软件包。| +|reinstall|重装一个包。| +|downgrade|降级软件包。| +|autoremove|删除所有原先因为依赖关系安装的不需要的软件包。| +|distro-sync|同步已经安装的软件包到最新可用版本。| +|makecache|创建元数据缓存。| +|repository-package|对指定仓库中的所有软件包运行命令。| +|provides|查找提供指定内容的软件包。| +|group|显示或使用组信息。| +|history|显示或使用事务历史。| +|clean|删除已缓存的数据。| + +**操作1. 已配置的软件repo** + +显示已配置的软件仓库,默认添加 **--enabled** 选项(显示启用的仓库)。 + +``` +# dnf repolist --enabled +repo id repo name +EPOL EPOL +OS OS +debuginfo debuginfo +everything everything +pkgship_elasticsearch Elasticsearch repositor +source source +update update +``` + +- **--all**: 显示所有的软件仓库 +- **--disabled**: 显示被禁用的软件仓库 +- **--enabled**: 显示已经启用的仓库(默认) + +**操作2. 安装单个或多个软件包** + +通过**install** 命令可以安装RPM包。 + +``` +# dnf install 软件包 +``` + +安装软件包的过程中可能会存在**冲突**的包或**无法安装**的包,可以在命令中增加 **--allowerasing** 来替换冲突的软件包或 **--skip-broken** 来跳过无法安装的软件包。 + +``` +# dnf install 软件包 [软件包 ...] --allowerasing --skip-broken +``` + +当使用dnf安装软件包时,通过添加 **--installroot** 设置软件包安装的根目录。 + +``` +# dnf install 软件包 --installroot 软件包安装的根目录 +``` + +需要临时指定特定的repo源安装时,可以添加 **--setopt=reposdir=** 选项来指定repo源的加载目录。 + +``` +# dnf install 软件包 --setopt=reposdir=repo源的加载目录 +``` + +在安装选项时,不需要交互式确认时,可以通过添加 **-y** 或**--assumeyes** 使需要安装的软件包全部自动应答为**是**。 + +``` +# dnf install 软件包 -y +``` + +指定特定的repo源安装rpm包时,可以通过指定 **--repo** 或 **--enablerepo** 选项。为了达到相同的效果,也可以通过使用 **--disablerepo** 选项来禁用匹配的repo源,此处推荐您使用--repo选项来安装RPM包。 + +``` +# dnf install 软件包 --repo=repo源 +``` + +**操作3. 重新安装软件包** + +系统上的软件包需要执行重新安装操作时,可以执行 **reinstall** 命令。 + +``` +# dnf reinstall 软件包 +``` + +**操作4. 升级一个或多个软件包** + +- 通过**upgrade**或 **update**升级Linux上的一个或多个软件包。 + +``` +# dnf upgrade 软件包 [软件包 ...] +# dnf update 软件包 [软件包 ...] +``` + +**操作5. 软件包降级** + +当软件包版本过高发生兼容性问题时,可以采用降级的方式解决。 + +``` +# dnf downgrade 软件包 +``` + +**操作6. 列出一个或一组软件包** + +罗列系统中已安装的软件包和配置的repo仓中存在的软件包列表,可以使用 `list` 命令。 + +``` +# dnf list +``` + +可以通过添加选项过滤显示的包列表 + +- **--all**: 显示所有的软件包(默认) +- **--available**: 只显示可用的软件包 +- **--installed**: 只显示已安装的软件包 +- **--extras**: 只显示额外的软件包 +- **--updates**: 只显示需要被升级的软件包 +- **--upgrades**: 只显示需要被升级的软件包 +- **--autoremove**: 只显示需要被删除的软件包 +- **--recent**: 限制最近被改变的软件包 + +**操作7. 查看软件包详细信息** + +查看软件包的详细信息时,可以使用`info` 命令。 + +``` +# dnf info 软件包 +``` + +**操作8. 搜索软件包** + +如需在系统中安装软件包,但不确定软件包全称时,可使用`search`命令查找匹配的包。 + +``` +# dnf search 软件包 +``` + +**操作9. 卸载一个或多个软件包** + +删除已过期或重复的软件包时,可使用`remove`命令移除一个软件包。 + +``` +# dnf remove 软件包 +``` + +- **--duplicates**: 删除已安装(重复)的软件包 +- **--oldinstallonly**: 移除过期的“仅安装”软件包 + +**操作10. 自动删除因为依赖关系安装的软件包** + +删除因为依赖关系安装的不需要的软件包时,可使用`autoremove`命令。 + +``` +# dnf autoremove 软件包 +``` + +## 配置SSH + +1. SSH服务介绍 + +**SSH(Secure Shell)**是目前较可靠,专为远程登录会话和其他网络服务**提供安全性保障**的协议。利用SSH协议可以有效防止远程管理过程中的信息泄露问题。透过SSH可以对所有传输的数据进行加密,并防止DNS欺骗和IP欺骗。OpenSSH是SSH协议的免费开源实现。 + +2. 配置SSH服务 + +```shell +# 打开并修改/etc/ssh/sshd_config文件 +vi /etc/ssh/sshd_config + +# 重新启动SSH服务 +systemctl restart sshd + +# 检查SSH服务状态 +systemctl status sshd +``` + +3. SSH服务配置文件主要选项 + +```shell +# 指定SSH协议版本(Specify SSH Protocol Version) +Protocol 2 + +# 允许的用户(Allowed Users) +AllowUsers xxx + +# 被拒绝的用户(Denied Users) +DenyUser root + +# 配置会话超时(Configure Session Timeout) +ClientAliveInterval 120 + +# 禁用SSH根登录(Disable SSH Root Login) +PermitRootLogin no + +# 配置或更改SSH端口号(Configure or Change SSH Port Number) +Port 1234 + +# 禁用SSH密码身份验证 (Disable SSH Password Authentication) +PasswordAuthentication no +``` diff --git a/docs/zh/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/zh/server/maintenance/common_skills/information_collection.md b/docs/zh/server/maintenance/common_skills/information_collection.md new file mode 100644 index 0000000000000000000000000000000000000000..9a301de64fb64089f1e30e92baa72d266276a5a5 --- /dev/null +++ b/docs/zh/server/maintenance/common_skills/information_collection.md @@ -0,0 +1,157 @@ +# 信息收集 + +## 查看OS信息 + +1. 查看操作系统版本信息 + + ```shell + # cat /etc/openEuler-latest + # cat /etc/os-release + # cat /etc/openEuler-release + ``` + +2. 查看内核版本信息 + + ```shell + # uname -a + ``` + +## 查看硬件信息 + +1. 查看cpu的统计信息 + + ```shell + # lscpu + ``` + +2. 查看CPU相关参数 + + ```shell + # cat /proc/cpuinfo + ``` + +3. 查看系统内存信息 + + ```shell + # cat /proc/meminfo + ``` + +4. 查看内存信息 + + ```shell + # dmidecode -t memory + ``` + +5. 查看硬盘和分区分布 + + ```shell + # lsblk + ``` + +6. 看硬盘和分区的详细信息 + + ```shell + # fdisk -l + ``` + +7. 查看网卡硬件信息 + + ```shell + # lspci | grep -i 'eth' + ``` + +8. 查看所有网络接口 + + ```shell + # ip a + # yum install -y net-tools + # ifconfig + ``` + +9. 查看某个网络接口的详细信息 + + ```shell + # ethtool enp7s0 (以enp7s0为例) + ``` + +10. 查看pci信息 + + ```shell + # lspci + ``` + +11. 查看设备树 + + ```shell + # lspci -t + ``` + +12. 查看bios信息 + + ```shell + # dmidecode -t bios + ``` + +## 查看软件信息 + +1. 查看软件包的详细信息 + + ```shell + # rpm -qi systemd(以systemd为例) + ``` + +2. 查看软件包提供的模块 + + ```shell + # rpm -q --provides systemd (以systemd为例) + ``` + +3. 查看所有已安装软件包 + + ```shell + # rpm -qa | grep systemd (以systemd为例) + ``` + +4. 查看软件包文件列表 + + ```shell + # rpm -ql python3-rpm (以python3-rpm为例) + ``` + +## 查看OS日志 + +1. 查看系统启动后的信息和错误日志 + + ```shell + # cat /var/log/messages + ``` + +2. 查看安全相关的日志信息 + + ```shell + # cat /var/log/secure + ``` + +3. 查看邮件相关的日志信息 + + ```shell + # cat /var/log/maillog + ``` + +4. 查看定时任务相关的日志信息 + + ```shell + # cat /var/log/cron + ``` + +5. 查看UUCP和news设备相关的日志信息 + + ```shell + # cat /var/log/spooler + ``` + +6. 查看守护进程启动和停止相关的日志消息 + + ```shell + # cat /var/log/boot.log + ``` diff --git a/docs/zh/server/maintenance/common_tools/_toc.yaml b/docs/zh/server/maintenance/common_tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..984c9a3739a9e1ff7983365a9cb2d555a7576697 --- /dev/null +++ b/docs/zh/server/maintenance/common_tools/_toc.yaml @@ -0,0 +1,6 @@ +label: 常用定位定界工具 +isManual: true +description: 常用定位定界工具,包括 ftrace,strace 和 kdump +sections: + - label: 常用定位定界工具 + href: ./commonly_used_tools.md diff --git a/docs/zh/server/maintenance/common_tools/commonly_used_tools.md b/docs/zh/server/maintenance/common_tools/commonly_used_tools.md new file mode 100644 index 0000000000000000000000000000000000000000..bbe7cead10a635844fa6bf8135c3209a3cab584a --- /dev/null +++ b/docs/zh/server/maintenance/common_tools/commonly_used_tools.md @@ -0,0 +1,195 @@ +# 常用工具 + +## ftrace + +1. ftrace:是一个针对linux kernel内核空间的debug工具,内核中会提供trace events供用户追踪。而ftrace则可以将events抓取出来,让用户能够直观地看到这些事件,同时也可以追踪内核的函数。 +2. ftrace的配置和使用:要使用ftrace,需要**将其相关的依赖编译进内核**,openEuler已经默认编译了ftrace选项,如果没开启可以在menuconfig里选择Kernel hacking -\> Tracers -\> Trace syscalls开启,同时还要**编译debugfs**,选择Kernel hacking -\> Generic Kernel Debugging Instruments -\> Debug Filesystem。 + +- **ftrace的功能配置** + +ftrace通过debugfs向用户空间提供访问接口,内核配置debugfs后,会创建/sys/kernel/debug目录,debugfs文件系统就是挂载到该目录。如果内核支持ftrace相关的配置项后,会在debugfs下创建一个tracing目录,debugfs文件系统会挂载到该目录,该目录内容如下图所示: + +![](./images/zh-cn_image_0000001322372918.png) + +- **ftrace debugfs接口介绍** +用户可看到ftrace通过debugfs文件系统提供的一些控制和输出文件,如下对常用的文件做简单说明: + + available_tracers:可用的跟踪程序 + + current_tracer:正在运行的跟踪程序 + + available_events:列举了系统所有可用的trace events + + events:该目录对events按模块做了区分。 + + set_event:列举当前要追踪的events + + tracing_on:用于控制跟踪打开或停止,echo 0 \> tracing\_on表示关闭,1表示打开 + + trace:查看跟踪数据 + +- **可用的跟踪程序** + +![zh-cn_image_0000001373373585](./images/zh-cn_image_0000001373373585.png) + + function:一个无需参数的函数调用跟踪程序 + + function_graph:一个使用子调用的函数调用跟踪程序 + +- **追踪event** + +```shell +# 先注明要追踪ras的arm_event +echo ras:arm_event > /sys/kernel/debug/tracing/set_event + +# 这个文件可以看到event的具体格式,会打印什么字段 +cat /sys/kernel/debug/tracing/events/ras/arm_event/format + +# 启动追踪 +echo 1 > /sys/kernel/debug/tracing/tracing_on + +# 观察trace的输出 +tail -f /sys/kernel/debug/tracing/trace +``` + +![c50cb9df64f4659787c810167c89feb4_1884x257](./images/c50cb9df64f4659787c810167c89feb4_1884x257.png) + +- **追踪内核函数入参** + +选择跟踪mmap,其对应系统调用do\_mmap,选择输出addr入参。 + +![zh-cn_image_0000001373379529](./images/zh-cn_image_0000001373379529.png) + +```shell +# 通过kprobe跟踪 +echo 'p:probe1 do_mmap addr=%x1' > kprobe_events + +# 启用kprobe +echo 1 > events/kprobes/probe1/enable + +# 启动追踪 +echo 1 > tracing_on + +# 查看trace数据 +``` + +![zh-cn_image_0000001322379488](./images/zh-cn_image_0000001322379488.png) + +- **追踪函数调用** + +```shell +# 选择追踪类型 +echo function_graph > current_tracer + +# 设置过滤进程pid +echo set_ftrace_pid + +# 开始追踪 +echo 1 > tracing_on + +# 查看trace数据 +``` + +![zh-cn_image_0000001322219840](./images/zh-cn_image_0000001322219840.png) + +## strace + +strace命令是一个诊断、调试工具,可以通过使用strace对应用的系统调用及信号传递来进行分析,从而达到解决问题或了解应用执行过程的目的。 + +可以通过`strace -h`来查看strace提供了哪些功能。 + +![zh-cn_image_0000001322112990](./images/zh-cn_image_0000001322112990.png) + +最常用的使用方式(追踪xx命令,跟踪forks,打印时间,结果输出到output文件中)。 + +```shell +strace -f -tt -o output xx +``` + +## kdump + +1. crash/kdump原理介绍 + +kdump是系统运行在某个时间点的内存状态的快照,便于运维人员debug分析系统挂掉的原因,常用于系统宕机和panic。 + +大致流程如下: + +![zh-cn_image_0000001321685172](./images/zh-cn_image_0000001321685172.png) + +2. 相关工具安装配置 + +```shell +# 使用yum安装相应软件包 +yum install kernel-debuginfo-$(uname -r) kexec-tools crash -y + +# 设置crashkernel预留内存大小 +vim /etc/default/grub +``` + +![zh-cn_image_0000001372821865](./images/zh-cn_image_0000001372821865.png) + +```shell +# 重新生成grub配置文件 +grub2-mkconfig -o /boot/efi/EFI/openEuler/grub.cfg +reboot + +# 启动kdump服务 +systemctl start kdump #启动kdump +systemctl enable kdump #设置开机启动 +``` + +3. crash触发 + +步骤1. 内核具备默认配置,当硬锁和oops的时候会触发panic。 + +![zh-cn_image_0000001372824637](./images/zh-cn_image_0000001372824637.png) + +步骤2. 用户可以修改该配置,以下相关命令可使配置生效一次,重启后失效。 + +```shell +# 设置软锁触发panic +echo 1 > /proc/sys/kernel/softlockup_panic + +# 设置kernel遇到OOM触发panic +echo 1 > /proc/sys/vm/panic_on_oom + +# 进程出现hang时引发panic +echo 1 > /proc/sys/kernel/hung_task_panic + +# 进程hangtask机制超时时间设置 +echo 60 > /proc/sys/kernel/kernel.hung_task_timeout_secs +``` + +步骤3. 如需要重启自动重启配置,将下列参数写入/etc/sysctl.conf文件,执行sysctl -p生效。 + +```shell +kernel.hung_task_panic=1 +kernel.hung_task_timeout_secs=60 +kernel.softlockup_panic=1 +vm.panic_on_oom=1 +``` + +4. crash分析 + +步骤1. 开启crash调试。 + +步骤2. 生成的vmcore文件一般会在“/var/crash/IP地址-时间”目录下。 + +步骤3. 执行如下命令即可进入crash调试。 + +```shell +crash {vmcore文件} {调试内核vmlinux} +``` + +![zh-cn_image_0000001372748125](./images/zh-cn_image_0000001372748125.png) + +crash调试命令格式为 command args,command为需要执行的命令,args为部分调试命令需要的参数。 + +|命令|用途| +|--|--| +|help|打印命令的help信息,可展示支持命令,也可查看具体命令的help信息,如 help bt。| +|bt|打印函数调用栈信息。| +|log|打印系统消息缓冲区,可追加参数,如log。 | +|ps|显示进程的状态,>表示进程为活跃状态。| +|dis|对给定函数或者地址进行反汇编,如dis -l [func]。 | +|mount|展示当前的文件系统信息| diff --git a/docs/zh/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/zh/server/maintenance/gala/_toc.yaml b/docs/zh/server/maintenance/gala/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..28f6b5220469ffaf324d60793276681a78eb368e --- /dev/null +++ b/docs/zh/server/maintenance/gala/_toc.yaml @@ -0,0 +1,10 @@ +label: gala用户指南 +isManual: true +description: 故障智能检测、性能数据采集分析以及资源监测管理 +sections: + - label: 使用gala-anteater + href: ./using_gala_anteater.md + - label: 使用gala_gopher + href: ./using_gala_gopher.md + - label: 使用gala-spider + href: ./using_gala_spider.md diff --git "a/docs/zh/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" "b/docs/zh/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..047c6f1bfe3e38c66d34285563d910f6f3bd07e1 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" differ diff --git a/docs/zh/server/maintenance/gala/figures/chakanyuqi.png b/docs/zh/server/maintenance/gala/figures/chakanyuqi.png new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/chakanyuqi.png differ diff --git a/docs/zh/server/maintenance/gala/figures/chaxunshijipeizhi.png b/docs/zh/server/maintenance/gala/figures/chaxunshijipeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/chaxunshijipeizhi.png differ diff --git a/docs/zh/server/maintenance/gala/figures/chuangjianyewuyu.png b/docs/zh/server/maintenance/gala/figures/chuangjianyewuyu.png new file mode 100644 index 0000000000000000000000000000000000000000..4f5b8de2d2c4ddb9bfdfba1ac17258a834561e2d Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/chuangjianyewuyu.png differ diff --git "a/docs/zh/server/maintenance/gala/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" "b/docs/zh/server/maintenance/gala/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" new file mode 100644 index 0000000000000000000000000000000000000000..ab16e9d3661db3fd4adc6c605b2d2d08e79fdc1c Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..c5a0768be63a98ef7ccc4a56996a8c715f7090af Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/server/maintenance/gala/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f151965a21d11dd7a3e215cc4ef23d70d059f4b1 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git a/docs/zh/server/maintenance/gala/figures/group.PNG b/docs/zh/server/maintenance/gala/figures/group.PNG new file mode 100644 index 0000000000000000000000000000000000000000..584fd1f7195694a3419482cace2a71fa1cd9a3ec Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/group.PNG differ diff --git a/docs/zh/server/maintenance/gala/figures/icon-note.gif b/docs/zh/server/maintenance/gala/figures/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/icon-note.gif differ diff --git a/docs/zh/server/maintenance/gala/figures/shanchupeizhi.png b/docs/zh/server/maintenance/gala/figures/shanchupeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/shanchupeizhi.png differ diff --git "a/docs/zh/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" "b/docs/zh/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..5823a116f384801e1197350f151b4d04ef519ac4 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbd0600fc5c913198dfe1e1bf2aba9c652576a98 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git a/docs/zh/server/maintenance/gala/figures/tianjianode.png b/docs/zh/server/maintenance/gala/figures/tianjianode.png new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/tianjianode.png differ diff --git a/docs/zh/server/maintenance/gala/figures/xinzengpeizhi.png b/docs/zh/server/maintenance/gala/figures/xinzengpeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/xinzengpeizhi.png differ diff --git a/docs/zh/server/maintenance/gala/figures/zhuangtaichaxun.png b/docs/zh/server/maintenance/gala/figures/zhuangtaichaxun.png new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and b/docs/zh/server/maintenance/gala/figures/zhuangtaichaxun.png differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..bd179be46c9e711d7148ee44dc56f4a7a02f56bf Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..23ff4e5fddb87ac157b1002a70c47d9b4c76b873 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1a2b45e860914a1ac0cfb6908b02fb5cad4cbd60 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..89ac88e154275d4be8179d773e7093f2357f425f Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..57844f772853c541f7a1328b007a9b6ae4d5caf0 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5b4830b47897a0d51be28238a879a70b1de9ca3b Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..17fb5b13034e1fc5276c68583fed1952415b0b5f Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..458e023847bb2ad1f198f5a2dd1691748038137e Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa34bb909ee7c86a95126c13fa532ce93410a931 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..05859540cb88e11bd8dedaeb8e03253254574c40 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..f556e0e7e3c4096a89597cb08ba29133375aab07 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..801c7f917d717499c86708b419101be3773348ac Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..0719bb8c0b71d0503d5d3a7d8e9e83da71169c64 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..21c9468ce4378bcadf537e543c756cf7a1347499 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..9cfd080d1a658544c559e83429a14b35dc931fc6 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..7ca43b0a82b7c4dd3e43a5e46cf3b4a79d55d033 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..b9acfbcd7d8e3b2b551c8bb9700142dfba681afe Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..6bc8cc31e05d06dbd5ee4c0f62f281683db048da Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..3bf992f586f7fb4d87bc01cc29f961755a315c9d Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..f73ccaf984e8ab55f8b78f7da5a570ce43685221 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..b183298d96b8ced8954852540c891310aeda05be Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8aa813bc228326b3e8db19e303e03507873a893 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ccebe84f60b21737414b2cb3f972472114a40c5 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..619cc6d42b646df3d9c4e601f40a6ec452712668 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..34b1d4095b8c017f3c66ebfb3c44d114bc8d6ca7 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5f8a3a95705145787e7aaf9c8d1fff404892240 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..b8f0a87e00d73961907167fcbe43d82b60caf445 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" new file mode 100644 index 0000000000000000000000000000000000000000..ce25657a0627e9dfc3dc9ebf323e086103c2ecdf Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2f2e2e67a98a16e1ad464c794a8ef45ebb229d7f Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..94c9b65719050b79d2cdb9d1e8f67c459925cda7 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..7e4f0da4e88da6f18495a4fb23bd400d0da0a8da Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..1ee8f7bb2456efe6318074f46f5008da355a2cb1 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" new file mode 100644 index 0000000000000000000000000000000000000000..a916eebf306cca9ffa54f733143a0ac2c44313a4 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..31684136510cfe6248adf9b8cd086140ab5b26ef Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..df3991eb16d32d9f2296fbb36873ff26bc82fa18 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..c83daeeb5f8a4d9ab4f40e3debbe7a96f427ce74 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..5ab697c8f9c292097356a26140750f7f615c5d81 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" new file mode 100644 index 0000000000000000000000000000000000000000..4bde1fd7330491fda6f4ed73a2be2e8c0bfabc8d Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..2890e4934ba903324ea134d3ebee85307665270e Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..24f94c0a9ff05897b01786aa4bc8adfe4bc8db09 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" new file mode 100644 index 0000000000000000000000000000000000000000..8849a2fc81dbd14328c6c66c53033164a0b67b52 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1e518157f8def332adfa5516b37fdb89768499c Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8c229bf41b27f1fe6629106957fd5e47851096d Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" differ diff --git "a/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and "b/docs/zh/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" differ diff --git a/docs/zh/server/maintenance/gala/using_gala_anteater.md b/docs/zh/server/maintenance/gala/using_gala_anteater.md new file mode 100644 index 0000000000000000000000000000000000000000..405e3674fe33a69de2ca9e2dcf42f22bcf903295 --- /dev/null +++ b/docs/zh/server/maintenance/gala/using_gala_anteater.md @@ -0,0 +1,220 @@ +# gala-anteater使用手册 + +gala-anteater是一款基于AI的操作系统异常检测平台。主要提供时序数据预处理、异常点发现、异常上报等功能。基于线下预训练、线上模型的增量学习与模型更新,能够很好地适用于多维多模态数据故障诊断。 + +本文主要介绍如何部署和使用gala-anteater服务,检测训练集群中的慢节点/慢卡。 + +## 安装 + +挂载repo源: + +```basic +[everything] +name=everything +baseurl=http://121.36.84.172/dailybuild/EBS-openEuler-24.03-LTS-SP1/rc4_openeuler-2024-12-05-15-40-49/everything/$basearch/ +enabled=1 +gpgcheck=0 +priority=1 + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/EBS-openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ +enabled=1 +gpgcheck=0 +priority=1 + +``` + +安装gala-anteater: + +```bash +yum install gala-anteater +``` + +## 配置 + +>![](./figures/icon-note.gif)**说明:** +> +>gala-anteater采用配置的config文件设置参数启动,配置文件位置: /etc/gala-anteater/config/gala-anteater.yaml。 + +### 配置文件默认参数 + +```yaml +Global: + data_source: "prometheus" + +Arangodb: + url: "http://localhost:8529" + db_name: "spider" + +Kafka: + server: "192.168.122.100" + port: "9092" + model_topic: "gala_anteater_hybrid_model" + rca_topic: "gala_cause_inference" + meta_topic: "gala_gopher_metadata" + group_id: "gala_anteater_kafka" + # auth_type: plaintext/sasl_plaintext, please set "" for no auth + auth_type: "" + username: "" + password: "" + +Prometheus: + server: "localhost" + port: "9090" + steps: "5" + +Aom: + base_url: "" + project_id: "" + auth_type: "token" + auth_info: + iam_server: "" + iam_domain: "" + iam_user_name: "" + iam_password: "" + ssl_verify: 0 + +Schedule: + duration: 1 + +Suppression: + interval: 10 +``` + +| 参数 | 含义 | 默认值 | +| ----------- | ------------------------------------------------------------ | ---------------------------- | +| Global | 全局配置 | 字典类型 | +| data_source | 设置数据来源 | "prometheus" | +| Arangodb | Arangodb图数据库配置信息 | 字典类型 | +| url | 图数据库Arangodb的ip地址 | "" | +| db_name | 图数据库名 | "spider" | +| Kafka | kafka配置信息 | 字典类型 | +| server | Kafka Server的ip地址,根据安装节点ip配置 | "192.168.122.100" | +| port | Kafka Server的port,如:9092 | "9092" | +| model_topic | 故障检测结果上报topic | "gala_anteater_hybrid_model" | +| rca_topic | 根因定位结果上报topic | "gala_cause_inference" | +| meta_topic | gopher采集指标数据topic | "gala_gopher_metadata" | +| group_id | kafka设置组名 | "gala_anteater_kafka" | +| Prometheus | 数据源prometheus配置信息 | 字典类型 | +| server | Prometheus Server的ip地址,根据安装节点ip配置 | "localhost" | +| port | Prometheus Server的port,如:9090 | "9090" | +| steps | 指标采样间隔 | "5" | +| Schedule | 循环调度配置信息 | 字典类型 | +| duration | 异常检测模型执行频率(单位:分),每x分钟,检测一次 | 1 | +| Suppression | 告警抑制配置信息 | 字典类型 | +| interval | 告警抑制间隔(单位: 分),表示距离上一次告警x分钟内相同告警过滤 | 10 | + +## 启动 + +执行如下命令启动gala-anteater + +```shell +systemctl start gala-anteater +``` + +>![](./figures/icon-note.gif)**说明:** +> +>gala-anteater支持启动一个进程实例,启动多个会导致内存占用过大,日志混乱。 + +### 查询gala-anteater服务慢节点检测执行状态 + +若日志显示如下内容,说明慢节点正常运行,启动日志也会保存到当前运行目录下`/var/log/gala-anteater/gala-anteater.log`文件中。 + +```log +2024-12-02 16:25:20,727 - INFO - anteater - Groups-0, metric: npu_chip_info_hbm_used_memory, start detection. +2024-12-02 16:25:20,735 - INFO - anteater - Metric-npu_chip_info_hbm_used_memory single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:20,739 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection start. +2024-12-02 16:25:21,128 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:21,137 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,139 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,141 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,142 - INFO - anteater - space_nodes_compare result: []. +2024-12-02 16:25:21,142 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:21,144 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection end. + +2024-12-02 16:25:21,144 - INFO - anteater - Groups-0, metric: npu_chip_info_aicore_current_freq, start detection. +2024-12-02 16:25:21,153 - INFO - anteater - Metric-npu_chip_info_aicore_current_freq single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:21,157 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection start. +2024-12-02 16:25:21,584 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:21,592 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,594 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,597 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,598 - INFO - anteater - space_nodes_compare result: []. +2024-12-02 16:25:21,598 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:21,598 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection end. + +2024-12-02 16:25:21,598 - INFO - anteater - Groups-0, metric: npu_chip_roce_tx_err_pkt_num, start detection. +2024-12-02 16:25:21,607 - INFO - anteater - Metric-npu_chip_roce_tx_err_pkt_num single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:21,611 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection start. +2024-12-02 16:25:22,040 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:22,040 - INFO - anteater - Skip space nodes compare. +2024-12-02 16:25:22,040 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:22,040 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection end. + +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 1/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 2/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 3/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 4/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 5/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 6/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 7/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 8/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 9/9 +2024-12-02 16:25:22,043 - INFO - anteater - SlowNodeDetector._execute costs 1.83 seconds! +2024-12-02 16:25:22,043 - INFO - anteater - END! +``` + +## 异常检测输出数据 + +gala-anteater如果检测到异常点,会将结果输出至kafka的model_topic,输出数据格式如下: + +```json +{ + "Timestamp": 1730732076935, + "Attributes": { + "resultCode": 201, + "compute": false, + "network": false, + "storage": true, + "abnormalDetail": [{ + "objectId": "-1", + "serverIp": "96.13.19.31", + "deviceInfo": "96.13.19.31:8888*-1", + "kpiId": "gala_gopher_disk_wspeed_kB", + "methodType": "TIME", + "kpiData": [], + "relaIds": [], + "omittedDevices": [] + }], + "normalDetail": [], + "errorMsg": "" + }, + "SeverityText": "WARN", + "SeverityNumber": 13, + "is_anomaly": true +} +``` + +## 输出字段说明 + +| 输出字段 | 单位 | 含义 | +| -------------- | ------ | ----------------------------------------------------- | +| Timestamp | ms | 检测到故障上报的时刻 | +| resultCode | int | 故障码,201表示故障,200表示无故障 | +| compute | bool | 故障类型是否为计算类型 | +| network | bool | 故障类型是否为网络类型 | +| storage | bool | 故障类型是否为存储类型 | +| abnormalDetail | list | 表示故障的细节 | +| objectId | int | 故障对象id,-1表示节点故障,0-7表示具体的故障卡号 | +| serverIp | string | 故障对象ip | +| deviceInfo | string | 详细的故障信息 | +| kpiId | string | 检测到故障的算法类型,"TIME", "SPACE" | +| kpiData | list | 故障时序数据,需开关打开,默认关闭 | +| relaIds | list | 故障卡关联的正常卡,表示在”SPACE“算法下对比的正常卡号 | +| omittedDevices | list | 忽略显示的卡号 | +| normalDetail | list | 正常卡的时序数据 | +| errorMsg | string | 错误信息 | +| SeverityText | string | 错误类型,表示"WARN", "ERROR" | +| SeverityNumber | int | 错误等级 | +| is_anomaly | bool | 表示是否故障 | diff --git a/docs/zh/server/maintenance/gala/using_gala_gopher.md b/docs/zh/server/maintenance/gala/using_gala_gopher.md new file mode 100644 index 0000000000000000000000000000000000000000..2028a562c270d948b8cb3babe1aff01c7aa51468 --- /dev/null +++ b/docs/zh/server/maintenance/gala/using_gala_gopher.md @@ -0,0 +1,229 @@ +# **gala-gopher使用手册** + +gala-gopher作为数据采集模块提供OS级的监控能力,支持动态加载 /卸载探针,可无侵入式地集成第三方探针,快速扩展监控范围。 + +本章介绍如何部署和使用gala-gopher服务。 + +#### 安装 + +挂载repo源: + +```basic +[oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 官方发布源 +name=oe-2203-lts-sp3-everything +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-update] # openEuler 22.03-LTS-SP3 Update 官方发布源 +name=oe-22.03-lts-sp3-epol-update +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/update/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL 官方发布源 +name=oe-22.03-lts-sp3-epol-main +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 +``` + +安装gala-gopher: + +```bash +# yum install gala-gopher +``` + +#### 配置 + +##### 配置介绍 + +gala-gopher配置文件为`/opt/gala-gopher/gala-gopher.conf`,该文件配置项说明如下(省略无需用户配置的部分)。 + +如下配置可以根据需要进行修改: + +- global:gala-gopher全局配置信息。 + - log_file_name:gala-gopher日志文件名。 + - log_level: gala-gopher日志级别(暂未开放此功能)。 + - pin_path:ebpf探针共享map存放路径(建议维持默认配置)。 +- metric:指标数据metrics输出方式配置。 + - out_channel:metrics输出通道,支持配置web_server|kafka,配置为空则输出通道关闭。 + - kafka_topic:若输出通道为kafka,此为topic配置信息。 +- event:异常事件event输出方式配置。 + - out_channel:event输出通道,支持配置logs|kafka,配置为空则输出通道关闭。 + - kafka_topic:若输出通道为kafka,此为topic配置信息。 +- meta:元数据metadata输出方式配置。 + - out_channel:metadata输出通道,支持logs|kafka,配置为空则输出通道关闭。 + - kafka_topic:若输出通道为kafka,此为topic配置信息。 +- imdb:cache缓存规格配置。 + - max_tables_num:最大的cache表个数,/opt/gala-gopher/meta目录下每个meta对应一个表。 + - max_records_num:每张cache表最大记录数,通常每个探针在一个观测周期内产生至少1条观测记录。 + - max_metrics_num:每条观测记录包含的最大的metric指标个数。 + - record_timeout:cache表老化时间,若cache表中某条记录超过该时间未刷新则删除记录,单位为秒。 +- web_server:输出通道web_server配置。 + - port:监听端口。 +- kafka:输出通道kafka配置。 + - kafka_broker:kafka服务器的IP和port。 +- logs:输出通道logs配置。 + - metric_dir:metrics指标数据日志路径。 + - event_dir:异常事件数据日志路径。 + - meta_dir:metadata元数据日志路径。 + - debug_dir:gala-gopher运行日志路径。 +- probes:native探针配置。 + - name:探针名称,要求与native探针名一致,如example.probe 探针名为example。 + - param :探针启动参数,支持的参数详见[启动参数介绍表](#启动参数介绍)。 + - switch:探针是否启动,支持配置 on | off。 +- extend_probes :第三方探针配置。 + - name:探针名称。 + - command:探针启动命令。 + - param:探针启动参数,支持的参数详见[启动参数介绍表](#启动参数介绍)。 + - start_check:switch为auto时,需要根据start_check执行结果判定探针是否需要启动。 + - switch:探针是否启动,支持配置on | off | auto,auto会根据start_check判定结果决定是否启动探针。 + +##### 启动参数介绍 + +| 参数项 | 含义 | +| ------ | ------------------------------------------------------------ | +| -l | 是否开启异常事件上报 | +| -t | 采样周期,单位为秒,默认配置为探针5s上报一次数据 | +| -T | 延迟时间阈值,单位为ms,默认配置为0ms | +| -J | 抖动时间阈值,单位为ms,默认配置为0ms | +| -O | 离线时间阈值,单位为ms,默认配置为0ms | +| -D | 丢包阈值,默认配置为0(个) | +| -F | 配置为`task`表示按照`task_whitelist.conf`过滤,配置为具体进程的pid表示仅监控此进程 | +| -P | 指定每个探针加载的探测程序范围,目前tcpprobe、taskprobe探针涉及 | +| -U | 资源利用率阈值(上限),默认为0% | +| -L | 资源利用率阈值(下限),默认为0% | +| -c | 指示探针(tcp)是否标识client_port,默认配置为0(否) | +| -N | 指定探针(ksliprobe)的观测进程名,默认配置为NULL | +| -p | 指定待观测进程的二进制文件路径,比如nginx_probe,通过 -p /user/local/sbin/nginx指定nginx文件路径,默认配置为NULL | +| -w | 筛选应用程序监控范围,如-w /opt/gala-gopher/task_whitelist.conf,用户可将需要监控的程序名写入task_whitelist.conf中,默认配置为NULL表示不筛选 | +| -n | 指定某个网卡挂载tc ebpf,默认配置为NULL表示所有网卡均挂载,示例: -n eth0 | + +##### 配置文件示例 + +- 配置选择数据输出通道: + + ```yaml + metric = + { + out_channel = "web_server"; + kafka_topic = "gala_gopher"; + }; + + event = + { + out_channel = "kafka"; + kafka_topic = "gala_gopher_event"; + }; + + meta = + { + out_channel = "kafka"; + kafka_topic = "gala_gopher_metadata"; + }; + ``` + +- 配置kafka和webServer: + + ```yaml + web_server = + { + port = 8888; + }; + + kafka = + { + kafka_broker = ":9092"; + }; + ``` + +- 选择开启的探针,示例如下: + + ```yaml + probes = + ( + { + name = "system_infos"; + param = "-t 5 -w /opt/gala-gopher/task_whitelist.conf -l warn -U 80"; + switch = "on"; + }, + ); + extend_probes = + ( + { + name = "tcp"; + command = "/opt/gala-gopher/extend_probes/tcpprobe"; + param = "-l warn -c 1 -P 7"; + switch = "on"; + } + ); + ``` + +#### 启动 + +配置完成后,执行如下命令启动gala-gopher。 + +```bash +# systemctl start gala-gopher.service +``` + +查询gala-gopher服务状态。 + +```bash +# systemctl status gala-gopher.service +``` + +若显示结果如下,说明服务启动成功。需要关注开启的探针是否已启动,如果探针线程不存在,请检查配置文件及gala-gopher运行日志文件。 + +![gala-gopher成功启动状态](./figures/gala-gopher成功启动状态.png) + +> 说明:gala-gopher部署和运行均需要root权限。 + +#### 使用方法 + +##### 外部依赖软件部署 + +![gopher软件架构图](./figures/gopher软件架构图.png) + +如上图所示,绿色部分为gala-gopher的外部依赖组件。gala-gopher会将指标数据metrics输出到prometheus,将元数据metadata、异常事件event输出到kafka,灰色部分的gala-anteater和gala-spider会从prometheus和kafka获取数据。 + +> 说明:安装kafka、prometheus软件包时,需要从官网获取安装包进行部署。 + +##### 输出数据 + +- **指标数据metrics** + + Prometheus Server内置了Express Browser UI,用户可以通过PromQL查询语句查询指标数据内容。详细教程参见官方文档:[Using the expression browser](https://prometheus.io/docs/prometheus/latest/getting_started/#using-the-expression-browser)。示例如下: + + 指定指标名称为`gala_gopher_tcp_link_rcv_rtt`,UI显示的指标数据为: + + ```basic + gala_gopher_tcp_link_rcv_rtt{client_ip="x.x.x.165",client_port="1234",hostname="openEuler",instance="x.x.x.172:8888",job="prometheus",machine_id="1fd3774xx",protocol="2",role="0",server_ip="x.x.x.172",server_port="3742",tgid="1516"} 1 + ``` + +- **元数据metadata** + + 可以直接从kafka消费topic为`gala_gopher_metadata`的数据来看。示例如下: + + ```bash + # 输入请求 + ./bin/kafka-console-consumer.sh --bootstrap-server x.x.x.165:9092 --topic gala_gopher_metadata + # 输出数据 + {"timestamp": 1655888408000, "meta_name": "thread", "entity_name": "thread", "version": "1.0.0", "keys": ["machine_id", "pid"], "labels": ["hostname", "tgid", "comm", "major", "minor"], "metrics": ["fork_count", "task_io_wait_time_us", "task_io_count", "task_io_time_us", "task_hang_count"]} + ``` + +- **异常事件event** + + 可以直接从kafka消费topic为`gala_gopher_event`的数据来看。示例如下: + + ```bash + # 输入请求 + ./bin/kafka-console-consumer.sh --bootstrap-server x.x.x.165:9092 --topic gala_gopher_event + # 输出数据 + {"timestamp": 1655888408000, "meta_name": "thread", "entity_name": "thread", "version": "1.0.0", "keys": ["machine_id", "pid"], "labels": ["hostname", "tgid", "comm", "major", "minor"], "metrics": ["fork_count", "task_io_wait_time_us", "task_io_count", "task_io_time_us", "task_hang_count"]} + ``` + \ No newline at end of file diff --git a/docs/zh/server/maintenance/gala/using_gala_spider.md b/docs/zh/server/maintenance/gala/using_gala_spider.md new file mode 100644 index 0000000000000000000000000000000000000000..d56579e821880e5f353a7376e7e910041f3cf10d --- /dev/null +++ b/docs/zh/server/maintenance/gala/using_gala_spider.md @@ -0,0 +1,541 @@ +# gala-spider使用手册 + +本章主要介绍如何部署和使用gala-spider和gala-inference。 + +## gala-spider + +gala-spider 提供 OS 级别的拓扑图绘制功能,它将定期获取 gala-gopher (一个 OS 层面的数据采集软件)在某个时间点采集的所有观测对象的数据,并计算它们之间的拓扑关系,最终将生成的拓扑图保存到图数据库 arangodb 中。 + +### 安装 + +挂载 yum 源: + +```basic +[oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 官方发布源 +name=oe-2203-lts-sp3-everything +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-update] # openEuler 22.03-LTS-SP3 Update 官方发布源 +name=oe-22.03-lts-sp3-epol-update +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/update/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL 官方发布源 +name=oe-22.03-lts-sp3-epol-main +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 +``` + +安装 gala-spider: + +```sh +# yum install gala-spider +``` + +### 配置 + +#### 配置文件说明 + +gala-spider 配置文件为 `/etc/gala-spider/gala-spider.yaml` ,该文件配置项说明如下。 + +- global:全局配置信息。 + - data_source:指定观测指标采集的数据库,当前只支持 prometheus。 + - data_agent:指定观测指标采集代理,当前只支持 gala_gopher。 +- spider:spider配置信息。 + - log_conf:日志配置信息。 + - log_path:日志文件路径。 + - log_level:日志打印级别,值包括 DEBUG/INFO/WARNING/ERROR/CRITICAL 。 + - max_size:日志文件大小,单位为兆字节(MB)。 + - backup_count:日志备份文件数量。 +- storage:拓扑图存储服务的配置信息。 + - period:存储周期,单位为秒,表示每隔多少秒存储一次拓扑图。 + - database:存储的图数据库,当前只支持 arangodb。 + - db_conf:图数据库的配置信息。 + - url:图数据库的服务器地址。 + - db_name:拓扑图存储的数据库名称。 +- kafka:kafka配置信息。 + - server:kafka服务器地址。 + - metadata_topic:观测对象元数据消息的topic名称。 + - metadata_group_id:观测对象元数据消息的消费者组ID。 +- prometheus:prometheus数据库配置信息。 + - base_url:prometheus服务器地址。 + - instant_api:单个时间点采集API。 + - range_api:区间采集API。 + - step:采集时间步长,用于区间采集API。 + +#### 配置文件示例 + +```yaml +global: + data_source: "prometheus" + data_agent: "gala_gopher" + +prometheus: + base_url: "http://localhost:9090/" + instant_api: "/api/v1/query" + range_api: "/api/v1/query_range" + step: 1 + +spider: + log_conf: + log_path: "/var/log/gala-spider/spider.log" + # log level: DEBUG/INFO/WARNING/ERROR/CRITICAL + log_level: INFO + # unit: MB + max_size: 10 + backup_count: 10 + +storage: + # unit: second + period: 60 + database: arangodb + db_conf: + url: "http://localhost:8529" + db_name: "spider" + +kafka: + server: "localhost:9092" + metadata_topic: "gala_gopher_metadata" + metadata_group_id: "metadata-spider" +``` + +### 启动 + +1. 通过命令启动。 + + ```sh + # spider-storage + ``` + +2. 通过 systemd 服务启动。 + + ```sh + # systemctl start gala-spider + ``` + +### 使用方法 + +#### 外部依赖软件部署 + +gala-spider 运行时需要依赖多个外部软件进行交互。因此,在启动 gala-spider 之前,用户需要将gala-spider依赖的软件部署完成。下图为 gala-spider 项目的软件依赖图。 + +![gala-spider软件架构图](./figures/gala-spider软件架构图.png) + +其中,右侧虚线框内为 gala-spider 项目的 2 个功能组件,绿色部分为 gala-spider 项目直接依赖的外部组件,灰色部分为 gala-spider 项目间接依赖的外部组件。 + +- **spider-storage**:gala-spider 核心组件,提供拓扑图存储功能。 + 1. 从 kafka 中获取观测对象的元数据信息。 + 2. 从 Prometheus 中获取所有的观测实例信息。 + 3. 将生成的拓扑图存储到图数据库 arangodb 中。 +- **gala-inference**:gala-spider 核心组件,提供根因定位功能。它通过订阅 kafka 的异常 KPI 事件触发异常 KPI 的根因定位流程,并基于 arangodb 获取的拓扑图来构建故障传播图,最终将根因定位的结果输出到 kafka 中。 +- **prometheus**:时序数据库,gala-gopher 组件采集的观测指标数据会上报到 prometheus,再由 gala-spider 做进一步处理。 +- **kafka**:消息中间件,用于存储 gala-gopher 上报的观测对象元数据信息,异常检测组件上报的异常事件,以及 cause-inference 组件上报的根因定位结果。 +- **arangodb**:图数据库,用于存储 spider-storage 生成的拓扑图。 +- **gala-gopher**:数据采集组件,请提前部署gala-gopher。 +- **arangodb-ui**:arangodb 提供的 UI 界面,可用于查询拓扑图。 + +gala-spider 项目中的 2 个功能组件会作为独立的软件包分别发布。 + +​**spider-storage** 组件对应本节中的 gala-spider 软件包。 + +​**gala-inference** 组件对应 gala-inference 软件包。 + +gala-gopher软件的部署参见[gala-gopher使用手册](using_gala_gopher.md),此处只介绍 arangodb 的部署。 + +当前使用的 arangodb 版本是 3.8.7 ,该版本对运行环境有如下要求: + +- 只支持 x86 系统 +- gcc10 以上 + +arangodb 官方部署文档参见:[arangodb部署](https://www.arangodb.com/docs/3.9/deployment.html) 。 + +arangodb 基于 rpm 的部署流程如下: + +1. 配置 yum 源。 + + ```basic + [oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 官方发布源 + name=oe-2203-lts-sp3-everything + baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ + enabled=1 + gpgcheck=0 + priority=1 + + [oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL 官方发布源 + name=oe-22.03-lts-sp3-epol-main + baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ + enabled=1 + gpgcheck=0 + priority=1 + ``` + +2. 安装 arangodb3。 + + ```sh + # yum install arangodb3 + ``` + +3. 配置修改。 + + arangodb3 服务器的配置文件路径为 `/etc/arangodb3/arangod.conf` ,需要修改如下的配置信息: + + - endpoint:配置 arangodb3 的服务器地址。 + - authentication:访问 arangodb3 服务器是否需要进行身份认证,当前 gala-spider 还不支持身份认证,故此处将authentication设置为 false。 + + 示例配置如下: + + ```yaml + [server] + endpoint = tcp://0.0.0.0:8529 + authentication = false + ``` + +4. 启动 arangodb3。 + + ```sh + # systemctl start arangodb3 + ``` + +#### gala-spider配置项修改 + +依赖软件启动后,需要修改 gala-spider 配置文件的部分配置项内容。示例如下: + +配置 kafka 服务器地址: + +```yaml +kafka: + server: "localhost:9092" +``` + +配置 prometheus 服务器地址: + +```yaml +prometheus: + base_url: "http://localhost:9090/" +``` + +配置 arangodb 服务器地址: + +```yaml +storage: + db_conf: + url: "http://localhost:8529" +``` + +#### 启动服务 + +运行 `systemctl start gala-spider` 。查看启动状态可执行 `systemctl status gala-spider` ,输出如下信息说明启动成功。 + +```sh +[root@openEuler ~]# systemctl status gala-spider +● gala-spider.service - a-ops gala spider service + Loaded: loaded (/usr/lib/systemd/system/gala-spider.service; enabled; vendor preset: disabled) + Active: active (running) since Tue 2022-08-30 17:28:38 CST; 1 day 22h ago + Main PID: 2263793 (spider-storage) + Tasks: 3 (limit: 98900) + Memory: 44.2M + CGroup: /system.slice/gala-spider.service + └─2263793 /usr/bin/python3 /usr/bin/spider-storage +``` + +#### 输出示例 + +用户可以通过 arangodb 提供的 UI 界面来查询 gala-spider 输出的拓扑图。使用流程如下: + +1. 在浏览器输入 arangodb 服务器地址,如:,进入 arangodb 的 UI 界面。 + +2. 界面右上角切换至 `spider` 数据库。 + +3. 在 `Collections` 面板可以看到在不同时间段存储的观测对象实例的集合、拓扑关系的集合,如下图所示: + + ![spider拓扑关系图](./figures/spider拓扑关系图.png) + +4. 可进一步根据 arangodb 提供的 AQL 查询语句查询存储的拓扑关系图,详细教程参见官方文档: [aql文档](https://www.arangodb.com/docs/3.8/aql/)。 + +## gala-inference + +gala-inference 提供异常 KPI 根因定位能力,它将基于异常检测的结果和拓扑图作为输入,根因定位的结果作为输出,输出到 kafka 中。gala-inference 组件在 gala-spider 项目下进行归档。 + +### 安装 + +挂载 yum 源: + +```basic +[oe-22.03-lts-sp3-everything] # openEuler 22.03-LTS-SP3 官方发布源 +name=oe-2203-lts-sp3-everything +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-update] # openEuler 22.03-LTS-SP3 Update 官方发布源 +name=oe-22.03-lts-sp3-epol-update +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/update/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 + +[oe-22.03-lts-sp3-epol-main] # openEuler 22.03-LTS-SP3 EPOL 官方发布源 +name=oe-22.03-lts-sp3-epol-main +baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ +enabled=1 +gpgcheck=0 +priority=1 +``` + +安装 gala-inference: + +```sh +# yum install gala-inference +``` + +### 配置 + +#### 配置文件说明 + +gala-inference 配置文件 `/etc/gala-inference/gala-inference.yaml` 配置项说明如下。 + +- inference:根因定位算法的配置信息。 + - tolerated_bias:异常时间点的拓扑图查询所容忍的时间偏移,单位为秒。 + - topo_depth:拓扑图查询的最大深度。 + - root_topk:根因定位结果输出前 K 个根因指标。 + - infer_policy:根因推导策略,包括 dfs 和 rw 。 + - sample_duration:指标的历史数据的采样周期,单位为秒。 + - evt_valid_duration:根因定位时,有效的系统异常指标事件周期,单位为秒。 + - evt_aging_duration:根因定位时,系统异常指标事件的老化周期,单位为秒。 +- kafka:kafka配置信息。 + - server:kafka服务器地址。 + - metadata_topic:观测对象元数据消息的配置信息。 + - topic_id:观测对象元数据消息的topic名称。 + - group_id:观测对象元数据消息的消费者组ID。 + - abnormal_kpi_topic:异常 KPI 事件消息的配置信息。 + - topic_id:异常 KPI 事件消息的topic名称。 + - group_id:异常 KPI 事件消息的消费者组ID。 + - abnormal_metric_topic:系统异常指标事件消息的配置信息。 + - topic_id:系统异常指标事件消息的topic名称。 + - group_id:系统异常指标事件消息的消费者组ID。 + - consumer_to:消费系统异常指标事件消息的超时时间,单位为秒。 + - inference_topic:根因定位结果输出事件消息的配置信息。 + - topic_id:根因定位结果输出事件消息的topic名称。 +- arangodb:arangodb图数据库的配置信息,用于查询根因定位所需要的拓扑子图。 + - url:图数据库的服务器地址。 + - db_name:拓扑图存储的数据库名称。 +- log_conf:日志配置信息。 + - log_path:日志文件路径。 + - log_level:日志打印级别,值包括 DEBUG/INFO/WARNING/ERROR/CRITICAL。 + - max_size:日志文件大小,单位为兆字节(MB)。 + - backup_count:日志备份文件数量。 +- prometheus:prometheus数据库配置信息,用于获取指标的历史时序数据。 + - base_url:prometheus服务器地址。 + - range_api:区间采集API。 + - step:采集时间步长,用于区间采集API。 + +#### 配置文件示例 + +```yaml +inference: + # 异常时间点的拓扑图查询所容忍的时间偏移,单位:秒 + tolerated_bias: 120 + topo_depth: 10 + root_topk: 3 + infer_policy: "dfs" + # 单位: 秒 + sample_duration: 600 + # 根因定位时,有效的异常指标事件周期,单位:秒 + evt_valid_duration: 120 + # 异常指标事件的老化周期,单位:秒 + evt_aging_duration: 600 + +kafka: + server: "localhost:9092" + metadata_topic: + topic_id: "gala_gopher_metadata" + group_id: "metadata-inference" + abnormal_kpi_topic: + topic_id: "gala_anteater_hybrid_model" + group_id: "abn-kpi-inference" + abnormal_metric_topic: + topic_id: "gala_anteater_metric" + group_id: "abn-metric-inference" + consumer_to: 1 + inference_topic: + topic_id: "gala_cause_inference" + +arangodb: + url: "http://localhost:8529" + db_name: "spider" + +log: + log_path: "/var/log/gala-inference/inference.log" + # log level: DEBUG/INFO/WARNING/ERROR/CRITICAL + log_level: INFO + # unit: MB + max_size: 10 + backup_count: 10 + +prometheus: + base_url: "http://localhost:9090/" + range_api: "/api/v1/query_range" + step: 5 +``` + +### 启动 + +1. 通过命令启动。 + + ```sh + # gala-inference + ``` + +2. 通过 systemd 服务启动。 + + ```sh + # systemctl start gala-inference + ``` + +### 使用方法 + +#### 依赖软件部署 + +gala-inference 的运行依赖和 gala-spider一样,请参见[外部依赖软件部署](#外部依赖软件部署)。此外,gala-inference 还间接依赖 [gala-spider](#gala-spider) 和 [gala-anteater](using_gala_anteater.md) 软件的运行,请提前部署gala-spider和gala-anteater软件。 + +#### 配置项修改 + +修改 gala-inference 的配置文件中部分配置项。示例如下: + +配置 kafka 服务器地址: + +```yaml +kafka: + server: "localhost:9092" +``` + +配置 prometheus 服务器地址: + +```yaml +prometheus: + base_url: "http://localhost:9090/" +``` + +配置 arangodb 服务器地址: + +```yaml +arangodb: + url: "http://localhost:8529" +``` + +#### 启动服务 + +直接运行 `systemctl start gala-inference` 即可。可通过执行 `systemctl status gala-inference` 查看启动状态,如下打印表示启动成功。 + +```sh +[root@openEuler ~]# systemctl status gala-inference +● gala-inference.service - a-ops gala inference service + Loaded: loaded (/usr/lib/systemd/system/gala-inference.service; enabled; vendor preset: disabled) + Active: active (running) since Tue 2022-08-30 17:55:33 CST; 1 day 22h ago + Main PID: 2445875 (gala-inference) + Tasks: 10 (limit: 98900) + Memory: 48.7M + CGroup: /system.slice/gala-inference.service + └─2445875 /usr/bin/python3 /usr/bin/gala-inference +``` + +#### 输出示例 + +当异常检测模块 gala-anteater 检测到 KPI 异常后,会将对应的异常 KPI 事件输出到 kafka 中,gala-inference 会一直监测该异常 KPI 事件的消息,如果收到异常 KPI 事件的消息,就会触发根因定位。根因定位会将定位结果输出到 kafka 中,用户可以在 kafka 服务器中查看根因定位的输出结果,基本步骤如下: + +1. 若通过源码安装 kafka ,需要进入 kafka 的安装目录下。 + + ```sh + cd /root/kafka_2.13-2.8.0 + ``` + +2. 执行消费 topic 的命令获取根因定位的输出结果。 + + ```sh + ./bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic gala_cause_inference + ``` + + 输出示例如下: + + ```json + { + "Timestamp": 1661853360000, + "event_id": "1661853360000_1fd37742xxxx_sli_12154_19", + "Atrributes": { + "event_id": "1661853360000_1fd37742xxxx_sli_12154_19" + }, + "Resource": { + "abnormal_kpi": { + "metric_id": "gala_gopher_sli_rtt_nsec", + "entity_id": "1fd37742xxxx_sli_12154_19", + "timestamp": 1661853360000, + "metric_labels": { + "machine_id": "1fd37742xxxx", + "tgid": "12154", + "conn_fd": "19" + } + }, + "cause_metrics": [ + { + "metric_id": "gala_gopher_proc_write_bytes", + "entity_id": "1fd37742xxxx_proc_12154", + "metric_labels": { + "__name__": "gala_gopher_proc_write_bytes", + "cmdline": "/opt/redis/redis-server x.x.x.172:3742", + "comm": "redis-server", + "container_id": "5a10635e2c43", + "hostname": "openEuler", + "instance": "x.x.x.172:8888", + "job": "prometheus", + "machine_id": "1fd37742xxxx", + "pgid": "12154", + "ppid": "12126", + "tgid": "12154" + }, + "timestamp": 1661853360000, + "path": [ + { + "metric_id": "gala_gopher_proc_write_bytes", + "entity_id": "1fd37742xxxx_proc_12154", + "metric_labels": { + "__name__": "gala_gopher_proc_write_bytes", + "cmdline": "/opt/redis/redis-server x.x.x.172:3742", + "comm": "redis-server", + "container_id": "5a10635e2c43", + "hostname": "openEuler", + "instance": "x.x.x.172:8888", + "job": "prometheus", + "machine_id": "1fd37742xxxx", + "pgid": "12154", + "ppid": "12126", + "tgid": "12154" + }, + "timestamp": 1661853360000 + }, + { + "metric_id": "gala_gopher_sli_rtt_nsec", + "entity_id": "1fd37742xxxx_sli_12154_19", + "metric_labels": { + "machine_id": "1fd37742xxxx", + "tgid": "12154", + "conn_fd": "19" + }, + "timestamp": 1661853360000 + } + ] + } + ] + }, + "SeverityText": "WARN", + "SeverityNumber": 13, + "Body": "A cause inferring event for an abnormal event" + } + ``` diff --git a/docs/zh/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001321685172.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001322112990.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001322219840.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001322372918.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001322379488.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001335457246.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001335816300.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001336448570.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001336729664.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337000118.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337039920.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337051916.jpg b/docs/zh/server/maintenance/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337053248.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337172594.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337212144.jpg b/docs/zh/server/maintenance/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337260780.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337268560.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337268820.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337419960.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337420372.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337422904.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337424024.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337424304.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337427216.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337427392.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337533690.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337536842.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337579708.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337580216.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337584296.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337696078.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337740252.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337740540.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337747132.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337748300.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001337748528.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001372249333.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001372748125.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001372821865.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001372824637.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001373373585.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001373379529.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001384808269.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001385585749.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001385611905.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001385905845.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001386149037.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001386699925.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387293085.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387413509.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387413793.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387415629.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387691985.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387692269.jpg b/docs/zh/server/maintenance/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387692893.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387755969.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387780357.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387784693.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387787605.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387855149.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387857005.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387902849.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387907229.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387908045.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387908453.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001387961737.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388020197.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388024321.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388024397.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388028161.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388028537.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388184025.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388187249.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388187325.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388188365.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388241577.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001388972645.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_image_0000001389098425.png b/docs/zh/server/maintenance/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/server/maintenance/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/server/maintenance/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/server/maintenance/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/_toc.yaml b/docs/zh/server/maintenance/kernel_live_upgrade/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cdfbd08fbfa5905e7f81bdd4725cf9ba8ced32b9 --- /dev/null +++ b/docs/zh/server/maintenance/kernel_live_upgrade/_toc.yaml @@ -0,0 +1,12 @@ +label: 内核热升级指南 +isManual: true +description: 使用用户态自动化工具快速重启内核和程序热迁移实现内核热替换特性 +sections: + - label: 内核热升级指南 + href: ./kernel_live_upgrade.md + sections: + - label: 安装与部署 + href: ./installation_and_deployment.md + - label: 使用方法 + href: ./usage_guide.md + diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md b/docs/zh/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..5a72eb79bf9f1231a431377143f9f52beb9e2126 --- /dev/null +++ b/docs/zh/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md @@ -0,0 +1,29 @@ +# 常见问题与解决方法 + +1. 执行nvwa update后未升级 + + 原因:保留现场或者内核替换过程中出现错误。 + + 解决方法:查看日志,找出错误原因。 + +2. 开启加速特性后,nvwa执行命令失败 + + 原因:nvwa提供了诸多加速特性,包括quick kexec,pin memory,cpu park等等。这些特性都涉及到cmdline的配置和内存的分配,在选取内存时,通过cat /proc/iomemory确保选取的内存没有与其他程序冲突。必要时,通过dmesg查看使能特性后是否存在错误日志。 + +3. 热升级后,相关现场未被恢复 + + 原因:首先检查nvwa服务是否运行,运行情况下,可能存在两种情况:一种是服务恢复失败,一种是进程恢复失败。 + + 解决方法:通过service nvwa status查看nvwa的日志,如果是服务启动失败,首先确认是否使能了该服务,再通过systemd查看对应服务的日志。进一步的日志,去criu_dir指定的路径对应命名的进程/服务文件夹中。其中dump.log为保存现场产生的日志,restore.log为恢复现场产生的。 + +4. 恢复失败,日志显示Can't fork for 948: File exists + + 原因:内核热升级工具在恢复程序过程中,发现程序的pid已经被占用。 + + 解决方法:当前内核没有提供保留pid的机制,相关策略正在开发,预计会在将来的内核版本中解决这一限制,当前仅能手动重启相关进程。 + +5. 使用nvwa去保存和恢复简单程序(hello world),显示失败或者程序未在执行 + + 原因: criu使用存在诸多限制。 + + 解决办法:查看nvwa的日志,如果显示是criu相关的错误,去相应的目录下检查dump.log或者restore.log,criu相关使用限制,可以参考[criu社区wiki](https://criu.org/What_cannot_be_checkpointed)。 diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/installation_and_deployment.md b/docs/zh/server/maintenance/kernel_live_upgrade/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..26a955630831414e1c414f219cb8ff2a77ffe351 --- /dev/null +++ b/docs/zh/server/maintenance/kernel_live_upgrade/installation_and_deployment.md @@ -0,0 +1,166 @@ +# 安装与部署 + +本章介绍如何安装和部署内核热升级工具。 + +## 软硬件要求 + +### 硬件要求 + +- 当前仅支持arm64架构 + +### 软件要求 + +- 操作系统:openEuler 24.03 + +## 环境准备 + +- 安装openEuler系统,安装方法参考 《[安装指南](../../installation_upgrade/installation/installation_on_servers.md)》 + +- 安装内核热升级工具需要使用root权限 + +## 安装内核热升级工具 + +本章介绍内核热升级工具的安装方法 + +安装内核热升级工具的操作步骤如下: + +1. 挂载openEuler的iso文件 + + ```shell + # mount openEuler-{version}-everything-aarch64-dvd.iso /mnt + ``` + +2. 配置本地yum源 + + ```shell + # vim /etc/yum.repos.d/local.repo + ``` + + 配置内容如下所示: + + ```shell + [local] + name=local + baseurl=file:///mnt + gpgcheck=1 + enabled=1 + ``` + +3. 将RPM数字签名的GPG公钥导入系统 + + ```shell + # rpm --import /mnt/RPM-GPG-KEY-openEuler + ``` + +4. 安装内核热升级工具 + + ```shell + # yum install nvwa -y + ``` + +5. 验证是否安装成功。命令和回显如下表示安装成功 + + ```shell + # rpm -qa | grep nvwa + nvwa-xxx + ``` + +## 部署内核热升级工具 + +本章介绍内核热升级工具的配置部署: + +### 配置介绍 + +内核热升级工具的配置文件位于/etc/nvwa,配置文件包括: + +- nvwa-restore.yaml + + 该配置文件用于指导内核热升级工具在内核热升级过程中如何保存和恢复现场,具体配置如下: + + + pids + + pids用于指明nvwa热升级过程中需要保留和恢复的进程,此处的进程通过进程号(pid)进行标识,需要注意的是,nvwa管理的进程在nvwa服务启动后,会被自动恢复。 + + + services + + services用于指明nvwa热升级过程中需要保留和恢复的服务。与pids的区别在于,内核热升级工具可以直接保存和恢复进程的状态,对于服务,内核热升级工具则需要依赖systemd进行相关操作。此处的服务名称,应该使用systemd中使用的服务名称。需要注意的是,对于nvwa管理的服务,是否要在nvwa启动时自动恢复,取决于systemd中有没有使能该服务,且当前支持的服务类型只有notify和oneshot。 + + + restore_net + + restore_net用于指明是否需要内核热升级工具保存和恢复网络配置,如果网络配置有误,有可能导致恢复后网络不可用,默认关闭。 + + + enable_quick_kexec + + enable_quick_kexec用于指明是否需要使能quick kexec特性,quick kexec是nvwa社区推出的,加速内核重启过程的一个特性。使用该特性,需要在cmdline中,加入"quickkexec=128M"。128指分配给quick kexec特性的内存大小,该内存将用于在升级过程中加载kernel和initramfs,因此大小需要大于升级过程中涉及到的kernel,initramfs大小之和。该特性默认关闭。 + + + enable_pin_memory + + enable_pin_memory用于指明是否需要使能pin memory特性,pin memory是nvwa社区推出的,加速进程保存恢复过程的一个特性。pin_memory特性暂不支持多进程应用备份恢复,使用该特性,需要在cmdline中,加入"max_pin_pid_num=10 redirect_space_size=2M pinmemory=200M@0x640000000"。 + + 其中,max_pin_pid_num代表支持pin memory恢复的最大进程数目,redirect_space_size代表pin memory过程中重定向物理页所需要的预留内存空间,建议配置为pin memory总预留内存的1/100,pinmemory指明这段内存的起点和大小。从0x640000000开始的200M空间,是pin memory使用的全部内存空间,这段空间不应该被其他程序使用。 + +- nvwa-restore.yaml的配置示例 + +```yaml +pids: + - 14109 +services: + - redis +restore_net: false +enable_quick_kexec: true +enable_pin_memory: true +``` + +- nvwa-server.yaml + + 该文件包含了内核热升级工具运行过程中,需要使用到的配置信息,具体如下: + + + criu_dir + + 用于指明内核热升级工具在保存现场过程中,存储产生的信息文件夹路径。需要注意的是,这些信息可能会占用较大的磁盘空间。 + + + criu_exe + + 用于指明内核热升级工具使用的criu可执行文件路径,除非是对criu进行调测,一般不建议修改。 + + + kexec_exe + + 用于指明内核热升级工具使用的kexec可执行文件路径,除非是对kexec进行调测,一般不建议修改。 + + + systemd_etc + + 用于指明覆盖systemd配置过程中,使用到的文件夹路径。该路径由systemd决定,一般不需要修改。 + + + log_dir + + 存放内核热升级工具产生的log信息,log模块当前未启用。内核热升级工具日志信息的查看,参考其他章节\<使用方法> + +- nvwa-server.yaml的配置示例 + +```yaml +criu_dir: /var/nvwa/running/ +criu_exe: /usr/sbin/criu +kexec_exe: /usr/sbin/kexec +systemd_etc: /etc/systemd/system/ +log_dir: /etc/nvwa/log/ +``` + +## 使能内核热升级工具 + +内核热升级工具的运行依赖配置文件,配置文件修改后应该重新运行内核热升级工具程序。 + +安装成功后,可以通过systemd的相关命令来操作内核热升级工具 + ++ 使能nvwa + + systemctl enable nvwa + ++ 启动nvwa + + systemctl start nvwa + ++ 查看nvwa日志 + + service nvwa status + ++ 更多用法参考systemd用法 diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md b/docs/zh/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md new file mode 100644 index 0000000000000000000000000000000000000000..78bf635133f5a8c654be51bf11466ad1860c31f3 --- /dev/null +++ b/docs/zh/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md @@ -0,0 +1,14 @@ +# 内核热升级用户指南 + +本文档介绍openEuler系统内核热升级特性的安装部署和使用方法,openEuler的内核热升级特性通过快速重启内核和程序热迁移实现,我们提供了一个用户态工具以自动化这一过程。 + +本文档适用于使用openEuler系统并希望了解和使用内核热升级的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备基础的Linux操作系统知识。 + +## 使用场景 + +内核热升级的目标,是实现在秒级的端到端时延下,实现进程运行现场的保存和恢复。 + +使用场景通常符合以下两个条件: + +1. 内核由于漏洞修复,版本更新等原因,需要重新启动 +2. 运行在内核之上的业务能够在内核重启后快速恢复状态 diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/usage_guide.md b/docs/zh/server/maintenance/kernel_live_upgrade/usage_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..1d58d32a73d4267e82fc05eff4a3a8ee219f5f48 --- /dev/null +++ b/docs/zh/server/maintenance/kernel_live_upgrade/usage_guide.md @@ -0,0 +1,103 @@ +# 使用方法 + +## 命令用法 + +- nvwa help + + 打印帮助信息,打印的信息如下: + + ```shell + NAME: + nvwa - a tool used for openEuler kernel update. + + USAGE: + nvwa [global options] command [command options] [arguments...] + + VERSION: + 0.1 + + COMMANDS: + update specify kernel version for nvwa to update + init init nvwa running environment + help, h Shows a list of commands or help for one command + + GLOBAL OPTIONS: + --help, -h show help (default: false) + --version, -v print the version (default: false) + ``` + + 需要注意的是,由于当前参数解析的限制,暂不支持nvwa --help, nvwa --version之类的GLOBAL OPTIONS用法,后续版本会修复该问题。 + 如需查看系统已经安装的nvwa版本,可通过`rpm -qa nvwa`查看。 + +- nvwa update \ + + 热升级到内核某一版本,nvwa会去/boot目录下寻找内核镜像和ramfs,kernel的命名格式需为vmlinuz-\, rootfs命名格式需为initramfs-\.img + + 需要注意的是,升级过程有可能会失败,如果失败,部分被dump的进程或者服务,将停止运行。 + + 当前版本的\可以通过`uname -r`获得,参照当前\的格式,可以在/boot目录下找到当前系统已有的所有版本。 + +- nvwa init + + 清除nvwa产生的现场信息以及对systemd的配置修改,用于nvwa执行前或者执行失败后,对现场进行清理。 + +## 使用限制 + +1. 对于需要通过nvwa保存的service,其配置中需要设置标准输出(StandardOutput)和错误输出(StandardError),以redis为例: + + ```shell + [Unit] + Description=Redis persistent key-value database + After=network.target + [Service] + ExecStart=/usr/bin/redis-server /etc/redis.conf --supervised systemd + Type=notify + User=redis + Group=redis + RuntimeDirectory=redis + RuntimeDirectoryMode=0755 + StandardOutput=file:/root/log1.log + StandardError=file:/root/log2.log + [Install] + WantedBy=multi-user.target + ``` + +2. 使用加速特性需要修改cmdline以及分配合适的内存,参见下方[加速特性说明及使用](#加速特性说明及使用)。 + +3. 运行过程中需要关闭SELINUX + + 理论上,仅需要在执行nvwa update之后和系统重启nvwa恢复现场这段时间前需要关闭。稳妥起见,建议全程关闭SELINUX。 + +## 加速特性说明及使用 + +1. cpu park(加速内核重启过程) + + cpu park,是在使用kexec过程,使cpu进入一种忙等的状态,更快的响应主核发送的中断请求,减少状态的变化。 + + 使用cpu park,需要在cmdline中加入"cpuparkmem=0x200000000",其中0x200000000是一段未被其他程序使用的内存起始地址,cpuparkmem将占用从该地址开始,size为1M左右的内存空间。 + + 需要注意的是,在内存允许的情况下,此处的地址选择,建议范围在4G(0x100000000)之后,前4G通常被系统各组件预留,容易冲突。 + +2. quick kexec(加速内核启动过程) + + quick kexec,是对kexec加载镜像过程中的一种加速。 + + 使用quick kexec,需要在配置文件中使能相关选项,更多信息参考\<<[安装与部署-配置介绍](./安装与部署.md#配置介绍)>>。 + +3. pin_memory(加速现场保存恢复过程) + + pin memory,是对criu进行现场保存恢复过程中的一种加速。 + + 使用pin memory,需要在配置文件中使能相关选项,更多信息参考\<<[安装与部署-配置介绍](./安装与部署.md#配置介绍)>>。 + +## 产生的日志信息 + +内核热升级工具产生的日志分为两部分: + +- 运行过程产生的日志: + + 通过`service nvwa status`查看。 + +- 保留现场过程中产生的日志: + + 日志位于criu_dir指定的路径对应命名的进程/服务文件夹中。 diff --git a/docs/zh/server/maintenance/operation_and_maintenance_overview.md b/docs/zh/server/maintenance/operation_and_maintenance_overview.md new file mode 100644 index 0000000000000000000000000000000000000000..297cb70aff1610233cf4bd54704b094fface1e8c --- /dev/null +++ b/docs/zh/server/maintenance/operation_and_maintenance_overview.md @@ -0,0 +1,9 @@ +# 运维概述 + +​**IT运维**是指企业IT部门采用技术手段对IT系统进行管理,是一种全面、复杂而又具体的服务。日常的IT运维服务主要包括了软件管理和硬件管理等。在软件管理中,通过**操作系统**维护设备的稳定性和高效性是IT运维的核心和重点部分。 + +​具体来说,通过监测设备中**CPU**、**内存**和**I/O**等性能的动态变化,可以有效预防或定位相关问题。例如,由于各种业务原因导致CPU负载过高,导致服务响应变慢等问题,此时需要对CPU的使用情况进行监测。当内存占用率持续很高时,需要使用内存分析工具针对相关硬件或进程进行监测。进行相关读/写操作效率低时,需要监测I/O数据用来评估I/O性能等。 + +​此外,当系统发生崩溃、死锁或者死机等故障时,需要通过操作系统做一些应急处理,用来对故障进行快速排查和修复。例如,通过触发kdump,收集系统内核信息,随后对内核信息进行分析。当需要进行修改系统密码操作时,进入单用户模式,修改root密码。经常强制上下电导致文件系统损坏,当系统无法自动修复成功时,需要手动进行修复,调整drop\_caches内容来手动释放内存等。同时,需要对故障时的现场信息进行收集,如日志文件和设备文件等,以便在后续能够更全面地进行问题根因分析。 + +​因此,熟悉操作系统性能分析工具的使用以及故障修复的操作,是实现完善的IT运维管理的关键。 diff --git a/docs/zh/server/maintenance/overview.md b/docs/zh/server/maintenance/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..3637fcb7e4a3f2f55b3d075ab3360ffce6be130a --- /dev/null +++ b/docs/zh/server/maintenance/overview.md @@ -0,0 +1,3 @@ +# 运维指南 + +本文档提供了openEuler操作系统的运维指南,介绍运维中常见的性能监测工具、信息收集方法、故障应急处理方案以及常用工具等。 diff --git a/docs/zh/server/maintenance/syscare/_toc.yaml b/docs/zh/server/maintenance/syscare/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e98293e7554dd7f5851328c215a82a1a3d57214e --- /dev/null +++ b/docs/zh/server/maintenance/syscare/_toc.yaml @@ -0,0 +1,12 @@ +label: SysCare用户指南 +isManual: true +description: 提供在线的热补丁修复能力 +sections: + - label: 认识SysCare + href: ./syscare_introduction.md + - label: 安装SysCare + href: ./installing_syscare.md + - label: 使用SysCare + href: ./using_syscare.md + - label: 约束限制 + href: ./constraints.md diff --git a/docs/zh/server/maintenance/syscare/constraints.md b/docs/zh/server/maintenance/syscare/constraints.md new file mode 100644 index 0000000000000000000000000000000000000000..fe0170609184aa82479b1c7773eb9839ce03ceb2 --- /dev/null +++ b/docs/zh/server/maintenance/syscare/constraints.md @@ -0,0 +1,35 @@ +# 约束限制 + +## 版本约束 + + 操作系统版本:当前SysCare仅支持openEuler 22.03 LTS SP1版本。 + + 硬件架构:x86_64 / aarch64。 + +## 应用约束 + + 1. 当前对LINE宏的处理需要对每个软件进行适配,当前仅考虑适配redis、nginx,其他未适配的软件可能会造成patch的size过大。后续会考虑引入参数支持用户自行适配。 + 2. 用户态热补丁对于一个ELF文件,只支持一个补丁,如需修复多个bug,可将多个bugfix的patch文件同时传入补丁制作参数中,可制作出修复多个bug的热补丁。 + +## 语言约束 + + 原理上补丁制作在object file一级进行比较,与编程语言无关。 + 当前仅测试了C / C++语言。 + +## 其他约束 + + -前仅支持64位系统; + -当前仅支持ELF格式的热修复,暂不支持解释型语言; + -当前仅支持gcc / g++编译器; + -编译器需要支持`-gdwarf`、`-ffunction-sections`、`-fdata-sections`参数; + -仅支持DWARF格式的调试信息; + -暂不支持交叉编译; + -暂无法识别文件名相同,并且局部变量和函数名称完全一致的不同路径源码文件; + -暂不支持汇编修改(包括`.S`文件及内联汇编); + -不支持新增外部符号(动态库依赖); + -暂不支持对同一个二进制打多个补丁; + -暂不支持C & C++ 混合编译; + -暂不支持C++ exception修改; + -暂不支持group section: ```-g3```编译选项,特定编译优化选项,特定gcc plugin等; + -暂不支持新增ifunc: ```__attribute__((ifunc("foo")))```; + -暂不支持新增TLS变量: ```__thread int foo```。 diff --git a/docs/zh/server/maintenance/syscare/faqs_and_solutions.md b/docs/zh/server/maintenance/syscare/faqs_and_solutions.md new file mode 100644 index 0000000000000000000000000000000000000000..899209ac7b943a5da3ef65feeaa81b441135309d --- /dev/null +++ b/docs/zh/server/maintenance/syscare/faqs_and_solutions.md @@ -0,0 +1,16 @@ +# 常见问题与解决方法 + +## 问题1:报错:“alloc upatch module memory failed” + +- 原因:触发selinux约束。 +- 解决方法:按照报错建议命令操作,手动添加策略,由于不同情况添加策略不同,无法穷尽枚举,参考该issue: 。 + +## 问题2:报错: “patch file error 2” + +- 原因:补丁检测失败。 +- 解决方法:补丁无法正常打入,更换补丁。 + +## 问题3:报错: “build project error 11” + +- 原因:源码包编译失败。 +- 解决方法:尝试使用```rpmbuild -ra *.src.rpm```命令测试源码包是否可正常编译并满足其编译依赖。 diff --git "a/docs/zh/server/maintenance/syscare/figures/syscare\351\200\273\350\276\221\346\236\266\346\236\204.png" "b/docs/zh/server/maintenance/syscare/figures/syscare\351\200\273\350\276\221\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..4ed8b88331695d295351dd57bd570251c18d9502 Binary files /dev/null and "b/docs/zh/server/maintenance/syscare/figures/syscare\351\200\273\350\276\221\346\236\266\346\236\204.png" differ diff --git a/docs/zh/server/maintenance/syscare/installing_syscare.md b/docs/zh/server/maintenance/syscare/installing_syscare.md new file mode 100644 index 0000000000000000000000000000000000000000..22e081f5a306d3bf35962a1e8fa8b81b3ea04166 --- /dev/null +++ b/docs/zh/server/maintenance/syscare/installing_syscare.md @@ -0,0 +1,55 @@ +# 安装SysCare + +本章介绍在openEuler中安装SysCare的方法。 + +## 安装SysCare核心组件 + +### 最低硬件要求 + +* 2 CPU (x86_64 / aarch64) +* 4GB RAM +* 100GB 硬盘 + +### 前提条件 + +安装openEuler 24.03 LTS SP1版本。 + +### 源码编译安装SysCare + +SysCare源码已经归档至代码仓,用户可自行下载并编译安装。 + +SysCare在编译前需要安装依赖包,相关命令如下: + +```shell +dnf install cmake make rust cargo kernel-devel elfutils-libelf-devel llvm clang bpftool libbpf libbpf-devel libbpf-static +``` + +示例如下: + +```shell +git clone https://gitee.com/openeuler/syscare.git +cd syscare +mkdir build +cd build +cmake -DCMAKE_INSTALL_PREFIX=/usr -DKERNEL_VERSION=$(uname -r) .. +make +make install +``` + +### repo安装SysCare + +如果repo源中有SysCare相关的包,则可以通过dnf或yum命令进行下载、安装。 + +相关命令如下: + +```shell +dnf/yum install syscare syscare-kmod syscare-build syscare-build-ebpf +``` + +### 卸载SysCare + +相关命令如下: + +```shell +dnf/yum erase syscare syscare-kmod syscare-build syscare-build-ebpf +``` diff --git a/docs/zh/server/maintenance/syscare/syscare_introduction.md b/docs/zh/server/maintenance/syscare/syscare_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..3598b95243363797bd52549b036d87566bb905ff --- /dev/null +++ b/docs/zh/server/maintenance/syscare/syscare_introduction.md @@ -0,0 +1,23 @@ +# 认识SysCare + +## 简介 + + SysCare是一个操作系统热补丁服务,统一了操作系统内核态、用户态热补丁服务。为操作系统提供在线的热补丁修复能力,可以自动化、无感知地在线修复内核、用户态服务、动态库等系统基础组件bug和漏洞。 + +![img](./figures/syscare逻辑架构.png) + +## SysCare系统功能 + + SysCare提供补丁制作、补丁激活和补丁卸载等功能,支持内核热补丁、用户态热补丁制作和管理: + + 1. 一键式补丁制作能力 + 目前SysCare统一内核热补丁和用户态热补丁的制作流程,提供一键制作补丁能力,对用户屏蔽制作补丁细节及用户态、内核态补丁制作差异。 + + 2. 补丁安装、激活、卸载 + SysCare提供统一补丁管理接口,方便用户在补丁安装、激活、卸载查询使用。 + +## SysCare系统技术 + + 1. SysCare归一化补丁制作,对用户屏蔽补丁制作的细节及差异,提供统一的补丁管理工具,提升运维效率。 + 2. SysCare提供的用户态热补丁支持用户态多进程/多线程业务热修复,修复简单、提升运维效率;对进程/线程新拉起、重启均生效。 + 3. 热补丁lazy机制,克服`ptrace`缺陷(需全部退出内核调用),提升修复成功率。 diff --git a/docs/zh/server/maintenance/syscare/syscare_user_guide.md b/docs/zh/server/maintenance/syscare/syscare_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..aaa3da5576bbaa21fbdc047806f33145df88c90a --- /dev/null +++ b/docs/zh/server/maintenance/syscare/syscare_user_guide.md @@ -0,0 +1,11 @@ +# SysCare用户使用手册 + +本文档给出SysCare介绍,并给出基于openEuler的SysCare安装方法以及如何使用SysCare,让用户了解SysCare,并指导用户安装和使用SysCare。 + +## 读者对象 + +本文档主要适用于使用openEuler并需要使用热补丁的用户。用户需要具备以下经验和技能: + +* 熟悉Linux基本操作 +* 熟悉软件编译相关基本概念 +* 对rpm软件包以及其制作过程有一定了解 diff --git a/docs/zh/server/maintenance/syscare/using_syscare.md b/docs/zh/server/maintenance/syscare/using_syscare.md new file mode 100644 index 0000000000000000000000000000000000000000..b5a07c42b45490ba778ccee9afff70a9c9b45468 --- /dev/null +++ b/docs/zh/server/maintenance/syscare/using_syscare.md @@ -0,0 +1,308 @@ +# 使用SysCare + +本章介绍在openEuler中使用SysCare的方法。 + +## 前提条件 + +安装openEuler 24.03 LTS SP1版本。 + +## SysCare使用 + +本章节将介绍 SysCare 的使用方法,包含热补丁制作及热补丁管理。 + +### 热补丁制作 + +用户可以使用`sycare build`命令制作热补丁,该命令为纯CLI工具,提供从RPM包生成热补丁包的功能,热补丁包以RPM包的形式封装维护,支持制作内核热补丁及用户态热补丁。 + +#### 热补丁制作流程 + +1. 准备热补丁目标软件源码包(source rpm)及软件调试信息包(debuginfo rpm) + + 示例: + + ```shell + yumdownloader kernel --source --debuginfo + ``` + +2. 确认满足对应软件编译依赖 + + 示例: + + ```shell + dnf install make gcc bison flex openssl-devel dwarves python3-devel elfutils-libelf-devel + ``` + +3. 执行`syscare build`命令构建热补丁 + + 示例: + + ```shell + syscare build \ + --patch_name HP001 \ + --source kernel-5.10.0-60.66.0.91.oe2203.src.rpm \ + --debuginfo kernel-debuginfo-5.10.0-60.66.0.91.oe2203.x86_64.rpm \ + --output output \ + --patch 001-kernel-patch-test.patch + ``` + + 热补丁制作过程将会在由`--workdir`参数所指定的目录中(默认为当前目录)创建以`syscare-build`开头的临时文件夹,用于存放临时文件及编译日志。 + + 示例: + + ```shell + dev@openeuler-dev:[~]$ ls -l syscare-build.111602/ + total 100 + -rw-r--r--. 1 dev dev 92303 Nov 12 00:00 build.log + drwxr-xr-x. 6 dev dev 4096 Nov 12 00:00 package + drwxr-xr-x. 4 dev dev 4096 Nov 12 00:00 patch + ``` + + 编译日志将会生成在临时文件夹中,名称为`build.log`。 + + ```shell + dev@openeuler-dev:[~]$ cat syscare-build.111602/build.log | less + ``` + + 若补丁制作成功,且未指定`--skip-compiler-check`参数,将自动删除该临时文件夹。 + +4. 检查编译结果 + + 示例: + + ```shell + dev@openeuler-dev:[~]$ ls -l + total 189680 + -rw-r--r--. 1 dev dev 194218767 Nov 12 00:00 kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.src.rpm + -rw-r--r--. 1 dev dev 10937 Nov 12 00:00 patch-kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.rpm + ``` + + 其中 + + - `patch-kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.rpm`为补丁包 + - `kernel-5.10.0-60.91.0.115.oe2203-HP001-1-1.x86_64.src.rpm`为二进制包 + +#### 热补丁制作工具 + +```shell +USAGE: + syscare build [OPTIONS] --patch_name --source --debuginfo ... --patch ... + +OPTIONS: + -n, --patch_name Patch name + --patch_arch Patch architecture [default: x86_64] + --patch_version Patch version [default: 1] + --patch_release Patch release [default: 1] + --patch_description Patch description [default: (none)] + -s, --source Source package + -d, --debuginfo ... Debuginfo package(s) + --workdir Working directory [default: .] + -o, --output Output directory [default: .] + -j, --jobs Parllel build jobs [default: 96] + --skip_compiler_check Skip compiler version check (not recommended) + --skip_cleanup Skip post-build cleanup + -v, --verbose Provide more detailed info + -p, --patch ... Patch file(s) + -h, --help Prints help information + -V, --version Prints version information +``` + +|名称|描述|类型|备注| +| ---- | ---- | ---- | ---- | +|-n, --patch_name ``|补丁名称|字符串|必选参数,需符合RPM命名规范| +|--patch_arch ``|补丁架构|字符串|默认为当前架构,需符合RPM命名规范| +|--patch_version ``|补丁版本号|字符串|默认值为1,需符合RPM命名规范| +|--patch_release ``|补丁release|数字|默认值为1,需符合RPM命名规范| +|--patch_description ``|补丁描述|字符串|默认为(none)| +|-s, --source ``|目标软件src.rpm源码包路径|字符串|必选参数,需为合法路径| +|-d, --debuginfo `...`|目标软件debuginfo包路径|字符串|必选参数,可指定多个,需为合法路径| +|--workdir ``|临时文件夹路径|字符串|默认为当前执行目录,需为合法路径| +|-o, --output ``|补丁输出文件夹|字符串|默认为当前执行目录,需为合法路径| +|-j, --jobs ``|并行编译线程数|数字|默认为cpu线程数| +|--skip-compiler-check|跳过编译器检查|标识|-| +|--skip-cleanup|跳过临时文件清理|标识|-| +|-v, --verbose|打印详细信息|标识|-| +|-p, --patch `...`|补丁文件路径|字符串|必选参数,可指定多个,需为合法路径| +|-h, --help|打印帮助信息|标识|-| +|-V, --version|打印版本信息|标识|-| + +示例: + +```shell +syscare build \ + --patch_name "HP001" \ + --patch_description "CVE-2021-32675 - When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users." \ + --source ./redis-6.2.5-1.src.rpm \ + --debuginfo ./redis-debuginfo-6.2.5-1.x86_64.rpm \ + --output ./output \ + --patch ./0001-Prevent-unauthenticated-client-from-easily-consuming.patch +``` + +#### 热补丁包命名规则 + +- 热补丁包:patch-目标软件全名-补丁名称-补丁版本-补丁release.架构名.rpm +- 热补丁源码包:目标软件全名-补丁名称-补丁版本-补丁release.架构名.src.rpm + +#### 输出 + +- 热补丁包:包含SysCare热补丁的二进制及元信息,用于热补丁安装。 +- 热补丁源码包:包含目标软件源码及新增补丁文件,用于新版本热补丁制作。 + +#### 错误定位 + +如果热补丁制作过程出现错误,请参考位于工作目录下名称为`build.log`的编译日志。 + +示例: + +```shell +Building patch, this may take a while +- Preparing build requirements +- Building patch +Error: UserPatchBuilder: Failed to build patch + +Caused by: + Process "/usr/libexec/syscare/upatch-build" exited unsuccessfully, exit_code=253 +For more information, please check "/home/dev/syscare-build.345549/build.log" +``` + +### 热补丁包管理 + +热补丁的安装以及卸载需要提供对应rpm包的名称,下面使用`$patch_package`来指代rpm包名称。 + +1. 热补丁包安装 + + ```shell + dnf install $patch_package.rpm + ``` + + 热补丁包安装后,热补丁相关文件存放在如下路径: + + /usr/lib/syscare/patches + +2. 热补丁包卸载 + + ```shell + dnf remove $patch_package + ``` + + 注:若热补丁处于`ACTIVED`以上状态时,热补丁将会被自动卸载。 + +### 热补丁管理 + +使用`syscare`命令可以对热补丁进行管理。 + +对单一热补丁操作前,用户需要提供一个字符串来搜索热补丁,后续使用`$patch_identifier`来指代这个字符串。 + +热补丁管理搜索规则为:目标包名/补丁名,其中“目标包名/”在补丁名唯一的情况下可以省略,也可使用UUID来进行管理。 + +*目标包名:待打入补丁的目标软件的软件包名称; +*补丁名:热补丁名称。 + +#### 补丁元信息 + +补丁元信息中包含以下字段: + +| 字段名称 | 字段描述 | +| ----------- | ---------------------- | +| uuid | 补丁ID | +| name | 补丁名称 | +| version | 补丁版本 | +| release | 补丁Release | +| arch | 补丁架构 | +| type | 补丁类型 | +| target | 目标软件名 | +| entities | 目标软件可执行文件名称 | +| digest | 补丁指纹 | +| license | 目标软件许可证 | +| description | 补丁描述 | +| patch| 补丁文件列表 | + +示例: + +```shell +sudo syscare info redis-6.2.5-1/HP002-1-1 +uuid: 980fa0d0-e753-447c-8494-01de595f35d0 +name: HP002 +version: 1 +release: 1 +arch: x86_64 +type: UserPatch +target: redis-6.2.5-1 +target_elf: redis-server, redis-benchmark, redis-cli +license: BSD and MIT +description: CVE-2021-32675 - When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. +patch: +0001-Prevent-unauthenticated-client-from-easily-consuming.patch +``` + +#### 热补丁状态 + +SysCare将热补丁的生命周期分成如下状态: + +*未加载:`NOT-APPLIED` +*未激活:`DEACTIVED` +*已激活:`ACTIVED` +*已接受:`ACCEPTED` + +#### 补丁信息查询 + +1. 补丁基本信息查询: + + ```shell + syscare info $patch_identifier + ``` + +2. 补丁状态查询: + + ```shell + syscare status $patch_identifier + ``` + +3. 查询所有补丁状态: + + ```shell + syscare list + ``` + +#### 热补丁状态管理 + +1. 加载热补丁: + + ```shell + syscare apply $patch_identifier + ``` + +2. 卸载热补丁: + + ```shell + syscare remove $patch_identifier + ``` + +3. 激活热补丁: + + ```shell + syscare active $patch_identifier + ``` + +4. 反激活热补丁: + + ```shell + syscare deactive $patch_identifier + ``` + +5. 接受热补丁: + + ```shell + syscare accept $patch_identifier + ``` + +6. 保存所有补丁状态: + + ```shell + syscare save + ``` + +7. 恢复所有补丁状态: + + ```shell + syscare restore + ``` diff --git a/docs/zh/server/maintenance/sysmonitor/_toc.yaml b/docs/zh/server/maintenance/sysmonitor/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..65774c3f107c6626137edbd76c18fc881cd0caca --- /dev/null +++ b/docs/zh/server/maintenance/sysmonitor/_toc.yaml @@ -0,0 +1,6 @@ +label: sysmonitor用户指南 +isManual: true +description: 使用 sysmonitor 服务监控 OS 系统运行过程中的异常 +sections: + - label: sysmonitor用户指南 + href: ./sysmonitor_user_guide.md diff --git "a/docs/zh/server/maintenance/sysmonitor/figures/sysmonitor\345\212\237\350\203\275\345\210\227\350\241\250.png" "b/docs/zh/server/maintenance/sysmonitor/figures/sysmonitor\345\212\237\350\203\275\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..701e925d66a8771774e1bb38fdf70edd982913bf Binary files /dev/null and "b/docs/zh/server/maintenance/sysmonitor/figures/sysmonitor\345\212\237\350\203\275\345\210\227\350\241\250.png" differ diff --git a/docs/zh/server/maintenance/sysmonitor/sysmonitor_user_guide.md b/docs/zh/server/maintenance/sysmonitor/sysmonitor_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..584c7978a4a970034814fd9cda2fe0d7222b45ac --- /dev/null +++ b/docs/zh/server/maintenance/sysmonitor/sysmonitor_user_guide.md @@ -0,0 +1,803 @@ +# sysmonitor + +## 介绍 + +System Monitor Daemon + +sysmonitor 负责监控 OS 系统运行过程中的异常,将监控到的异常记录到系统日志(`/var/log/sysmonitor.log`)中。sysmonitor 以服务的形式提供,可以通过 `systemctl start|stop|restart|reload sysmonitor` 启动、关闭、重启、重载服务。建议产品部署 sysmonitor 调测软件,便于定位系统异常问题。 + +![](./figures/sysmonitor功能列表.png) + +### 注意事项 + +- sysmonitor 不支持并发执行。 +- 各配置文件须合法配置,否则可能造成监控框架异常。 +- sysmonitor 服务操作和配置文件修改,日志查询需要 root 权限。root 用户具有系统最高权限,在使用 root 用户进行操作时,请严格按照操作指导进行操作,避免不规范操作造成系统管理及安全风险。 + +### 配置总览 + +sysmonitor 有一个主配置文件(`/etc/sysconfig/sysmonitor`),用于配置各监控项的监控周期、是否需要监控。配置项的=和"之间不能有空格,如`PROCESS_MONITOR="on"`。 + +配置说明 + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ------------------------- | ------------------------------------------------------------ | -------- | -------------------------------------- | +| PROCESS_MONITOR | 设定是否开启关键进程监控,on为开启,off为关闭 | 否 | on | +| PROCESS_MONITOR_PERIOD | 设置关键进程监控的周期,单位秒 | 否 | 3s | +| PROCESS_RECALL_PERIOD | 关键进程恢复失败后再次尝试拉起周期,单位分,取值范围为1到1440之间的整数 | 否 | 1min | +| PROCESS_RESTART_TIMEOUT | 关键进程服务异常恢复过程中超时时间,单位秒,取值范围为30至300之间的整数 | 否 | 90s | +| PROCESS_ALARM_SUPRESS_NUM | 设置关键进程监控配置使用告警命令上报告警时的告警抑制次数,取值范围为正整数 | 否 | 5 | +| FILESYSTEM_MONITOR | 设定是否开启 ext3/ext4 文件系统监控,on 为开启,off 为关闭 | 否 | on | +| DISK_MONITOR | 设定是否开启磁盘分区监控,on为开启,off 为关闭 | 否 | on | +| DISK_MONITOR_PERIOD | 设定磁盘监控周期,单位秒 | 否 | 60s | +| INODE_MONITOR | 设定是否开启磁盘 inode 监控,on 为开启, off 为关闭 | 否 | on | +| INODE_MONITOR_PERIOD | 设定磁盘 inode 监控周期,单位秒 | 否 | 开启 | +| NETCARD_MONITOR | 设定是否开启网卡监控,on 为开启, off 为关闭 | 否 | on | +| FILE_MONITOR | 设定是否开启文件监控,on为开启, off 为关闭 | 否 | on | +| CPU_MONITOR | 设定是否开启 cpu 监控,on 为开启, off 为关闭 | 否 | on | +| MEM_MONITOR | 设定是否开启内存监控,on 为开启, off 为关闭 | 否 | on | +| PSCNT_MONITOR | 设定是否开启进程数监控,on为开启,off 为关闭 | 否 | on | +| FDCNT_MONITOR | 设定是否开启 fd 总数监控,on 为开启,off 为关闭 | 否 | on | +| CUSTOM_DAEMON_MONITOR | 用户自定义的 daemon类型的监控项,on为开启,off为关闭 | 否 | on | +| CUSTOM_PERIODIC_MONITOR | 用户自定义的 periodic 类型的监控项,on为开启, off 为关闭 | 否 | on | +| IO_DELAY_MONITOR | 本地磁盘 IO 延时监控开关,on 为开启,off 为关闭 | 否 | off | +| PROCESS_FD_NUM_MONITOR | 设定是否开启单个进程句柄数监控,on为开启,off 为关闭 | 否 | on | +| PROCESS_MONITOR_DELAY | sysmonitor 启动时,是否等待所有的监控项都正常,on为等待,off为不等待 | 否 | on | +| NET_RATE_LIMIT_BURST | 网卡监控路由信息打印抑制频率,即一秒内打印多少条日志 | 否 | 5
有效范围是 0-100,默认为5 | +| FD_MONITOR_LOG_PATH | 文件句柄监控日志文件 | 否 | 默认配置路径为 /var/log/sysmonitor.log | +| ZOMBIE_MONITOR | 僵尸进程监控开关 | 否 | off | +| CHECK_THREAD_MONITOR | 内部线程自愈开关,on为开启,off为关闭 | 否 | on
若不配置,默认值为开启 | +| CHECK_THREAD_FAILURE_NUM | 内部线程自愈的周期检查次数 | 否 | 默认值为3,范围为【2,10】 | + +- 修改 `/etc/sysconfig/sysmonitor` 配置文件后,需要重启 sysmonitor 服务生效。 +- 配置文件中,如果某一项没有配置,默认为监控项开启。 +- 内部线程自愈开启后,当监控项子线程卡住,且超过配置的周期检查次数,会重启 sysmonitor 服务,进行恢复,会重新加载配置,对于配置的关键进程监控和自定义监控,会重新拉起执行。如果对于用户使用有影响,可以选择关闭该功能。 + +### 命令参考 + +- 启动监控服务 + +``` shell +systemctl start sysmonitor +``` + +- 关闭监控服务 + +``` shell +systemctl stop sysmonitor +``` + +- 重启监控服务 + +``` shell +systemctl restart sysmonitor +``` + +- 修改监控项的配置文件后,重载监控服务可使修改后的配置动态生效 + +``` shell +systemctl reload sysmonitor +``` + +### 监控日志 + +在默认情况下,为了防止 sysmonitor.log 文件过大,提供了切分转储日志的机制。日志将被转储到磁盘目录下,这样就能够保持一定量的日志。 + +配置文件为`/etc/rsyslog.d/sysmonitor.conf`,因为增加了 rsyslog 配置文件,第一次安装 sysmonitor 后,需要重启 rsyslog 服务生效 sysmonitor 日志配置。 + +```sh +$template sysmonitorformat,"%TIMESTAMP:::date-rfc3339%|%syslogseverity-text%|%msg%\n" + +$outchannel sysmonitor, /var/log/sysmonitor.log, 2097152, /usr/libexec/sysmonitor/sysmonitor_log_dump.sh +if ($programname == 'sysmonitor' and $syslogseverity <= 6) then { +:omfile:$sysmonitor;sysmonitorformat +stop +} + +if ($msg contains 'Time has been changed') then { +:omfile:$sysmonitor;sysmonitorformat +stop +} + +if ($programname == 'sysmonitor' and $syslogseverity > 6) then { +/dev/null +stop +} +``` + +## ext3/ext4 文件系统监控 + +### 简介 + +当文件系统出现故障时会导致 IO 操作异常从而引发操作系统一系列问题。通过文件系统故障检测及时发现,以便于系统管理员或用户及时处理故障,修复问题。 + +### 配置文件说明 + +无 + +### 异常日志 + +对于增加了 errors=remount-ro 挂载选项的文件系统,如果监控到 ext3/ext4文件系统故障,sysmonitor.log 中打印异常信息示例如下: + +```sh +info|sysmonitor[127]: loop0 filesystem error. Remount filesystem read-only. +``` + +其他异常场景下,如果监控到 ext3/ext4 文件系统故障,sysmonitor.log 中打印异常信息示例如下: + +```sh +info|sysmonitor[127]: fs_monitor_ext3_4: loop0 filesystem error. flag is 1879113728. +``` + +## 关键进程监控 + +### 简介 + +定期监控系统中关键进程,当系统内关键进程异常退出时,自动尝试恢复关键进程。如果恢复失败并需要告警,可上报告警。系统管理员能被及时告知进程异常退出事件,以及进程是否被恢复拉起。问题定位人员能从日志中定位进程异常退出的时间。 + +### 配置文件说明 + +配置目录为`/etc/sysmonitor/process`, 每个进程或模块一个配置文件。 + +```sh +USER=root +NAME=irqbalance +RECOVER_COMMAND=systemctl restart irqbalance +MONITOR_COMMAND=systemctl status irqbalance +STOP_COMMAND=systemctl stop irqbalance +``` + +各配置项如下: + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ---------------------- | ------------------------------------------------------------ | -------- | --------------------------------------------------- | +| NAME | 进程或模块名 | 是 | 无 | +| RECOVER_COMMAND | 恢复命令 | 否 | 无 | +| MONITOR_COMMAND | 监控命令
命令返回值为0视为进程正常,命令返回大于 0视为进程异常 | 否 | pgrep -f $(which xxx) "xxx"为NAME字段中配置的进程名 | +| STOP_COMMAND | 停止命令 | 否 | 无 | +| USER | 用户名
使用指定的用户执行、监控、恢复、停止命令或脚本 | 否 | 如果配置项为空,则默认使用 root | +| CHECK_AS_PARAM | 参数传递开关
开关设置为 on 时,在执行 RECOVER_COMMAND 命令时,会将 MONITOR_COMMAND 的返回值作为入参,传给 RECOVER_COMMAND 命令或脚本。 开关为 off 或其他时,功能关闭 | 否 | 无 | +| MONITOR_MODE | 监控模式
- 配置为 parallel,并行监控
- 配置为 serial,串行监控 | 否 | serial | +| MONITOR_PERIOD | 监控周期
- 并行监控监控周期
- 监控模块配置为 serial,该配置项不生效 | 否 | 3 | +| USE_CMD_ALARM | 告警模式
配置为 on 或 ON,则使用告警命令上报告警 | 否 | 无 | +| ALARM_COMMAND | 上报告警命令 | 否 | 无 | +| ALARM_RECOVER_COMMAND | 恢复告警命令 | 否 | 否 | + +- 修改关键进程监控的配置文件后,须执行 `systemctl reload sysmonitor`, 新的配置在一个监控周期后生效。 +- 恢复命令和监控命令不阻塞,否则会造成关键进程监控线程异常。 +- 当恢复命令执行超过 90 s时,会调用停止命令终止进程。 +- 当恢复命令配置为空或不配置时,监控命令检查到关键进程异常时,不会尝试进行拉起。 +- 当关键进程异常时,并且尝试拉起三次都不成功,最终会按照全局配置文件中配置的 PROCESS_RECALL_PERIOD 周期进行拉起。 +- 当监控的进程不是 daemon 进程,MONITOR_COMMAND 必配。 +- 若配置的关键服务在当前系统上不存在,则该监控不会生效,日志中会有相应提示;其他配置项,出现致命性错误,将使用默认配置,不报错。 +- 配置文件权限为 600,监控项建议为 systemd 中的 service类型(如 MONITOR_COMMAND=systemctl status irqbalance), 若监控的为进程,请确保 NAME 字段为绝对路径。 +- sysmonitor 重启(restart)、重载(reload)、退出(stop)都不会影响所监控的进程或服务。 +- 若 USE_CMD_ALARM 的配置为 on,ALARM_COMMAND、ALARM_RECOVER_COMMAND 的配置由用户保障。ALARM_COMMAND、ALARM_RECOVER_COMMAND 为空或没有配置,则不上报告警。 +- 对于用户自行配置的命令,如监控命令,恢复命令,停止命令,上报告警命令,恢复告警命令等,命令的安全性由用户保证。命令由 root 权限执行,建议脚本命令权限设置为仅供 root 使用,避免普通用户提权风险。 +- 配置监控命令的长度不大于200,大于 200,添加进程监控失败。 +- 当恢复命令配置为 systemd 的重启服务命令时(如`RECOVER_COMMAND=systemctl restart irqbalance`),需注意是否与开源 systemd 恢复服务的机制冲突,否则可能会影响关键进程异常后的行为模式。 +- 由 sysmonitor 恢复拉起的进程将和 sysmonitor 服务在同一个 Cgroup 当中,无法单独进行资源限制,因此建议优先使用开源 systemd 机制进行恢复。 + +### 异常日志 + +- 配置 RECOVER_COMMAND + + 如果监控到进程或模块异常,/var/log/sysmonitor.log 中打印异常信息示例如下: + + ```sh + info|sysmonitor[127]: irqbalance is abnormal, check cmd return 1, use "systemctl restart irqbalance" to recover + ``` + + 如果监控到进程或模块恢复正常,/var/log/sysmonitor.log 中打印日志示例如下: + + ```sh + info|sysmonitor[127]: irqbalance is recovered + ``` + +- 不配置 RECOVER_COMMAND + + 如果监控到进程或模块异常,/var/log/sysmonitor.log 中打印异常信息示例如下: + + ```sh + info|sysmonitor[127]: irqbalance is abnormal, check cmd return 1, recover cmd is null, will not recover + ``` + + 如果监控到进程或模块恢复正常,/var/log/sysmonitor.log 中打印日志示例如下: + + ```sh + info|sysmonitor[127]: irqbalance is recovered + ``` + +## 文件监控 + +### 简介 + +系统关键文件被意外删除后,会导致系统运行异常甚至崩溃。通过文件监控可以及时获知系统中关键文件被删除或者有恶意文件被添加,以便管理员和用户及时获知并处理故障。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/file`。每个监控配置项为一行,监控配置项包含两个内容:监控文件(目录)和监控事件。监控文件(目录)是绝对路径,监控文件(目录)和监控事件中间由一个或多个空格隔开。 + +配置文件支持在`/etc/sysmonitor/file.d` 目录下增加文件监控项配置,配置方法与 `/etc/sysmoitor/file` 相同。 + +- 由于日志长度限制,建议配置的文件和目录绝对路径长度小于 223。如果配置的监控对象绝对路径长度超过223,可能会有日志打印不完整的现象出现。 + +- 请用户自行确保监控文件路径正确,如果配置文件不存在或路径错误则无法监控到该文件。 + +- 由于系统路径长度限制,监控的文件或目录绝对路径长度必须小于 4096。 + +- 支持监控目录和常规文件,/proc 和 /proc/* /dev和/dev/* /sys和/sys/* 管道文件 socket 文件等均不支持监控。 + +- /var/log 和 /var/log/* 均只支持删除事件。 + +- 当配置文件中存在多个相同路径的时候,以第一条合法配置为准,其他相同配置均不生效。在日志文件中可以查看到其他相同配置被忽略的提示。 + +- 不支持对软链接配置监控;当配置硬链接文件的删除事件时,需删除该文件和它的全部硬链接才会打印文件删除事件。 + +- 当文件添加监控成功及监控的事件发生时,监控日志打印的是配置文件中路径的绝对路径。 + +- 目前暂不支持目录递归监控,只能监控配置文件中的目录,子目录不会监控。 + +- 监控文件(目录)采用了位图的方式配置要监控的事件,对文件或目录进行监控的事件位图如下所示: + +```sh + ------------------------------- + | 11~32 | 10 | 9 | 1~8 | + ------------------------------- +``` + +事件位图每一位代表一个事件,第N位如果置1,则表示监控第n位对应的事件;如果第 n 位置 0,则表示不监控第 n 位对应的事件。监控位图对应的 16 进制数,即是写到配置文件中的监控事件项。 + +| 配置项 | 配置项说明 | 是否必配 | +| ------ | ------------------ | -------- | +| 1~8 | 保留 | 否 | +| 9 | 文件、目录添加事件 | 是 | +| 10 | 文件、目录删除事件 | 是 | +| 11~32 | 保留 | 否 | + +- 修改文件监控的配置文件后,须执行`systemctl reload sysmonitor`,新的配置在最多 60 秒后生效。 +- 监控事件需要严格遵守上述规则,如果配置有误,则无法监控;如果配置项中监控事件为空,则默认只监控删除事件,即 0x200。 +- 文件或目录删除后,只有当所有打开该文件的进程都停止后才会上报删除事件。 +- 监控的文件通过 vi、sed 等操作修改后会在监控日志中打印 File "XXX" may have been changed。 +- 文件监控目前实现了对添加和删除事件的监控,即第9位和第10位有效,其他位为保留位,暂不生效。如果配置了保留位,监控日志会提示监控事件配置错误。 + +**示例** + +配置对 /home 下子目录的增加和删除事件监控,低12 位位图为:001100000000,则可以配置如下: + +```sh +/home 0x300 +``` + +配置对 /etc/ssh/sshd_config 文件的删除事件监控,低12位位图为:001000000000,则可以配置如下: + +```sh +/etc/sshd/sshd_config 0x200 +``` + +### 异常日志 + +如果监控文件有配置的事件发生,/var/log/sysmonitor.log 中打印日志示例如下: + +```sh +info|sysmonitor[127]: 1 events queued +info|sysmonitor[127]: 1th events handled +info|sysmonitor[127]: Subfile "111" under "/home" was added. +``` + +## 磁盘分区监控 + +### 简介 + +定期监控系统中挂载的磁盘分区空间,当磁盘分区使用率大于或等于用户设置的告警阈值时,记录磁盘空间告警。当磁盘分区使用率小于用户设置的告警恢复阈值时,记录磁盘空间恢复告警。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/disk`。 + +```sh +DISK="/var/log" ALARM="90" RESUME="80" +DISK="/" ALARM="95" RESUME="85" +``` + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ------ | ---------------------- | -------- | ------ | +| DISK | 磁盘挂载目录名 | 是 | 无 | +| ALARM | 整数,磁盘空间告警阈值 | 否 | 90 | +| RESUME | 整数,磁盘空间恢复阈值 | 否 | 80 | + +- 修改磁盘空间监控的配置文件后,须执行 systemctl reload sysmonitor,新的配置在一个监控周期后生效。 +- 重复配置的挂载目录,最后一个配置项生效。 +- ALARM 值应该大于 RESUME 值。 +- 只能针对挂载点或被挂载点的磁盘分区做监控。 +- 在 CPU 和 IO 高压场景下,df 命令执行超时,会导致磁盘利用率获取不到。 +- 当多个挂载点对应同一个磁盘分区时,以挂载点为准来上报告警。 + +### 异常日志 + +如果监控到磁盘空间告警,`/var/log/sysmonitor.log`中打印信息示例如下: + +```sh +warning|sysmonitor[127]: report disk alarm, /var/log used:90% alarm:90% +info|sysmonitor[127]: report disk recovered, /var/log used:4% resume:10% +``` + +## 网卡状态监控 + +### 简介 + +系统运行过程中可能出现人为原因或异常而导致网卡状态或 IP 发生改变,对网卡状态和 IP 变化进行监控,以便及时感知到异常并方便定位异常原因。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/network`。 + +```sh +#dev event +eth1 UP +``` + +各配置项说明如下表 +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ------ | ------------------------------------------------------------ | -------- | ------------------------------------------------- | +| dev | 网卡名 | 是 | 无 | +| event | 侦听事件,可取 UP, DOWN,NEWADDR, DELADDR.
- UP: 网卡 UP
- DOWN: 网卡 DOWN
- NEWADDR: 增加 ip 地址
- DELADDR: 删除 ip 地址 | 否 | 若侦听事件为空则 UP,DOWN,NEWADDR,DELADDR都监控 | + +- 修改网卡监控的配置文件后,执行 `systemctl reload sysmonitor`,新的配置生效。 +- 不支持虚拟网卡 UP 和 DOWN 状态监控。 +- 请确保网卡监控的配置文件每行少于 4096 个字符,若超过4096个字符会在监控日志中打印配置错误的提示信息。 +- 默认监控所有网卡的所有事件信息,即不配置任何网卡,默认监控所有网卡的 UP,DOWN,NEWADDR,DELADDR 事件。 +- 如果配置网卡,不配置事件,则默认监控改网卡的所有事件。 +- 增加路由信息,默认一秒五条,可通过/etc/sysconfig/sysmonitor 的 NET_RATE_LIMIT_BURST 配置选项配置一秒钟打印路由信息数量。 + +### 异常日志 + +如果监控到配置的网卡事件,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]: lo: ip[::1] prefixlen[128] is added, comm: (ostnamed)[1046], parent comm: syst emd[1] +info|sysmonitor[127]: lo: device is up, comm: (ostnamed)[1046], parent comm: systemd[1] + +``` + +如果监控到路由事件, `/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh + +info|sysmonitor[881]: Fib4 replace table=255 192.168.122.255/32, comm: daemon-init[1724], parent com m: systemd[1] +info|sysmonitor[881]: Fib4 replace table=254 192.168.122.0/24, comm: daemon-init[1724], parent comm: systemd[1] +info|sysmonitor[881]: Fib4 replace table=255 192.168.122.0/32, comm: daemon-init[1724], parent comm: systemd[1] +info|sysmonitor[881]: Fib6 replace fe80::5054:ff:fef6:b73e/128, comm: kworker/1:3[209], parent comm: kthreadd[2] + +``` + +## cpu 监控 + +### 简介 + +监控系统全局或指定域内 cpu 的占用情况,当 cpu 使用率超出用户设置的告警阈值时,执行用户配置的日志收集命令。 + +### 配置文件说明 + +配置文件为`/etc/sysmonitor/cpu`。 + +当监控系统全局 cpu 时,配置文件示例如下: + +```sh +# cpu usage alarm percent +ALARM="90" + +# cpu usage alarm resume percent +RESUME="80" + +# monitor period (second) +MONITOR_PERIOD="60" + +# stat period (second) +STAT_PERIOD="300" + +# command executed when cpu usage exceeds alarm percent +REPORT_COMMAND="" +``` + +当监控系统指定域 cpu 时,配置文件示例如下: + +```sh +# monitor period (second) +MONITOR_PERIOD="60" + +# stat period (second) +STAT_PERIOD="300" + +DOMAIN="0,1" ALARM="90" RESUME="80" +DOMAIN="2,3" ALARM="50" RESUME="40" + +# command executed when cpu usage exceeds alarm percent +REPORT_COMMAND="" +``` + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| -------------- | ------------------------------------------------------------ | -------- | ------ | +| ALARM | 大于0,cpu 使用率告警阈值 | 否 | 90 | +| RESUME | 大于等于0,cpu 使用率恢复阈值 | 否 | 80 | +| MONITOR_PERIOD | 监控周期(秒),取值大于0 | 否 | 60 | +| STAT_PERIOD | 统计周期(秒),取值大于0 | 否 | 300 | +| DOMAIN | 域内的 cpu 信号,cpu 号均以十进制数字表示
- 可以通过列举方式指定,cpu 号之间通过逗号分隔,例如:1,2,3。也可以通过范围方式指定,格式 X-Y(X- 每个监控域单独一个配置项,每个项支持最多配置 256 个 cpu,域内以及域之间 cpu 号均不能重复 | 否 | 无 | +| REPORT_COMMAND | cpu 使用率超过告警阈值后的日志收集命令 | 否 | 无 | + +- 修改 cpu 监控的配置文件后,须执行 systemctl reload sysmonitor, 新的配置在一个监控周期后生效。 +- ALARM 值应该大于 RESUME 值。 +- 当配置监控 cpu 域后,不再对系统全局 cpu 平均使用率进行监控,单独配置的 ALARM、RESUME 值不生效。 +- 如果某个监控域的配置存在非法,则整个 cpu 监控不执行。 +- DOMAIN 内配置的 cpu 必须全部处于在线工作状态,否则对该域的监控无法正常进行。 +- REPORT_COMMAND 项的命令不能包含 &、;、> 等不安全字符且总长度不能超过 159个字符,否则命令无法生效。 +- REPORT_COMMAND 项的命令安全性、有效性由用户自己保证,sysmonitor 只负责以 root 用户执行该命令。 +- REPORT_COMMAND 项的命令不能阻塞,当该命令执行时间超过 60s后,sysmonitor 会强行终止执行。 +- 每轮监控即使有多个域 cpu 使用率超过阈值,REPORT_COMMAND 也仅会执行一次。 + +### 异常日志 + +如果监控到全局 cpu 使用率告警或恢复且配置了日志收集命令,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]: CPU usage alarm: 91.3% +info|sysmonitor[127]: cpu monitor: execute REPORT_COMMAND[sysmoniotrcpu] sucessfully +info|sysmonitor[127]: CPU usage resume 70.1% +``` + +如果监控到某个域的 cpu 平均使用率告警或恢复且配置了日志收集命令,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]: CPU 1,2,3 usage alarm: 91.3% +info|sysmonitor[127]: cpu monitor: execute REPORT_COMMAND[sysmoniotrcpu] sucessfully +info|sysmonitor[127]: CPU 1,2,3 usage resume 70.1% +``` + +## 内存监控 + +### 简介 + +监控系统内存占用情况,当内存使用率超出或低于阈值时,记录日志。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/memory`。 + +```sh +# memory usage alarm percent +ALARM="90" + +# memory usage alarm resume percent +RESUME="80" + +# monitor period(second) +PERIOD="60" +``` + +### 配置项说明 + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ------ | ----------------------------- | -------- | ------ | +| ALARM | 大于0,内存占用率告警阈值 | 否 | 90 | +| RESUME | 大于等于0,内存占用率恢复阈值 | 否 | 80 | +| PERIOD | 监控周期(秒),取值大于 0 | 否 | 60 | + +- 修改内存监控的配置文件后,须执行 `systemctl reload sysmonitor`,新的配置在一个监控周期后生效。 +- ALARM 值应该大于 RESUME值。 +- 取三个监控周期的内存占用的平均值,来作为是否上报发生告警或恢复告警的依据。 + +### 异常日志 + +如果监控到内存告警,sysmonitor 获取 `/proc/meminfo`信息,打印到`/var/log/sysmonitor.log` 中,信息如下: + +```sh +info|sysmonitor[127]: memory usage alarm: 90% +info|sysmonitor[127]:---------------show /proc/meminfo: --------------- +info|sysmonitor[127]:MemTotal: 3496388 kB +info|sysmonitor[127]:MemFree: 2738100 kB +info|sysmonitor[127]:MemAvailable: 2901888 kB +info|sysmonitor[127]:Buffers: 165064 kB +info|sysmonitor[127]:Cached: 282360 kB +info|sysmonitor[127]:SwapCached: 4492 kB +...... +info|sysmonitor[127]:---------------show_memory_info end. --------------- +``` + +sysmonitor 有如下打印信息时,表示 sysmonitor 会调用 "echo m > /proc/sysrq-trigger" 命令导出内存分配的信息(可以在 /var/log/messages 中进行查看)。 + +```sh +info|sysmonitor[127]: sysrq show memory ifno in message。 +``` + +告警恢复时,打印信息如下: + +```sh +info|sysmonitor[127]: memory usage resume: 4.6% +``` + +## 进程数/线程数监控 + +### 简介 + +监控系统进程数目和线程数目,当进程总数或线程总数超出或低于阈值时,记录日志或上报告警。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/pscnt`。 + +```sh +# number of processes(include threads) when alarm occur +ALARM="1600" + +# number of processes(include threads) when alarm resume +RESUME="1500" + +# monitor period(second) +PERIOD="60" + +# process count usage alarm percent +ALARM_RATIO="90" + +# process count usage resume percent +RESUME_RATIO="80" + +# print top process info with largest num of threads when threads alarm +# (range: 0-1024, default: 10, monitor for thread off:0) +SHOW_TOP_PROC_NUM="10" +``` + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ----------------- | ------------------------------------------------------------ | -------- | ------ | +| ALARM | 大于 0 的整数,进程总数告警阈值 | 否 | 1600 | +| RESUME | 大于等于0的整数,进程总数恢复阈值 | 否 | 1500 | +| PERIOD | 监控周期(秒),取值大于0 | 否 | 60 | +| ALARM_RATIO | 大于0小于等于100的值,可以为小数。进程使用率告警阈值 | 否 | 90 | +| RESUME_RATIO | 大于等于0小于100的值,可以为小数。进程使用率恢复阈值,必须必告警阈值小。 | 否 | 80 | +| SHOW_TOP_PROC_NUM | 使用线程数量最新 TOP 的进程信息 | 否 | 10 | + +- 修改进程数监控的配置文件后,须执行`systemctl reload sysmonitor`,新的配置在一个监控周期后生效。 +- ALARM 值应该大于 RESUME 值。 +- 进程数告警产生阈值取 ALARM 值与 `/proc/sys/kernel/pid_max` 的 ALARM_RATIO 中的最大值,告警恢复阈值取 RESUME 值与 `/proc/sys/kernel/pid_max` 的 RESUME_RATIO 中的最大值。 +- 线程数告警产生阈值取 ALARM 值与 `/proc/sys/kernel/threads-max` 的 ALARM_RATIO 中的最大值,告警恢复阈值取 RESUME 值与 `/proc/sys/kernel/threads-max` 的 RESUME_RATIO 中的最大值。 +- SHOW_TOP_PROC_NUM 的取值范围为0-1024,为0时,表示不启用线程监控;当设置值较大时,如 1024,在环境中产生线程告警,且告警阈值较高时,会有性能影响,建议设置为默认值 10 及更小值,若影响较大,建议设置为 0,不启动线程监控。 +- 线程监控启动时,由 `/etc/sysconfig/sysmonitor` 中 `PSCNT_MONITOR` 项和 `/etc/sysmonitor/pscnt` 中 `SHOW_TOP_PROC_NUM` 项设置。 + - `PSCNT_MONITOR` 为 on,且 `SHOW_TOP_PROC_NUM` 设置为合法值时,为启动。 + - `PSCNT_MONITOR` 为 on, `SHOW_TOP_PROC_NUM` 为 0时,为关闭。 + - `PSCNT_MONITOR`为 off,为关闭。 +- 进程数量告警时,增加打印系统句柄使用信息和内存信息(/proc/meminfo)。 +- 线程数量告警时,会记录线程总数信息,TOP 进程信息,当前环境进程数量信息,系统句柄数信息,内存信息(/proc/meminfo)。 +- 监控项监控周期到达前,若系统出现资源不足(如线程数超过系统最大线程数),则监控告警本身将由于资源受限无法正常运行,进而无法进行告警。 + +### 异常日志 + +如果监控到进程数告警,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]:---------------process count alarm start: --------------- +info|sysmonitor[127]: process count alarm:1657 +info|sysmonitor[127]: process count alarm, show sys fd count: 2592 +info|sysmonitor[127]: process count alarm, show mem info +info|sysmonitor[127]:---------------show /proc/meminfo: --------------- +info|sysmonitor[127]:MemTotal: 3496388 kB +info|sysmonitor[127]:MemFree: 2738100 kB +info|sysmonitor[127]:MemAvailable: 2901888 kB +info|sysmonitor[127]:Buffers: 165064 kB +info|sysmonitor[127]:Cached: 282360 kB +info|sysmonitor[127]:SwapCached: 4492 kB +...... +info|sysmonitor[127]:---------------show_memory_info end. --------------- +info|sysmonitor[127]:---------------process count alarm end: --------------- + +``` + +如果监控到进程数恢复告警,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]: process count resume: 1200 +``` + +如果监控到线程数告警,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]:---------------threads count alarm start: --------------- +info|sysmonitor[127]:threads count alarm: 273 +info|sysmonitor[127]:open threads most 10 processes is [top1:pid=1756900,openthreadsnum=13,cmd=/usr/bin/sysmonitor --daemon] +info|sysmonitor[127]:open threads most 10 processes is [top2:pid=3130,openthreadsnum=13,cmd=/usr/lib/gassproxy -D] +..... +info|sysmonitor[127]:---------------threads count alarm end. --------------- +``` + +## 系统句柄总数监控 + +### 简介 + +监控系统文件句柄(fd)数目,当系统文件句柄总数超过或低于阈值时,记录日志。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/sys_fd_conf`。 + +```sh +# system fd usage alarm percent +SYS_FD_ALARM="80" +# system fd usage alarm resume percent +SYS_FD_RESUME="70" +# monitor period (second) +SYS_FD_PERIOD="600" +``` + +配置项说明: + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ------------- | --------------------------------------------------------- | -------- | ------ | +| SYS_FD_ALARM | 大于0小于100的整数,fd总数与系统最大 fd数百分比的告警阈值 | 否 | 80% | +| SYS_FD_RESUME | 大于0小于100的整数,fd 总数与系统最大fd数百分比的恢复阈值 | 否 | 70% | +| SYS_FD_PERIOD | 监控周期(秒),取值为100~86400 之间的整数 | 否 | 600 | + +- 修改fd 总数监控的配置文件后,须执行 `systemctl reload sysmonitor`,新的配置在一个监控周期后生效。 +- `SYS_FD_ALARM` 值应该大于 `SYS_FD_RESUME` 值,当配置非法时,会使用默认值,并打印日志。 + +### 异常日志 + +如果监控到 fd 总数告警,在监控日志中打印告警。`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]: sys fd count alarm: 259296 +``` + +系统句柄使用告警时,会打印前三个使用句柄数最多的进程: + +```sh +info|sysmonitor[127]:open fd most three processes is:[top1:pid=23233,openfdnum=5000,cmd=/home/openfile] +info|sysmonitor[127]:open fd most three processes is:[top2:pid=23267,openfdnum=5000,cmd=/home/openfile] +info|sysmonitor[127]:open fd most three processes is:[top3:pid=30144,openfdnum=5000,cmd=/home/openfile] +``` + +## 磁盘 inode 监控 + +### 简介 + +定期监控系统中挂载的磁盘分区 inode,当磁盘分区 inode 使用率大于或等于用户设置的告警阈值,记录磁盘 inode 告警。发生告警后,当磁盘分区 inode 使用率小于用户设置的告警恢复阈值,记录磁盘 inode 恢复告警。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/inode`。 + +```sh +DISK="/" +DISK="/var/log" +``` + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ------ | ------------------------- | -------- | ------ | +| DISK | 磁盘挂载目录名 | 是 | 无 | +| ALARM | 整数,磁盘 inode 告警阈值 | 否 | 90 | +| RESUME | 整数,磁盘 inode 恢复阈值 | 否 | 80 | + +- 修改磁盘 inode 监控的配置文件后,须执行 `systemctl reload sysmonitor`,新的配置在一个监控周期后生效。 +- 重复配置的挂载目录,最后一个配置项生效。 +- ALARM 值应该大于 RESUME 值。 +- 只能针对挂载点或被挂载的磁盘分区做监控。 +- 在 CPU 和 IO 高压场景下,df 执行命令超时,会导致磁盘 inode 利用率获取不到。 +- 当多个挂载点对应同一个磁盘分区,以挂载点为准来上报告警。 + +### 异常日志 + +如果监控到磁盘 inode 告警,`/var/log/sysmonitor.log`中打印信息示例如下: + +```sh +info|sysmonitor[4570]:report disk inode alarm, /var/log used:90% alarm:90% +info|sysmonitor[4570]:report disk inode recovered, /var/log used:79% alarm:80% +``` + +## 本地磁盘 io 延时监控 + +### 简介 + +每5秒读取一次本地磁盘 io 延时数据,每五分钟对在该五分钟内60组数据进行统计,如果有多于30次(一半)的数据大于配置的最大 IO 延时数据,则记录该磁盘的 IO 延时过大日志。 + +### 配置文件说明 + +配置文件为 `/etc/sysmonitor/iodelay`。 + +```sh +DELAY_VALUE="500" +``` + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ----------- | -------------------- | -------- | ------ | +| DELAY_VALUE | 磁盘 IO 延时的最大值 | 是 | 500 | + +### 异常日志 + +如果监控到本地磁盘 IO 延时过大告警,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]:local disk sda IO delay is too large, I/O delay threshold is 70. +info|sysmonitor[127]:disk is sda, io delay data: 71 72 75 87 99 29 78 ...... +``` + +如果监控到本地磁盘 IO 延时告警恢复,`/var/log/sysmonitor.log` 中打印信息示例如下: + +```sh +info|sysmonitor[127]:local disk sda IO delay is normal, I/O delay threshold is 70. +info|sysmonitor[127]:disk is sda, io delay data: 11 22 35 8 9 29 38 ...... +``` + +## 僵尸进程监控 + +### 简介 + +监控系统僵尸进程数量,大于告警阈值,记录告警日志。当系统僵尸进程数小于恢复阈值时,告警恢复。 + +### 配置文件说明 + +配置文件为`/etc/sysmonitor/zombie`。 + +```sh +# Ceiling zombie process counts of alarm +ALARM="500" + +# Floor zombie process counts of resume +RESUME="400" + +# Periodic (second) +PERIOD="600" +``` + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| ------ | ------------------------------- | -------- | ------ | +| ALARM | 大于0,僵尸进程个数告警阈值 | 否 | 500 | +| RESUME | 大于等于0,僵尸进程个数恢复阈值 | 否 | 400 | +| PERIOD | 监控周期(秒),取值大于0 | 否 | 60 | + +### 异常日志 + +如果监控到僵尸进程个数告警,`/var/log/sysmonitor.log`中打印信息如下: + +```sh +info|sysmonitor[127]: zombie process count alarm: 600 +info|sysmonitor[127]: zombie process count resume: 100 +``` + +## 自定义监控 + +### 简介 + +用户可以自定义监控项,监控框架读取配置文件内容,解析配置文件各监控属性,在监控框架里调用用户要执行的监控动作。监控模块仅提供监控框架,不感知用户在监控的内容以及如何监控,不负责上报告警。 + +### 配置文件说明 + +配置文件位于`/etc/sysmonitor.d/`路径下,每个进程或模块对应一个配置文件。 + +```sh +MONITOR_SWITCH="on" +TYPE="periodic" +EXECSTART="/usr/sbin/iomonitor_daemon" +PERIOD="1800" +``` + +| 配置项 | 配置项说明 | 是否必配 | 默认值 | +| -------------- | ------------------------------------------------------------ | --------------------- | ------ | +| MONITOR_SWITCH | 监控开关 | 否 | off | +| TYPE | 自定义监控项的类型
daemon:后台运行
periodic:周期运行 | 是 | 无 | +| EXECSTART | 执行监控命令 | 是 | 无 | +| ENVIROMENTFILE | 环境变量存放文件 | 否 | 无 | +| PERIOD | 若 type 为 periodic 类型,此为必配项,为自定义监控的周期,取值为大于0的整数 | periodic 类型为必配项 | 无 | + +- 配置文件名称,环境变量文件名称,加上绝对路径总长度不能超过127个字符。环境变量文件必须为绝对路径和实际路径,不能是软链接路径。 +- EXECSTART项的命令总长度不能超过159个字符,关键字段配置不能有空格。 +- 周期性监控的执行命令不能超时,否则对自定义监控框架产生影响。 +- 目前支持配置的环境变量最多为256个。 +- daemon 类型的自定义监控每间隔10s会统一查询是否有 reload 命令下发,或者是否有 daemon 进程异常退出;如果有reload 命令下发,需要等待 10s 后才会重新加载新的配置,如果有 daemon 进程异常退出,需要等待 10s才会重新拉起。 +- ENVIROMENTFLE 对应的文件中的内容发生变化,如新增环境变量,或环境变量的值发生变化,需要重启 sysmonitor 服务,新的环境变量才能生效。 +- `/etc/sysmonitor.d/`目录下的配置文件权限建议为 600, EXECSTART 项中若只配置了执行文件,则执行文件的权限建议为 550。 +- daemon 进程异常退出后,sysmonitor 会重新加载该 daemon进程的配置文件。 + +### 异常日志 + +如果 daemon 类型监控项异常退出,/var/log/sysmonitor.log 中会有如下记录: + +```sh +info|sysmonitor[127]: custom daemon monitor: child process[11609] name unetwork_alarm exit code[127],[1] times. +``` diff --git a/docs/zh/server/maintenance/troubleshooting/_toc.yaml b/docs/zh/server/maintenance/troubleshooting/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fe9fd182f027439ca159e3481b14b3f54ae4eb04 --- /dev/null +++ b/docs/zh/server/maintenance/troubleshooting/_toc.yaml @@ -0,0 +1,6 @@ +label: 故障应急处理 +isManual: true +description: 常见的故障应急处理方法 +sections: + - label: 故障应急处理 + href: ./troubleshooting.md diff --git a/docs/zh/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/zh/server/maintenance/troubleshooting/troubleshooting.md b/docs/zh/server/maintenance/troubleshooting/troubleshooting.md new file mode 100644 index 0000000000000000000000000000000000000000..930ef70180749cb004c12ea4a8f6156b60b0e8ce --- /dev/null +++ b/docs/zh/server/maintenance/troubleshooting/troubleshooting.md @@ -0,0 +1,90 @@ +# 故障应急处理 + +## 触发kdump重启 + +```shell +# 向sysrq文件中写入1, 开启SysRq功能,开启该功能后,内核会响应任何操作。 +echo 1 > /proc/sys/kernel/sysrq + +# 让系统崩溃 +echo c > /proc/sysrq-trigger +``` + +## 强制重启 + +强制重启有以下两种方式: + +1.手动重启OS。 + +```shell +reboot -f +``` + +2.通过iBMC强制上下电。 + +![zh-cn_image_0000001372249333](./images/zh-cn_image_0000001372249333.png) + +## 重启网络 + +openEuler使用**NetworkManager**来管理网络,执行下面命令即可重启网络。 + +```shell +systemctl restart NetworkManager +``` + +## 修复文件系统 + +当系统强行上下电重启后,文件系统可能受到损坏,系统启动时会自动检查并修复文件系统,当文件系统没有自动修复成功时,便需要手动使用**fsck**进行扫描和修复。 + +```shell +# 此时一般会进入救援模式,在日志中查看是哪个文件系统路径损坏。 +journalctl -xb +# 修复前检查该分区是否已经挂载 +cat /proc/mounts +# 卸载该目录 +umount xx +# 若无法卸载,**kill**占用该目录的进程 +lsof | grep xxx +kill xxx +# 执行fsck命令进行修复,过程中需要输入yes or no +fsck -y /dev/xxx +``` + +## 手动dropcache + +```shell +#当N数值不同时,可以达到不同的清理目的。根据linux内核文档建议,在清理前先执行sync(因为drop操作不会释放任何脏对象,而sync命令将所有未写的系统缓冲区写到磁盘中,包含已修改的inodes、已延迟的块I/O和读写映射文件,这样可以减少脏对象,从而让更多对象可以被释放。) +echo N > /proc/sys/vm/drop_caches + +#释放pagecache +echo 1 > /proc/sys/vm/drop_caches + +#释放dentries和inodes +echo 2 > /proc/sys/vm/drop_caches + +#释放pagecache, dentries和inodes +echo 3 > /proc/sys/vm/drop_caches +``` + +## 救援模式和单用户模式 + +- 救援模式 + + 挂载 openEuler 镜像进入救援模式。 + + 1. 选择Troubleshooting。 + 2. 选择Rescue a openEuler system。 + 3. 按提示操作进行。 + + 1)Continue + 2)Read-only mount + 3)Skip to shell + 4)Quit(Reboot) + +- 单用户模式 + + 在登录界面,输入字母e,进入grub界面,在linux行加入init=/bin/sh,按`ctrl+x`进入界面。 + + 1. 执行`mount -o remount,rw /`。 + 2. 执行修改密码等操作。 + 3. exit退出。 diff --git a/docs/zh/server/memory_storage/etmem/_toc.yaml b/docs/zh/server/memory_storage/etmem/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..71bfe6d9d44fc2fad21e6125a229463803d6f0df --- /dev/null +++ b/docs/zh/server/memory_storage/etmem/_toc.yaml @@ -0,0 +1,6 @@ +label: etmem用户指南 +isManual: true +description: 使用内存分级扩展技术 etmem 扩展内存容量 +sections: + - label: 使用etmem + href: ./etmem_user_guide.md diff --git a/docs/zh/server/memory_storage/etmem/etmem_user_guide.md b/docs/zh/server/memory_storage/etmem/etmem_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..11f76991795de7f5512569329388d3c7e0993168 --- /dev/null +++ b/docs/zh/server/memory_storage/etmem/etmem_user_guide.md @@ -0,0 +1,798 @@ +# etmem内存分级扩展 + +## 介绍 + +随着CPU算力的发展,尤其是ARM核成本的降低,内存成本和内存容量成为约束业务成本和性能的核心痛点,因此如何节省内存成本,如何扩大内存容量成为存储迫切要解决的问题。 + +etmem内存分级扩展技术,通过DRAM+内存压缩/高性能存储新介质形成多级内存存储,对内存数据进行分级,将分级后的内存冷数据从内存介质迁移到高性能存储介质中,达到内存容量扩展的目的,从而实现内存成本下降。 + +etmem软件包运行的工具主要分为etmem客户端和etmemd服务端。etmemd服务端工具,运行后常驻,其中实现了目的进程的内存冷热识别及淘汰等功能。etmem客户端工具,调用时运行一次,根据命令参数的不同,控制etmemd服务端响应不同的操作。 + +## 编译教程 + +1. 下载etmem源码 + + ```bash + git clone https://gitee.com/openeuler/etmem.git + ``` + +2. 编译和运行依赖 + + etmem的编译和运行依赖于libboundscheck组件 + + 安装命令: + + ```bash + yum install libboundscheck + ``` + + 通过rpm包进行确认是否安装: + + ```bash + rpm -qi libboundscheck + ``` + +3. 编译 + + ```bash + cd etmem + + mkdir build + + cd build + + cmake .. + + make + ``` + +## 注意事项 + +### 运行依赖 + +etmem作为内存扩展工具,需要依赖于内核态的特性支持,为了可以识别内存访问情况和支持主动将内存写入swap分区来达到内存垂直扩展的需求,etmem在运行时需要插入`etmem_scan`和`etmem_swap`模块: + +```bash +modprobe etmem_scan +modprobe etmem_swap +``` + +### 权限限制 + +运行etmem进程需要root权限,root用户具有系统最高权限,在使用root用户进行操作时,请严格按照操作指导进行操作,避免其他操作造成系统管理及安全风险。 + +### 使用约束 + +- etmem的客户端和服务端需要在同一个服务器上部署,不支持跨服务器通信的场景。 +- etmem仅支持扫描进程名小于或等于15个字符长度的目标进程。在使用进程名时,支持的进程名有效字符为:“字母”, “数字”,特殊字符“./%-_”以及上述三种的组合,其余组合认为是非法字符。 +- 在使用AEP介质进行内存扩展的时候,依赖于系统可以正确识别AEP设备并将AEP设备初始化为`numa node`。并且配置文件中的`vm_flags`字段只能配置为`ht`。 +- 引擎私有命令仅针对对应引擎和引擎下的任务有效,比如cslide所支持的`showhostpages`和`showtaskpages`。 +- 第三方策略实现代码中,`eng_mgt_func`接口中的`fd`不能写入`0xff`和`0xfe`字。 +- 支持在一个工程内添加多个不同的第三方策略动态库,以配置文件中的`eng_name`来区分。 +- 禁止并发扫描同一个进程。 +- 未加载`etmem_scan`和`etmem_swap` ko时,禁止使用`/proc/xxx/idle_pages`和`/proc/xxx/swap_pages`文件。 +- etmem对应配置文件,其权限要求为属主为root用户,且权限为600或400,配置文件大小不超过10M。 +- etmem在进行第三方策略注入时,第三方策略的`so`权限要求为属主为root用户,且权限为500或700。 + +## 使用说明 + +### etmem配置文件 + +在运行etmem进程之前,需要管理员预先规划哪些进程需要做内存扩展,将进程信息配置到etmem配置文件中,并配置内存扫描的周期、扫描次数、内存冷热阈值等信息。 + +配置文件的示例文件在源码包中,放置在`/etc/etmem`文件路径下,按照功能划分为3个示例文件, + +```text +/etc/etmem/cslide_conf.yaml +/etc/etmem/slide_conf.yaml +/etc/etmem/thirdparty_conf.yaml +``` + +示例内容分别为: + +```sh +#slide引擎示例 +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 +swapcache_high_vmark=10 +swapcache_low_vmark=6 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes + +#cslide引擎示例 +#cslide_conf.yaml +[engine] +name=cslide +project=test +node_pair=2,0;3,1 +hot_threshold=1 +node_mig_quota=1024 +node_hot_reserve=1024 + +[task] +project=test +engine=cslide +name=background_cslide +type=pid +name=23456 +vm_flags=ht +anon_only=no +ign_host=no + +#thirdparty引擎示例 +#thirdparty_conf.yaml +[engine] +name=thirdparty +project=test +eng_name=my_engine +libname=/usr/lib/etmem_fetch/my_engine.so +ops_name=my_engine_ops +engine_private_key=engine_private_value + +[task] +project=test +engine=my_engine +name=background_third +type=pid +value=12345 +task_private_key=task_private_value +``` + +配置文件各字段说明: + +| 配置项 | 配置项含义 | 是否必须 | 是否有参数 | 参数范围 | 示例说明 | +|-----------|---------------------|------|-------|------------|-----------------------------------------------------------------| +| [project] | project公用配置段起始标识 | 否 | 否 | NA | project参数的开头标识,表示下面的参数直到另外的[xxx]或文件结尾为止的范围内均为project section的参数 | +| name | project的名字 | 是 | 是 | 64个字以内的字符串 | 用来标识project,engine和task在配置时需要指定要挂载到的project | +| loop | 内存扫描的循环次数 | 是 | 是 | 1~120 | loop=3 //扫描3次 | +| interval | 每次内存扫描的时间间隔 | 是 | 是 | 1~1200 | interval=5 //每次扫描之间间隔5s | +| sleep | 每个内存扫描+操作的大周期之间时间间隔 | 是 | 是 | 1~1200 | sleep=10 //每次大周期之间间隔10s | +| sysmem_threshold| slide engine的配置项,系统内存换出阈值 | 否 | 是 | 0~100 | sysmem_threshold=50 //系统内存剩余量小于50%时,etmem才会触发内存换出| +| swapcache_high_wmark| slide engine的配置项,swacache可以占用系统内存的比例,高水线 | 否 | 是 | 1~100 | swapcache_high_wmark=5 //swapcache内存占用量可以为系统内存的5%,超过该比例,etmem会触发swapcache回收
注: swapcache_high_wmark需要大于swapcache_low_wmark| +| swapcache_low_wmark| slide engine的配置项,swacache可以占用系统内存的比例,低水线 | 否 | 是 | [1~swapcache_high_wmark) | swapcache_low_wmark=3 //触发swapcache回收后,系统会将swapcache内存占用量回收到低于3%| +| [engine] | engine公用配置段起始标识 | 否 | 否 | NA | engine参数的开头标识,表示下面的参数直到另外的[xxx]或文件结尾为止的范围内均为engine section的参数 | +| project | 声明所在的project | 是 | 是 | 64个字以内的字符串 | 已经存在名字为test的project,则可以写为project=test | +| engine | 声明所在的engine | 是 | 是 | slide/cslide/thridparty | 声明使用的是slide或cslide或thirdparty策略 | +| node_pair | cslide engine的配置项,声明系统中AEP和DRAM的node pair | engine为cslide时必须配置 | 是 | 成对配置AEP和DRAM的node号,AEP和DRAM之间用逗号隔开,没对pair之间用分号隔开 | node_pair=2,0;3,1 | +| hot_threshold | cslide engine的配置项,声明内存冷热水线的阈值 | engine为cslide时必须配置 | 是 | 大于等于0,小于等于INT_MAX的整数 | hot_threshold=3 //访问次数小于3的内存会被识别为冷内存 | +|node_mig_quota|cslide engine的配置项,流控,声明每次DRAM和AEP互相迁移时单向最大流量|engine为cslide时必须配置|是|大于等于0,小于等于INT_MAX的整数|node_mig_quota=1024 //单位为MB,AEP到DRAM或DRAM到AEP搬迁一次最大1024M| +|node_hot_reserve|cslide engine的配置项,声明DRAM中热内存的预留空间大小|engine为cslide时必须配置|是|大于等于0,小于等于INT_MAX的整数|node_hot_reserve=1024 //单位为MB,当所有虚拟机热内存大于此配置值时,热内存也会迁移到AEP中| +|eng_name|thirdparty engine的配置项,声明engine自己的名字,供task挂载|engine为thirdparty时必须配置|是|64个字以内的字符串|eng_name=my_engine //对此第三方策略engine挂载task时,task中写明engine=my_engine| +|libname|thirdparty engine的配置项,声明第三方策略的动态库的地址,绝对地址|engine为thirdparty时必须配置|是|256个字以内的字符串|libname=/user/lib/etmem_fetch/code_test/my_engine.so| +|ops_name|thirdparty engine的配置项,声明第三方策略的动态库中操作符号的名字|engine为thirdparty时必须配置|是|256个字以内的字符串|ops_name=my_engine_ops //第三方策略实现接口的结构体的名字| +|engine_private_key|thirdparty engine的配置项,预留给第三方策略自己解析私有参数的配置项,选配|否|否|根据第三方策略私有参数自行限制|根据第三方策略私有engine参数自行配置| +| [task] | task公用配置段起始标识 | 否 | 否 | NA | task参数的开头标识,表示下面的参数直到另外的[xxx]或文件结尾为止的范围内均为task section的参数 | +| project | 声明所挂的project | 是 | 是 | 64个字以内的字符串 | 已经存在名字为test的project,则可以写为project=test | +| engine | 声明所挂的engine | 是 | 是 | 64个字以内的字符串 | 所要挂载的engine的名字 | +| name | task的名字 | 是 | 是 | 64个字以内的字符串 | name=background1 //声明task的名字是backgound1 | +| type | 目标进程识别的方式 | 是 | 是 | pid/name | pid代表通过进程号识别,name代表通过进程名称识别 | +| value | 目标进程识别的具体字段 | 是 | 是 | 实际的进程号/进程名称 | 与type字段配合使用,指定目标进程的进程号或进程名称,由使用者保证配置的正确及唯一性 | +| T | engine为slide的task配置项,声明内存冷热水线的阈值 | engine为slide时必须配置 | 是 | 0~loop * 3 | T=3 //访问次数小于3的内存会被识别为冷内存 | +| max_threads | engine为slide的task配置项,etmemd内部线程池最大线程数,每个线程处理一个进程/子进程的内存扫描+操作任务 | 否 | 是 | 1~2 * core数 + 1,缺省值为1 | 对外部无表象,控制etmemd服务端内部处理线程个数,当目标进程有多个子进程时,配置越大,并发执行的个数也多,但占用资源也越多 | +| vm_flags | engine为cslide的task配置项,通过指定flag扫描的vma,不配置此项时扫描则不会区分 | 否 | 是 | 256长度以内的字符串,不同flag以空格隔开 | vm_flags=ht //扫描flags为ht(大页)的vma内存 | +| anon_only | engine为cslide的task配置项,标识是否只扫描匿名页 | 否 | 是 | yes/no | anon_only=no //配置为yes时只扫描匿名页,配置为no时非匿名页也会扫描 | +| ign_host | engine为cslide的task配置项,标识是否忽略host上的页表扫描信息 | 否 | 是 | yes/no | ign_host=no //yes为忽略,no为不忽略 | +| task_private_key | engine为thirdparty的task配置项,预留给第三方策略的task解析私有参数的配置项,选配 | 否 | 否 | 根据第三方策略私有参数自行限制 | 根据第三方策略私有task参数自行配置 | +| swap_threshold |slide engine的配置项,进程内存换出阈值 | 否 | 是 | 进程可用内存绝对值 | swap_threshold=10g //进程占用内存在低于10g时不会触发换出。
当前版本下,仅支持g/G作为内存绝对值单位。与sysmem_threshold配合使用,仅系统内存低于阈值时,进行白名单中进程阈值判断 | +| swap_flag|slide engine的配置项,进程指定内存换出 | 否 | 是 | yes/no | swap_flag=yes//使能进程指定内存换出 | + +### etmemd服务端启动 + +在使用etmem提供的服务时,首先根据需要修改相应的配置文件,然后运行etmemd服务端,常驻在系统中来操作目标进程的内存。除了支持在命令行中通过二进制来启动etmemd的进程外,还可以通过配置`service`文件来使etmemd服务端通过`systemctl`方式拉起,此场景需要通过`mode-systemctl`参数来指定支持 + +#### 使用方法 + +可以通过下列示例命令启动etmemd的服务端: + +```bash +etmemd -l 0 -s etmemd_socket +``` + +或者 + +```bash +etmemd --log-level 0 --socket etmemd_socket +``` + +其中`-l`的`0`和`-s`的`etmemd_socket`是用户自己输入的参数,参数具体含义参考以下列表。 + +#### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 参数范围 | 示例说明 | +| --------------- | ---------------------------------- | -------- | ---------- | --------------------- | ------------------------------------------------------------ | +| -l或\-\-log-level | etmemd日志级别 | 否 | 是 | 0~3 | 0:debug级别
1:info级别
2:warning级别
3:error级别
只有大于等于配置的级别才会打印到/var/log/message文件中 | +| -s或\-\-socket | etmemd监听的名称,用于与客户端交互 | 是 | 是 | 107个字符之内的字符串 | 指定服务端监听的名称 | +| -m或\-\-mode-systemctl| 指定通过systemctl方式来拉起stmemd服务| 否| 否| NA| service文件中需要指定-m参数| +| -h或\-\-help | 帮助信息 | 否 | 否 | NA | 执行时带有此参数会打印后退出 | + +### 通过etmem客户端添加或者删除工程/引擎/任务 + +#### 场景描述 + +1)管理员创建etmem的project/engine/task(一个工程可包含多个etmem engine,一个engine可以包含多个任务) + +2)管理员删除已有的etmem project/engine/task(删除工程前,会自动先停止该工程中的所有任务) + +#### 使用方法 + +在etmemd服务端正常运行后,通过etmem客户端,通过第二个参数指定为obj,来进行创建或删除动作,对project/engine/task则是通过配置文件中配置的内容来进行识别和区分。 + +- 添加对象: + + ```bash + etmem obj add -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + 或 + + ```bash + etmem obj add --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +- 删除对象: + + ```bash + etmem obj del -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + 或 + + ```bash + etmem obj del --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +#### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 示例说明 | +| ------------ | ------------------------------------------------------------ | -------- | ---------- | -------------------------------------------------------- | +| -f或\-\-file | 指定对象的配置文件 | 是 | 是 | 需要指定路径名称 | +| -s或\-\-socket | 与etmemd服务端通信的socket名称,需要与etmemd启动时指定的保持一致 | 是 | 是 | 必须配置,在有多个etmemd时,由管理员选择与哪个etmemd通信 | + +### 通过etmem客户端查询/启动/停止工程 + +#### 场景描述 + +在已经通过`etmem obj add`添加工程之后,在还未调用`etmem obj del`删除工程之前,可以对etmem的工程进行启动和停止。 + +1)管理员启动已添加的工程 + +2)管理员停止已启动的工程 + +在管理员调用`obj del`删除工程时,如果工程已经启动,则会自动停止。 + +#### 使用方法 + +对于已经添加成功的工程,可以通过`etmem project`的命令来控制工程的启动和停止,命令示例如下: + +- 查询工程 + + ```bash + etmem project show -n test -s etmemd_socket + ``` + + 或 + + ```bash + etmem project show --name test --socket etmemd_socket + ``` + +- 启动工程 + + ```bash + etmem project start -n test -s etmemd_socket + ``` + + 或 + + ```bash + etmem project start --name test --socket etmemd_socket + ``` + +- 停止工程 + + ```bash + etmem project stop -n test -s etmemd_socket + ``` + + 或 + + ```bash + etmem project stop --name test --socket etmemd_socket + ``` + +- 打印帮助 + + ```bash + etmem project help + ``` + +#### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 示例说明 | +| ------------ | ------------------------------------------------------------ | -------- | ---------- | -------------------------------------------------------- | +| -n或\-\-name | 指定project名称 | 是 | 是 | project名称,与配置文件一一对应 | +| -s或\-\-socket | 与etmemd服务端通信的socket名称,需要与etmemd启动时指定的保持一致 | 是 | 是 | 必须配置,在有多个etmemd时,由管理员选择与哪个etmemd通信 | + +### 通过etmem客户端,支持内存阈值换出以及指定内存换出 + +当前支持的策略中,只有slide策略支持私有的功能特性 + +- 进程或系统内存阈值换出 + +为了获得业务的极致性能,需要考虑etmem内存扩展进行内存换出的时机;当系统可用内存足够,系统内存压力不大时,不进行内存交换;当进程占用内存不高时,不进行内存交换;提供系统内存换出阈值控制以及进程内存换出阈值控制。 + +- 进程指定内存换出 + +在存储环境下,具有IO时延敏感型业务进程,上述进程内存不希望进行换出,因此提供一种机制,由业务指定可换出内存 + +针对进程或系统内存阈值换出,进程指定内存换出功能,可以在配置文件中添加`sysmem_threshold`,`swap_threshold`,`swap_flag`参数,示例如下,具体含义请参考etmem配置文件说明章节。 + +```sh +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes +``` + +#### 系统内存阈值换出 + +配置文件中`sysmem_threshold`用于指示系统内存阈值换出功能,`sysmem_threshold`取值范围为0-100,如果配置文件中设定了`sysmem_threshold`,那么只有系统内存剩余量低于该比例时,etmem才会触发内存换出流程 + +示例使用方法如下: + +1. 参考示例编写配置文件,配置文件中填写`sysmem_threshold`参数,例如`sysmem_threshold=20` +2. 启动服务端,并通过服务端添加,启动工程。 + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. 观察内存换出结果,只有系统可用内存低于20%时,etmem才会触发内存换出 + +#### 进程内存阈值换出 + +配置文件中`swap_threshold`用于指示进程内存阈值换出功能,`swap_threshold`为进程内存占用量绝对值(格式为"数字+单位g/G"),如果配置文件中设定了`swap_threshold`,那么该进程内存占用量在小于该设定的可用内存量时,etmem不会针对该进程触发换出流程 + +示例使用方法如下: + +1. 参考示例编写配置文件,配置文件中填写`swap_threshold`参数,例如`swap_threshold=5g` +2. 启动服务端,并通过服务端添加,启动工程。 + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. 观察内存换出结果,只有进程占用内存绝对值高于5G时,etmem才会触发内存换出 + +#### 进程指定内存换出 + +配置文件中`swap_flag`用于指示进程指定内存换出功能,`swap_flag`取值仅有两个:`yes/no`,如果配置文件中设定了`swap_flag`为no或者未配置,那么etmem换出功能无变化,如果`swap_flag`设定为yes,那么etmem仅仅换出进程指定的内存。 + +示例使用方法如下: + +1. 参考示例编写配置文件,配置文件中填写`swap_flag`参数,例如`swap_flag=yes` +2. 业务进程对需要进行换出的内存打标记 + + ```bash + madvise(addr_start, addr_len, MADV_SWAPFLAG) + ``` + +3. 启动服务端,并通过服务端添加,启动工程。 + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +4. 观察内存换出结果,只有进程打标记的部分内存会被换出,其余内存保留在DRAM中,不会被换出 + +针对进程指定页面换出的场景中,在原扫描接口`idle_pages`中添加`ioctl`命令字的形式,来确认不带有特定标记的vma不进行扫描与换出操作 + +扫描管理接口 + +- 函数原型 + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- 输入参数 + + ```text + 1. fd:文件描述符,通过open调用在/proc/pid/idle_pages下打开文件获得 + + 2.cmd:控制扫描行为,当前支持如下cmd: + VMA_SCAN_ADD_FLAGS:新增vma指定内存换出标记,仅扫描带有特定标记的VMA + VMA_SCAN_REMOVE_FLAGS:删除新增的VMA指定内存换出标记 + + 3.args:int指针参数,传递具体标记掩码,当前仅支持如下参数: + VMA_SCAN_FLAG:在etmem_scan.ko扫描模块开始扫描前,会调用接口walk_page_test接口判断vma地址是否符合扫描要求,此标记置位时,会仅扫描带有特定换出标记的vma地址段,而忽略其他vma地址 + ``` + +- 返回值 + + ```text + 1.成功,返回0 + 2.失败返回非0 + ``` + +- 注意事项 + + ```text + 所有不支持的标记都会被忽略,但是不会返回错误 + ``` + +### 通过etmem客户端,支持swapcache内存回收指令 + +用户态etmem发起内存淘汰回收操作,通过`write procfs`接口与内核态的内存回收模块交互,内存回收模块解析用户态下发的虚拟地址,获取地址对应的page页面,并调用内核原生接口将该page对应内存进行换出回收,在内存换出的过程中,swapcache会占用部分系统内存,为进一步节约内存,添加swapcache内存回收功能. + +针对swapcache内存回收功能,可以在配置文件中添加`swapcache_high_wmark`,`swapcache_low_wmark`参数。 + +- `swapcache_high_wmark`: swapcache可以占用系统内存的高水位线 +- `swapcache_low_wmark`:swapcache可以占用系统内存的低水位线 + +在etmem进行一轮内存换出后,会进行swapcache占用系统内存比例的检查,当占用比例超过高水位线后,会通过`swap_pages`下发`ioctl`命令,触发swapcache内存回收,并回收到低水位线停止 + +配置参数示例如下,具体请参考etmem配置文件相关章节: + +```sh +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +swapcache_high_vmark=5 +swapcache_low_vmark=3 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +``` + +针对swap换出场景中,需要通过swapcache内存回收进一步节约内存,在原内存换出接口`swap_pages`中通过添加`ioctl`接口的方式,来提供swapcache水线的设定以及swapcache内存占用量回收的启动与关闭 + +- 函数原型 + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- 输入参数 + + ```text + 1. fd:文件描述符,通过open调用在/proc/pid/idle_pages下打开文件获得 + + 2.cmd:控制扫描行为,当前支持如下cmd: + RECLAIM_SWAPCACHE_ON:启动swapcache内存换出 + RECLAIM_SWAPCACHE_OFF:关闭swapcache内存换出 + SET_SWAPCACHE_WMARK:设定swapcache内存水线 + + 3.args:int指针参数,传递具体标记掩码,当前仅支持如下参数: + 参数用来传递swapcache水线具体值 + ``` + +- 返回值 + + ```text + 1.成功,返回0 + 2.失败返回非0 + ``` + +- 注意事项 + + ```text + 所有不支持的标记都会被忽略,但是不会返回错误 + ``` + +### 通过etmem客户端,执行引擎私有命令或功能 + +当前支持的策略中,只有cslide策略支持私有的命令 + +- `showtaskpages` +- `showhostpages` + +针对使用此策略引擎的engine和engine所有的task,可以通过这两个命令分别查看task相关的页面访问情况和虚拟机的host上系统大页的使用情况。 + +示例命令如下: + +```bash +etmem engine showtaskpages <-t task_name> -n proj_name -e cslide -s etmemd_socket +etmem engine showhostpages -n proj_name -e cslide -s etmemd_socket +``` + +**注意** :`showtaskpages`和`showhostpages`仅支持引擎使用cslide的场景 + +#### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 实例说明 | +|----|------|------|-------|------| +|-n或\-\-proj_name| 指定project的名字| 是| 是| 指定已经存在,所需要执行的project的名字| +|-s或\-\-socket| 与etmemd服务端通信的socket名称,需要与etmemd启动时指定的保持一致| 是| 是| 必须配置,在有多个etmemd时,由管理员选择与哪个etmemd通信| +|-e或\-\-engine| 指定执行的引擎的名字| 是| 是| 指定已经存在的,所需要执行的引擎的名字| +|-t或\-\-task_name| 指定执行的任务的名字| 否| 是| 指定已经存在的,所需要执行的任务的名字| + +### 支持kernel swap功能开启与关闭 + +针对swap换出到磁盘场景,当etmem用于内存扩展时,用户可以选择是否同时开启内核swap功能。用户可以关闭内核原生swap机制,以免原生swap机制换出不应被换出的内存,导致用户态进程出现问题。 + +通过提供sys接口实现上述控制,在`/sys/kernel/mm/swap`目录下创建`kobj`对象,对象名为`kernel_swap_enable`,缺省值为`true`,用于控制kernel swap的启动与关闭 + +具体示例如下: + +```sh +#开启kernel swap +echo true > /sys/kernel/mm/swap/kernel_swap_enbale +或者 +echo 1 > /sys/kernel/mm/swap/kernel_swap_enbale + +#关闭kernel swap +echo false > /sys/kernel/mm/swap/kernel_swap_enbale +或者 +echo 0 > /sys/kernel/mm/swap/kernel_swap_enbale + +``` + +### etmem支持随系统自启动 + +#### 场景描述 + +etmemd支持由用户配置`systemd`配置文件后,以`fork`模式作为`systemd`服务被拉起运行 + +#### 使用方法 + +编写`service`配置文件,来启动etmemd,必须使用-m参数来指定此模式,例如 + +```bash +etmemd -l 0 -s etmemd_socket -m +``` + +#### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 参数范围 | 实例说明 | +|----------------|------------|------|-------|------|-----------| +| -l或\-\-log-level | etmemd日志级别 | 否 | 是 | 0~3 | 0:debug级别;1:info级别;2:warning级别;3:error级别;只有大于等于配置的级别才会打印到/var/log/message文件中| +| -s或\-\-socket |etmemd监听的名称,用于与客户端交互 | 是 | 是| 107个字符之内的字符串| 指定服务端监听的名称| +|-m或\-\-mode-systemctl | etmemd作为service被拉起时,命令中需要指定此参数来支持 | 否 | 否 | NA | NA | +| -h或\-\-help | 帮助信息 | 否 |否 |NA |执行时带有此参数会打印后退出| + +### etmem支持第三方内存扩展策略 + +#### 场景描述 + +etmem支持用户注册第三方内存扩展策略,同时提供扫描模块动态库,运行时通过第三方策略淘汰算法淘汰内存。 + +用户使用etmem所提供的扫描模块动态库并实现对接etmem所需要的结构体中的接口 + +#### 使用方法 + +用户使用自己实现的第三方扩展淘汰策略,主要需要按下面步骤进行实现和操作: + +1. 按需调用扫描模块提供的扫描接口, + +2. 按照etmem头文件中提供的函数模板来实现各个接口,最终封装成结构体 + +3. 编译出第三方扩展淘汰策略的动态库 + +4. 在配置文件中按要求声明类型为thirdparty的engine + +5. 将动态库的名称和接口结构体的名称按要求填入配置文件中task对应的字段 + +其他操作步骤与使用etmem的其他engine类似 + +接口结构体模板 + +```c +struct engine_ops { + +/* 针对引擎私有参数的解析,如果有,需要实现,否则置NULL */ + +int (*fill_eng_params)(GKeyFile *config, struct engine *eng); + +/* 针对引擎私有参数的清理,如果有,需要实现,否则置NULL */ + +void (*clear_eng_params)(struct engine *eng); + +/* 针对任务私有参数的解析,如果有,需要实现,否则置NULL */ + +int (*fill_task_params)(GKeyFile *config, struct task *task); + +/* 针对任务私有参数的清理,如果有,需要实现,否则置NULL */ + +void (*clear_task_params)(struct task *tk); + +/* 启动任务的接口 */ + +int (*start_task)(struct engine *eng, struct task *tk); + +/* 停止任务的接口 */ + +void (*stop_task)(struct engine *eng, struct task *tk); + +/* 填充pid相关私有参数 */ + +int (*alloc_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* 销毁pid相关私有参数 */ + +void (*free_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* 第三方策略自身所需要的私有命令支持,如果没有,置为NULL */ + +int (*eng_mgt_func)(struct engine *eng, struct task *tk, char *cmd, int fd); + +}; +``` + +扫描模块对外接口说明 + +| 接口名称 |接口描述| +| ------------ | --------------------- | +| etmemd_scan_init | scan模块初始化| +| etmemd_scan_exit | scan模块析构| +| etmemd_get_vmas | 获取需要扫描的vma| +| etmemd_free_vmas | 释放etmemd_get_vmas扫描到的vma| +| etmemd_get_page_refs | 扫描vmas中的页面| +| etmemd_free_page_refs | 释放etmemd_get_page_refs获取到的页访问信息链表| + +针对扫描虚拟机的场景中,在原扫描接口`idle_pages`中添加`ioctl`接口的方式,来提供区分扫描`ept`的粒度和是否忽略host上页访问标记的机制 + +针对进程指定页面换出的场景中,在原扫描接口`idle_pages`中添加`ioctl`命令字的形式,来确认不带有特定标记的vma不进行扫描和换出操作 + +扫描管理接口: + +- 函数原型 + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- 输入参数 + + ```text + 1. fd:文件描述符,通过open调用在/proc/pid/idle_pages下打开文件获得 + + 2.cmd:控制扫描行为,当前支持如下cmd: + IDLE_SCAN_ADD_FLAG:新增一个扫描标记 + IDLE_SCAM_REMOVE_FLAGS:删除一个扫描标记 + VMA_SCAN_ADD_FLAGS:新增vma指定内存换出标记,仅扫描带有特定标记的VMA + VMA_SCAN_REMOVE_FLAGS:删除新增的VMA指定内存换出标记 + + 3.args:int指针参数,传递具体标记掩码,当前仅支持如下参数: + SCAN_AS_HUGE:扫描ept页表时,按照2M大页粒度扫描页是否被访问过。此标记未置位时,按照ept页表自身粒度扫描 + SCAN_IGN_HUGE:扫描虚拟机时,忽略host侧页表上的访问标记。此标记未置位时,不会忽略host侧页表上的访问标记。 + VMA_SCAN_FLAG:在etmem_scan.ko扫描模块开始扫描前,会调用接口walk_page_test接口判断vma地址是否符合扫描要求,此标记置位时,会仅扫描带有特定换出标记的vma地址段,而忽略其他vma地址 + ``` + +- 返回值 + + ```text + 1. 成功,返回0 + 2. 失败返回非0 + ``` + +- 注意事项 + + ```text + 所有不支持的标记都会被忽略,但是不会返回错误 + ``` + +配置文件示例如下所示,具体含义请参考配置文件说明章节: + +```text +#thirdparty +[engine] +name=thirdparty +project=test +eng_name=my_engine +libname=/user/lib/etmem_fetch/code_test/my_engine.so +ops_name=my_engine_ops +engine_private_key=engine_private_value +[task] +project=test +engine=my_engine +name=background1 +type=pid +value=1798245 +task_private_key=task_private_value +``` + + **注意** : + +用户需使用etmem所提供的扫描模块动态库并实现对接etmem所需要的结构体中的接口 + +`eng_mgt_func`接口中的`fd`不能写入`0xff`和`0xfe`字 + +支持在一个工程内添加多个不同的第三方策略动态库,以配置文件中的`eng_name`来区分 + +### etmem客户端和服务端帮助说明 + +通过下列命令可以打印etmem服务端帮助说明 + +```bash +etmemd -h +``` + +或 + +```bash +etmemd --help +``` + +通过下列命令可以打印etmem客户端帮助说明 + +```bash +etmem help +``` + +通过下列命令可以打印etmem客户端操作工程/引擎/任务相关帮助说明 + +```bash +etmem obj help +``` + +通过下列命令可以打印etmem客户端对项目相关帮助说明 + +```bash +etmem project help +``` + +## 参与贡献 + +1. Fork本仓库 +2. 新建个人分支 +3. 提交代码 +4. 新建Pull Request diff --git a/docs/zh/server/memory_storage/gmem/_toc.yaml b/docs/zh/server/memory_storage/gmem/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..36121ff4a872e60286a38b9cf5fc2437fc6e226a --- /dev/null +++ b/docs/zh/server/memory_storage/gmem/_toc.yaml @@ -0,0 +1,10 @@ +label: GMEM用户指南 +isManual: true +description: 提供异构互联内存的中心化管理 +sections: + - label: 概述 + href: ./introduction_to_gmem.md + - label: 安装与部署 + href: ./installation_and_deployment.md + - label: 使用方法 + href: ./usage_instructions.md diff --git "a/docs/zh/server/memory_storage/gmem/images/GMEM-\346\236\266\346\236\204.png" "b/docs/zh/server/memory_storage/gmem/images/GMEM-\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..0ca62843c8c5148330ead20167f4b3e2576ca463 Binary files /dev/null and "b/docs/zh/server/memory_storage/gmem/images/GMEM-\346\236\266\346\236\204.png" differ diff --git a/docs/zh/server/memory_storage/gmem/installation_and_deployment.md b/docs/zh/server/memory_storage/gmem/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..b1d9f32044988684cad298811a845434bcd6e27f --- /dev/null +++ b/docs/zh/server/memory_storage/gmem/installation_and_deployment.md @@ -0,0 +1,116 @@ +# 安装与部署 + +本章介绍如何安装和部署GMEM。 + +## 软硬件要求 + +* 鲲鹏920处理器 +* 昇腾910芯片 +* 操作系统:openEuler 24.03 + +## 环境准备 + +* 使用和配置GMEM需要使用root权限。 +* GMEM的开关只能在系统层面开启或关闭。 +* 请管理员确保GMEM的配置安全、可用。 + +## 安装GMEM + +* 文件准备 + + [CANN社区版历史版本-昇腾社区 (hiascend.com)](https://www.hiascend.com/software/cann/community-history) + + [固件与驱动-昇腾社区 (hiascend.com)](https://www.hiascend.com/zh/hardware/firmware-drivers/community?product=2&model=19&cann=6.0.1.alpha001&driver=1.0.18.alpha) + + | 来源 | 软件包 | + | ------------------------------------------------------------ | ------------------------------------------------------------ | + | openEuler 24.03 | kernel-6.6.0-xxx.aarch64.rpm
kernel-devel-6.6.0-xxx.aarch64.rpm
libgmem-xxx.aarch64.rpm
libgmem-devel-xxx.aarch64.rpm | + | 昇腾社区 | # CANN软件包
Ascend-cann-toolkit-xxx-linux.aarch64.rpm
# NPU固件与驱动
Ascend-hdk-910-npu-driver-xxx.aarch64.rpm
Ascend-hdk-910-npu-firmware-xxx.noarch.rpm | + | 联系GMEM社区维护人员
[@yang_yanchao](https://gitee.com/yang_yanchao) email:
[@LemmyHuang](https://gitee.com/LemmyHuang) email: | gmem-example-xxx.aarch64.rpm
mindspore-xxx-linux_aarch64.whl | + +* 安装内核 + + 使用的openEuler内核版本,确认GMEM相关编译选项已打开(当前默认已经打开)。 + + ```sh + [root@localhost ~]# cat /boot/config-`uname -r` | grep CONFIG_GMEM + CONFIG_GMEM=y + CONFIG_GMEM_DEV=m + + [root@localhost ~]# cat /boot/config-`uname -r` | grep CONFIG_REMOTE_PAGER + CONFIG_REMOTE_PAGER=m + CONFIG_REMOTE_PAGER_MASTER=m + ``` + + 在启动项中添加`gmem=on` 。 + + ```sh + [root@localhost gmem]# cat /proc/cmdline + BOOT_IMAGE=/vmlinuz-xxx root=/dev/mapper/openeuler-root ... gmem=on + ``` + + 修改`transparent_hugepage` 。 + + ```sh + echo always > /sys/kernel/mm/transparent_hugepage/enabled + ``` + +* 安装用户态动态库 libgmem。 + + ```sh + yum install libgmem libgmem-devel + ``` + +* 安装CANN框架。 + + 安装版本配套的CANN,包括toolkit,driver以及firmware,根据指引完成安装后重启系统。 + + ```sh + rpm -ivh Ascend-cann-toolkit-xxx-linux.aarch64.rpm + # 使用libgmem提供的工具安装npu-driver + sh /usr/local/gmem/install_npu_driver.sh Ascend-hdk-910-npu-driver-xxx.aarch64.rpm + rpm -ivh Ascend-hdk-910-npu-firmware-xxx.noarch.rpm + ``` + + 通过Ascend目录下的环境配置脚本配置好环境变量。 + + ```sh + source /usr/local/Ascend/ascend-toolkit/set_env.sh + ``` + + 查看NPU设备是否正常。 + + ```sh + [root@localhost ~]# npu-smi info + +-------------------------------------------------------------------------------------------+ + | npu-smi 22.0.4.1 Version: 22.0.4.1 | + +----------------------+---------------+----------------------------------------------------+ + | NPU Name | Health | Power(W) Temp(C) Hugepages-Usage(page)| + | Chip | Bus-Id | AICore(%) Memory-Usage(MB) HBM-Usage(MB) | + +======================+===============+====================================================+ + | 0 910B | OK | 79.4 82 0 / 0 | + | 0 | 0000:81:00.0 | 0 1979 / 15039 0 / 32768 | + +======================+===============+====================================================+ + ``` + +* 安装gmem-example软件包。 + + gmem-example会更新host驱动、NPU侧驱动及NPU侧内核。安装完成后重启系统使驱动生效。 + + ```sh + rpm -ivh gmem-example-xxx.aarch64.rpm + ``` + +* 安装mindspore。 + + 获取正确的mindspore版本并安装,安装后可通过执行以下命令验证mindspore功能是否正常。 + + ```sh + python -c "import mindspore;mindspore.run_check()" + MindSpore version: x.x.x + The result of multiplication calculation is correct, MindSpore has been installed on platform [Ascend] successfully! + ``` + +## 执行训练或推理任务 + +基于mindspore的训练或推理任务,在完成以上安装流程后,可直接执行,不需要做任何适配。 diff --git a/docs/zh/server/memory_storage/gmem/introduction_to_gmem.md b/docs/zh/server/memory_storage/gmem/introduction_to_gmem.md new file mode 100644 index 0000000000000000000000000000000000000000..8befaf35369d916ab0a68c44721a2734592e100a --- /dev/null +++ b/docs/zh/server/memory_storage/gmem/introduction_to_gmem.md @@ -0,0 +1,37 @@ +# 认识GMEM + +## 简介 + +当前异构侧数据管理CPU与异构侧分离,数据显式搬移,易用性和性能难以平衡:异构设备HBM内存严重不足,应用手动SWAP方案性能损耗大且通用性差;搜推、大数据场景存在大量无效数据搬移,缺少高效内存池化方案,急需统一的有效对等内存管理机制,Linux现有HMM框架搁浅,编程复杂度高且依赖人工调优,NV、AMD虽尝试接入,但由于架构问题导致代码缺乏通用性,性能可移植性差,引起上游OS社区反弹。 + +GMEM (Generalized Memory Management) 提供了异构互联内存的中心化管理,GMEM API支持设备接入统一地址空间,获得针对异构内存编程的优化,将CPU架构相关的实现从Linux的内存管理系统中独立出来。 + +当CPU和加速卡的内存被封装到一个统一的虚拟地址空间中后,开发者们就不再需要在两个并行的地址空间中手动转移内存,只需要使用一套统一的申请释放函数。在这种模式下甚至可以选择将CPU的DRAM内存作为加速卡的cache,代码开销也不会过大。 + +## 架构 + +![GMEM-架构.png](images/GMEM-架构.png) + +## 应用场景 + +大模型训推场景 + +* GMEM实现异构内存透明扩容技术,实现HBM内存自动超分,实现高性能、低门槛训推。 +* 提供OS原生的极简异构内存管理,超分大模型性能相比NVIDIA性能提升60%。 + +大内存共享场景 + +* 提供远程访问与按需搬移内存的灵活策略,解决内存搬移瓶颈,提升搜推、大数据应用端到端性能。 + +## 功能描述 + +驱动开发侧,GMEM提供了统一的函数注册接口,让驱动开发者避免反复造相同的轮子,确保内存管理代码不再爆炸式地增长,也规避了额外的漏洞。 + +* 调用GMEM提供的接口,简化驱动使用物理内存的代码。 +* 驱动使用GMEM统一提供的接口,避免自行造轮子时出现漏洞。 + +加速卡用户侧,GMEM给使用加速卡进行AI模型及机器学习框架开发提供了更强的可编程性:不再需要手动管理数据是存放在加速卡上还是CPU上。 + +* 通过统一的内存申请释放函数与CPU及卡上的内存交互。 +* 同一虚拟地址空间中既可以映射到CPU上,也可以映射到加速卡上。 +* GMEM封装内存管理代码,相比手动管理获得性能提升。 diff --git a/docs/zh/server/memory_storage/gmem/usage_instructions.md b/docs/zh/server/memory_storage/gmem/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..e55eadf9726b871ceedb15ebd60817080e695e3b --- /dev/null +++ b/docs/zh/server/memory_storage/gmem/usage_instructions.md @@ -0,0 +1,66 @@ +# 使用说明 + +## 简介 + +GMEM通过特定的flag申请对等互访的虚拟内存,并对外提供了一些内存优化语义,通过这部分内存语义可以达到性能优化的效果。 +libgmem是GMEM用户接口的抽象层,主要功能是是对上述内存语义进行封装,简化用户的使用。 + +## 接口说明 + +* 内存申请 + + GMEM扩展了mmap的含义,增加了一个flag MAP_PEER_SHARED申请异构内存,使用时默认返回2MB对齐的虚拟地址。 + + ```c + addr = mmap(NULL , size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_PEER_SHARED, -1, 0); + ``` + +* 内存释放 + + 通过munmap接口释放host和device的内存。 + + ```c + munmap(addr, size); + ``` + +* 内存语义 + + FreeEager:对于给定范围[addr, addr + size]的地址段,FreeEager会对范围向内对齐页面大小的完整页面进行释放(默认页面大小2M)。如果范围内不存在完整页面,将直接返回成功。 + + 接口成功返回0,失败返回错误码。 + + ```c + 接口原型: int gmemFreeEager(unsigned long addr, size_t size, void *stream); + 接口用法: ret = gmemFreeEager(addr, size, stream); + ``` + + Prefetch:对于给定范围[addr, addr + size]的地址段,Prefetch会对范围向外对齐页面大小的完整页面(覆盖整个地址段)进行预取。确保指定的计算单元设备hnid在接下来对vma发起的访问不会触发page fault。 + + 接口成功返回0,失败返回错误码。 + + ```c + 接口原型: int gmemPrefetch(unsigned long addr, size_t size, int hnid, void *stream); + 接口用法: ret = gmemPrefetch(addr, size, hnid, stream); + ``` + + 在上述内存语义使用的时候stream为空表示同步调用,非空表示异步调用。 + +* 其他接口 + + 获取当前设备的numaid。接口成功返回设备号,失败返回错误码。 + + ```c + 接口原型: int gmemGetNumaId(void); + 接口用法: numaid = gmemGetNumaId(); + ``` + + 获取内核的gmem统计信息。 + + ```sh + cat /proc/gmemstat + ``` + +## 约束限制 + +1. 目前仅支持2M大页,所以host OS以及NPU卡内OS的透明大页需要默认开启。 +2. 通过MAP_PEER_SHARED申请的异构内存目前不支持fork时继承。 diff --git a/docs/zh/server/memory_storage/hsak/_toc.yaml b/docs/zh/server/memory_storage/hsak/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6fc6595d6212e1495f1fc3710c65c15d4a9db0d9 --- /dev/null +++ b/docs/zh/server/memory_storage/hsak/_toc.yaml @@ -0,0 +1,12 @@ +label: HSAK开发指南 +isManual: true +description: HSAK 针对新型存储介质提供高带宽低时延的IO软件栈 +sections: + - label: 概述 + href: ./hsak_developer_guide.md + - label: 使用HSAK开发应用程序 + href: ./development_with_hsak.md + - label: HSAK工具使用说明 + href: ./hsak_tools_usage.md + - label: HSAK接口说明 + href: ./hsak_c_apis.md diff --git a/docs/zh/server/memory_storage/hsak/development_with_hsak.md b/docs/zh/server/memory_storage/hsak/development_with_hsak.md new file mode 100644 index 0000000000000000000000000000000000000000..d517ac9ae5459cce98b23bbca5c38a942a515dfc --- /dev/null +++ b/docs/zh/server/memory_storage/hsak/development_with_hsak.md @@ -0,0 +1,230 @@ +# 使用说明 + +## nvme.conf.in配置文件 + +HSAK配置文件默认安装在/etc/spdk/nvme.conf.in,开发人员可以根据实际业务需要对配置文件进行修改,配置文件内容如下: + +- [Global] + +1. ReactorMask:指定用于轮询IO的核(16进制,不能指定0核,按bit位从低位到高位,分别表示不同CPU核,如:0x1表示0核,0x6表示1、2两个核,以此类推,本字段最大支持34个字符,去掉表示16进制的0x标记,剩余32个计数字符,每个16进制字符最大是F,可表示4个核,所以最多可以支持32*4=128个核)。 +2. LogLevel:HSAK日志打印级别(0:error;1:warning;2:notice;3:info;4:debug)。 +3. MemSize:HSAK占用的内存(最小值为500MB)。 +4. MultiQ:是否在同一个块设备上开启多队列。 +5. E2eDif:DIF类型(1:半程保护;2:全程保护),不同厂商的硬盘对DIF支持能力可能不同,具体请参考硬件厂家资料。 +6. IoStat:是否使能IO统计开关(Yes\No)。 +7. RpcServer:是否启动rpc侦听线程(Yes\No)。 +8. NvmeCUSE:是否启动CUSE功能(Yes\No),开启后在/dev/spdk目录下生成nvme字符设备。 + +- [Nvme] + +1. TransportID:指定NVMe控制器的PCI地址和名称,使用格式为:TransportID "trtype:PCIe traddr:0000:09:00.0" nvme0。 +2. RetryCount:IO失败时的重试次数,0表示不重试,最大255。 +3. TimeoutUsec:IO超时时间,0或者不配置该配置项表示不设置超时时间,单位是μs。 +4. ActionOnTimeout:IO超时行为(None:仅打印信息;Reset:reset控制器;abort:丢弃超时指令),默认None。 + +- [Reactor] + +1. BatchSize:支持批量提交提交IO的个数,默认是8,最大是32。 + +### 头文件引用 + +HSAK提供两个对外头文件,开发者在使用HSAK进行开发时需要包含这两个文件: + +1. bdev_rw.h:定义了数据面用户态IO操作的宏、枚举、数据结构和接口API。 +2. ublock.h:定义了管理面设备管理、信息获取等功能的宏、枚举、数据结构和接口API。 + +### 业务运行 + +开发者在进行软件开发编译后,运行前,需要先运行setup.sh脚本程序,用于重新绑定NVMe盘驱动到用户态,该脚本默认安装在:/opt/spdk。 +执行如下命令将盘驱动从内核态绑定到用户态,同时预留1024个2M大页: + +```shell +[root@localhost ~]# cd /opt/spdk +[root@localhost spdk]# ./setup.sh +0000:3f:00.0 (8086 2701): nvme -> uio_pci_generic +0000:40:00.0 (8086 2701): nvme -> uio_pci_generic +``` + +执行如下命令将盘驱动从用户态恢复到内核态,同时释放预留的大页: + +```shell +[root@localhost ~]# cd /opt/spdk +[root@localhost spdk]# ./setup.sh reset +0000:3f:00.0 (8086 2701): uio_pci_generic -> nvme +0000:40:00.0 (8086 2701): uio_pci_generic -> nvme +``` + +### 用户态IO读写场景 + +开发者通过以下顺序调用HSAK接口,实现经由用户态IO通道的业务数据读写: + +1. 初始化HSAK UIO模块。可调用接口libstorage_init_module,完成HSAK用户态IO通道的初始化。 + +2. 打开磁盘块设备。可调用libstorage_open,打开指定块设备,如需打开多个块设备,需要多次重复调用。 + +3. 申请IO内存。可调用接口libstorage_alloc_io_buf或libstorage_mem_reserve,前者最大可申请单个65K的IO,后者没有限制(除非无可用空间)。 + +4. 对磁盘进行读写操作。根据实际业务需要,可调用如下接口进行读写操作: + + - libstorage_async_read + - libstorage_async_readv + - libstorage_async_write + - libstorage_async_writev + - libstorage_sync_read + - libstorage_sync_write + +5. 释放IO内存。可调用接口libstorage_free_io_buf或libstorage_mem_free,需要与申请时调用的接口对应。 + +6. 关闭磁盘块设备。可调用接口libstorage_close,关闭指定块设备,如果打开了多个块设备,则需要多次重复调用接口进行关闭。 + + | 接口名称 | 功能描述 | + | ----------------------- | --------------------------------------------- | + | libstorage_init_module | HSAK模块初始化接口。 | + | libstorage_open | 打开块设备。 | + | libstorage_alloc_io_buf | 从SPDK的buf_small_pool或者buf_large_pool中分配内存。 | + | libstorage_mem_reserve | 从DPDK预留的大页内存中分配内存空间。 | + | libstorage_async_read | HSAK下发异步IO读请求的接口(读缓冲区为连续buffer)。 | + | libstorage_async_readv | HSAK下发异步IO读请求的接口(读缓冲区为离散buffer)。 | + | libstorage_async_write | HSAK下发异步IO写请求的接口(写缓冲区为连续buffer)。 | + | libstorage_async_wrtiev | HSAK下发异步IO写请求的接口(写缓冲区为离散buff)。 | + | libstorage_sync_read | HSAK下发同步IO读请求的接口(读缓冲区为连续buffer)。 | + | libstorage_sync_write | HSAK下发同步IO写请求的接口(写缓冲区为连续buffer)。 | + | libstorage_free_io_buf | 释放所分配的内存到SPDK的buf_small_pool或者buf_large_pool中。 | + | libstorage_mem_free | 释放libstorage_mem_reserve所申请的内存空间。 | + | libstorage_close | 关闭块设备。 | + | libstorage_exit_module | HSAK模块退出接口。 | + +### 盘管理场景 + +HSAK包含一组C接口,可以对盘进行格式化、创建、删除namespace操作。 + +1. 首先需要调用C接口对HSAK UIO组件进行初始化,如果已经初始化过了,就不需要再调用了。 + + libstorage_init_module + +2. 根据业务需要,调用相应的接口进行盘操作,以下接口可单独调用: + + - libstorage_create_namespace + + - libstorage_delete_namespace + + - libstorage_delete_all_namespace + + - libstorage_nvme_create_ctrlr + + - libstorage_nvme_delete_ctrlr + + - libstorage_nvme_reload_ctrlr + + - libstorage_low_level_format_nvm + + - libstorage_deallocate_block + +3. 最后如果退出程序,则需要销毁HSAK UIO,如果还有其他业务在使用,不需要退出,则不用销毁。 + + libstorage_exit_module + + | 接口名称 | 功能描述 | + | ------------------------------- | ----------------------------------------- | + | libstorage_create_namespace | 在指定控制器上创建namespace(前提是控制器具有namespace管理能力)。 | + | libstorage_delete_namespace | 在指定控制器上删除namespace。 | + | libstorage_delete_all_namespace | 删除指定控制器上所有namespace。 | + | libstorage_nvme_create_ctrlr | 根据PCI地址创建NVMe控制器。 | + | libstorage_nvme_delete_ctrlr | 根据控制器名称销毁NVMe控制器。 | + | libstorage_nvme_reload_ctrlr | 根据传入的配置文件自动创建或销毁NVMe控制器。 | + | libstorage_low_level_format_nvm | 低级格式化NVMe盘。 | + | libstorage_deallocate_block | 告知NVMe盘可释放的块,用于垃圾回收。 | + +### 数据面盘信息查询 + +在HSAK的IO数据面提供一组C接口,用于查询盘信息,上层业务可根据查询到的信息进行相关的业务逻辑处理。 + +1. 首先需要调用C接口对HSAK UIO进行初始化,如果已经初始化过了,就不需要再调用了。 + + libstorage_init_module + +2. 根据业务需要,调用相应接口进行信息查询,以下接口可单独调用: + + - libstorage_get_nvme_ctrlr_info + + - libstorage_get_mgr_info_by_esn + + - libstorage_get_mgr_smart_by_esn + + - libstorage_get_bdev_ns_info + + - libstorage_get_ctrl_ns_info + +3. 最后如果退出程序,则需要销毁HSAK UIO,如果还有其他业务在使用,不需要退出,则不用销毁。 + + libstorage_exit_module + + | 接口名称 | 功能描述 | + | ------------------------------- | ----------------------------- | + | libstorage_get_nvme_ctrlr_info | 获取所有控制器信息。 | + | libstorage_get_mgr_info_by_esn | 数据面获取设备序列号(ESN)对应的磁盘的管理信息。 | + | libstorage_get_mgr_smart_by_esn | 数据面获取设备序列号(ESN)对应的磁盘的SMART信息。 | + | libstorage_get_bdev_ns_info | 根据设备名称,获取namespace信息。 | + | libstorage_get_ctrl_ns_info | 根据控制器名称,获取所有namespace信息。 | + +### 管理面盘信息查询场景 + +在HSAK的管理面组件ublock提供一组C接口,用于支持在管理面对盘信息进行查询。 + +1. 首先调用C接口对HSAK ublock服务端进行初始化。 + + | 接口名称 | 功能描述 | + | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | + | init_ublock | 初始化ublock功能模块,本接口必须在其他所有ublock接口之前被调用,同一个进程只能初始化一次,原因是init_ublock接口中会初始化DPDK,而DPDK初始化所分配的内存同进程PID绑定,一个PID只能绑定一块内存,且DPDK没有提供释放这块内存的接口,只能通过进程退出来释放。 | + | ublock_init | 本身是对init_ublock接口的宏定义,可理解为将ublock初始化为需要RPC服务。 | + | ublock_init_norpc | 本身是对init_ublock接口的宏定义,可理解为ublock初始化为无RPC服务。 | + +2. 根据业务需要,在另一个进程中调用HSAK UIO组件初始化接口。 + +3. 在ublock服务端进程或客户端进程调用如下接口进行相应的信息查询业务。 + + | 接口名称 | 功能描述 | + | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | + | ublock_get_bdevs | 业务进程通过调用本接口获取设备列表,获取的设备列表中只有PCI地址,不包含具体设备信息,需要获取具体设备信息,请调用接口ublock_get_bdev。 | + | ublock_get_bdev | 进程通过调用本接口获取具体某个设备的信息,设备信息中包括:设备的序列号、型号、fw版本号信息以字符数组形式保持,不是字符串形式。 | + | ublock_get_bdev_by_esn | 进程通过调用该接口,根据给定的ESN号获取对应设备的信息,设备信息中:序列号、型号、fw版本号。 | + | ublock_get_SMART_info | 进程通过调用本接口获取指定设备的SMART信息。 | + | ublock_get_SMART_info_by_esn | 进程通过调用本接口获取ESN号对应设备的SMART信息。 | + | ublock_get_error_log_info | 进程通过调用本接口获取设备的Error log信息。 | + | ublock_get_log_page | 进程通过调用本接口获取指定设备,指定log page的信息。 | + +4. 对于块设备列表,在获取相应信息后需要调用以下接口进行资源释放。 + + | 接口名称 | 功能描述 | + | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | + | ublock_free_bdevs | 进程通过调用本接口释放设备列表。 | + | ublock_free_bdev | 进程通过调用本接口释放设备资源。 | + +5. 最后如果退出程序,则需要销毁HSAK ublock模块(服务端和客户端销毁方法相同)。 + + | 接口名称 | 功能描述 | + | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | + | ublock_fini | 销毁ublock功能模块,本接口将销毁ublock模块以及内部创建的资源,本接口同ublock初始化接口需要配对使用。 | + +### 日志管理 + +HSAK的日志当前是通过syslog默认输出到/var/log/messages中,由操作系统的rsyslog服务管理。如果您需要自定义日志目录,可以通过rsyslog配置。 + +1. 首先需要在配置文件/etc/rsyslog.conf中增加如下修改: + + ```shell + if ($programname == 'LibStorage') then { + action(type="omfile" fileCreateMode="0600" file="/var/log/HSAK/run.log") + stop + } + ``` + +2. 重启rsyslog服务: + + ```shell + sysemctl restart rsyslog + ``` + +3. 启动HSAK进程,日志信息即重定向到对应目录。 + +4. 重定向日志如果需要转储,需要用户在/etc/logrotate.d/syslog文件中手动配置。 diff --git a/docs/zh/server/memory_storage/hsak/hsak_c_apis.md b/docs/zh/server/memory_storage/hsak/hsak_c_apis.md new file mode 100644 index 0000000000000000000000000000000000000000..e2a059eba4031808875fb287b924652b82d5297b --- /dev/null +++ b/docs/zh/server/memory_storage/hsak/hsak_c_apis.md @@ -0,0 +1,2538 @@ +# C接口 + +## 宏定义和枚举 + +### bdev_rw.h + +#### enum libstorage_ns_lba_size + +1. 原型 + + ```sh + enum libstorage_ns_lba_size + { + LIBSTORAGE_NVME_NS_LBA_SIZE_512 = 0x9, + LIBSTORAGE_NVME_NS_LBA_SIZE_4K = 0xc + }; + ``` + +2. 描述 + + 磁盘sector_size(数据)大小。 + +#### enum libstorage_ns_md_size + +1. 原型 + + ```shell + enum libstorage_ns_md_size + { + LIBSTORAGE_METADATA_SIZE_0 = 0, + LIBSTORAGE_METADATA_SIZE_8 = 8, + LIBSTORAGE_METADATA_SIZE_64 = 64 + }; + ``` + +2. 描述 + + 磁盘meta data(元数据) size大小。 + +3. 备注 + + - ES3000 V3(单端口)支持5种扇区类型的格式化(512+0,512+8,4K+64,4K,4K+8)。 + + - ES3000 V3(双端口)支持4种扇区类型的格式化(512+0,512+8,4K+64,4K)。 + + - ES3000 V5 支持5种扇区类型的格式化(512+0,512+8,4K+64,4K,4K+8)。 + + - Optane盘支持7种扇区类型的格式化(512+0,512+8,512+16,4K,4K+8,4K+64,4K+128)。 + +#### enum libstorage_ns_pi_type + +1. 原型 + + ```shell + enum libstorage_ns_pi_type + { + LIBSTORAGE_FMT_NVM_PROTECTION_DISABLE = 0x0, + LIBSTORAGE_FMT_NVM_PROTECTION_TYPE1 = 0x1, + LIBSTORAGE_FMT_NVM_PROTECTION_TYPE2 = 0x2, + LIBSTORAGE_FMT_NVM_PROTECTION_TYPE3 = 0x3, + }; + ``` + +2. 描述 + + 磁盘支持的保护类型。 + +3. 备注 + + ES3000仅支持保护类型0和保护类型3,Optane盘仅支持保护类型0和保护类型1。 + +#### enum libstorage_crc_and_prchk + +1. 原型 + + ```shell + enum libstorage_crc_and_prchk + { + LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK = 0x0, + LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK = 0x1, + LIBSTORAGE_LIB_CRC_AND_DISABLE_PRCHK = 0x2, + LIBSTORAGE_LIB_CRC_AND_ENABLE_PRCHK = 0x3, + #define NVME_NO_REF 0x4 + LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK_NO_REF = LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK | NVME_NO_REF, + LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK_NO_REF = LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK | NVME_NO_REF, + }; + ``` + +2. 描述 + + - LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK:应用层做CRC校验,HSAK不做CRC校验,关闭盘的CRC校验。 + + - LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK:应用层做CRC校验,HSAK不做CRC校验,开启盘的CRC校验。 + + - LIBSTORAGE_LIB_CRC_AND_DISABLE_PRCHK:应用层不做CRC校验,HSAK做CRC校验,关闭盘的CRC校验。 + + - LIBSTORAGE_LIB_CRC_AND_ENABLE_PRCHK:应用层不做CRC校验,HSAK做CRC校验,开启盘的CRC校验。 + + - LIBSTORAGE_APP_CRC_AND_DISABLE_PRCHK_NO_REF:应用层做CRC校验,HSAK不做CRC校验,关闭盘的CRC校验。对于PI TYPE为1的磁盘(Intel optane P4800),关闭盘的REF TAG校验。 + + - LIBSTORAGE_APP_CRC_AND_ENABLE_PRCHK_NO_REF:应用层做CRC校验,HSAK不做CRC校验,开启盘的CRC校验。对于PI TYPE为1的磁盘(Intel optane P4800),关闭盘的REF TAG校验。 + + - Intel optane P4800盘PI TYPE为1,默认会校验元数据区的CRC和REF TAG。 + + - Intel optane P4800盘的512+8格式支持DIF,4096+64格式不支持。 + + - ES3000 V3和ES3000 V5盘PI TYPE为3,默认只校验元数据区的CRC。 + + - ES3000 V3的512+8格式支持DIF,4096+64格式不支持。ES3000 V5的512+8和4096+64格式均支持DIF。 + +总结为如下: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
端到端校验方式ctrlflagCRC生成者写流程读流程
应用校验HSAK校验CRC盘校验CRC应用校验HSAK校验CRC盘校验CRC
半程保护0控制器XXXXXX
1控制器XXXXX
2控制器XXXXXX
3控制器XXXXX
全程保护0APPXXXX
1APPXX
2HSAKXXXX
3HSAKXX
+ +#### enum libstorage_print_log_level + +1. 原型 + + ```shell + enum libstorage_print_log_level + { + LIBSTORAGE_PRINT_LOG_ERROR, + LIBSTORAGE_PRINT_LOG_WARN, + LIBSTORAGE_PRINT_LOG_NOTICE, + LIBSTORAGE_PRINT_LOG_INFO, + LIBSTORAGE_PRINT_LOG_DEBUG, + }; + ``` + +2. 描述 + + SPDK日志打印级别:ERROR、WARN、NOTICE、INFO、DEBUG,分别对应配置文件中的0~4。 + +#### MAX_BDEV_NAME_LEN + +1. 原型 + + ```bash + #define MAX_BDEV_NAME_LEN 24 + ``` + +2. 描述 + + 块设备名最大长度限制。 + +#### MAX_CTRL_NAME_LEN + +1. 原型 + + ```bash + #define MAX_CTRL_NAME_LEN 16 + ``` + +2. 描述 + + 控制器名最大长度限制。 + +#### LBA_FORMAT_NUM + +1. 原型 + + ```bash + #define LBA_FORMAT_NUM 16 + ``` + +2. 描述 + + 控制器所支持的LBA格式数目。 + +#### LIBSTORAGE_MAX_DSM_RANGE_DESC_COUNT + +1. 原型 + + ```bash + #define LIBSTORAGE_MAX_DSM_RANGE_DESC_COUNT 256 + ``` + +2. 描述 + + 数据集管理命令中16字节集的最大数目。 + +#### ublock.h + +##### UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO + +1. 原型 + + ```bash + #define UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO 1 + ``` + +2. 描述 + + 用于定义uevent事件所对应的子系统是内核uio,在业务收到uevent事件时,通过该宏定义判断是否为需要处理的内核uio事件。 + + 数据结构struct ublock_uevent中成员int subsystem的值取值为UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO,当前仅此一个可选值。 + +##### UBLOCK_TRADDR_MAX_LEN + +1. 原型 + + ```bash + #define UBLOCK_TRADDR_MAX_LEN 256 + ``` + +2. 描述 + + 以"域:总线:设备.功能"(%04x:%02x:%02x.%x)格式表示的PCI地址字符串的最大长度,其实实际长度远小于256字节。 + +##### UBLOCK_PCI_ADDR_MAX_LEN + +1. 原型 + + ```bash + #define UBLOCK_PCI_ADDR_MAX_LEN 256 + ``` + +2. 描述 + + PCI地址字符串最大长度,实际长度远小于256字节;此处PCI地址格式可能的形式为: + + - 全地址:%x:%x:%x.%x 或 %x.%x.%x.%x。 + + - 功能值为0:%x:%x:%x。 + + - 域值为0:%x:%x.%x 或 %x.%x.%x。 + + - 域和功能值为0:%x:%x 或 %x.%x。 + +##### UBLOCK_SMART_INFO_LEN + +1. 原型 + + ```bash + #define UBLOCK_SMART_INFO_LEN 512 + ``` + +2. 描述 + + 获取NVMe盘SMART信息结构体的大小,为512字节。 + +##### enum ublock_rpc_server_status + +1. 原型 + + ```bash + enum ublock_rpc_server_status { + // start rpc server or not + UBLOCK_RPC_SERVER_DISABLE = 0, + UBLOCK_RPC_SERVER_ENABLE = 1, + }; + ``` + +2. 描述 + + 用于表示HSAK内部RPC服务状态,启用或关闭。 + +##### enum ublock_nvme_uevent_action + +1. 原型 + + ```bash + enum ublock_nvme_uevent_action { + UBLOCK_NVME_UEVENT_ADD = 0, + UBLOCK_NVME_UEVENT_REMOVE = 1, + UBLOCK_NVME_UEVENT_INVALID, + }; + ``` + +2. 描述 + + 用于表示uevent热插拔事件是插入硬盘还是移除硬盘。 + +##### enum ublock_subsystem_type + +1. 原型 + + ```bash + enum ublock_subsystem_type { + SUBSYSTEM_UIO = 0, + SUBSYSTEM_NVME = 1, + SUBSYSTEM_TOP + }; + ``` + +2. 描述 + + 指定回调函数类型,用于区分产品注册回调函数时是针对于uio驱动还是针对于内核nvme驱动。 + +### 数据结构 + +#### bdev_rw.h + +##### struct libstorage_namespace_info + +1. 原型 + + ```bash + struct libstorage_namespace_info + { + char name[MAX_BDEV_NAME_LEN]; + uint64_t size; /** namespace size in bytes */ + uint64_t sectors; /** number of sectors */ + uint32_t sector_size; /** sector size in bytes */ + uint32_t md_size; /** metadata size in bytes */ + uint32_t max_io_xfer_size; /** maximum i/o size in bytes */ + uint16_t id; /** namespace id */ + uint8_t pi_type; /** end-to-end data protection information type */ + uint8_t is_active :1; /** namespace is active or not */ + uint8_t ext_lba :1; /** namespace support extending LBA size or not */ + uint8_t dsm :1; /** namespace supports Dataset Management or not */ + uint8_t pad :3; + uint64_t reserved; + }; + ``` + +2. 描述 + + 该数据结构中包含硬盘namespace相关信息。 + +3. 结构体成员 + + | **成员** | 描述 | + |------------------------------|------------------------------------------------| + | char name[MAX_BDEV_NAME_LEN] | Namespace名字 | + | uint64_t size | 该namespace所分配的硬盘大小,字节为单位 | + | uint64_t sectors | 扇区数 | + | uint32_t sector_size | 每扇区大小,字节为单位 | + | uint32_t md_size | Metadata大小,字节为单位 | + | uint32_t max_io_xfer_size | 最大允许的单次IO操作数据大小,字节为单位 | + | uint16_t id | Namespace ID | + | uint8_t pi_type | 数据保护类型,取值自enum libstorage_ns_pi_type | + | uint8_t is_active :1 | Namespace是否激活 | + | uint8_t ext_lba :1 | Namespace是否支持扩展LBA | + | uint8_t dsm :1 | Namespace是否支持数据集管理 | + | uint8_t pad :3 | 保留字段 | + | uint64_t reserved | 保留字段 | + +##### struct libstorage_nvme_ctrlr_info + +1. 原型 + + ```bash + struct libstorage_nvme_ctrlr_info + { + char name[MAX_CTRL_NAME_LEN]; + char address[24]; + struct + { + uint32_t domain; + uint8_t bus; + uint8_t dev; + uint8_t func; + } pci_addr; + uint64_t totalcap; /* Total NVM Capacity in bytes */ + uint64_t unusecap; /* Unallocated NVM Capacity in bytes */ + int8_t sn[20]; /* Serial number */ + uint8_t fr[8]; /* Firmware revision */ + uint32_t max_num_ns; /* Number of namespaces */ + uint32_t version; + uint16_t num_io_queues; /* num of io queues */ + uint16_t io_queue_size; /* io queue size */ + uint16_t ctrlid; /* Controller id */ + uint16_t pad1; + struct + { + struct + { + /** metadata size */ + uint32_t ms : 16; + /** lba data size */ + uint32_t lbads : 8; + uint32_t reserved : 8; + } lbaf[LBA_FORMAT_NUM]; + uint8_t nlbaf; + uint8_t pad2[3]; + uint32_t cur_format : 4; + uint32_t cur_extended : 1; + uint32_t cur_pi : 3; + uint32_t cur_pil : 1; + uint32_t cur_can_share : 1; + uint32_t mc_extented : 1; + uint32_t mc_pointer : 1; + uint32_t pi_type1 : 1; + uint32_t pi_type2 : 1; + uint32_t pi_type3 : 1; + uint32_t md_start : 1; + uint32_t md_end : 1; + uint32_t ns_manage : 1; /* Supports the Namespace Management and Namespace Attachment commands */ + uint32_t directives : 1; /* Controller support Directives or not */ + uint32_t streams : 1; /* Controller support Streams Directives or not */ + uint32_t dsm : 1; /* Controller support Dataset Management or not */ + uint32_t reserved : 11; + } cap_info; + }; + ``` + +2. 描述 + + 该数据结构中包含硬盘控制器相关信息。 + +3. 结构体成员 + + | **成员** | **描述** | + |----------|----------| + | char name[MAX_CTRL_NAME_LEN] | 控制器名字 | + | char address[24] | PCI地址,字符串形式 | + | struct
{
uint32_t domain;
uint8_t bus;
uint8_t dev;
uint8_t func;
} pci_addr | PCI地址,分段形式 | + | uint64_t totalcap | 控制器的总容量大小(字节为单位)Optane盘基于NVMe 1.0协议,不支持该字段 | + | uint64_t unusecap | 控制器未使用的容量大小(字节为单位)Optane盘基于NVMe 1.0协议,不支持该字段 | + | int8_t sn[20]; | 硬盘序列号。不带'0'的ASCII字符串 | + | uint8_t fr[8]; | 硬盘firmware版本号。不带'0'的ASCII字符串 | + | uint32_t max_num_ns | 最大允许的namespace数 | + | uint32_t version | 控制器支持的NVMe标准协议版本号 | + | uint16_t num_io_queues | 硬盘支持的IO队列数量 | + | uint16_t io_queue_size | IO队列最大深度 | + | uint16_t ctrlid | 控制器ID | + | uint16_t pad1 | 保留字段 | + +struct cap_info子结构体成员: + + | **成员** | **描述** | + |-----------------------------------|------------------------------------| + | struct
{
uint32_t ms : 16;
uint32_t lbads : 8;
uint32_t reserved : 8;
}lbaf[LBA_FORMAT_NUM] | ms:元数据大小,最小为8字节
lbads:指示LBA大小为2^lbads,lbads不小于9 | + | uint8_t nlbaf | 控制器所支持的LBA格式数 | + | uint8_t pad2[3] | 保留字段 | + | uint32_t cur_format : 4 | 控制器当前的LBA格式 | + | uint32_t cur_extended : 1 | 控制器当前是否支持扩展型LBA | + | uint32_t cur_pi : 3 | 控制器当前的保护类型 | + | uint32_t cur_pil : 1 | 控制器当前的PI(保护信息)位于元数据的first eight bytes或者last eight bytes | + | uint32_t cur_can_share : 1 | namespace是否支持多路径传输 | + | uint32_t mc_extented : 1 | 元数据是否作为数据缓冲区的一部分进行传输 | + | uint32_t mc_pointer : 1 | 元数据是否与数据缓冲区分离 | + | uint32_t pi_type1 : 1 | 控制器是否支持保护类型一 | + | uint32_t pi_type2 : 1 | 控制器是否支持保护类型二 | + | uint32_t pi_type3 : 1 | 控制器是否支持保护类型三 | + | uint32_t md_start : 1 | 控制器是否支持PI(保护信息)位于元数据的first eight bytes | + | uint32_t md_end : 1 | 控制器是否支持PI(保护信息)位于元数据的last eight bytes | + | uint32_t ns_manage : 1 | 控制器是否支持namespace管理 | + | uint32_t directives : 1 | 是否支持Directives命令集 | + | uint32_t streams : 1 | 是否支持Streams Directives | + | uint32_t dsm : 1 | 是否支持Dataset Management命令 | + | uint32_t reserved : 11 | 保留字段 | + +##### struct libstorage_dsm_range_desc + +1. 原型 + + ```bash + struct libstorage_dsm_range_desc + { + /* RESERVED */ + uint32_t reserved; + + /* NUMBER OF LOGICAL BLOCKS */ + uint32_t block_count; + + /* UNMAP LOGICAL BLOCK ADDRESS */uint64_t lba;}; + ``` + +2. 描述 + + 数据管理命令集中单个16字节集的定义。 + +3. 结构体成员 + + | **成员** | **描述** | + |----------------------|--------------| + | uint32_t reserved | 保留字段 | + | uint32_t block_count | 单位LBA的数量 | + | uint64_t lba | 起始LBA | + +##### struct libstorage_ctrl_streams_param + +1. 原型 + + ```bash + struct libstorage_ctrl_streams_param + { + /* MAX Streams Limit */ + uint16_t msl; + + /* NVM Subsystem Streams Available */ + uint16_t nssa; + + /* NVM Subsystem Streams Open */uint16_t nsso; + + uint16_t pad; + }; + ``` + +2. 描述 + + NVMe盘支持的Streams属性值。 + +3. 结构体成员 + + | **成员** | **描述** | + |---------------|--------------------------------------| + | uint16_t msl | 硬盘支持的最大Streams资源数 | + | uint16_t nssa | 每个NVM子系统可使用的Streams资源数 | + | uint16_t nsso | 每个NVM子系统已经使用的Streams资源数 | + | uint16_t pad | 保留字段 | + +##### struct libstorage_bdev_streams_param + +1. 原型 + + ```bash + struct libstorage_bdev_streams_param + { + /* Stream Write Size */ + uint32_t sws; + + /* Stream Granularity Size */ + uint16_t sgs; + + /* Namespace Streams Allocated */ + uint16_t nsa; + + /* Namespace Streams Open */ + uint16_t nso; + + uint16_t reserved[3]; + }; + ``` + +2. 描述 + + Namespace的Streams属性值。 + +3. 结构体成员 + + |**成员** | **描述** | + |-------------------------|---------------------------------| + |uint32_t sws |性能最优的写粒度,单位:sectors| + |uint16_t sgs |Streams分配的写粒度,单位:sws| + |uint16_t nsa |Namespace可使用的私有Streams资源数| + |uint16_t nso |Namespace已使用的私有Streams资源数| + |uint16_t reserved[3] |保留字段| + +##### struct libstorage_mgr_info + +1. 原型 + + ```bash + struct libstorage_mgr_info + { + char pci[24]; + char ctrlName[MAX_CTRL_NAME_LEN]; + uint64_t sector_size; + uint64_t cap_size; + uint16_t device_id; + uint16_t subsystem_device_id; + uint16_t vendor_id; + uint16_t subsystem_vendor_id; + uint16_t controller_id; + int8_t serial_number[20]; + int8_t model_number[40]; + uint8_t firmware_revision[8]; + }; + ``` + +2. 描述 + + 磁盘管理信息(与管理面使用的磁盘信息一致)。 + +3. 结构体成员 + + |**成员** | **描述**| + |-------------------------|------------------------------------| + |char pci[24] 磁盘PCI地址字符串| + |char ctrlName[MAX_CTRL_NAME_LEN] |磁盘控制器名字符串| + |uint64_t sector_size |磁盘扇区大小| + |uint64_t cap_size |磁盘容量,单位:字节| + |uint16_t device_id |磁盘设备ID| + |uint16_t subsystem_device_id |磁盘子系统设备ID| + |uint16­_t vendor_id |磁盘厂商ID| + |uint16_t subsystem_vendor_id |磁盘子系统厂商ID| + |uint16_t controller_id |磁盘控制器ID| + |int8_t serial_number[20] |磁盘序列号| + |int8_t model_number[40] |设备型号| + |uint8_t firmware_revision[8] |固件版本号| + +##### struct __attribute__((packed)) libstorage_smart_info + +1. 原型 + + ```bash + /* same with struct spdk_nvme_health_information_page in nvme_spec.h */ + struct __attribute__((packed)) libstorage_smart_info { + /* details of uint8_t critical_warning + + union spdk_nvme_critical_warning_state { + + uint8_t raw; + * + + struct { + + uint8_t available_spare : 1; + + uint8_t temperature : 1; + + uint8_t device_reliability : 1; + + uint8_t read_only : 1; + + uint8_t volatile_memory_backup : 1; + + uint8_t reserved : 3; + + } bits; + + }; + */ + uint8_t critical_warning; + uint16_t temperature; + uint8_t available_spare; + uint8_t available_spare_threshold; + uint8_t percentage_used; + uint8_t reserved[26]; + + /* + + Note that the following are 128-bit values, but are + + defined as an array of 2 64-bit values. + */ + /* Data Units Read is always in 512-byte units. */ + uint64_t data_units_read[2]; + /* Data Units Written is always in 512-byte units. */ + uint64_t data_units_written[2]; + /* For NVM command set, this includes Compare commands. */ + uint64_t host_read_commands[2]; + uint64_t host_write_commands[2]; + /* Controller Busy Time is reported in minutes. */ + uint64_t controller_busy_time[2]; + uint64_t power_cycles[2]; + uint64_t power_on_hours[2]; + uint64_t unsafe_shutdowns[2]; + uint64_t media_errors[2]; + uint64_t num_error_info_log_entries[2]; + /* Controller temperature related. */ + uint32_t warning_temp_time; + uint32_t critical_temp_time; + uint16_t temp_sensor[8]; + uint8_t reserved2[296]; + }; + ``` + +2. 描述 + + 该数据结构定义了硬盘SMART INFO信息内容。 + +3. 结构体成员 + + | **成员** | **描述(具体可以参考NVMe协议)** | + |-----------------------------------|------------------------------------| + | uint8_t critical_warning | 该域表示控制器状态的重要的告警,bit位设置为1表示有效,可以设置
多个bit位有效。重要的告警信息通过异步事件返回给主机端。
Bit0:设置为1时表示冗余空间小于设定的阈值
Bit1:设置为1时表示温度超过或低于一个重要的阈值
Bit2:设置为1时表示由于重要的media错误或者internal error,器件的可靠性已经降低。
Bit3:设置为1时,该介质已经被置为只读模式。
Bit4:设置为1时,表示控制器的易失性器件fail,该域仅在控制器内部存在易失性器件时有效。
Bit 5~7:保留 | + | uint16_t temperature | 表示整个器件的温度,单位为Kelvin。 | + | uint8_t available_spare | 表示可用冗余空间的百分比(0到100%)。 | + | uint8_t available_spare_threshold | 可用冗余空间的阈值,低于该阈值时上报异步事件。 | + | uint8_t percentage_used | 该值表示用户实际使用和厂家设定的器件寿命的百分比,100表示已经达
到厂家预期的寿命,但可能不会失效,可以继续使用。该值允许大于100
,高于254的值都会被置为255。 | + | uint8_t reserved[26] | 保留 | + | uint64_t data_units_read[2] | 该值表示主机端从控制器中读走的512字节数目,其中1表示读走100
0个512字节,该值不包括metadata。当LBA大小不为512
B时,控制器将其转换成512B进行计算。16进制表示。 | + | uint64_t data_units_written[2] | 该值表示主机端写入控制器中的512字节数目,其中1表示写入1000
个512字节,该值不包括metadata。当LBA大小不为512B
时,控制器将其转换成512B进行计算。16进制表示。 | + | uint64_t host_read_commands[2] | 表示下发到控制器的读命令的个数。 | + | uint64_t host_write_commands[2] | 表示下发到控制器的写命令的个数 | + | uint64_t controller_busy_time[2] | 表示控制器处理I/O命令的busy时间,从命令下发SQ到完成命令返回到CQ的整个过程都为busy。该值以分钟为单位。 | + | uint64_t power_cycles[2] | 上下电次数。 | + | uint64_t power_on_hours[2] | power-on时间小时数。 | + | uint64_t unsafe_shutdowns[2] | 异常关机次数,掉电时仍未接收到CC.SHN时该值加1。 | + | uint64_t media_errors[2] | 表示控制器检测到不可恢复的数据完整性错误的次数,
其中包括不可纠的ECC错误,CRC错误,LBA tag不匹配。 | + | uint64_t num_error_info_log_entries[2] | 该域表示控制器生命周期内的错误信息日志的entry数目。 | + | uint32_t warning_temp_time | 温度超过warning告警值的累积时间,单位分钟。 | + | uint32_t critical_temp_time | 温度超过critical告警值的累积时间,单位分钟。 | + | uint16_t temp_sensor[8] | 温度传感器1~8的温度值,单位Kelvin。 | + | uint8_t reserved2[296] | 保留 | + +##### libstorage_dpdk_contig_mem + +1. 原型 + + ```bash + struct libstorage_dpdk_contig_mem { + uint64_t virtAddr; + uint64_t memLen; + uint64_t allocLen; + }; + ``` + +2. 描述 + + DPDK内存初始化之后,通知业务层初始化完成的回调函数参数中描述一段连续虚拟内存的信息。 + + 当前HSAK预留了800M内存,其他内存通过该结构体中的allocLen返回给业务层,用于业务层申请内存自行管理。 + + HSAK需要预留的总内存是800M左右,每一个内存段上预留的内存是根据环境的NUMA节点数来计算的。在NUMA节点过多时,每个内存段上预留的内存过小,会导致HSAK初始化失败。因此HSAK只支持最多4个NUMA节点的环境。 + +3. 结构体成员 + + | **成员** | **描述** | + |--------------------|----------------------| + |uint64_t virtAddr |虚拟内存起始地址。| + |uint64_t memLen |虚拟内存长度,单位:字节。| + |uint64_t allocLen |该内存段中可用的内存长度,单位:字节。| + +##### struct libstorage_dpdk_init_notify_arg + +1. 原型 + + ```bash + struct libstorage_dpdk_init_notify_arg { + uint64_t baseAddr; + uint16_t memsegCount; + struct libstorage_dpdk_contig_mem *memseg; + }; + ``` + +2. 描述 + + 用于DPDK内存初始化之后,通知业务层初始化完成的回调函数参数,表示所有虚拟内存段信息。 + +3. 结构体成员 + + | **成员** | **描述**| + |------------------------|-----------------------| + |uint64_t baseAddr |虚拟内存起始地址。| + |uint16_t memsegCount |有效的'memseg'数组成员个数,即连续的虚拟内存段的段数。| + |struct libstorage_dpdk_contig_mem *memseg |指向内存段数组的指针,每个数组元素都是一段连续的虚拟内存,两两元素之间是不连续的。| + +##### struct libstorage_dpdk_init_notify + +1. 原型 + + ```bash + struct libstorage_dpdk_init_notify { + const char *name; + void (*notifyFunc)(const struct libstorage_dpdk_init_notify_arg *arg); + TAILQ_ENTRY(libstorage_dpdk_init_notify) tailq; + }; + ``` + +2. 描述 + + 用于DPDK内存初始化之后,通知业务层回调函数注册的结构体。 + +3. 结构体成员 + + | **成员** | **描述**| + |-------------------------------|--------------------------| + |const char *name |注册的回调函数的业务层模块名字。| + |void (*notifyFunc)(const struct libstorage_dpdk_init_notify_arg *arg) |DPDK内存初始化之后,通知业务层初始化完成的回调函数参数。| + |TAILQ_ENTRY(libstorage_dpdk_init_notify) tailq |存放回调函数注册的链表。| + +#### ublock.h + +##### struct ublock_bdev_info + +1. 原型 + + ```bash + struct ublock_bdev_info { + uint64_t sector_size; + uint64_t cap_size; // cap_size + uint16_t device_id; + uint16_t subsystem_device_id; // subsystem device id of nvme control + uint16_t vendor_id; + uint16_t subsystem_vendor_id; + uint16_t controller_id; + int8_t serial_number[20]; + int8_t model_number[40]; + int8_t firmware_revision[8]; + }; + ``` + +2. 描述 + + 该数据结构中包含硬盘设备信息。 + +3. 结构体成员 + + | **成员** | **描述**| + |------------------|------------| + |uint64_t sector_size |硬盘扇区大小,比如512字节 | + |uint64_t cap_size |硬盘总容量,字节为单位 | + |uint16_t device_id |设备id号 | + |uint16_t subsystem_device_id |子系统的设备id号 | + |uint16_t vendor_id |设备厂商主id号 | + |uint16_t subsystem_vendor_id |设备厂商子id号 | + |uint16_t controller_id |设备控制器id号 | + |int8_t serial_number[20] |设备序列号 | + |int8_t model_number[40] |设备型号 | + |int8_t firmware_revision[8] |固件版本号 | + +##### struct ublock_bdev + +1. 原型 + + ```bash + struct ublock_bdev { + char pci[UBLOCK_PCI_ADDR_MAX_LEN]; + struct ublock_bdev_info info; + struct spdk_nvme_ctrlr *ctrlr; + TAILQ_ENTRY(ublock_bdev) link; + }; + ``` + +2. 描述 + + 该数据结构中包含指定PCI地址的硬盘信息,而结构本身为队列的一个节点。 + +3. 结构体成员 + + |**成员** | **描述** | + |-----------------------------------|----------------------------------------------------------------------------------------------------| + |char pci[UBLOCK_PCI_ADDR_MAX_LEN] | PCI地址 | + |struct ublock_bdev_info info | 硬盘设备信息 | + |struct spdk_nvme_ctrlr *ctrlr | 设备控制器数据结构,该结构体内成员不对外开放,外部业务可通过SPDK开源接口获取相应成员数据。 | + |TAILQ_ENTRY(ublock_bdev) link | 队列前后指针结构体 | + +##### struct ublock_bdev_mgr + +1. 原型 + + ```bash + struct ublock_bdev_mgr { + TAILQ_HEAD(, ublock_bdev) bdevs; + }; + ``` + +2. 描述 + + 该数据结构内定义了一个ublock_bdev队列的头结构。 + +3. 结构体成员 + + |**成员** | **描述** | + |---------------------------------|------------------| + |TAILQ_HEAD(, ublock_bdev) bdevs; | 队列头结构体 | + +##### struct __attribute__((packed)) ublock_SMART_info + +1. 原型 + + ```bash + struct __attribute__((packed)) ublock_SMART_info { + uint8_t critical_warning; + uint16_t temperature; + uint8_t available_spare; + uint8_t available_spare_threshold; + uint8_t percentage_used; + uint8_t reserved[26]; + /* + + Note that the following are 128-bit values, but are + + defined as an array of 2 64-bit values. + */ + /* Data Units Read is always in 512-byte units. */ + uint64_t data_units_read[2]; + /* Data Units Written is always in 512-byte units. */ + uint64_t data_units_written[2]; + /* For NVM command set, this includes Compare commands. */ + uint64_t host_read_commands[2]; + uint64_t host_write_commands[2]; + /* Controller Busy Time is reported in minutes. */ + uint64_t controller_busy_time[2]; + uint64_t power_cycles[2]; + uint64_t power_on_hours[2]; + uint64_t unsafe_shutdowns[2]; + uint64_t media_errors[2]; + uint64_t num_error_info_log_entries[2]; + /* Controller temperature related. */ + uint32_t warning_temp_time; + uint32_t critical_temp_time; + uint16_t temp_sensor[8]; + uint8_t reserved2[296]; + }; + ``` + +2. 描述 + + 该数据结构定义了硬盘SMART INFO信息内容。 + +3. 结构体成员 + + | **成员** | **描述(具体可以参考NVMe协议)** | + |-----------------------------------|-----------------------------------| + | uint8_t critical_warning | 该域表示控制器状态的重要的告警,bit位设置为1表示有效,可以设置
多个bit位有效。重要的告警信息通过异步事件返回给主机端。
Bit0:设置为1时表示冗余空间小于设定的阈值
Bit1:设置为1时表示温度超过或低于一个重要的阈值
Bit2:设置为1时表示由于重要的media错误或者internal error,器件的可靠性已经降低。
Bit3:设置为1时,该介质已经被置为只读模式。
Bit4:设置为1时,表示控制器的易失性器件fail,该域仅在控制器内部存在易失性器件时有效。
Bit 5~7:保留 | + | uint16_t temperature | 表示整个器件的温度,单位为Kelvin。 | + | uint8_t available_spare | 表示可用冗余空间的百分比(0到100%)。 | + | uint8_t available_spare_threshold | 可用冗余空间的阈值,低于该阈值时上报异步事件。 | + | uint8_t percentage_used | 该值表示用户实际使用和厂家设定的器件寿命的百分比,100表示已经达
到厂家预期的寿命,但可能不会失效,可以继续使用。该值允许大于100
,高于254的值都会被置为255。 | + | uint8_t reserved[26] | 保留 | + | uint64_t data_units_read[2] | 该值表示主机端从控制器中读走的512字节数目,其中1表示读走100
0个512字节,该值不包括metadata。当LBA大小不为512B
时,控制器将其转换成512B进行计算。16进制表示。 | + | uint64_t data_units_written[2] | 该值表示主机端写入控制器中的512字节数目,其中1表示写入1000
个512字节,该值不包括metadata。当LBA大小不为512B
时,控制器将其转换成512B进行计算。16进制表示。 | + | uint64_t host_read_commands[2] | 表示下发到控制器的读命令的个数。 | + | uint64_t host_write_commands[2] | 表示下发到控制器的写命令的个数 | + | uint64_t controller_busy_time[2] | 表示控制器处理I/O命令的busy时间,从命令下发SQ到完成命令返回到CQ的整个过程都为busy。该值以分钟为单位。| + | uint64_t power_cycles[2] | 上下电次数。 | + | uint64_t power_on_hours[2] | power-on时间小时数。 | + | uint64_t unsafe_shutdowns[2] | 异常关机次数,掉电时仍未接收到CC.SHN时该值加1。 | + | uint64_t media_errors[2] | 表示控制器检测到不可恢复的数据完整性错误的次数,其中包括不可纠的E
CC错误,CRC错误,LBA
tag不匹配。 | + | uint64_t num_error_info_log_entries[2] | 该域表示控制器生命周期内的错误信息日志的entry数目。 | + | uint32_t warning_temp_time | 温度超过warning告警值的累积时间,单位分钟。 | + | uint32_t critical_temp_time | 温度超过critical告警值的累积时间,单位分钟。 | + | uint16_t temp_sensor[8] | 温度传感器1~8的温度值,单位Kelvin。 | + | uint8_t reserved2[296] | 保留 | + +##### struct ublock_nvme_error_info + +1. 原型 + + ```bash + struct ublock_nvme_error_info { + uint64_t error_count; + uint16_t sqid; + uint16_t cid; + uint16_t status; + uint16_t error_location; + uint64_t lba; + uint32_t nsid; + uint8_t vendor_specific; + uint8_t reserved[35]; + }; + ``` + +2. 描述 + + 该数据结构中包含设备控制器中单条错误信息具体内容,不同控制器可支持的错误条数可能不同。 + +3. 结构体成员 + + |**成员** | **描述(具体可以参考NVMe协议)** | + |------------------------|----------------------------------------------------------------------------------------------------------------------------------------| + |uint64_t error_count | Error序号,累增。 | + |uint16_t sqid | 此字段指示与错误信息关联的命令的提交队列标识符。如果错误无法关联特定命令,则该字段应设置为FFFFh。 | + |uint16_t cid | 此字段指示与错误信息关联的命令标识符。如果错误无法关联特定命令,则该字段应设置为FFFFh。 | + |uint16_t status | 此字段指示已完成命令的"状态字段"。 | + |uint16_t error_location | 此字段指示与错误信息关联的命令参数。 | + |uint64_t lba | 该字段表示遇到错误情况的第一个LBA。 | + |uint32_t nsid | 该字段表示遇到错误情况的namespace。 | + |uint8_t vendor_specific | 如果有其他供应商特定的错误信息可用,则此字段提供与该页面关联的日志页面标识符。 值00h表示没有可用的附加信息。有效值的范围为80h至FFh。 | + |uint8_t reserved[35] | 保留 | + +##### struct ublock_uevent + +1. 原型 + + ```bash + struct ublock_uevent { + enum ublock_nvme_uevent_action action; + int subsystem; + char traddr[UBLOCK_TRADDR_MAX_LEN + 1]; + }; + ``` + +2. 描述 + + 该数据结构中包含用于表示uevent事件的相关参数。 + +3. 结构体成员 + + | **成员** | **描述** | + |----------------------------------------|-------------------------------------------------------------------------------------------------------------------------| + | enum ublock_nvme_uevent_action action | 通过枚举,表示uevent事件类型为插入硬盘,还是移除硬盘。 | + | int subsystem | 表示uevent事件的子系统类型,当前仅支持UBLOCK_NVME_UEVENT_SUBSYSTEM_UIO,如果应用程序收到其他值,则可不处理。 | + | char traddr[UBLOCK_TRADDR_MAX_LEN + 1] | 以"域:总线:设备.功能"(%04x:%02x:%02x.%x)格式表示的PCI地址字符串。 | + +##### struct ublock_hook + +1. 原型 + + ```bash + struct ublock_hook + { + ublock_callback_func ublock_callback; + void *user_data; + }; + ``` + +2. 描述 + + 该数据结构用于注册回调函数。 + +3. 结构体成员 + + | **成员** | **描述** | + |---------------------------------------|---------------------------------------------------------------------------| + | ublock_callback_func ublock_callback | 表示回调时执行的函数,类型为bool func(void *info, void *user_data). | + | void *user_data | 传给回调函数的用户参数 | + +##### struct ublock_ctrl_iostat_info + +1. 原型 + + ```bash + struct ublock_ctrl_iostat_info + { + uint64_t num_read_ops; + uint64_t num_write_ops; + uint64_t read_latency_ms; + uint64_t write_latency_ms; + uint64_t io_outstanding; + uint64_t num_poll_timeout; + uint64_t io_ticks_ms; + }; + ``` + +2. 描述 + + 该数据结构用于获取控制器的IO统计信息。 + +3. 结构体成员 + + | **成员** | **描述** | + |-----------------------------|---------------------------------------------| + | uint64_t num_read_ops | 获取的该控制器的读IO个数(累加值) | + | uint64_t num_write_ops | 获取的该控制器的写IO个数(累加值) | + | uint64_t read_latency_ms | 获取的该控制器的读时延(累加值,ms) | + | uint64_t write_latency_ms | 获取的该控制器的写时延(累加值,ms) | + | uint64_t io_outstanding | 获取的该控制器的队列深度 | + | uint64_t num_poll_timeout | 获取的该控制器的轮询超时次数(累加值) | + | uint64_t io_ticks_ms | 获取的该控制器的IO处理时延(累加值,ms) | + +### API + +#### bdev_rw.h + +##### libstorage_get_nvme_ctrlr_info + +1. 接口原型 + + uint32_t libstorage_get_nvme_ctrlr_info(struct libstorage_nvme_ctrlr_info** ppCtrlrInfo); + +2. 接口描述 + + 获取所有控制器信息。 + +3. 参数 + + | **参数成员** | **描述** | + |-----------------------------------|-----------------------------------| + | struct libstorage_nvme_ctrlr_info** ppCtrlrInfo| 出参,返回所有获取到的控制器信息。
说明:
使用后务必通过free接口释放内存。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|----------------------------------------------| + | 0 | 控制器信息获取失败,或未获取到任何控制器信息 | + | 大于0 | 获取到的控制器个数 | + +##### libstorage_get_mgr_info_by_esn + +1. 接口原型 + + ```bash + int32_t libstorage_get_mgr_info_by_esn(const char *esn, struct libstorage_mgr_info *mgr_info); + ``` + +2. 接口描述 + + 数据面获取设备序列号(ESN)对应的NVMe磁盘的管理信息。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------------------|----------------------------------------------| + | const char *esn | 被查询设备的ESN号
说明:
ESN号是最大有效长度为20的字符串(不包括字符串结束符),但该长
度根据不同硬件厂商可能存在差异,如不足20字符,需要在字符串末尾加
空格补齐。 | + | struct libstorage_mgr_info *mgr_info | 出参,返回所有获取到的NVMe磁盘管理信息。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|------------------------------------------| + | 0 | 查询ESN对应的NVMe磁盘管理信息成功。 | + | -1 | 查询ESN对应的NVMe磁盘管理信息失败。 | + | -2 | 未获取到任何匹配ESN的NVMe磁盘。 | + +##### libstorage_get_mgr_smart_by_esn + +1. 接口原型 + + ```bash + int32_t libstorage_get_mgr_smart_by_esn(const char *esn, uint32_t nsid, struct libstorage_smart_info *mgr_smart_info); + ``` + +2. 接口描述 + + 数据面获取设备序列号(ESN)对应的NVMe磁盘的SMART信息。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------------------|------------------------------------------| + | const char *esn | 被查询设备的ESN号
说明:
ESN号是最大有效长度为20的字符串(不包括字符串结束符),但该长
度根据不同硬件厂商可能存在差异,如不足20字符,需要在字符串末尾加
空格补齐。 | + | uint32_t nsid | 指定的namespace | + | struct libstorage_mgr_info *mgr_info | 出参,返回所有获取到的NVMe磁盘SMART信息。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|---------------------------------------| + | 0 | 查询ESN对应的NVMe磁盘SMART信息成功。 | + | -1 | 查询ESN对应的NVMe磁盘SMART信息失败。 | + | -2 | 未获取到任何匹配ESN的NVMe磁盘。 | + +##### libstorage_get_bdev_ns_info + +1. 接口原型 + + ```bash + uint32_t libstorage_get_bdev_ns_info(const char* bdevName, struct libstorage_namespace_info** ppNsInfo); + ``` + +2. 接口描述 + + 根据设备名称,获取namespace信息。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------------------|---------------------------------------| + | const char* bdevName | 设备名称 | + | struct libstorage_namespace_info** ppNsInfo | 出参,返回namespace信息。
说明
使用后务必通过free接口释放内存。 | + +4. 返回值 + + | **返回值**| **描述** | + |------------|---------------| + | 0 | 获取失败 | + | 1 | 获取成功 | + +##### libstorage_get_ctrl_ns_info + +1. 接口原型 + + ```bash + uint32_t libstorage_get_ctrl_ns_info(const char* ctrlName, struct libstorage_namespace_info** ppNsInfo); + ``` + +2. 接口描述 + + 根据控制器名称,获取所有namespace信息。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------------------|---------------------------------------| + | const char* ctrlName | 控制器名称 | + | struct libstorage_namespace_info** ppNsInfo| 出参,返回所有namespace信息。
说明
使用后务必通过free接口释放内存。 | + +4. 返回值 + + | **返回值**| **描述** | + |------------|-------------------------------------------| + | 0 | 获取失败,或未获取到任何namespace信息 | + | 大于0 | 获取到的namespace个数 | + +##### libstorage_create_namespace + +1. 接口原型 + + ```bash + int32_t libstorage_create_namespace(const char* ctrlName, uint64_t ns_size, char** outputName); + ``` + +2. 接口描述 + + 在指定控制器上创建namespace(前提是控制器具有namespace管理能力)。 + + Optane盘基于NVMe 1.0协议,不支持namespace管理,因此不支持该接口的使用。 + + ES3000 V3和V5默认只支持一个namespace。在控制器上默认会存在一个namespace,如果要创建新的namespace,需要将原有namespace删除。 + +3. 参数 + + | **参数成员** | **描述** | + |--------------------------|-------------------------------------------| + | const char* ctrlName | 控制器名称 | + | uint64_t ns_size | 要创建的namespace大小(以sertor_size为单位) | + | char** outputName | 出参:创建的namespace名称
说明
使用后务必通过free接口释放内存。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-----------------------------------| + | 小于等于0 | 创建namespace失败 | + | 大于0 | 所创建的namespace编号(从1开始) | + +##### libstorage_delete_namespace + +1. 接口原型 + + ```bash + int32_t libstorage_delete_namespace(const char* ctrlName, uint32_t ns_id); + ``` + +2. 接口描述 + + 在指定控制器上删除namespace。Optane盘基于NVMe 1.0协议,不支持namespace管理,因此不支持该接口的使用。 + +3. 参数 + + | **参数成员** | **描述** | + |-----------------------|-------------------| + | const char* ctrlName | 控制器名字 | + | uint32_t ns_id | Namespace ID | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-------------------------------------------| + | 0 | 删除成功 | + | 非0 | 删除失败
说明
删除namespace前要求先停止IO相关动作,否则删除失败。 | + +##### libstorage_delete_all_namespace + +1. 接口原型 + + ```bash + int32_t libstorage_delete_all_namespace(const char* ctrlName); + ``` + +2. 接口描述 + + 删除指定控制器上所有namespace。Optane盘基于NVMe 1.0协议,不支持namespace管理,因此不支持该接口的使用。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------|----------------| + | const char* ctrlName |控制器名称 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-------------------------------------------| + | 0 | 删除成功 | + | 非0 | 删除失败
说明
删除namespace前要求先停止IO相关动作,否则删除失败。 | + +##### libstorage_nvme_create_ctrlr + +1. 接口原型 + + ```bash + int32_t libstorage_nvme_create_ctrlr(const char *pci_addr, const char *ctrlr_name); + ``` + +2. 接口描述 + + 根据PCI地址创建NVMe控制器。 + +3. 参数 + + | **参数成员** | **描述** | + |--------------------|-------------------| + | char *pci_addr |PCI地址 | + | char *ctrlr_name |控制器名称 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|--------------| + | 小于0 | 创建失败 | + | 0 | 创建成功 | + +##### libstorage_nvme_delete_ctrlr + +1. 接口原型 + + ```bash + int32_t libstorage_nvme_delete_ctrlr(const char *ctrlr_name); + ``` + +2. 接口描述 + + 根据控制器名称销毁NVMe控制器。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------------|-----------------| + | const char *ctrlr_name | 控制器名称 | + + 确保已下发的io已经全部返回后方可调用本接口。 + +4. 返回值 + + | **返回值** | **描述** | + |-------------|--------------| + | 小于0 | 销毁失败 | + | 0 | 销毁成功 | + +##### libstorage_nvme_reload_ctrlr + +1. 接口原型 + + ```bash + int32_t libstorage_nvme_reload_ctrlr(const char *cfgfile); + ``` + +2. 接口描述 + + 根据配置文件增删NVMe控制器。 + +3. 参数 + + | **参数成员** | **描述** | + |----------------------|-------------------| + | const char *cfgfile | 配置文件路径 | + + 使用本接口删盘时,需要确保已下发的io已经全部返回。 + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-----------------------------------------------------| + | 小于0 | 根据配置文件增删盘失败(可能部分控制器增删成功) | + | 0 | 根据配置文件增删盘成功 | + + > 使用限制 + + - 目前最多支持在配置文件中配置36个控制器。 + + - 重加载接口会尽可能创建多的控制器,某个控制器创建失败,不会影响其他控制器的创建。 + + - 无法保证并发场景下最终的盘初始化情况与最后调用传入的配置文件相符。 + + - 对正在下发io的盘通过reload删除时,会导致io失败。 + + - 修改配置文件中pci地址对应的控制器名称(e.g.nvme0),调用此接口后无法生效。 + + - reload仅针对于增删盘的场景有效,配置文件中的其他配置项修改无法重载。 + +##### libstorage_low_level_format_nvm + +1. 接口原型 + + ```bash + int8_t libstorage_low_level_format_nvm(const char* ctrlName, uint8_t lbaf, + enum libstorage_ns_pi_type piType, + bool pil_start, bool ms_extented, uint8_t ses); + ``` + +2. 接口描述 + + 低级格式化NVMe盘。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------------------------|----------------------------------------------------------------------------| + | const char* ctrlName | 控制器名称 | + | uint8_t lbaf | 所要使用的LBA格式 | + | enum libstorage_ns_pi_type piType |所要使用的保护类型 | + | bool pil_start | pi信息位于元数据的first eight bytes(1) or last eight bytes (0) | + | bool ms_extented | 是否要格式化成扩展型 | + | uint8_t ses | 格式化时是否进行安全擦除(当前仅支持设置为0:no-secure earse) | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-----------------------------| + | 小于0 | 格式化失败 | + | 大于等于0 | 当前格式化成功的LBA格式 | + + > 使用限制 + + - 该低级格式化接口会清除磁盘namespace的数据和元数据,请谨慎使用。 + + - ES3000盘在格式化时耗时数秒,Intel Optane盘在格式化时需耗时数分钟,在使用该接口时需要等待其执行完成。若强行杀掉格式化进程,会导致格式化失败。 + + - 在格式化执行之前,需要停止数据面的IO操作。如果当前磁盘正在处理IO请求,格式化操作会概率性出现失败,并且在格式化成功的情况下会存在硬盘丢弃正在处理的IO的可能,所以在格式化前,请保证数据面的IO操作已停止。 + + - 格式化过程中会reset控制器,导致之前已经初始化的磁盘资源不可用。因此格式化完成之后,需要重启数据面IO进程。 + + - ES3000 V3支持保护类型0和3,支持PI start和PI end,仅支持mc extended。ES3000 V3的512+8格式支持DIF,4096+64格式不支持。 + + - ES3000 V5支持保护类型0和3,支持PI start和PI end,支持mc extended和mc pointer。ES3000 V5的512+8和4096+64格式均支持DIF。 + + - Optane盘支持保护类型0和1,仅支持PI end,仅支持mc extended。Optane的512+8格式支持DIF,4096+64格式不支持。 + + | **磁盘类型** | **LBA格式** | **磁盘类型** | **LBA格式** | + |----------------------|-----------------|---------------|-------------------| + | Intel Optane P4800 | lbaf0:512+0
lbaf1:512+8
lbaf2:512+16
lbaf3:4096+0
lbaf4:4096+8
lbaf5:4096+64
lbaf6:4096+128 | ES3000 V3、V5 | lbaf0:512+0
lbaf1:512+8
lbaf2:4096+64
lbaf3:4096+0
lbaf4:4096+8 | + +##### LIBSTORAGE_CALLBACK_FUNC + +1. 接口原型 + + ```bash + typedef void (*LIBSTORAGE_CALLBACK_FUNC)(int32_t cb_status, int32_t sct_code, void* cb_arg); + ``` + +2. 接口描述 + + 注册的HSAK io完成回调函数。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|-----------------------------| + | int32_t cb_status | io 状态码,0为成功,负值为系统错误码,正值为硬盘错误码(不同错误码的
含义见[附录](#附录)) | + | int32_t sct_code | io 状态码类型(0:[GENERIC](#generic);
1:[COMMAND_SPECIFIC](#command_specific);
2:[MEDIA_DATA_INTERGRITY_ERROR](#media_data_intergrity_error)
7:VENDOR_SPECIFIC) | + | void* cb_arg | 回调函数的入参 | + +4. 返回值 + + 无。 + +##### libstorage_deallocate_block + +1. 接口原型 + + ```bash + int32_t libstorage_deallocate_block(int32_t fd, struct libstorage_dsm_range_desc *range, uint16_t range_count, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. 接口描述 + + 告知NVMe盘可释放的块。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|-----------------------------| + | int32_t fd | 已打开的硬盘文件描述符 | + | struct libstorage_dsm_range_desc *range | NVMe盘可释放的块描述列表
说明
该参数需要使用libstorage_mem_reserve分配
大页内存,分配内存时需要4K对齐,即align设置为4096。
盘的TRIM的范围根据不同的盘进行约束,超过盘侧的最大TRIM范围
可能触发数据异常。 | + | uint16_t range_count | 数组range的成员数 | + | LIBSTORAGE_CALLBACK_FUNC cb | 回调函数 | + | void* cb_arg | 回调函数参数 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|----------------| + | 小于0 | 请求下发失败 | + | 0 | 请求下发成功 | + +##### libstorage_async_write + +1. 接口原型 + + ```bash + int32_t libstorage_async_write(int32_t fd, void *buf, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. 接口描述 + + HSAK下发异步IO写请求的接口(写缓冲区为连续buffer)。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|-----------------------------| + | int32_t fd | 块设备的文件描述符 | + | void *buf | IO写数据的缓冲区(四字节对齐,不能跨4K页面边界)
说明
注:扩展型LBA要包含元数据内存大小。 | + | size_t nbytes | 单次写IO大小(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | off64_t offset | LBA的写偏移(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | void *md_buf | 元数据的缓冲区(仅适用于分离型LBA,扩展型LBA设置为NULL即可) | + | size_t md_len | 元数据的缓冲区长度(仅适用于分离型LBA,扩展型LBA设置为0即可) | + | enum libstorage_crc_and_prchk dif_flag | 是否计算DIF、是否开启盘的校验 | + | LIBSTORAGE_CALLBACK_FUNC cb | 注册的回调函数 | + | void* cb_arg | 回调函数的参数 | + +4. 返回值 + + | **返回值**| **描述** | + |------------|--------------------| + | 0 | IO写请求提交成功 | + | 非0 | IO写请求提交失败 | + +##### libstorage_async_read + +1. 接口原型 + + ```bash + int32_t libstorage_async_read(int32_t fd, void *buf, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. 接口描述 + + HSAK下发异步IO读请求的接口(读缓冲区为连续buffer)。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|----------------------------------| + | int32_t fd | 块设备的文件描述符 | + | void *buf | IO读数据的缓冲区(四字节对齐,不能跨4K页面边界)
说明
扩展型LBA要包含元数据内存大小。 | + | size_t nbytes | 单次读IO大小(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | off64_t offset | LBA的读偏移(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | void *md_buf | 元数据的缓冲区(仅适用于分离型LBA,扩展型LBA设置为NULL即可) | + | size_t md_len | 元数据的缓冲区长度(仅适用于分离型LBA,扩展型LBA设置为0即可) | + | enum libstorage_crc_and_prchk dif_flag | 是否计算DIF、是否开启盘的校验 | + | LIBSTORAGE_CALLBACK_FUNC cb | 注册的回调函数 | + | void* cb_arg | 回调函数的参数 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|------------------| + | 0 | IO读请求提交成功 | + | 非0 | IO读请求提交失败 | + +##### libstorage_async_writev + +1. 接口原型 + + ```bash + int32_t libstorage_async_writev(int32_t fd, struct iovec *iov, int iovcnt, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. 接口描述 + + HSAK下发异步IO写请求的接口(写缓冲区为离散buffer)。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|----------------------------------| + | int32_t fd | 块设备的文件描述符 | + | struct iovec *iov | IO写数据的缓冲区
说明
扩展型LBA要包含元数据大小。
地址要求四字节对齐,长度不超过4GB。 | + | int iovcnt | IO写数据的缓冲区个数 | + | size_t nbytes | 单次写IO大小(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | off64_t offset | LBA的写偏移(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | void *md_buf | 元数据的缓冲区(仅适用于分离型LBA,扩展型LBA设置为NULL即可) | + | size_t md_len | 元数据的缓冲区长度(仅适用于分离型LBA,扩展型LBA设置为0即可) | + | enum libstorage_crc_and_prchk dif_flag | 是否计算DIF、是否开启盘的校验 | + | LIBSTORAGE_CALLBACK_FUNC cb | 注册的回调函数 | + | void* cb_arg | 回调函数的参数 | + +4. 返回值 + + | **返回值** | **描述** | + |--------------|-------------------| + | 0 | IO写请求提交成功 | + | 非0 | IO写请求提交失败 | + +##### libstorage_async_readv + +1. 接口原型 + + ```bash + int32_t libstorage_async_readv(int32_t fd, struct iovec *iov, int iovcnt, size_t nbytes, off64_t offset, void *md_buf, size_t md_len, enum libstorage_crc_and_prchk dif_flag, LIBSTORAGE_CALLBACK_FUNC cb, void* cb_arg); + ``` + +2. 接口描述 + + HSAK下发异步IO读请求的接口(读缓冲区为离散buffer)。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|----------------------------------| + | int32_t fd | 块设备的文件描述符 | + | struct iovec *iov | IO读数据的缓冲区
说明
扩展型LBA要包含元数据大小。
地址要求四字节对齐,长度不超过4GB。 | + | int iovcnt | IO读数据的缓冲区个数 | + | size_t nbytes | 单次读IO大小(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | off64_t offset | LBA的读偏移(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | void *md_buf | 元数据的缓冲区(仅适用于分离型LBA,扩展型LBA设置为NULL即可) | + | size_t md_len | 元数据的缓冲区长度(仅适用于分离型LBA,扩展型LBA设置为0即可) | + | enum libstorage_crc_and_prchk dif_flag | 是否计算DIF、是否开启盘的校验 | + | LIBSTORAGE_CALLBACK_FUNC cb | 注册的回调函数 | + | void* cb_arg | 回调函数的参数 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|----------------------| + | 0 | IO读请求提交成功 | + | 非0 | IO读请求提交失败 | + +##### libstorage_sync_write + +1. 接口原型 + + ```bash + int32_t libstorage_sync_write(int fd, const void *buf, size_t nbytes, off_t offset); + ``` + +2. 接口描述 + + HSAK下发同步IO写请求的接口(写缓冲区为连续buffer)。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|----------------------------------| + | int32_t fd | 块设备的文件描述符 | + | void *buf | IO写数据的缓冲区(四字节对齐,不能跨4K页面边界)
说明
扩展型LBA要包含元数据内存大小。 | + | size_t nbytes | 单次写IO大小(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | off64_t offset | LBA的写偏移(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-----------------------| + | 0 | IO写请求提交成功 | + | 非0 | IO写请求提交失败 | + +##### libstorage_sync_read + +1. 接口原型 + + ```bash + int32_t libstorage_sync_read(int fd, const void *buf, size_t nbytes, off_t offset); + ``` + +2. 接口描述 + + HSAK下发同步IO读请求的接口(读缓冲区为连续buffer)。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------------------|----------------------------------| + | int32_t fd | 块设备的文件描述符 | + | void *buf | IO读数据的缓冲区(四字节对齐,不能跨4K页面边界)
说明
扩展型LBA要包含元数据内存大小。 | + | size_t nbytes | 单次读IO大小(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + | off64_t offset | LBA的读偏移(单位:字节。sector_size的整数倍)
说明
仅包含数据大小,扩展型LBA也不含元数据大小。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-----------------------| + | 0 | IO读请求提交成功 | + | 非0 | IO读请求提交失败 | + +##### libstorage_open + +1. 接口原型 + + ```bash + int32_t libstorage_open(const char* devfullname); + ``` + +2. 接口描述 + + 打开块设备。 + +3. 参数 + + | **参数成员** | **描述** | + |--------------------------|---------------------------------| + | const char* devfullname | 块设备名称(格式为nvme0n1) | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-------------------------------------------------------------------| + | -1 | 打开失败(如设备名不对,或打开的fd数目>NVME盘的可使用通道数目) | + | 大于0 | 块设备的文件描述符 | + + 开启nvme.conf.in中的MultiQ开关以后,同一个线程多次打开同一个设备,会返回不同的fd;否则仍返回同一个fd。该特性只针对NVME设备。 + +##### libstorage_close + +1. 接口原型 + + ```bash + int32_t libstorage_close(int32_t fd); + ``` + +2. 接口描述 + + 关闭块设备。 + +3. 参数 + + | **参数成员** | **描述** | + |--------------|---------------------------| + | int32_t fd |已打开的块设备的文件描述符 | + +4. 返回值 + + | **返回值**| **描述** | + |------------|--------------------------------| + | -1 | 无效文件描述符 | + | -16 | 文件描述符正忙,需要重试 | + | 0 | 关闭成功 | + +##### libstorage_mem_reserve + +1. 接口原型 + + ```bash + void* libstorage_mem_reserve(size_t size, size_t align); + ``` + +2. 接口描述 + + 从DPDK预留的大页内存中分配内存空间。 + +3. 参数 + + | **参数成员**| **描述** | + |---------------|-------------------------------| + | size_t size | 需要分配的内存的大小 | + | size_t align | 所分配的内存空间按照align对齐 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|---------------------------| + | NULL | 分配失败 | + | 非NULL | 所分配内存空间的地址 | + +##### libstorage_mem_free + +1. 接口原型 + + ```bash + void libstorage_mem_free(void* ptr); + ``` + +2. 接口描述 + + 释放ptr指向的内存空间。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------|--------------------------| + | void* ptr |所要释放的内存空间的地址 | + +4. 返回值 + + 无。 + +##### libstorage_alloc_io_buf + +1. 接口原型 + + ```bash + void* libstorage_alloc_io_buf(size_t nbytes); + ``` + +2. 接口描述 + + 从SPDK的buf_small_pool或者buf_large_pool中分配内存。 + +3. 参数 + + | **参数成员** | **描述** | + |----------------|-----------------------------| + | size_t nbytes | 所需要分配的缓冲区大小 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|--------------------------| + | 非NULL | 所分配的缓冲区的首地址 | + +##### libstorage_free_io_buf + +1. 接口原型 + + ```bash + int32_t libstorage_free_io_buf(void *buf, size_t nbytes); + ``` + +2. 接口描述 + + 释放所分配的内存到SPDK的buf_small_pool或者buf_large_pool中。 + +3. 参数 + + | **参数成员** | **描述** | + |----------------|------------------------------| + | void *buf | 所要释放的缓冲区的首地址 | + | size_t nbytes | 所要释放的缓冲区的大小 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|--------------| + | -1 | 释放失败 | + | 0 | 释放成功 | + +##### libstorage_init_module + +1. 接口原型 + + ```bash + int32_t libstorage_init_module(const char* cfgfile); + ``` + +2. 接口描述 + + HSAK模块初始化接口。 + +3. 参数 + + | **参数成员** | **描述** | + |----------------------|---------------------| + | const char* cfgfile | HSAK 配置文件名称 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|---------------| + | 非0 | 初始化失败 | + | 0 | 初始化成功 | + +##### libstorage_exit_module + +1. 接口原型 + + ```bash + int32_t libstorage_exit_module(void); + ``` + +2. 接口描述 + + HSAK模块退出接口。 + +3. 参数 + + 无。 + +4. 返回值 + + | **返回值** | **描述** | + |-------------|---------------| + | 非0 | 退出清理失败 | + | 0 | 退出清理成功 | + +##### LIBSTORAGE_REGISTER_DPDK_INIT_NOTIFY + +1. 接口原型 + + ```bash + LIBSTORAGE_REGISTER_DPDK_INIT_NOTIFY(_name, _notify) + ``` + +2. 接口描述 + + 业务层注册函数,用于注册DPDK初始化完成时的回调函数。 + +3. 参数 + + | **参数成员** | **描述** | + |----------------|---------------------------------------------------------------------------------------------------| + | _name |业务层模块名称。 | + | _notify |业务层注册的回调函数原型:void (*notifyFunc)(const struct libstorage_dpdk_init_notify_arg *arg); | + +4. 返回值 + + 无 + +#### ublock.h + +##### init_ublock + +1. 接口原型 + + ```bash + int init_ublock(const char *name, enum ublock_rpc_server_status flg); + ``` + +2. 接口描述 + + 初始化Ublock功能模块,本接口必须在其他所有Ublock接口之前被调用。如果flag被置为UBLOCK_RPC_SERVER_ENABLE,即ublock作为rpc server,则同一个进程只能初始化一次。 + + 在ublock作为rpc server启动时,会同时启动一个server的monitor线程。monitor线程监控到rpc server线程出现异常(如卡死时),会主动调用exit触发进程退出。 + + 此时依赖于产品的脚本再次拉起相关进程。 + +3. 参数 + + | **参数成员** | **描述** | + |----------------------------------|---------------------------------| + | const char *name | 模块名字,缺省值为"ublock",建议该参数可以传NULL。 | + | enum ublock_rpc_server_status
flg | 是否启用RPC的标记值:UBLOCK_RPC_SERVER_
DISABLE或UBLOCK_RPC_SERVER_ENAB
LE;
在不启用RPC情况下,如果硬盘被业务进程占用,那么Ublock模块
将无法获取该硬盘信息。 | + +4. 返回值 + + | **返回值** | **描述** | + |----------------------------------|---------------------------------| + | 0 | 初始化成功。 | + | -1 | 初始化失败,可能原因:Ublock模块已经被初始化。 | + | 进程exit | Ublock认为在两种情况下属于无法修复异常,直接调用exit接口
退出进程:
- 需要创建RPC服务,但RPC服务现场创建失败。
- 创建热插拔监控线程,但失败。 | + +##### ublock_init + +1. 接口原型 + + ```bash + #define ublock_init(name) init_ublock(name, UBLOCK_RPC_SERVER_ENABLE) + ``` + +2. 接口描述 + + 本身是对init_ublock接口的宏定义,可理解为将Ublock初始化为需要RPC服务。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------|----------------------------------------------------| + | name | 模块名字,缺省值为"ublock",建议该参数可以传NULL。 | + +4. 返回值 + + | **返回值** | **描述** | + |---------------|----------------------------------------------------| + | 0 | 初始化成功。 | + | -1 | 初始化失败,可能原因:Ublock rpc
server模块已经被初始化。 | + | 进程exit | Ublock认为在两种情况下属于无法修复异常,直接调用exit接口
退出进程:
- 需要创建RPC服务,但RPC服务现场创建失败。
- 创建热插拔监控线程,但失败。 | + +##### ublock_init_norpc + +1. 接口原型 + + ```bash + #define ublock_init_norpc(name) init_ublock(name, UBLOCK_RPC_SERVER_DISABLE) + ``` + +2. 接口描述 + + 本身是对init_ublock接口的宏定义,可理解为将Ublock初始化为无RPC服务。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------|------------------------------------------------------| + | name | 模块名字,缺省值为"ublock",建议该参数可以传NULL。 | + +4. 返回值 + + | **返回值** | **描述** | + |---------------------------------|-----------------------------| + | 0 | 初始化成功。 | + | -1 | 初始化失败,可能原因:Ublock
client模块已经被初始化。 | + | 进程exit | Ublock认为在两种情况下属于无法修复异常,直接调用exit接口
退出进程:
- 需要创建RPC服务,但RPC服务现场创建失败。
- 创建热插拔监控线程,但失败。 | + +##### ublock_fini + +1. 接口原型 + + ```bash + void ublock_fini(void); + ``` + +2. 接口描述 + + 销毁Ublock功能模块,本接口将销毁Ublock模块以及内部创建的资源,本接口同Ublock初始化接口需要配对使用。 + +3. 参数 + + 无。 + +4. 返回值 + + 无。 + +##### ublock_get_bdevs + +1. 接口原型 + + ```bash + int ublock_get_bdevs(struct ublock_bdev_mgr* bdev_list); + ``` + +2. 接口描述 + + 业务进程通过调用本接口获取设备列表(环境上所有的NVME设备,包括内核态驱动和用户态驱动),获取的NVMe设备列表中只有PCI地址,不包含具体设备信息,需要获取具体设备信息,请调用接口ublock_get_bdev。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------------------------|------------------------------------------------------| + | struct ublock_bdev_mgr* bdev_list |出参,返回设备队列,bdev_list指针需要在外部分配。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-----------------------| + | 0 | 获取设备队列成功。 | + | -2 | 环境中没有NVMe设备。 | + | 其余值 | 获取设备队列失败。 | + +##### ublock_free_bdevs + +1. 接口原型 + + ```bash + void ublock_free_bdevs(struct ublock_bdev_mgr* bdev_list); + ``` + +2. 接口描述 + + 业务进程通过调用本接口释放设备列表。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------------------------|--------------------------------------------------------------| + | struct ublock_bdev_mgr* bdev_list |设备队列头指针,设备队列清空后,bdev_list指针本身不会被释放。 | + +4. 返回值 + + 无。 + +##### ublock_get_bdev + +1. 接口原型 + + ```bash + int ublock_get_bdev(const char *pci, struct ublock_bdev *bdev); + ``` + +2. 接口描述 + + 业务进程通过调用本接口获取具体某个设备的信息,设备信息中:NVMe设备的序列号、型号、fw版本号信息以字符数组形式保存,不是字符串形式(不同硬盘控制器返回形式不同,不保证数组结尾必定含有"0")。 + + 本接口调用后,对应设备会被Ublock占用,请务必在完成相应业务操作后立即调用ublock_free_bdev释放资源。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------------------|--------------------------------------------------| + | const char *pci | 需要获取信息的设备PCI地址 | + | struct ublock_bdev *bdev | 出参,返回设备信息,bdev指针需要在外部分配。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|------------------------------------------------------------| + | 0 | 获取设备信息成功。 | + | -1 | 获取设备信息失败,如参数错误等。 | + | -11(EAGAIN) | 获取设备信息失败,如rpc查询失败,需要重试(建议sleep 3s)。 | + +##### ublock_get_bdev_by_esn + +1. 接口原型 + + ```bash + int ublock_get_bdev_by_esn(const char *esn, struct ublock_bdev *bdev); + ``` + +2. 接口描述 + + 业务进程通过调用本接口,根据给定的ESN号获取对应设备的信息,设备信息中:NVMe设备的序列号、型号、fw版本号信息以字符数组形式保存,不是字符串形式(不同硬盘控制器返回形式不同,不保证数组结尾必定含有"0")。 + + 本接口调用后,对应设备会被Ublock占用,请务必在完成相应业务操作后立即调用ublock_free_bdev释放资源。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------------------|--------------------------------------------------| + | const char *esn | 需要获取信息的设备ESN号。
说明
ESN号是最大有效长度为20的字符串(不包括字符串结束符),但该长
度根据不同硬件厂商可能存在差异,如不足20字符,需要在字符串末尾加
空格补齐。 | + | struct ublock_bdev *bdev | 出参,返回设备信息,bdev指针需要在外部分配。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|--------------------------------------------------------------| + | 0 | 获取设备信息成功。 | + | -1 | 获取设备信息失败,如参数错误等 | + | -11(EAGAIN)| 获取设备信息失败,如rpc查询失败,需要重试(建议sleep 3s)。 | + +##### ublock_free_bdev + +1. 接口原型 + + ```bash + void ublock_free_bdev(struct ublock_bdev *bdev); + ``` + +2. 接口描述 + + 业务进程通过调用本接口释放设备资源。 + +3. 参数 + + | **参数成员** | **描述** | + |----------------------------|-------------------------------------------------------------| + | struct ublock_bdev *bdev | 设备信息指针,该指针内数据清空后,bdev指针本身不会被释放。 | + +4. 返回值 + + 无。 + +##### TAILQ_FOREACH_SAFE + +1. 接口原型 + + ```bash + #define TAILQ_FOREACH_SAFE(var, head, field, tvar) + for ((var) = TAILQ_FIRST((head)); + (var) && ((tvar) = TAILQ_NEXT((var), field), 1); + (var) = (tvar)) + ``` + +2. 接口描述 + + 提供安全访问队列每个成员的宏定义。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------|----------------------------------------------------------------------------------------------------| + | var | 当前操作的队列节点成员 | + | head | 队列头指针,一般情况下是指通过TAILQ_HEAD(xx, xx) obj定义的obj的地址 | + | field | 队列节点中用于保存队列前后指针的结构体名字,一般情况下是指通过TAILQ_ENTRY(xx)name定义的名字name | + | tvar | 下一个队列节点成员 | + +4. 返回值 + + 无。 + +##### ublock_get_SMART_info + +1. 接口原型 + + ```bash + int ublock_get_SMART_info(const char *pci, uint32_t nsid, struct ublock_SMART_info *smart_info); + ``` + +2. 接口描述 + + 业务进程通过调用本接口获取指定设备的SMART信息。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------------------------------|----------------------------| + | const char *pci | 设备PCI地址 | + | uint32_t nsid | 指定的namespace | + | struct ublock_SMART_info *smart_info | 出参,返回设备SMART信息 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|---------------------------------------------------------------| + | 0 | 获取SMART信息成功。 | + | -1 | 获取SMART信息失败,如参数错误等。 | + | -11(EAGAIN)| 获取SMART信息失败,如rpc查询失败,需要重试(建议sleep 3s)。 | + +##### ublock_get_SMART_info_by_esn + +1. 接口原型 + + ```bash + int ublock_get_SMART_info_by_esn(const char *esn, uint32_t nsid, struct ublock_SMART_info *smart_info); + ``` + +2. 接口描述 + + 业务进程通过调用本接口获取ESN号对应设备的SMART信息。 + +3. 参数 + + | **参数成员** | **描述** | + |--------------------------|-----------------------------------------------| + | const char *esn | 设备ESN号
说明
ESN号是最大有效长度为20的字符串(不包括字符串结束符),但该长
度根据不同硬件厂商可能存在差异,如不足20字符,需要在字符串末尾加
空格补齐。 | + | uint32_t nsid | 指定的namespace | + | struct ublock_SMART_info
*smart_info | 出参,返回设备SMART信息 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|--------------------------------------------------------------| + | 0 | 获取SMART信息成功。 | + | -1 | 获取SMART信息失败,如参数错误等。 | + | -11(EAGAIN) | 获取SMART信息失败,如rpc查询失败,需要重试(建议sleep 3s)。 | + +##### ublock_get_error_log_info + +1. 接口原型 + + ```bash + int ublock_get_error_log_info(const char *pci, uint32_t err_entries, struct ublock_nvme_error_info *errlog_info); + ``` + +2. 接口描述 + + 业务进程通过调用本接口获取指定设备的Error log信息。 + +3. 参数 + + | **参数成员** | **描述** | + |---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------| + | const char *pci | 设备PCI地址 | + | uint32_t err_entries | 指定希望获取的Error Log条数,最多256条 | + | struct ublock_nvme_error_info *errlog_info | 出参,返回设备Error log信息,errlog_info指针需要调用者申请空间,且确保申请的空间大于或等于err_entries * sizeof (struct ublock_nvme_error_info) | + +4. 返回值 + + | **返回值** | **描述** | + |-------------------------------------|--------------------------------------------------------------| + | 获取到的Error log条数,大于或等于0 | 获取Error log成功。 | + | -1 | 获取Error log失败,如参数错误等。 | + | -11(EAGAIN) | 获取Error log失败,如rpc查询失败,需要重试(建议sleep 3s)。 | + +##### ublock_get_log_page + +1. 接口原型 + + ```bash + int ublock_get_log_page(const char *pci, uint8_t log_page, uint32_t nsid, void *payload, uint32_t payload_size); + ``` + +2. 接口描述 + + 业务进程通过调用本接口获取指定设备,指定log page的信息。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------------|-------------------------------------------------------------------------------------------------------------------------| + | const char *pci | 设备PCI地址 | + | uint8_t log_page | 指定希望获取的log page ID,比如0xC0, 0xCA代表ES3000 V5盘自定义的SMART信息 | + | uint32_t nsid | 指定namespace ID,各个log page对按namespace获取支持情况不一致,如果不支持按namespace获取,调用者需要显示传0xFFFFFFFF | + | void *payload | 出参,存储log page信息,由调用者负责申请内存 | + | uint32_t payload_size | 申请的payload大小,不大于4096 Bytes | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|------------------------------------| + | 0 | 获取log page成功 | + | -1 | 获取Error log失败,如参数错误等 | + +##### ublock_info_get_pci_addr + +1. 接口原型 + + ```bash + char *ublock_info_get_pci_addr(const void *info); + ``` + +2. 接口描述 + + 业务进程的回调函数中,通过调用本接口获取热插拔设备的PCI地址。 + + info占用的内存以及返回的PCI地址占用得内存不需要业务进程进行释放。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------|---------------------------------------------| + | const void *info | 热插拔监控线程传递给回调函数的热插拔事件信息 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|--------------------| + | NULL | 获取失败 | + | 非NULL | 获取的PCI地址 | + +##### ublock_info_get_action + +1. 接口原型 + + ```bash + enum ublock_nvme_uevent_action ublock_info_get_action(const void *info); + ``` + +2. 接口描述 + + 业务进程的回调函数中,通过调用本接口获取热插拔事件的类型。 + + info占用的内存不需要业务进程进行释放。 + +3. 参数 + + | **参数成员** | **描述** | + |-------------------|------------------------------------------------| + | const void *info | 热插拔监控线程传递给回调函数的热插拔事件信息 | + +4. 返回值 + + | **返回值** | **描述** | + |----------------|------------------------------------------------------------------------------| + | 热插拔事件类型| 触发回调函数的事件类型,详见结构体enum ublock_nvme_uevent_action的定义。 | + +##### ublock_get_ctrl_iostat + +1. 接口原型 + + ```bash + int ublock_get_ctrl_iostat(const char* pci, struct ublock_ctrl_iostat_info *ctrl_iostat); + ``` + +2. 接口描述 + + 业务进程通过调用本接口获取控制器的IO统计信息。 + +3. 参数 + + | **参数成员** | **描述** | + |-----------------------------------------------|----------------------------------------------------------| + | const char* pci | 需要获取IO统计信息的控制器的PCI地址。 | + | struct ublock_ctrl_iostat_info *ctrl_iostat |出参,返回IO统计信息,ctrl_iostat指针需要在外部分配。 | + +4. 返回值 + + | **返回值** | **描述** | + |-------------|-------------------------------------------------| + | 0 | 获取IO统计信息成功。 | + | -1 | 获取IO统计信息失败(无效参数、RPC error)。 | + | -2 | 获取IO统计信息失败(NVMe盘没有被IO进程接管)。 | + | -3 | 获取IO统计信息失败(IO统计开关未打开)。 | + +##### ublock_nvme_admin_passthru + +1. 接口原型 + + ```bash + int32_t ublock_nvme_admin_passthru(const char *pci, void *cmd, void *buf, size_t nbytes); + ``` + +2. 接口描述 + + 业务进程通过调用该接口透传nvme admin命令给nvme设备。当前仅支持获取identify字段的nvme admin命令。 + +3. 参数 + + | **参数成员** | **描述** | + |------------------|----------------------------------------------------------------------------------------------------| + | const char *pci | nvme admin命令目的控制器的PCI地址。 | + | void *cmd | nvme admin命令结构体指针,结构体大小为64字节,内容参考nvme spec。当前仅支持获取identify字段命令。 | + | void *buf | 保存nvme admin命令返回内容,其空间由用户分配,大小为nbytes。 | + | size_t nbytes | 用户buf的大小。identify字段为4096字节,获取identify命令的nbytes为4096。 | + +4. 返回值 + + | **返回值**| **描述** | + |------------|--------------------| + | 0 | 用户命令执行成功。 | + | -1 | 用户命令执行失败。 | + +## 附录 + +### GENERIC + +通用类型错误码参考 + +|sc |value| +|---------------------------------------------|---------------| +| NVME_SC_SUCCESS | 0x00 | +| NVME_SC_INVALID_OPCODE | 0x01 | +| NVME_SC_INVALID_FIELD | 0x02 | +| NVME_SC_COMMAND_ID_CONFLICT | 0x03 | +| NVME_SC_DATA_TRANSFER_ERROR | 0x04 | +| NVME_SC_ABORTED_POWER_LOSS | 0x05 | +| NVME_SC_INTERNAL_DEVICE_ERROR | 0x06 | +| NVME_SC_ABORTED_BY_REQUEST | 0x07 | +| NVME_SC_ABORTED_SQ_DELETION | 0x08 | +| NVME_SC_ABORTED_FAILED_FUSED | 0x09 | +| NVME_SC_ABORTED_MISSING_FUSED | 0x0a | +| NVME_SC_INVALID_NAMESPACE_OR_FORMAT | 0x0b | +| NVME_SC_COMMAND_SEQUENCE_ERROR | 0x0c | +| NVME_SC_INVALID_SGL_SEG_DESCRIPTOR | 0x0d | +| NVME_SC_INVALID_NUM_SGL_DESCIRPTORS | 0x0e | +| NVME_SC_DATA_SGL_LENGTH_INVALID | 0x0f | +| NVME_SC_METADATA_SGL_LENGTH_INVALID | 0x10 | +| NVME_SC_SGL_DESCRIPTOR_TYPE_INVALID | 0x11 | +| NVME_SC_INVALID_CONTROLLER_MEM_BUF | 0x12 | +| NVME_SC_INVALID_PRP_OFFSET | 0x13 | +| NVME_SC_ATOMIC_WRITE_UNIT_EXCEEDED | 0x14 | +| NVME_SC_OPERATION_DENIED | 0x15 | +| NVME_SC_INVALID_SGL_OFFSET | 0x16 | +| NVME_SC_INVALID_SGL_SUBTYPE | 0x17 | +| NVME_SC_HOSTID_INCONSISTENT_FORMAT | 0x18 | +| NVME_SC_KEEP_ALIVE_EXPIRED | 0x19 | +| NVME_SC_KEEP_ALIVE_INVALID | 0x1a | +| NVME_SC_ABORTED_PREEMPT | 0x1b | +| NVME_SC_SANITIZE_FAILED | 0x1c | +| NVME_SC_SANITIZE_IN_PROGRESS | 0x1d | +| NVME_SC_SGL_DATA_BLOCK_GRANULARITY_INVALID | 0x1e | +| NVME_SC_COMMAND_INVALID_IN_CMB | 0x1f | +| NVME_SC_LBA_OUT_OF_RANGE | 0x80 | +| NVME_SC_CAPACITY_EXCEEDED | 0x81 | +| NVME_SC_NAMESPACE_NOT_READY | 0x82 | +| NVME_SC_RESERVATION_CONFLICT | 0x83 | +| NVME_SC_FORMAT_IN_PROGRESS | 0x84 | + +### COMMAND_SPECIFIC + +特定命令错误码参考 + +|sc |value| +|---------------------------------------------|---------------| +| NVME_SC_COMPLETION_QUEUE_INVALID | 0x00 | +| NVME_SC_INVALID_QUEUE_IDENTIFIER | 0x01 | +| NVME_SC_MAXIMUM_QUEUE_SIZE_EXCEEDED | 0x02 | +| NVME_SC_ABORT_COMMAND_LIMIT_EXCEEDED | 0x03 | +| NVME_SC_ASYNC_EVENT_REQUEST_LIMIT_EXCEEDED | 0x05 | +| NVME_SC_INVALID_FIRMWARE_SLOT | 0x06 | +| NVME_SC_INVALID_FIRMWARE_IMAGE | 0x07 | +| NVME_SC_INVALID_INTERRUPT_VECTOR | 0x08 | +| NVME_SC_INVALID_LOG_PAGE | 0x09 | +| NVME_SC_INVALID_FORMAT | 0x0a | +| NVME_SC_FIRMWARE_REQ_CONVENTIONAL_RESET | 0x0b | +| NVME_SC_INVALID_QUEUE_DELETION | 0x0c | +| NVME_SC_FEATURE_ID_NOT_SAVEABLE | 0x0d | +| NVME_SC_FEATURE_NOT_CHANGEABLE | 0x0e | +| NVME_SC_FEATURE_NOT_NAMESPACE_SPECIFIC | 0x0f | +| NVME_SC_FIRMWARE_REQ_NVM_RESET | 0x10 | +| NVME_SC_FIRMWARE_REQ_RESET | 0x11 | +| NVME_SC_FIRMWARE_REQ_MAX_TIME_VIOLATION | 0x12 | +| NVME_SC_FIRMWARE_ACTIVATION_PROHIBITED | 0x13 | +| NVME_SC_OVERLAPPING_RANGE | 0x14 | +| NVME_SC_NAMESPACE_INSUFFICIENT_CAPACITY | 0x15 | +| NVME_SC_NAMESPACE_ID_UNAVAILABLE | 0x16 | +| NVME_SC_NAMESPACE_ALREADY_ATTACHED | 0x18 | +| NVME_SC_NAMESPACE_IS_PRIVATE | 0x19 | +| NVME_SC_NAMESPACE_NOT_ATTACHED | 0x1a | +| NVME_SC_THINPROVISIONING_NOT_SUPPORTED | 0x1b | +| NVME_SC_CONTROLLER_LIST_INVALID | 0x1c | +| NVME_SC_DEVICE_SELF_TEST_IN_PROGRESS | 0x1d | +| NVME_SC_BOOT_PARTITION_WRITE_PROHIBITED | 0x1e | +| NVME_SC_INVALID_CTRLR_ID | 0x1f | +| NVME_SC_INVALID_SECONDARY_CTRLR_STATE | 0x20 | +| NVME_SC_INVALID_NUM_CTRLR_RESOURCES | 0x21 | +| NVME_SC_INVALID_RESOURCE_ID | 0x22 | +| NVME_SC_CONFLICTING_ATTRIBUTES | 0x80 | +| NVME_SC_INVALID_PROTECTION_INFO | 0x81 | +| NVME_SC_ATTEMPTED_WRITE_TO_RO_PAGE | 0x82 | + +### MEDIA_DATA_INTERGRITY_ERROR + +介质异常错误码参考 + +|sc |value| +|-----------------------------------------|---------------| +| NVME_SC_WRITE_FAULTS | 0x80 | +| NVME_SC_UNRECOVERED_READ_ERROR | 0x81 | +| NVME_SC_GUARD_CHECK_ERROR | 0x82 | +| NVME_SC_APPLICATION_TAG_CHECK_ERROR | 0x83 | +| NVME_SC_REFERENCE_TAG_CHECK_ERROR | 0x84 | +| NVME_SC_COMPARE_FAILURE | 0x85 | +| NVME_SC_ACCESS_DENIED | 0x86 | +| NVME_SC_DEALLOCATED_OR_UNWRITTEN_BLOCK | 0x87 | diff --git a/docs/zh/server/memory_storage/hsak/hsak_developer_guide.md b/docs/zh/server/memory_storage/hsak/hsak_developer_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..31b6844cc01e29f473f9eaa95145a50854da5d96 --- /dev/null +++ b/docs/zh/server/memory_storage/hsak/hsak_developer_guide.md @@ -0,0 +1,47 @@ +# HSAK开发者指南 + +## 介绍 + +随着NVMe SSD、SCM等存储介质性能不断提升,介质层在IO栈中的时延开销不断缩减,软件栈的开销成为瓶颈,急需重构内核IO数据面,减少软件栈的开销,HSAK针对新型存储介质提供高带宽低时延的IO软件栈,相对传统IO软件栈,软件栈开销降低50%以上。 +HSAK用户态IO引擎基于开源的SPDK基础上进行开发: + +1. 对外提供统一的接口,屏蔽开源接口的差异。 +2. 在开源基础上新增IO数据面增强特性,如DIF功能,磁盘格式化,IO批量下发,trim特性,动态增删盘等特性。 +3. 提供磁盘设备管理,磁盘IO监测,维测工具等特性。 + +## 编译教程 + +1. 下载hsak源码 + + $ git clone https://gitee.com/openeuler/hsak.git + +2. 编译和运行依赖 + + hsak的编译和运行依赖于spdk、dpdk、libboundscheck等组件 + +3. 编译 + + $ cd hsak + + $ mkdir build + + $ cd build + + $ cmake .. + + $ make + +## 注意事项 + +### 使用约束 + +- 同一台机器最多使用和管理512个NVMe设备。 +- 启用HSAK执行IO相关业务时,需要确保系统有至少500M以上连续的空闲大页内存。 +- 启用用户态IO组件执行相关业务时,需要确保硬盘管理组件(ublock)已经启用。 +- 启用磁盘管理组件(ublock)执行相关业务时,需确保系统有足够的连续空闲内存,每次初始化ublock组件会申请20MB大页内存。 +- 每次运行HSAK之前,产品需要调用setup.sh来配置大页,解绑NVMe设备内核态驱动。 +- 执行libstorage_init_module成功后方可使用HSAK模块提供的其他接口;每个进程仅能执行一次libstorage_init_module调用。 +- 执行libstorage_exit_module函数之后不能再使用HSAK提供的其他接口,再多线程场景特别需要注意,在所有线程结束之后再退出HSAK。 +- HSAK ublock组件在一个服务器上只能启动一个服务,且最大支持64个ublock客户端并发访问,ublock服务端处理客户端请求的处理上限是20次/秒。 +- HSAK ublock组件必须早于数据面IO组件和ublock客户端启动,HSAK提供的命令行工具也必须在ublock服务端启动后才能执行。 +- 不要注册SIGBUS信号处理函数;spdk针对该信号有单独的处理函数;若该函数被覆盖,会导致spdk注册的SIGBUS处理函数失效,产生coredump。 diff --git a/docs/zh/server/memory_storage/hsak/hsak_tools_usage.md b/docs/zh/server/memory_storage/hsak/hsak_tools_usage.md new file mode 100644 index 0000000000000000000000000000000000000000..f5577ce48b6ce7e14b86aba1e698b9b590218d0e --- /dev/null +++ b/docs/zh/server/memory_storage/hsak/hsak_tools_usage.md @@ -0,0 +1,123 @@ +# 命令行接口 + +## 盘信息查询命令 + +### 命令格式 + +```shell +libstorage-list [] [] +``` + +### 参数说明 + +- commands: 只有“help”可选,“libstorage-list help”用于显示帮助内容。 + +- device: 指定PCI地址,格式如:0000:09:00.0,允许同时多个,中间用空格隔离,如果不设置具体的PCI地址,则命令行列出所有枚举到的设备信息。 + +### 注意事项 + +- 故障注入功能仅限于开发、调试以及测试场景使用,禁止在用户现网使用,否则会引起业务及安全风险。 + +- 在执行本命令时,管理组件(ublock)服务端必须已经启动,用户态IO组件(uio)未启动或已正确启动均可。 + +- 对于未被ublock组件和用户态IO组件占用的盘,在本命令执行过程中会被占用,此时如果ublock组件或用户态IO组件尝试获取盘控制权,可能存储设备访问冲突,导致失败。 + +## 盘切换驱动命令 + +### 命令格式 + +```shell +libstorage-shutdown reset [ ...] +``` + +### 参数说明 + +- reset: 用于对指定盘从uio驱动切换到内核态驱动; + +- device: 指定PCI地址,格式如:0000:09:00.0,允许同时多个,中间用空格隔离。 + +### 注意事项 + +- libstorage-shutdown reset命令用于将盘从用户态uio驱动切换到内核态nvme驱动。 + +- 在执行本命令时,管理组件(ublock)服务端必须已经启动,用户态IO组件未启动或已正确启动均可。 + +- libstorage-shutdown reset命令为危险动作,请确认在切换nvme设备驱动之前,用户态实例已经停止对nvme设备下发IO,nvme设备上的fd已全部关闭,且访问nvme设备的实例已退出。 + +## 获取IO统计数据命令 + +### 命令格式 + +```shell +libstorage-iostat [-t ] [-i ] [-d ] +``` + +### 参数说明 + +- -t: 时间间隔,以秒为单位,最小1秒,最大为3600秒。该参数为int型,如果入参值超过int型上限,将被截断成负数或者正数。 + +- -i: 收集次数,最小为1,最大为MAX_INT次,如果不设置,默认以时间间隔持续收集。该参数为int型,如果入参超过int型上限,将被截断成负数或者正数。 + +- -d:指定块设备名称(eg:nvme0n1,其依赖于/etc/spdk/nvme.conf.in中配置的控制器名称),可以通过本参数收集指定一个或多个设备性能数据,如果不设置本参数,则收集所有识别到的设备性能数据。 + +### 注意事项 + +- IO统计配置项已使能。 + +- 进程已经通过用户态IO组件对所需要查询性能信息的盘下发IO操作。 + +- 如果当前环境上没有任何设备被业务进程占用下发IO,则该命令将在提示:You cannot get iostat info for nvme device no deliver io后退出。 + +- 在磁盘打开多队列情况下,IO统计工具将该磁盘上多队列的性能数据汇总后统一输出。 + +- IO统计工具最多支持8192个磁盘队列的数据记录。 + +- IO统计数据输出结果如下: + + | Device | r/s | w/s | rKB/s | wKB/s | avgrq-sz | avgqu-sz | r_await | w_await | await | svctm | util% | poll-n | + | ------ | ------- | ------- | ------- | ------- | ------------ | --------- | --------- | --------- | ---------- | ------------ | ----- | ------ | + | 设备名称 | 每秒读IO个数 | 每秒写IO个数 | 每秒读IO字节 | 每秒写IO字节 | 平均下发IO大小(字节) | 磁盘排队的IO深度 | IO读时延(us) | IO写时延(us) | 读写平均时延(us) | 单个IO处理时延(us) | 设备利用率 | 轮询超时次数 | + +## 盘读写命令 + +### 命令格式 + +```shell +libstorage-rw [OPTIONS...] +``` + +### 参数说明 + +1. COMMAND参数 + + - read,从设备读取指定的逻辑块到数据缓存区(默认是标准输出)。 + + - write,将数据缓存区(默认是标准输入)的数据写入到NVMe设备的指定逻辑块。 + + - help,显示该命令行的帮助信息。 + +2. device: 指定PCI地址,格式如:0000:09:00.0。 + +3. OPTIONS参数 + + - --start-block,-s:读写逻辑块的64位首地址(缺省值为0)。 + + - --block-count,-c:读写逻辑块的数量(从0开始计数)。 + + - --data-size,-z:读写数据的字节数。 + + - --namespace-id,-n:设备的namespace id(默认id值是1)。 + + - --data,-d:读写用的数据文件(读时保存读出的数据,写时提供写入数据)。 + + - --limited-retry,-l:设备控制器进行有限次数的重启来完成设备读写。 + + - --force-unit-access,-f:确保指令完成之前从非易失介质中完成读写。 + + - --show-command,-v:发送读写命令之前显示指令相关信息。 + + - --dry-run,-w:仅显示读写指令相关信息,不进行实际读写操作。 + + - --latency,-t:统计命令行端到端读写的时延。 + + - --help,-h:显示相关命令的帮助信息。 diff --git a/docs/zh/server/memory_storage/lvm/_toc.yaml b/docs/zh/server/memory_storage/lvm/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f2bc64b8e377d43a654a6dd108e6a2b65f43fd62 --- /dev/null +++ b/docs/zh/server/memory_storage/lvm/_toc.yaml @@ -0,0 +1,6 @@ +label: 配置和管理逻辑卷 +isManual: true +description: 使用 LVM 管理硬盘 +sections: + - label: 使用 LVM 管理硬盘 + href: ./managing_drives_through_lvm.md diff --git a/docs/zh/server/memory_storage/lvm/managing_drives_through_lvm.md b/docs/zh/server/memory_storage/lvm/managing_drives_through_lvm.md new file mode 100644 index 0000000000000000000000000000000000000000..1bea086dd2830a331a024adc7c7f19690334f5ad --- /dev/null +++ b/docs/zh/server/memory_storage/lvm/managing_drives_through_lvm.md @@ -0,0 +1,543 @@ +# 使用LVM管理硬盘 + +## LVM简介 + +LVM是逻辑卷管理(Logical Volume Manager)的简称,它是Linux环境下对磁盘分区进行管理的一种机制。LVM通过在硬盘和文件系统之间添加一个逻辑层,来为文件系统屏蔽下层硬盘分区布局,提高硬盘分区管理的灵活性。 + +使用LVM管理硬盘的基本过程如下: + +1. 将硬盘创建为物理卷 +2. 将多个物理卷组合成卷组 +3. 在卷组中创建逻辑卷 +4. 在逻辑卷之上创建文件系统 + +通过LVM管理硬盘之后,文件系统不再受限于硬盘的大小,可以分布在多个硬盘上,也可以动态扩容。 + +### 基本概念 + +- 物理存储介质(The physical media):指系统的物理存储设备,如硬盘,系统中为/dev/hda、/dev/sda等等,是存储系统最低层的存储单元。 + +- 物理卷(Physical Volume,PV):指硬盘分区或从逻辑上与磁盘分区具有同样功能的设备\(如RAID\),是LVM的基本存储逻辑块。物理卷包括一个特殊的标签,该标签默认存放在第二个 512 字节扇区,但也可以将标签放在最开始的四个扇区之一。该标签包含物理卷的随机唯一识别符(UUID),记录块设备的大小和LVM元数据在设备中的存储位置。 + +- 卷组(Volume Group,VG):由物理卷组成,屏蔽了底层物理卷细节。可在卷组上创建一个或多个逻辑卷且不用考虑具体的物理卷信息。 + +- 逻辑卷(Logical Volume,LV):卷组不能直接用,需要划分成逻辑卷才能使用。逻辑卷可以格式化成不同的文件系统,挂载后直接使用。 + +- 物理块(Physical Extent,PE):物理卷以大小相等的“块”为单位存储,块的大小与卷组中逻辑卷块的大小相同。 + +- 逻辑块(Logical Extent,LE):逻辑卷以“块”为单位存储,在一卷组中的所有逻辑卷的块大小是相同的。 + +## 安装 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler操作系统默认已安装LVM。可通过**rpm -qa | grep lvm2**命令查询,若打印信息中包含“lvm2”信息,则表示已安装LVM,可跳过本章节内容;若无任何打印信息,则表示未安装,可参考本章节内容进行安装。 + +1. 配置本地yum源,详细信息请参考[搭建repo服务器](../../../server/administration/administrator/configuring_the_repo_server.md)。 +2. 清除缓存。 + + ```shell + dnf clean all + ``` + +3. 创建缓存。 + + ```shell + dnf makecache + ``` + +4. 在root权限下安装LVM。 + + ```shell + # dnf install lvm2 + ``` + +5. 查看安装后的rpm包。 + + ```shell + rpm -qa | grep lvm2 + ``` + +## 管理物理卷 + +### 创建物理卷 + +可在root权限下通过pvcreate命令创建物理卷。 + +```shell +pvcreate [option] devname ... +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -f:强制创建物理卷,不需要用户确认。 + + - -u:指定设备的UUID。 + - -y:所有的问题都回答“yes”。 + +- devname:指定要创建的物理卷对应的设备名称,如果需要批量创建,可以填写多个设备名称,中间以空格间隔。 + +示例1:将/dev/sdb、/dev/sdc创建为物理卷。 + +```shell +# pvcreate /dev/sdb /dev/sdc +``` + +示例2:将/dev/sdb1、/dev/sdb2创建为物理卷。 + +```shell +# pvcreate /dev/sdb1 /dev/sdb2 +``` + +### 查看物理卷 + +可在root权限通过pvdisplay命令查看物理卷的信息,包括:物理卷名称、所属的卷组、物理卷大小、PE大小、总PE数、可用PE数、已分配的PE数和UUID。 + +```shell +pvdisplay [option] devname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -s:以短格式输出。 + - -m:显示PE到LE的映射。 + +- devname:指定要查看的物理卷对应的设备名称。如果不指定物理卷名称,则显示所有物理卷的信息。 + +示例:显示物理卷/dev/sdb的基本信息。 + +```shell +# pvdisplay /dev/sdb +``` + +### 修改物理卷属性 + +可在root权限下通过pvchange命令修改物理卷的属性。 + +```shell +pvchange [option] pvname ... +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -u:生成新的UUID。 + - -x:是否允许分配PE。 + +- pvname:指定要修改属性的物理卷对应的设备名称,如果需要批量修改,可以填写多个设备名称,中间以空格间隔。 + +示例:禁止分配/dev/sdb物理卷上的PE。没有加入卷组的物理卷执行pvdisplay命令显示Allocatable属性为NO,需要加入卷组才能成功修改该属性。 + +```shell +# pvchange -x n /dev/sdb +``` + +### 删除物理卷 + +可在root权限下通过pvremove命令删除物理卷。 + +```shell +pvremove [option] pvname ... +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -f:强制删除物理卷,不需要用户确认。 + - -y:所有的问题都回答“yes”。 + +- pvname:指定要删除的物理卷对应的设备名称,如果需要批量删除,可以填写多个设备名称,中间以空格间隔。 + +示例:删除物理卷/dev/sdb。如果物理卷已经加入卷组,需要先删除卷组或者从卷组中移除,再删除物理卷。 + +```shell +# pvremove /dev/sdb +``` + +## 管理卷组 + +### 创建卷组 + +可在root权限下通过vgcreate命令创建卷组。 + +```shell +vgcreate [option] vgname pvname ... +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -l:卷组上允许创建的最大逻辑卷数。 + - -p:卷组中允许添加的最大物理卷数。 + - -s:卷组上的物理卷的PE大小。 + +- vgname:要创建的卷组名称。 +- pvname:要加入到卷组中的物理卷名称。 + +示例:创建卷组 vg1,并且将物理卷/dev/sdb和/dev/sdc添加到卷组中。 + +```shell +# vgcreate vg1 /dev/sdb /dev/sdc +``` + +### 查看卷组 + +可在root权限下通过vgdisplay命令查看卷组的信息。 + +```shell +vgdisplay [option] [vgname] +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -s:以短格式输出。 + - -A:仅显示活动卷组的属性。 + +- vgname:指定要查看的卷组名称。如果不指定卷组名称,则显示所有卷组的信息。 + +示例:显示卷组vg1的基本信息。 + +```shell +# vgdisplay vg1 +``` + +### 修改卷组属性 + +可在root权限下通过vgchange命令修改卷组的属性。 + +```shell +vgchange [option] vgname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -a:设置卷组的活动状态。 + +- vgname:指定要修改属性的卷组名称。 + +示例:将卷组vg1状态修改为活动。 + +```shell +# vgchange -ay vg1 +``` + +### 扩展卷组 + +可在root权限下通过vgextend命令动态扩展卷组。它通过向卷组中添加物理卷来增加卷组的容量。 + +```shell +vgextend [option] vgname pvname ... +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -d:调试模式。 + - -t:仅测试。 + +- vgname:要扩展容量的卷组名称。 +- pvname:要加入到卷组中的物理卷名称。 + +示例:向卷组vg1中添加物理卷/dev/sdb。 + +```shell +# vgextend vg1 /dev/sdb +``` + +### 收缩卷组 + +可在root权限下通过vgreduce命令删除卷组中的物理卷来减少卷组容量。不能删除卷组中剩余的最后一个物理卷。 + +```shell +vgreduce [option] vgname pvname ... +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -a:如果命令行中没有指定要删除的物理卷,则删除所有的空物理卷。 + - \-\-removemissing:删除卷组中丢失的物理卷,使卷组恢复正常状态。 + +- vgname:要收缩容量的卷组名称。 +- pvname:要从卷组中删除的物理卷名称。 + +示例:从卷组vg1中移除物理卷/dev/sdb2。 + +```shell +# vgreduce vg1 /dev/sdb2 +``` + +### 删除卷组 + +可在root权限下通过vgremove命令删除卷组。 + +```shell +vgremove [option] vgname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -f:强制删除卷组,不需要用户确认。 + +- vgname:指定要删除的卷组名称。 + +示例:删除卷组vg1。 + +```shell +# vgremove vg1 +``` + +## 管理逻辑卷 + +### 创建逻辑卷 + +可在root权限下通过lvcreate命令创建逻辑卷。 + +```shell +lvcreate [option] vgname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -L:指定逻辑卷的大小,单位为“kKmMgGtT”字节。 + - -l:指定逻辑卷的大小(LE数)。 + - -n:指定要创建的逻辑卷名称。 + - -s:创建快照。 + +- vgname:要创建逻辑卷的卷组名称。 + +示例1:在卷组vg1中创建10G大小的逻辑卷。 + +```shell +# lvcreate -L 10G vg1 +``` + +示例2:在卷组vg1中创建200M的逻辑卷,并命名为lv1。 + +```shell +# lvcreate -L 200M -n lv1 vg1 +``` + +### 查看逻辑卷 + +可在root权限下通过lvdisplay命令查看逻辑卷的信息,包括逻辑卷空间大小、读写状态和快照信息等属性。 + +```shell +lvdisplay [option] [lvname] +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + + - -v:显示LE到PE的映射。 + +- lvname:指定要显示属性的逻辑卷对应的设备文件。如果省略,则显示所有的逻辑卷属性。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >逻辑卷对应的设备文件保存在卷组目录下,例如:在卷组vg1上创建一个逻辑卷lv1,则此逻辑卷对应的设备文件为/dev/vg1/lv1。 + +示例:显示逻辑卷lv1的基本信息。 + +```shell +# lvdisplay /dev/vg1/lv1 +``` + +### 调整逻辑卷大小 + +可在root权限下通过lvresize命令调整LVM逻辑卷的空间大小,可以增大空间和缩小空间。使用lvresize命令调整逻辑卷空间大小和缩小空间时需要谨慎,因为有可能导致数据丢失。 + +```shell +lvresize [option] vgname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -L:指定逻辑卷的大小,单位为“kKmMgGtT”字节。 + - -l:指定逻辑卷的大小(LE数)。 + - -f:强制调整逻辑卷大小,不需要用户确认。 + +- lvname:指定要调整的逻辑卷名称。 + +示例1:为逻辑卷/dev/vg1/lv1增加200M空间。 + +```shell +# lvresize -L +200 /dev/vg1/lv1 +``` + +示例2:为逻辑卷/dev/vg1/lv1减少200M空间。 + +```shell +# lvresize -L -200 /dev/vg1/lv1 +``` + +### 扩展逻辑卷 + +可在root权限下通过lvextend命令动态在线扩展逻辑卷的空间大小,而不中断应用程序对逻辑卷的访问。 + +```shell +lvextend [option] lvname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -L:指定逻辑卷的大小,单位为“kKmMgGtT”字节。 + - -l:指定逻辑卷的大小(LE数)。 + - -f:强制调整逻辑卷大小,不需要用户确认。 + +- lvname:指定要扩展空间的逻辑卷的设备文件。 + +示例:为逻辑卷/dev/vg1/lv1增加100M空间。 + +```shell +# lvextend -L +100M /dev/vg1/lv1 +``` + +### 收缩逻辑卷 + +可在root权限下通过lvreduce命令减少逻辑卷占用的空间大小。使用lvreduce命令收缩逻辑卷的空间大小有可能会删除逻辑卷上已有的数据,所以在操作前必须进行确认。 + +```shell +lvreduce [option] lvname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -L:指定逻辑卷的大小,单位为“kKmMgGtT”字节。 + - -l:指定逻辑卷的大小(LE数)。 + - -f:强制调整逻辑卷大小,不需要用户确认。 + +- lvname:指定要扩展空间的逻辑卷的设备文件。 + +示例:将逻辑卷/dev/vg1/lv1的空间减少100M。 + +```shell +# lvreduce -L -100M /dev/vg1/lv1 +``` + +### 删除逻辑卷 + +可在root权限下通过lvremove命令删除逻辑卷。如果逻辑卷已经使用mount命令加载,则不能使用lvremove命令删除。必须使用umount命令卸载后,逻辑卷方可被删除。 + +```shell +lvremove [option] vgname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -f:强制删除逻辑卷,不需要用户确认。 + +- vgname:指定要删除的逻辑卷。 + +示例:删除逻辑卷/dev/vg1/lv1。 + +```shell +# lvremove /dev/vg1/lv1 +``` + +## 创建并挂载文件系统 + +在创建完逻辑卷之后,需要在逻辑卷之上创建文件系统并挂载文件系统到相应目录下。 + +### 创建文件系统 + +可在root权限下通过mkfs命令创建文件系统。 + +```shell +mkfs [option] lvname +``` + +其中: + +- option:命令参数选项。常用的参数选项有: + - -t:指定创建的linux文件系统类型,如ext2,ext3,ext4等等,默认类型为ext2。 + +- lvname:指定要创建的文件系统对应的逻辑卷设备文件名。 + +示例:在逻辑卷/dev/vg1/lv1上创建ext4文件系统。 + +```shell +# mkfs -t ext4 /dev/vg1/lv1 +``` + +### 手动挂载文件系统 + +手动挂载的文件系统仅在当时有效,一旦操作系统重启则会不存在。 + +可在root权限下通过mount命令挂载文件系统。 + +```shell +mount lvname mntpath +``` + +其中: + +- lvname:指定要挂载文件系统的逻辑卷设备文件名。 +- mntpath:挂载路径。 + +示例:将逻辑卷/dev/vg1/lv1挂载到/mnt/data目录。 + +```shell +# mount /dev/vg1/lv1 /mnt/data +``` + +### 自动挂载文件系统 + +手动挂载的文件系统在操作系统重启之后会不存在,需要重新手动挂载文件系统。但若在手动挂载文件系统后在root权限下进行如下设置,可以实现操作系统重启后自动挂载文件系统。 + +1. 执行blkid命令查询逻辑卷的UUID,逻辑卷以/dev/vg1/lv1为例。 + + ```shell + # blkid /dev/vg1/lv1 + ``` + + 查看打印信息,打印信息中包含如下内容,其中 _uuidnumber_ 是一串数字,为UUID, _fstype_ 为文件系统。 + + /dev/vg1/lv1: UUID=" _uuidnumber_ " TYPE=" _fstype_ " + +2. 执行**vi /etc/fstab**命令编辑fstab文件,并在最后加上如下内容。 + + ```shell + UUID=uuidnumber mntpath fstype defaults 0 0 + ``` + + 内容说明如下: + + - 第一列:UUID,此处填写[1](#li65701520154311)查询的 _uuidnumber_ 。 + - 第二列:文件系统的挂载目录 _mntpath_ 。 + - 第三列:文件系统的文件格式,此处填写[1](#li65701520154311)查询的 _fstype_ 。 + - 第四列:挂载选项,此处以“defaults”为例; + - 第五列:备份选项,设置为“1”时,系统自动对该文件系统进行备份;设置为“0”时,不进行备份。此处以“0”为例; + - 第六列:扫描选项,设置为“1”时,系统在启动时自动对该文件系统进行扫描;设置为“0”时,不进行扫描。此处以“0”为例。 + +3. 验证自动挂载功能。 + 1. 执行umount命令卸载文件系统,逻辑卷以/dev/vg1/lv1为例。 + + ```shell + # umount /dev/vg1/lv1 + ``` + + 2. 执行如下命令,将/etc/fstab文件所有内容重新加载。 + + ```shell + # mount -a + ``` + + 3. 执行如下命令,查询文件系统挂载信息,挂载目录以/mnt/data为例。 + + ```shell + # mount | grep /mnt/data + ``` + + 查看打印信息,若信息中包含如下信息表示自动挂载功能生效。 + + /dev/vg1/lv1 on /mnt/data diff --git a/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-caution.gif b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-danger.gif b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-note.gif b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-notice.gif b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-tip.gif b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-warning.gif b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/memory_storage/lvm/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/memory_storage/memory/_toc.yaml b/docs/zh/server/memory_storage/memory/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bb19a7ef75425beabb62e0f12b3e4cee9673d5ad --- /dev/null +++ b/docs/zh/server/memory_storage/memory/_toc.yaml @@ -0,0 +1,6 @@ +label: 管理内存 +isManual: true +description: 管理内存 +sections: + - label: 管理内存 + href: ./overview.md diff --git a/docs/zh/server/memory_storage/memory/overview.md b/docs/zh/server/memory_storage/memory/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..00e0746392712d842c638cab77e42eb5cd8585b5 --- /dev/null +++ b/docs/zh/server/memory_storage/memory/overview.md @@ -0,0 +1,151 @@ +# 管理内存 + +## 基本概念 + +**内存**是计算机的重要组成部件,用于暂时存放CPU中的运算数据,以及与硬件等外部存储器交换的数据。特别地,**非统一内存访问架构**(non-uniform memory access,简称NUMA)是一种为多处理器的电脑设计的内存架构,**内存访问时间取决于内存相对于处理器的位置**。在NUMA下,处理器访问本地内存的速度比非本地内存速度(内存位于另一个处理器,或者是处理器之间共享的内存)快。 + +## 查看内存 + +1. free:可用于**显示系统内存状态**。 + + 例如: + + ```shell + # 显示系统内存状态,以MB单位显示 + free -m + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# free -m + total used free shared buff/cache available + Mem: 2633 436 324 23 2072 2196 + Swap: 4043 0 4043 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |标识|含义| + |--|--| + |total|总内存数。| + |used|已经使用的内存数。| + |free|空闲的内存数。| + |shared|多个进程共享的内存总数。| + |buff/cache|缓冲和缓存内存总数。| + |available|估计有多少内存可用于启动新应用程序,而不交换。| + +2. vmstat:可以**动态地监控系统内存**,查看系统内存的使用情况。 + + 例如: + + ```shell + # 监测系统内存,显示活跃和非活跃内存 + vmstat -a + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# vmstat -a + procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- + r b swpd free inact active si so bi bo in cs us sy id wa st + 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 + ``` + + 在命令的输出信息中,与内存相关的memory字段所代表的含义如下: + + |字段|含义| + |--|--| + |memory|内存信息字段。-swpd:虚拟内存的使用情况,单位为 KB。-free:空闲的内存容量,单位为 KB。-inact:非活跃的内存容量,单位为 KB。-active:活跃的内存容量,单位为 KB。| + +3. sar:可用于**监控系统的内存使用情况**。 + + 例如: + + ```shell + # 系统内存在采样时间内的使用情况,每2秒统计一次,统计 3 次 + sar -r 2 3 + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# sar -r 2 3 + + 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb + dirty + 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |字段|含义| + |--|--| + |kbmemfree|内存的未使用空间。| + |kbmemused|内存的已使用空间。| + |%memused|已使用空间的百分比。| + |kbbuffers|缓冲区的数据存取量。| + |kbcached|系统全域的数据存取量。| + +4. numactl:可用于**查看NUMA节点配置和状态**。 + + 例如: + + ```shell + # 查看当前的NUMA配置 + numactl -H + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# numactl -H + available: 1 nodes (0) + node 0 cpus: 0 1 2 3 + node 0 size: 2633 MB + node 0 free: 322 MB + node distances: + node 0 + 0: 10 + ``` + + 服务器共划分为1个NUMA节点。每个节点包含4个CPU core,每个节点的内存大小约为6GB。 + 同时,该命令还给出了不同节点间的距离,距离越远,跨NUMA内存访问的延时越大。应用程序运行时应减少跨NUMA访问内存。 + + numastat:可用于**观察各个NUMA节点的状态** + + ```shell + # 观察NUMA节点的状态 + numastat + ``` + + ```shell + [root@openEuler ~]# numastat + node0 + numa_hit 5386186 + numa_miss 0 + numa_foreign 0 + interleave_hit 17483 + local_node 5386186 + other_node 0 + ``` + + numastat命令输出字段及其含义如下: + + |标识|含义| + |--|--| + |numa_hit|节点内CPU核访问本地内存的次数。| + |numa_miss|节点内核访问其他节点内存的次数。| + |numa_foreign|初始分配在本地,最后分配在其他节点的叶数量。每个numa_foreign对应numa_miss事件。| + |interleave_hit|interleave策略页成功分配到这个节点。| + |local_node|该节点的进程成功在这个节点上分配内存访问的大小。| + |other_node|该节点的进程在其他节点上分配的内存访问大小。| + \ No newline at end of file diff --git a/docs/zh/server/memory_storage/public_sys-resources/icon-caution.gif b/docs/zh/server/memory_storage/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/memory_storage/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/memory_storage/public_sys-resources/icon-danger.gif b/docs/zh/server/memory_storage/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/memory_storage/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/memory_storage/public_sys-resources/icon-note.gif b/docs/zh/server/memory_storage/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/memory_storage/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/memory_storage/public_sys-resources/icon-notice.gif b/docs/zh/server/memory_storage/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/memory_storage/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/memory_storage/public_sys-resources/icon-tip.gif b/docs/zh/server/memory_storage/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/memory_storage/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/memory_storage/public_sys-resources/icon-warning.gif b/docs/zh/server/memory_storage/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/memory_storage/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/network/gazelle/_toc.yaml b/docs/zh/server/network/gazelle/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b2011a02351b34e053e1c0078313def60215456a --- /dev/null +++ b/docs/zh/server/network/gazelle/_toc.yaml @@ -0,0 +1,6 @@ +label: Gazelle用户指南 +isManual: true +description: 提高应用的网络 I/O 吞吐能力 +sections: + - label: Gazelle用户指南 + href: ./gazelle_user_guide.md diff --git a/docs/zh/server/network/gazelle/gazelle_user_guide.md b/docs/zh/server/network/gazelle/gazelle_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..fc0b4dd0e5ec1acf102bda43ec968cce42d2f3a0 --- /dev/null +++ b/docs/zh/server/network/gazelle/gazelle_user_guide.md @@ -0,0 +1,290 @@ +# 用户态协议栈Gazelle用户指南 + +## 简介 + +Gazelle是一款高性能用户态协议栈。它基于DPDK在用户态直接读写网卡报文,共享大页内存传递报文,使用轻量级LwIP协议栈。能够大幅提高应用的网络I/O吞吐能力。专注于数据库网络性能加速,如MySQL、redis等。 + +- 高性能 + + 报文零拷贝,无锁,灵活scale-out,自适应调度。 + +- 通用性 + + 完全兼容POSIX,零修改,适用不同类型的应用。 + + 单进程且网卡支持多队列时,只需使用liblstack.so有更短的报文路径。 + +## 安装 + +配置openEuler的yum源,直接使用yum命令安装 + +```sh +yum install dpdk +yum install libconfig +yum install numactl +yum install libboundscheck +yum install libpcap +yum install gazelle +``` + +>说明: +dpdk >= 21.11-2 + +## 使用方法 + +配置运行环境,使用Gazelle加速应用程序步骤如下: + +### 1. 使用root权限安装ko + +根据实际情况选择使用ko,提供绑定网卡到用户态功能。 +网卡从内核驱动绑为用户态驱动的ko,根据实际情况选择一种。 + +```sh +#若IOMMU能使用 +modprobe vfio-pci + +#若IOMMU不能使用,且VFIO支持noiommu +modprobe vfio enable_unsafe_noiommu_mode=1 +modprobe vfio-pci + +#其他情况 +modprobe igb_uio +``` + +>说明: +可根据机器BIOS配置,查看是否使能IOMMU。 + +### 2. dpdk绑定网卡 + +将网卡绑定到步骤1选择的驱动。为用户态网卡驱动提供网卡资源访问接口。 + +```sh +#使用vfio-pci +dpdk-devbind -b vfio-pci enp3s0 + +#使用igb_uio +dpdk-devbind -b igb_uio enp3s0 +``` + +### 3. 大页内存配置 + +Gazelle使用大页内存提高效率。使用root权限配置系统预留大页内存,可选用任意页大小。因每页内存都需要一个fd,使用内存较大时,建议使用1G的大页,避免占用过多fd。 +根据实际情况,选择一种页大小,配置足够的大页内存即可。配置大页操作如下: + +```sh +#配置2M大页内存:在node0上配置 2M * 1024 = 2G +echo 1024 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages + +#配置1G大页内存:在node0上配置1G * 5 = 5G +echo 5 > /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages +``` + +>说明: +cat查询实际预留页个数,连续内存不足时可能比预期少 + +### 4. 挂载大页内存 + +创建目录,给lstack的进程访问大页内存使用。操作步骤如下: + +```sh +mkdir -p /mnt/hugepages-lstack +chmod -R 700 /mnt/hugepages-lstack + +mount -t hugetlbfs nodev /mnt/hugepages-lstack -o pagesize=2M +``` + +### 5. 应用程序使用Gazelle + +有两种使用Gazelle方法,根据需要选择其一 + +- 重新编译应用程序,替换sockets接口 + +```sh +#makefile中添加Gazelle的Makefile +-include /etc/gazelle/lstack.Makefile + +#编译添加LSTACK_LIBS变量 +gcc test.c -o test ${LSTACK_LIBS} +``` + +- 使用LD_PRELOAD加载Gazelle库 + + GAZELLE_BIND_PROCNAME环境变量指定进程名,LD_PRELOAD指定Gazelle库路径。 + + ```sh + GAZELLE_BIND_PROCNAME=test LD_PRELOAD=/usr/lib64/liblstack.so ./test + ``` + +- 使用GAZELLE_THREAD_NAME指定Gazelle绑定的线程名 + + 同一进程中的多个线程中,仅有某个线程满足gazelle的使用条件时,可以使用GAZELLE_THREAD_NAME来指定仅由对应的线程名使用gazelle,而其他线程走内核态协议栈。 + + ```sh + GAZELLE_BIND_PROCNAME=test GAZELLE_THREAD_NAME=test_thread LD_PRELOAD=/usr/lib64/liblstack.so ./test + ``` + +### 6. 配置文件 + +- lstack.conf用于指定lstack的启动参数,默认路径为/etc/gazelle/lstack.conf, 配置文件参数如下 + +|选项|参数格式|说明| +|:---|:---|:---| +|dpdk_args|--socket-mem(必需)
--huge-dir(必需)
--proc-type(必需)
--legacy-mem
--map-perfect
-d|dpdk初始化参数,参考dpdk说明
--map-perfect为扩展特性,用于防止dpdk占用多余的地址空间,保证有额外的地址空间分配给lstack。
-d参数加载指定so库文件| +|listen_shadow| 0/1 | 是否使用影子fd监听。单listen线程,多协议栈线程时是能| +|use_ltran| 0/1 | 是否使用ltran ,功能已衰退,不再支持| +|num_cpus|"0,2,4 ..."|lstack线程绑定的cpu编号,编号的数量为lstack线程个数(小于等于网卡多队列数量)。可按NUMA选择cpu| +|low_power_mode|0/1|是否开启低功耗模式,暂不支持| +|kni_switch|0/1|rte_kni开关,默认为0。功能已衰退,不再支持| +|unix_prefix|"string"|gazelle进程间通信使用的unix socket文件前缀字符串,默认为空,和需要通信的ltran.conf的unix_prefix或gazellectl的-u参数配置一致。不能含有特殊字符,最大长度为128。| +|host_addr|"192.168.xx.xx"|协议栈的IP地址,也是应用程序的IP地址| +|mask_addr|"255.255.xx.xx"|掩码地址| +|gateway_addr|"192.168.xx.1"|网关地址| +|devices|"aa:bb:cc:dd:ee:ff"|网卡通信的mac地址,在bond1模式下作为bond的主网口| +|app_bind_numa|0/1|应用的epoll和poll线程是否绑定到协议栈所在的numa,缺省值是1,即绑定| +|send_connect_number|4|设置为正整数,表示每次协议栈循环中发包处理的连接个数| +|read_connect_number|4|设置为正整数,表示每次协议栈循环中收包处理的连接个数| +|rpc_number|4|设置为正整数,表示每次协议栈循环中rpc消息处理的个数| +|nic_read_num|128|设置为正整数,表示每次协议栈循环中从网卡读取的数据包的个数| +|bond_mode|-1|设置组bond,当前支持两个网口组bond模式,默认值-1关闭bond,当前支持bond1/4/6| +|bond_slave_mac|"aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF"|设置组bond网口的mac地址信息,以;分隔| +|bond_miimon|10|设置bond模式的监听间隔,默认值10,取值范围0~1500| +|udp_enable|0/1|是否开启udp功能,默认值1开启| +|nic_vlan_mode|-1|是否开启vlan模式,默认值-1关闭,取值范围-1~4095,0和4095是业界通用预留id无实际效果| +|tcp_conn_count|1500|tcp的最大连接数,该参数乘以mbuf_count_per_conn是初始化时申请的mbuf池大小,配置过小会启动失败,tcp_conn_count * mbuf_count_per_conn * 2048字节不能大于大页大小 | +|mbuf_count_per_conn|170|每个tcp连接需要的mbuf个数,该参数乘以tcp_conn_count是初始化时申请的mbuf地址池大小,配置过小会启动失败,tcp_conn_count * mbuf_count_per_conn * 2048字节不能大于大页大小| + +lstack.conf示例: + +```sh +dpdk_args=["--socket-mem", "2048,0,0,0", "--huge-dir", "/mnt/hugepages-lstack", "--proc-type", "primary", "--legacy-mem", "--map-perfect"] + +use_ltran=0 +kni_switch=0 + +low_power_mode=0 + +num_cpus="2,22" +num_wakeup="3,23" + +host_addr="192.168.1.10" +mask_addr="255.255.255.0" +gateway_addr="192.168.1.1" +devices="aa:bb:cc:dd:ee:ff" + +send_connect_number=4 +read_connect_number=4 +rpc_number=4 +nic_read_num=128 +mbuf_pool_size=1024000 +bond_mode=1 +bond_slave_mac="aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF" +udp_enable=1 +nic_vlan_mode=-1 +``` + +- ltran模式功能已衰退,多进程使用需求可尝试使用SR-IOV组网硬件虚拟化组网模式: + +### 7. 启动应用程序 + +- 启动应用程序 + + 启动应用程序前不使用环境变量LSTACK_CONF_PATH指定配置文件,则使用默认路径/etc/gazelle/lstack.conf + + ```sh + export LSTACK_CONF_PATH=./lstack.conf + LD_PRELOAD=/usr/lib64/liblstack.so GAZELLE_BIND_PROCNAME=redis-server redis-server redis.conf + ``` + +### 8. API + +Gazelle wrap应用程序POSIX接口,应用程序无需修改代码。 + +### 9. 调测命令 + +```sh +Usage: gazellectl [-h | help] + or: gazellectl lstack {show | set} {ip | pid} [LSTACK_OPTIONS] [time] [-u UNIX_PREFIX] + + where LSTACK_OPTIONS := + show lstack all statistics + -r, rate show lstack statistics per second + -s, snmp show lstack snmp + -c, connetct show lstack connect + -l, latency show lstack latency + -x, xstats show lstack xstats + -k, nic-features show state of protocol offload and other feature + -a, aggregatin [time] show lstack send/recv aggregation + set: + loglevel {error | info | debug} set lstack loglevel + lowpower {0 | 1} set lowpower enable + [time] measure latency time default 1S +``` + +-u参数指定gazelle进程间通信的unix socket前缀,和需要通信的lstack.conf的unix_prefix配置一致。 + +**抓包工具** +gazelle使用的网卡由dpdk接管,因此普通的tcpdump无法抓到gazelle的数据包。作为替代,gazelle使用dpdk-tools软件包中提供的gazelle-pdump作为数据包捕获工具,它使用dpdk的多进程模式和lstack进程共享内存。 +[详细使用方法](https://gitee.com/openeuler/gazelle/blob/master/doc/pdump.md) + +**线程名绑定** +lstack启动时可以通过指定环境变量GAZELLE_THREAD_NAME来指定lstack绑定的线程名,在业务进程中有多个不同线程时,可以通过使用此参数来指定需要lstack接管网络接口的线程名,未指定的线程将走内核态协议栈。默认为空,即绑定进程内的所有线程。 + +### 10. 使用注意 + +#### 1. dpdk配置文件的位置 + +如果是root用户,dpdk启动后的配置文件将会放到/var/run/dpdk目录下; +如果是非root用户,dpdk配置文件的路径将由环境变量XDG_RUNTIME_DIR决定; + +- 如果XDG_RUNTIME_DIR为空,dpdk配置文件放到/tmp/dpdk目录下; +- 如果XDG_RUNTIME_DIR不为空,dpdk配置文件放到变量XDG_RUNTIME_DIR下; +- 注意有些机器会默认设置XDG_RUNTIME_DIR + +## 约束限制 + +使用 Gazelle 存在一些约束限制: + +### 功能约束 + +- 不支持accept阻塞模式或者connect阻塞模式。 +- 最多支持1500个TCP连接。 +- 当前仅支持TCP、ICMP、ARP、IPv4、UDP 协议。 +- 在对端ping Gazelle时,要求指定报文长度小于等于14000B。 +- 不支持使用透明大页。 +- 虚拟机网卡不支持多队列。 + +### 操作约束 + +- 提供的命令行、配置文件默认root权限。非root用户使用,需先提权以及修改文件所有者。 +- 将用户态网卡绑回到内核驱动,必须先退出Gazelle。 +- 大页内存不支持在挂载点里创建子目录重新挂载。 +- 每个应用实例协议栈线程最低大页内存为800MB 。 +- 仅支持64位系统。 +- 构建x86版本的Gazelle使用了-march=native选项,基于构建环境的CPU(Intel® Xeon® Gold 5118 CPU @ 2.30GHz指令集进行优化。要求运行环境CPU支持 SSE4.2、AVX、AVX2、AVX-512 指令集。 +- 最大IP分片数为10(ping 最大包长14790B),TCP协议不使用IP分片。 +- sysctl配置网卡rp_filter参数为1,否则可能不按预期使用Gazelle协议栈,而是依然使用内核协议栈。 +- 不支持使用多种类型的网卡混合组bond。 +- bond1主备模式,只支持链路层故障主备切换(例如网线断开),不支持物理层故障主备切换(例如网卡下电、拔网卡)。 +- 发送udp报文包长超过45952(32 * 1436)B时,需要将send_ring_size扩大为至少64个。 + +## 注意事项 + +用户根据使用场景评估使用Gazelle + +ltran模式及kni模块由于上游社区及依赖包变更,功能在新版本中不再支持. + +共享内存 + +- 现状 + 大页内存 mount 至 /mnt/hugepages-lstack 目录,进程初始化时在 /mnt/hugepages-lstack 目录下创建文件,每个文件对应一个大页,并 mmap 这些文件。 +- 当前消减措施 + 大页文件权限 600,只有 OWNER 用户才能访问文件,默认 root 用户,支持配置成其他用户; + 大页文件有 DPDK 文件锁,不能直接写或者映射。 +- 注意 + 属于同一用户的恶意进程模仿DPDK实现逻辑,通过大页文件共享大页内存,写破坏大页内存,导致Gazelle程序crash。建议用户下的进程属于同一信任域。 + +**流量限制** +Gazelle没有做流量限制,用户有能力发送最大网卡线速流量的报文到网络,可能导致网络流量拥塞。 + +**进程仿冒** +建议lstack进程都为可信任进程。 diff --git a/docs/zh/server/network/network_config/_toc.yaml b/docs/zh/server/network/network_config/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b0148614220f817a11410ec8e8f0bd3a99bd4c32 --- /dev/null +++ b/docs/zh/server/network/network_config/_toc.yaml @@ -0,0 +1,6 @@ +label: 配置网络 +isManual: true +description: 配置ip,主机名,网络绑定等 +sections: + - label: 配置网络 + href: ./network_configuration.md diff --git a/docs/zh/server/network/network_config/network_configuration.md b/docs/zh/server/network/network_config/network_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..e77c145ccad78dc8383e219463f30004627e1570 --- /dev/null +++ b/docs/zh/server/network/network_config/network_configuration.md @@ -0,0 +1,1361 @@ +# 配置网络 + +## 配置 IP + +### 使用nmcli命令 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用nmcli命令配置的网络配置可以立即生效且系统重启后配置也不会丢失。 + +#### nmcli介绍 + +nmcli是NetworkManager的一个命令行工具,它提供了使用命令行配置由NetworkManager管理网络连接的方法。nmcli命令的基本格式为: + +```shell +# nmcli [OPTIONS] OBJECT { COMMAND | help } +``` + +其中,OBJECT选项可以是general、networking、radio、connection或device等。在日常使用中,最常使用的是-t, \-\-terse(用于脚本)、-p, \-\-pretty选项(用于用户)及-h, \-\-help选项,用户可以使用“nmcli help”获取更多参数及使用信息。 + +```shell +# nmcli help +``` + +常用命令使用举例如下: + +- 显示NetworkManager状态: + + ```shell + # nmcli general status + ``` + +- 显示所有连接: + + ```shell + # nmcli connection show + ``` + +- 只显示当前活动连接,如下所示添加-a, \-\-active: + + ```shell + # nmcli connection show --active + ``` + +- 显示由NetworkManager识别到的设备及其状态: + + ```shell + # nmcli device status + ``` + +- 使用nmcli工具启动和停止网络接口,在root权限下执行如下命令: + + ```shell + # nmcli connection up id enp3s0 + # nmcli device disconnect enp3s0 + ``` + +#### 设备管理 + +##### 连接到设备 + +使用如下命令,NetworkManager将连接到对应网络设备,尝试找到合适的连接配置,并激活配置。 + +```shell +# nmcli device connect "$IFNAME" +``` + +>如果不存在相应的配置连接,NetworkManager将创建并激活具有默认设置的新配置文件。 + +##### 断开设备连接 + +使用如下命令,NetworkManager将断开设备连接,并防止设备自动激活。 + +```shell +# nmcli device disconnect "$IFNAME" +``` + +#### 设置网络连接 + +列出目前可用的网络连接: + +```shell +# nmcli con show + + +NAME UUID TYPE DEVICE +enp4s0 5afce939-400e-42fd-91ee-55ff5b65deab ethernet enp4s0 +enp3s0 c88d7b69-f529-35ca-81ab-aa729ac542fd ethernet enp3s0 +virbr0 ba552da6-f014-49e3-91fa-ec9c388864fa bridge virbr0 +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>输出结果中的NAME字段代表连接ID(名称)。 + +添加一个网络连接会生成相应的配置文件,并与相应的设备关联。检查可用的设备,方法如下: + +```shell +# nmcli dev status + +DEVICE TYPE STATE CONNECTION +enp3s0 ethernet connected enp3s0 +enp4s0 ethernet connected enp4s0 +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +##### 配置动态IP连接 + +###### 配置IP + +要使用 DHCP 分配网络时,可以使用动态IP配置添加网络配置文件,命令格式如下: + +```shell +nmcli connection add type ethernet con-name connection-name ifname interface-name +``` + +例如创建名为net-test的动态连接配置文件,在root权限下使用以下命令: + +```shell +# nmcli connection add type ethernet con-name net-test ifname enp3s0 +Connection 'net-test' (a771baa0-5064-4296-ac40-5dc8973967ab) successfully added. +``` + +NetworkManager 会将参数 connection.autoconnect 设定为 yes,并将设置保存到 “/etc/sysconfig/network-scripts/ifcfg-net-test”文件中,在该文件中会将 ONBOOT 设置为 yes。 + +###### 激活连接并检查状态 + +在root权限下使用以下命令激活网络连接: + +```shell +# nmcli con up net-test +Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/5) +``` + +检查这些设备及连接的状态,使用以下命令: + +```shell +# nmcli device status + +DEVICE TYPE STATE CONNECTION +enp4s0 ethernet connected enp4s0 +enp3s0 ethernet connected net-test +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +##### 配置静态IP连接 + +###### 配置IP + +添加静态 IPv4 配置的网络连接,可使用以下命令: + +```shell +nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果要添加 IPv6 地址和网关信息,使用 ip6 和 gw6 选项。 + +例如创建名为 net-static的静态连接配置文件,在root权限下使用以下命令: + +```shell +# nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 +``` + +还可为该设备同时指定 IPv6 地址和网关,示例如下: + +```shell +# nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::* +Connection 'net-static' (63aa2036-8665-f54d-9a92-c3035bad03f7) successfully added. +``` + +NetworkManager 会将其内部参数 ipv4.method 设定为 manual,将 connection.autoconnect 设定为yes,并将设置写入 /etc/sysconfig/network-scripts/ifcfg-net-static 文件,其中会将对应 BOOTPROTO 设定为 none,将 ONBOOT 设定为 yes。 + +设定两个 IPv4 DNS 服务器地址,在root权限下使用以下命令: + +```shell +# nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*" +``` + +设置两个 IPv6 DNS 服务器地址,在root权限下使用以下命令: + +```shell +# nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****" +``` + +###### 激活连接并检查状态 + +激活新的网络连接,在root权限下使用以下命令: + +```shell +# nmcli con up net-static ifname enp3s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) +``` + +检查这些设备及连接的状态,使用以下命令: + +```shell +# nmcli device status + +DEVICE TYPE STATE CONNECTION +enp4s0 ethernet connected enp4s0 +enp3s0 ethernet connected net-static +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +查看配置的连接详情,使用以下命令(使用 -p,\-\-pretty 选项在输出结果中添加标题和分段): + +```shell +# nmcli -p con show net-static +=============================================================================== +Connection profile details (net-static ) +=============================================================================== +connection.id: net-static +connection.uuid: b9f18801-6084-4aee-af28-c8f0598ff5e1 +connection.stable-id: -- +connection.type: 802-3-ethernet +connection.interface-name: enp3s0 +connection.autoconnect: yes +connection.autoconnect-priority: 0 +connection.autoconnect-retries: -1 (default) +connection.multi-connect: 0 (default) +connection.auth-retries: -1 +connection.timestamp: 1578988781 +connection.read-only: no +connection.permissions: -- +connection.zone: -- +connection.master: -- +connection.slave-type: -- +connection.autoconnect-slaves: -1 (default) +connection.secondaries: -- +connection.gateway-ping-timeout: 0 +connection.metered: unknown +connection.lldp: default +connection.mdns: -1 (default) +connection.llmnr: -1 (default) +``` + +##### 添加 Wi-Fi 连接 + +有两种方式添加Wi-Fi 连接。 + +###### 方法1. 通过网络接口连接wifi + +连接到由SSID或BSSID指定的wifi网络。命令如下,该命令找到匹配的连接或创建一个连接,然后在设备上激活它。 + +```shell +nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME" +nmcli --ask device wifi connect "$SSID" +``` + +###### 方法2. 通过配置文件连接Wi-Fi** + +1,使用以下命令查看可用 Wi-Fi 访问点: + +```shell +# nmcli dev wifi list +``` + +2,使用以下命令生成使用的静态 IP 配置,但允许自动 DNS 地址分配的 Wi-Fi 连接: + +```shell +# nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 +``` + +3,请使用以下命令设定 WPA2 密码,例如 “answer”: + +```shell +# nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk +# nmcli con modify Wifi wifi-sec.psk answer +``` + +4,使用以下命令更改 Wi-Fi 状态: + +```shell +# nmcli radio wifi [ on | off ] +``` + +##### 更改属性 + +请使用以下命令检查具体属性,比如 mtu: + +```shell +# nmcli connection show id 'Wifi ' | grep mtu +802-11-wireless.mtu: auto +``` + +使用如下命令更改设置的属性: + +```shell +# nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 +``` + +使用如下命令确认更改: + +```shell +# nmcli connection show id 'Wifi ' | grep mtu +802-11-wireless.mtu: 1350 +``` + +#### 配置静态路由 + +- 使用nmcli命令为网络连接配置静态路由,使用命令如下: + + ```shell + # nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" + ``` + +- 使用编辑器配置静态路由,使用如下命令: + + ```shell + # nmcli con edit type ethernet con-name enp3s0 + ===| nmcli interactive connection editor |=== + Adding a new '802-3-ethernet' connection + Type 'help' or '?' for available commands. + Type 'describe [.]' for detailed property description. + You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb + nmcli> set ipv4.routes 192.168.122.0/24 10.10.10.1 + nmcli> + nmcli> save persistent + Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection. + Do you still want to save? [yes] yes + Connection 'enp3s0' (1464ddb4-102a-4e79-874a-0a42e15cc3c0) successfully saved. + nmcli> quit + ``` + +- 使用如下命令激活连接以生效配置: + + ```shell + # nmcli con up enp3s0 + ``` + +### 使用ip命令 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用ip命令配置的网络配置可以立即生效但系统重启后配置会丢失。 + +#### 配置IP地址 + +使用ip命令为接口配置地址,命令格式如下,其中 _interface-name_ 为网卡名称。 + +```shell +# ip addr [ add | del ] address dev interface-name +``` + +##### 配置静态地址 + +在root权限下,配置静态IP地址,使用示例如下: + +```shell +# ip address add 192.168.0.10/24 dev enp3s0 +``` + +查看配置结果,在root权限使用如下命令: + +```shell +# ip addr show dev enp3s0 +2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff + inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 + valid_lft 9547sec preferred_lft 9547sec + inet 192.168.0.10/24 scope global enp3s0 + valid_lft forever preferred_lft forever + inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute + valid_lft forever preferred_lft forever +``` + +##### 配置多个地址 + +ip 命令支持为同一接口分配多个地址,可在root权限下重复多次使用 ip 命令实现分配多个地址。使用示例如下: + +```shell +# ip address add 192.168.2.223/24 dev enp4s0 +# ip address add 192.168.4.223/24 dev enp4s0 +# ip addr + +3: enp4s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff + inet 192.168.203.12/16 brd 192.168.255.255 scope global dynamic noprefixroute enp4s0 + valid_lft 8389sec preferred_lft 8389sec + inet 192.168.2.223/24 scope global enp4s0 + valid_lft forever preferred_lft forever + inet 192.168.4.223/24 scope global enp4s0 + valid_lft forever preferred_lft forever + inet6 fe80::1eef:5e24:4b67:f07f/64 scope link noprefixroute + valid_lft forever preferred_lft forever +``` + +#### 配置静态路由 + +如果需要静态路由,可使用 ip route add 命令在路由表中添加,使用 ip route del 命令删除。最常使用的 ip route 命令格式如下: + +```shell +# ip route [ add | del | change | append | replace ] destination-address +``` + +在root权限下使用 ip route 命令显示当前的 IP 路由表。示例如下: + +```shell +# ip route + +default via 192.168.0.1 dev enp3s0 proto dhcp metric 100 +default via 192.168.0.1 dev enp4s0 proto dhcp metric 101 +192.168.0.0/16 dev enp3s0 proto kernel scope link src 192.168.202.248 metric 100 +192.168.0.0/16 dev enp4s0 proto kernel scope link src 192.168.203.12 metric 101 +192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown +``` + +在主机地址中添加一个静态路由,在 root 权限下,使用以下命令格式: + +```shell +# ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] +``` + +其中 192.168.2.1 是用点分隔的十进制符号中的 IP 地址,10.0.0.1 是下一个跃点,_interface-name_ 是进入下一个跃点的退出接口。 + +要在网络中添加一个静态路由,即代表 IP 地址范围的 IP 地址,请在root权限下运行以下命令格式: + +```shell +# ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] +``` + +其中 192.168.2.1 是目标网络的 IP 地址,10.0.0.1 是网络前缀,_interface-name_ 为网卡名称。 + +### 通过ifcfg文件配置网络 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>通过ifcfg文件配置的网络配置不会立即生效,修改文件后(以ifcfg-enp3s0为例),需要在root权限下执行**nmcli con reload;nmcli con up enp3s0**命令以重新加载配置文件并激活连接才生效。 + +#### 配置静态网络 + +以enp4s0网络接口进行静态网络设置为例,通过在root权限下修改ifcfg文件实现,在/etc/sysconfig/network-scripts/目录中生成名为ifcfg-enp4s0的文件中,修改参数配置,示例如下: + +```text +TYPE=Ethernet +PROXY_METHOD=none +BROWSER_ONLY=no +BOOTPROTO=none +IPADDR=192.168.0.10 +PREFIX=24 +DEFROUTE=yes +IPV4_FAILURE_FATAL=no +IPV6INIT=yes +IPV6_AUTOCONF=yes +IPV6_DEFROUTE=yes +IPV6_FAILURE_FATAL=no +IPV6_ADDR_GEN_MODE=stable-privacy +NAME=enp4s0static +UUID=08c3a30e-c5e2-4d7b-831f-26c3cdc29293 +DEVICE=enp4s0 +ONBOOT=yes +``` + +#### 配置动态网络 + +要通过ifcfg文件为em1接口配置动态网络,请按照如下操作在/etc/sysconfig/network-scripts/目录中生成名为 ifcfg-em1 的文件,示例如下: + +```text +DEVICE=em1 +BOOTPROTO=dhcp +ONBOOT=yes +``` + +要配置一个向DHCP服务器发送不同的主机名的接口,请在ifcfg文件中新增一行内容,如下所示: + +```text +DHCP_HOSTNAME=hostname +``` + +要配置忽略由DHCP服务器发送的路由,防止网络服务使用从DHCP服务器接收的DNS服务器更新/etc/resolv.conf。请在ifcfg文件中新增一行内容,如下所示: + +```text +PEERDNS=no +``` + +要配置一个接口使用具体DNS服务器,请将参数PEERDNS=no,并在ifcfg文件中添加以下行: + +```text +DNS1=ip-address +DNS2=ip-address +``` + +其中ip-address是DNS服务器的地址。这样就会让网络服务使用指定的DNS服务器更新/etc/resolv.conf。 + +#### 配置默认网关 + +在确定默认网关时,首先解析 /etc/sysconfig/network 文件,然后解析 ifcfg 文件 ,将最后读取的 GATEWAY 的取值作为路由表中的默认路由。 + +在动态网络环境中,使用 NetworkManager 管理主机时,建议设置为由 DHCP 来分配。 + +### 通过 nmtui 工具 + +nmtui 工具提供了一个交互式的界面,可以用来配置网络连接。要使用 nmtui 工具,以 root 权限执行以下命令: + +```shell +# nmtui +``` + +选择 **Edit a connection** 选项,然后选择要编辑的网络连接,按 **Enter** 键,进入编辑界面。 + +在交互界面中,可以使用方向键选择要编辑的选项,按 **Tab** 键切换到下一个选项,按 **Enter** 键进入编辑状态,按 **Esc** 键退出编辑状态。可以使用方向键选择 IPV4 CONFIGURATION 或 IPV6 CONFIGURATION 的配置方式,并选择 Show 显示详细信息。 + +## 配置主机名 + +### 简介 + +hostname有三种类型:static、transient和pretty。 + +- static:静态主机名,可由用户自行设置,并保存在/etc/hostname 文件中。 +- transient:动态主机名,由内核维护,初始是 static 主机名,缺省值为“localhost”。可由DHCP或mDNS在运行时更改。 +- pretty:灵活主机名,允许使用自由形式(包括特殊/空白字符)进行设置。静态/动态主机名遵从域名的通用限制。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>static和transient主机名只能包含a-z、A-Z、0-9、“-”和“.”,不能在开头或结尾处使用句点,不允许使用两个相连的句点,大小限制为 64 个字符。 + +### 使用hostnamectl配置主机名 + +#### 查看所有主机名 + +查看当前的主机名,使用如下命令: + +```shell +# hostnamectl status +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果命令未指定任何选项,则默认使用status选项。 + +#### 设定所有主机名 + +在root权限下,设定系统中的所有主机名,使用如下命令: + +```shell +# hostnamectl set-hostname name +``` + +#### 设定特定主机名 + +在root权限下,通过不同的参数来设定特定主机名,使用如下命令: + +```shell +# hostnamectl set-hostname name [option...] +``` + +其中option可以是\-\-pretty、\-\-static、\-\-transient中的一个或多个选项。 + +如果\-\-static或\-\-transient与\-\-pretty选项一同使用时,则会将static和transient主机名简化为pretty主机名格式,使用“-”替换空格,并删除特殊字符。 + +当设定pretty主机名时,如果主机名中包含空格或单引号,需要使用引号。命令示例如下: + +```shell +# hostnamectl set-hostname "Stephen's notebook" --pretty +``` + +#### 清除特定主机名 + +要清除特定主机名,并将其还原为默认形式,在root权限下,使用如下命令: + +```shell +# hostnamectl set-hostname "" [option...] +``` + +其中 "" 是空白字符串,option是\-\-pretty、\-\-static和\-\-transient中的一个或多个选项。 + +#### 远程更改主机名 + +在远程系统中运行hostnamectl命令时,要使用-H,\-\-host 选项,在root权限下使用如下命令: + +```shell +# hostnamectl set-hostname -H [username]@hostname new_hostname +``` + +其中hostname是要配置的远程主机,username为自选项,new\_hostname为新主机名。hostnamectl会通过SSH连接到远程系统。 + +### 使用nmcli配置主机名 + +查询static主机名,使用如下命令: + +```shell +# nmcli general hostname +``` + +在root权限下,将static主机名设定为host-server,使用如下命令: + +```shell +# nmcli general hostname host-server +``` + +要让系统hostnamectl感知到static主机名的更改,在root权限下,重启hostnamed服务,使用如下命令: + +```shell +# systemctl restart systemd-hostnamed +``` + +### 通过 nmtui 工具 + +nmtui 提供了一个交互式的界面,可以用来配置网络连接。要使用 nmtui 工具,以 root 权限执行以下命令: + +```shell +# nmtui +``` + +选择 **Set system hostname** 选项,输入新的主机名,然后按 **Enter** 键。选择 OK 确认修改。 + +## 配置网络绑定 + +### 使用nmcli + +- 创建名为mybond0的绑定,使用示例如下: + + ```shell + # nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup + ``` + +- 添加从属接口,使用示例如下: + + ```shell + # nmcli con add type bond-slave ifname enp3s0 master mybond0 + ``` + + 要添加其他从属接口,重复上一个命令,并在命令中使用新的接口,使用示例如下: + + ```shell + # nmcli con add type bond-slave ifname enp4s0 master mybond0 + Connection 'bond-slave-enp4s0' (05e56afc-b953-41a9-b3f9-0791eb49f7d3) successfully added. + ``` + +- 要启动绑定,则必须首先启动从属接口,使用示例如下: + + ```shell + # nmcli con up bond-slave-enp3s0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14) + ``` + + ```shell + # nmcli con up bond-slave-enp4s0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) + ``` + + 现在可以启动绑定,使用示例如下: + + ```shell + # nmcli con up mybond0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16) + ``` + +### 使用命令行 + +#### 检查是否已安装Bonding内核模块 + +在系统中默认已加载相应模块。要载入绑定模块,可在root权限下使用如下命令: + +```shell +# modprobe --first-time bonding +``` + +显示该模块的信息,可在root权限下使用如下命令: + +```shell +# modinfo bonding +``` + +更多命令请在root权限下使用modprobe \-\-help查看。 + +#### 创建频道绑定接口 + +要创建绑定接口,可在root权限下通过在 /etc/sysconfig/network-scripts/ 目录中创建名为 ifcfg-bondN 的文件(使用接口号码替换 N,比如 0)。 + +根据要绑定接口类型的配置文件来编写相应的内容,比如网络接口。接口配置文件示例如下: + +```text +DEVICE=bond0 +NAME=bond0 +TYPE=Bond +BONDING_MASTER=yes +IPADDR=192.168.1.1 +PREFIX=24 +ONBOOT=yes +BOOTPROTO=none +BONDING_OPTS="bonding parameters separated by spaces" +``` + +#### 创建从属接口 + +创建频道绑定接口后,必须在从属接口的配置文件中添加 MASTER 和 SLAVE 指令。 + +例如将两个网络接口enp3s0 和 enp4s0 以频道方式绑定,其配置文件示例分别如下: + +```text +TYPE=Ethernet +NAME=bond-slave-enp3s0 +UUID=3b7601d1-b373-4fdf-a996-9d267d1cac40 +DEVICE=enp3s0 +ONBOOT=yes +MASTER=bond0 +SLAVE=yes +``` + +```text +TYPE=Ethernet +NAME=bond-slave-enp4s0 +UUID=00f0482c-824f-478f-9479-abf947f01c4a +DEVICE=enp4s0 +ONBOOT=yes +MASTER=bond0 +SLAVE=yes +``` + +#### 激活频道绑定 + +要激活绑定,则需要启动所有从属接口。请在root权限下,运行以下命令: + +```text +# ifup enp3s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7) +``` + +```text +# ifup enp4s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>对于已经处于“up”状态的接口,请首先使用“ifdown _enp3s0_ ”命令修改状态为down,其中 _enp3s0_ 为实际网卡名称。 + +完成后,启动所有从属接口以便启动绑定(不将其设定为 “down”)。 + +要让 NetworkManager 感知到系统所做的修改,在每次修改后,请在root权限下,运行以下命令: + +```shell +# nmcli con load /etc/sysconfig/network-scripts/ifcfg-device +``` + +查看绑定接口的状态,请在root权限下运行以下命令: + +```shell +# ip link show + +1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 +2: enp3s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 + link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff +3: enp4s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 + link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff +4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 + link/ether 86:a1:10:fb:ef:07 brd ff:ff:ff:ff:ff:ff +5: virbr0-nic: mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000 + link/ether 52:54:00:29:35:4c brd ff:ff:ff:ff:ff:ff +``` + +#### 创建多个绑定 + +系统会为每个绑定创建一个频道绑定接口,包括 BONDING\_OPTS 指令。使用这个配置方法可让多个绑定设备使用不同的配置。请按照以下操作创建多个频道绑定接口: + +- 创建多个 ifcfg-bondN 文件,文件中包含 BONDING\_OPTS 指令,让网络脚本根据需要创建绑定接口。 +- 创建或编辑要绑定的现有接口配置文件,添加 SLAVE 指令。 +- 使用 MASTER 指令工具在频道绑定接口中分配要绑定的接口,即从属接口。 + +以下是频道绑定接口配置文件示例: + +```text +DEVICE=bondN +NAME=bondN +TYPE=Bond +BONDING_MASTER=yes +IPADDR=192.168.1.1 +PREFIX=24 +ONBOOT=yes +BOOTPROTO=none +BONDING_OPTS="bonding parameters separated by spaces" +``` + +在这个示例中,使用绑定接口的号码替换 N。例如要创建两个接口,则需要使用正确的 IP 地址创建两个配置文件 ifcfg-bond0 和 ifcfg-bond1。 + +### 使用 nmtui 工具 + +在 nmtui 工具中,选择 **Edit a connection**,然后选择 **Bond**,按照提示输入相关信息,即可创建绑定。 + +返回 nmtui 的主菜单,选择 **Activate a connection**,然后选择刚刚创建的绑定,即可激活绑定。 + +## IPv6使用差异说明(vs IPv4) + +### 配置说明 + +#### 设置接口设备MTU值 + +##### 概述 + +IPv6场景中会发现整个路由路径中的最小mtu的值作为当前链接的PMTU的值,源端根据PMTU的值确定是否进行分片发送,而在整个路径中的其他设备将不再需要进行分片处理,从而可以降低中间路由设备的负载大小。其中IPv6 PMTU设置的最小值为1280。 + +##### 设置接口设备的mtu + +如果在配置了IPv6地址的接口上设置mtu的值小于1280(IPv6 PMTU设置的最小值),则会导致该接口的IPv6地址被删除。并且无法再次添加IPv6地址。所以在IPv6场景中,对接口设备的mtu的配置一定要大于等于1280。 +请在root权限下运行如下命令查看具体现象: + +```shell +# ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38663sec preferred_lft 38663sec + inet6 2001:222::2/64 scope global + valid_lft forever preferred_lft forever +``` + +```shell +# ip link set dev enp3s0 mtu 1200 +# ip addr show enp3s0 +3: enp3s0: mtu 1200 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38642sec preferred_lft 38642sec +``` + +```shell +# ip addr add 2001:222::2/64 dev enp3s0 +RTNETLINK answers: No buffer space available +``` + +```shell +# ip link set dev enp3s0 mtu 1500 +# ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38538sec preferred_lft 38538sec +``` + +```shell +# ip addr add 2001:222::2/64 dev enp3s0 +# ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38531sec preferred_lft 38531sec + inet6 2001:222::2/64 scope global + valid_lft forever preferred_lft forever +``` + +#### 有状态自动配置IPv6地址 + +##### 概述 + +IPv6与IPv4都可以在root权限下通过DHCP的方式获得IP地址。IPv6地址有两种配置方式:无状态自动配置和有状态自动配置。 + +- 无状态自动配置 + + 不需要DHCP服务进行管理,设备根据网络RA(路由公告)获得网络前缀,或者link-local地址为固定fe80::。而接口ID则根据ifcfg配置IPV6\_ADDR\_GEN\_MODE的具体设置来进行自动获得: + + 1. IPv6\_ADDR\_GEN\_MODE="stable-privacy" 则根据设备及网络环境来确定一个随机接口ID。 + 2. IPv6\_ADDR\_GEN\_MODE="EUI64" 则根据设备MAC地址来确定接口ID。 + +- 有状态自动配置:需要DHCP服务器进行管理分配,服从DHCPv6协议来从DHCPv6服务器端租赁IPv6地址。 + + 在有状态自动配置IPv6地址时,DHCPv6服务端可以通过客户端设置的vendor class将客户端进行分类,不同类别分配不同地址段的IPv6地址。在IPv4场景中,客户端可以直接用dhclient的-V选项来设置vendor-class-identifier,DHCP服务端在配置文件中根据vendor-class-identifier来对客户端进行分类处理。而IPv6场景中,如果使用同样的方法对客户端分类,则分类并不会生效。 + + ```shell + dhclient -6 -V + ``` + + 这是由于DHCPv6和DHCP协议存在较大差异,DHCPv6的可选项中使用vendor-class-option替代了DHCP中的vendor-class-identifier。而dhclient的-V选项并不能设置vendor-class-option。 + +##### 有状态自动配置IPv6地址时dhclient设置vendor class方法 + +- 在客户端使用配置文件方式添加对vendor class的设置,使用方法如下: + + 客户端配置文件(/etc/dhcp/dhclient6.conf),文件位置可以自定义,在使用时需要通过dhclient -cf选项来指定配置文件: + + ```text + option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; + interface "enp3s0" { + send dhcp6.vendor-class ; + } + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- \,32位整型数字,企业标识号,企业通过IANA注册。 + >- \,16位整型数字,vendor class字符串长度。 + >- \,要设置的vendor class字符串,例如:“HWHW”。 + + 客户端使用方法: + + ```shell + dhclient -6 -cf /etc/dhcp/dhclient6.conf + ``` + +- DHCPv6服务端配置文件(/etc/dhcp/dhcpd6.conf),需要dhcpd -cf选项来指定该配置文件: + + ```text + option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; + subnet6 fc00:4:12:ffff::/64 { + class "hw" { + match if substring ( option dhcp6.vendor-class, 6, 10 ) = "HWHW"; + } + pool6 { + allow members of "hw"; + range6 fc00:4:12:ffff::ff10 fc00:4:12:ffff::ff20; + } + pool6 { + allow unknown clients; + range6 fc00:4:12:ffff::100 fc00:4:12:ffff::120; + } + } + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >substring \( option dhcp6.vendor-class, 6, 10 \) 其中子字符串的开始位置为6,因为前面包含4个字节的和2个字节的。而子字符串的结束位置为:6+。这里vendor class string为“HWHW”,字符串的长度为4,所以子字符串的结束位置为6+4=10。用户可以根据实际需要来确定及相应的。 + + 服务端使用方法: + + ```shell + dhcpd -6 -cf /etc/dhcp/dhcpd6.conf + ``` + +#### 内核支持socket相关系统调用 + +##### 概述 + +IPv6地址长度扩展到128比特,所以有足够的IPv6地址可供分配使用。同时IPv6头相比IPv4头进行了简化,并增强了IPv6的自动配置功能。IPv6地址分为单播地址,组播地址和任意播地址。常用的单播地址又包含:链路本地地址(link-local address),唯一本地地址(Unique local address)和全局地址(global address)。由于IPv6的全局地址十分充足,唯一本地地址一般不被使用(其前身为站点本地地址(site-local address),已于2004年被废弃)。当前主要使用的单播地址为:链路本地地址(link-local address)和全局地址(global address)。当前内核支持socket系统调用,在使用单播地址的链路本地地址和全局地址时存在差异。 + +##### link-local地址和global地址在socket调用时的差异 + +RFC 2553: Basic Socket Interface Extensions for IPv6 定义sockaddr\_in6的数据结构如下; + +```text +struct sockaddr_in6 { + uint8_t sin6_len; /* length of this struct */ + sa_family_t sin6_family; /* AF_INET6 */ + in_port_t sin6_port; /* transport layer port # */ + uint32_t sin6_flowinfo; /* IPv6 flow information */ + struct in6_addr sin6_addr; /* IPv6 address */ + uint32_t sin6_scope_id; /* set of interfaces for a scope */ +}; +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>sin6\_scope\_id: 32位整型,对于链路本地地址(link-local address),对于链路范围的sin6\_addr,它可以用来标识指定的接口索引号。如果是站点范围的sin6\_addr,则用来作为站点的标识符(站点本地地址已被抛弃)。 + +在使用link-local地址进行socket通信时,在构造目的地址时,需要指定该地址所对应的接口索引号。一般可以通过if\_nametoindex函数将接口名转化为接口索引号。具体方式如下, + +```text +int port = 1234; +int sk_fd; +int iff_index = 0; +char iff_name[100] = "enp3s0"; +char * ll_addr[100] = "fe80::123:456:789"; +struct sockaddr_in6 server_addr; + +memset(&server_addr,0,sizeof(structsockaddr_in6)); +iff_index=if_nametoindex(iff_name); + +server_addr.sin6_family=AF_INET6; +server_addr.sin6_port=htons(port); +server_addr.sin6_scope_id=iff_index; +inet_pton(AF_INET6, ll_addr, &(server_addr.sin6_addr)); + +sk_fd=socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); +connect(sk_fd, (struct sockaddr *)&server_addr, sizeof(struct sockaddr_in6)); +``` + +#### IPv4的dhclient守护进程持久化配置 + +##### 概述 + +通过NetworkManager服务来管理网络服务时,如果接口ifcfg-配置文件中配置了DHCP方式获得IP地址,则相应地NetworkManager服务会拉起dhclient守护进程来通过DHCP协议方式来从DHCP服务器获取IP地址。 + +dhclient提供了"-1"选项来决定dhclient进程在未获得DHCP服务响应时,是会不断持久化尝试请求地址还是会尝试时间超时后退出。针对IPv4的dhclient守护进程,可以在ifcfg-配置文件中设置PERSISTENT\_DHCLIENT来决定是否设置IPv4的dhclient进程的持久化。 + +##### 约束限制 + +1. 当dhclient进程在运行中被杀死,network服务无法自动将其拉起,可靠性需要用户自己保障。 +2. 配置了持久化选项PERSISTENT\_DHCLIENT,需要确保有相应的DHCP服务器。如果在拉起network时无可用DHCP服务器,dhclient进程不断尝试发送请求包但无回应,则会导致network服务卡死直到network服务超时失败。由于network服务在拉起多个网卡的IPv4 dhclient进程时,是通过串行的方式来拉起的。如果有网卡配置了持久化而DHCP服务器没有准备好,则会导致network服务在给该网卡获取IPv4地址超时卡死,进而导致后续网卡无法获得IPv4/IPv6地址。 + +以上两种约束限制是特殊的应用场景,需要用户自己进行可靠性保障。 + +##### IPv4 DHCP和IPv6 DHCPv6方式获取地址的配置差异 + +可以通过配置接口ifcfg-参数来分别实现IPv4和IPv6通过DHCP/DHCPv6协议来动态获取IP地址,具体配置说明如下; + +```text +BOOTPROTO=none|bootp|dhcp +DHCPV6C=yes|no +PERSISTENT_DHCLIENT=yes|no|1|0 +``` + +- BOOTPROTO: none表示静态配置IPv4地址,bootp|dhcp则会拉起DHCP dhclient来动态获取IPv4地址。 +- DHCPV6C: no表示静态配置IPv6地址,yes则会拉起DHCPv6 dhclient来动态获取IPv6地址。 +- PERSISTENT\_DHCLIENT:no|0表示IPv4的dhclient进程配置为“非持久化”,当dhclient向DHCP服务器发送一次请求报文而无响应,则会间隔一段时间后退出,退出值为2。yes|1则表示IPv4的dhclient进程配置为“持久化”,dhclient会向DHCP服务器反复发送请求报文。**如果没有配置PERSISTENT\_DHCLIENT项,则IPv4的dhclient会默认设置为“持久化”**。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >PERSISTENT\_DHCLIENT配置只针对IPv4生效,对IPv6相关dhclient -6进程不生效,IPv6默认不进行持久化配置。 + +#### iproute相关命令配置IPv4与IPv6时的差异说明 + +##### 概述 + +由于IPv4和IPv6是两个不同的协议标准,iproute相关命令在使用方法上存在一定的差异。本章节主要梳理iproute包中用户经常使用到命令在IPv4和IPv6使用方面的差异,从而可以更好地指导用户使用iproute包中相关命令。 + +iproute相关命令均需要在root权限下运行。 + +##### IPv6地址的生命周期 + + + + + + + + + + + + + + + + + + + +

IPv6状态

+

解释

+

tentative

+

临时状态:刚添加地址还处于地址重复检测DAD过程。

+

preferred

+

首选状态:完成DAD过程,没有收到相应的NA报文,表示该地址没有冲突。

+

deprecated

+

弃用状态:地址有一定的使用时限(valid_lft和preferred_lft),preferred_lft到期后地址会变化deprecated状态。

+

该状态下的地址不能用于创建新的连接,但是原有的连接可以继续使用。

+

invalid

+

无效状态:使用时限超过preferred_lft一段时间后仍然没有成功进行租约续约,则valid_lft时间到后地址状态会被设置为invalid,表示该地址不可以再被使用。

+
+ +其他说明: + +- preferred\_lft:preferred lifetime,地址为首选状态的寿命,preferred\_lft没有到期的地址可以用于正常通信使用,若有多个preferred地址则按照内核具体机制选择地址。 +- valid\_lft: valid lifetime,地址有效的寿命,在\[preferred\_lft, valid\_lft\]时间段内该地址不能被用于新建连接,已经创建的连接继续有效。 + +##### ip link 命令 + +命令: + +```shell +ip link set IFNAME mtu MTU +``` + +IPv6中PMTU的最小值为1280,如果mtu值设置小于1280则会导致IPv6地址丢失。其他设备无法ping通该IPv6地址。 + +##### ip addr命令 + +1. 命令: + + ```shell + # ip [-6] addr add IFADDR dev IFNAME + ``` + + 添加IPv6地址可以选择添加-6选项也可以不添加,ip addr命令会根据具体地址类型来判断是ipv4地址还是IPv6地址。 + + 如果指定“-6”选项,但是IFADDR 是ipv4地址则会有错误返回。 + +2. 命令: + + ```shell + # ip [-6] addr add IFADDR dev IFNAME [home|nodad] + ``` + + \[home|nodad\] 选项只针对IPv6地址有效。 + + - home:将该地址指定为RFC 6275中定义的家庭地址。(这是移动节点从家庭链路获取的地址, 是移动节点的永久地址,如果移动节点保持在相同的归属链路中,则各种实体之间的通信照常进行。) + - nodad:配置该项(仅限IPv6)添加此地址时不执行重复地址检测DAD(RFC 4862)。如果一台设备上多个接口通过nodad配置了多个相同的IPv6地址,则会按照接口顺序使用该IPv6地址。同一个接口上不能添加一个nodad一个非nodad的相同IPv6地址。因为两个地址是一样的,所以会报“RTNETLINK answers: File exists”。 + +3. 命令: + + ```shell + # ip [-6] addr del IFADDR dev IFNAME + ``` + + 删除IPv6地址可以选择添加-6选项也可以不添加,ip addr del命令会根据具体地址类型来判断是ipv4地址还是IPv6地址。 + +4. 命令: + + ```shell + # ip [-6] addr show dev IFNAME [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary] + ``` + + - 不指定-6选项,则会同时打印IPv4和IPv6地址。指定-6选项则只打印IPv6地址。 + - \[tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary\],这些选项只针对IPv6,可以根据IPv6地址状态对地址进行筛选查看。 + 1. tentative:(仅限IPv6)仅列出尚未通过重复地址检测的地址。 + 2. -tentative:(仅限IPv6)仅列出当前未处于重复地址检测过程中的地址。 + 3. deprecated:(仅限IPv6)仅列出已弃用的地址。 + 4. -deprecated:(仅限IPv6)仅列出未弃用的地址。 + 5. dadfailed:(仅限IPv6)仅列出重复地址检测失败的地址。 + 6. -dadfailed:(仅限IPv6)仅列出未重复地址检测失败的地址。 + 7. temporary:(仅限IPv6)仅列出临时地址 + +##### ip route命令 + +1. 命令: + + ```shell + # ip [-6] route add ROUTE [mtu lock MTU] + ``` + + - -6选项:添加IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 + + - mtu lock MTU:锁定路由的MTU值。如果不锁定MTU,则MTU的值则可能在PMTUD过程中被内核改变。如果锁定MTU,则不会尝试PMTUD,所有IPv4包都将不设置DF位发出,IPv6包则会按照MTU进行分段处理。 + +2. 命令: + + ```shell + # ip [-6] route del ROUTE + ``` + + 删除IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 + +##### ip rule命令 + +1. 命令: + + ```shell + # ip [-6] rule list + ``` + + -6选项:设置-6选项打印IPv6的策略路由,不设置-6选项打印IPv4的策略路由。所以需要根据具体协议类型来配置-6选项。 + +2. 命令: + + ```shell + # ip [-6] rule [add|del] [from|to] ADDR table TABLE pref PREF + ``` + + -6选项:IPv6相关的策略路由表项需要设置-6选项,否则会报错:“Error: Invalid source address.”。相应地,IPv4相关的策略路由表项不可以设置-6选项,否则会报错:“Error: Invalid source address.”。 + +#### NetworkManager服务配置差异说明 + +##### 概述 + +NetworkManager服务使用ifup/ifdown的逻辑接口定义进行高级网络设置。其参数大多数都是在/etc/sysconfig/network和/etc/sysconfig/network-scripts/ifcfg-两个配置文件设置。前者为全局设置,后者为指定网卡的设置,当两者有冲突时,后者生效。 + +##### 配置差异说明 + +其中在/etc/sysconfig/network下的配置差异有: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

IPv4

+

IPv6

+

含义说明

+

NA

+

IPV6FORWARDING=yes|no

+

IPv6转发,默认不转发。

+

NA

+

IPV6_AUTOCONF=yes|no

+

IPv6转发打开是no,否则是yes。

+

NA

+

IPV6_ROUTER=yes|no

+

IPv6转发打开是yes,否则是no。

+

NA

+

IPV6_AUTOTUNNEL=yes|no

+

指定Tunnel为自动隧道模式,默认是no。

+

GATEWAY

+

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

+

在IPv6中设置默认网关。

+

NA

+

IPV6_DEFAULTDEV=<interface> (optional)

+

指定默认转发的网卡。

+

NA

+

IPV6_RADVD_PIDFILE=<pid-file> (optional)

+

默认ipv6_radvd_pid路径:/var/run/radvd/radvd.pid。

+

NA

+

IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)

+

radvd默认触发动作。

+
+ +而在/etc/sysconfig/network-scripts/ifcfg-下的差异主要有: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

IPv4

+

IPv6

+

含义说明

+

IPADDRn

+

IPV6ADDR=<IPv6 address>[/<prefix length>]

+

ip地址。

+

PREFIXn

+

NA

+

网络前缀,网络别名和ppp无效,优先级高于NETMASK。

+

NETMASKn

+

NA

+

子网掩码,仅用于别名和ppp。

+

GATEWAY

+

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

+

默认网关。

+

MTU

+

IPV6_MTU=<MTU of link> (optional)

+

默认MTU。

+

IPV4_FAILURE_FATAL=yes|no

+

IPV6_FAILURE_FATAL

+

缺省值是no。若设置为yes,dhclient失败ifup-eth会直接退出。

+

NA

+

IPV6_PRIVACY=rfc3041

+

默认禁用。

+

NA

+

IPV6INIT=yes|no

+

默认开启IPv6。

+

NA

+

IPV6FORWARDING=yes|no

+

默认关闭,已废弃。

+
+ +### FAQ + +#### iscsi-initiator-utils不支持登录fe80 IPv6地址 + +##### 问题现象 + +客户端通过IPv6登录iscsi服务端时,使用如“iscsiadm -m node -p ipv6address -l”的命令格式登录,如果是全局地址(global address),直接替换将命令范例中的“ipv6address”替换为全局地址即可;但如果是链路本地地址(link-local address,fe80开头的IPv6地址)则无法使用,因为iscsi-initiator-utils目前机制还不支持用链路本地地址(link-local address)地址登录iscsi服务端。 + +##### 原因分析 + +如果使用格式如“iscsiadm -m node -p fe80::xxxx -l”登录,会登录超时返回,这是因为使用链路本地地址必须指定接口,否则使用iscsi\_io\_tcp\_connect函数调用connect函数会失败,并且产生标准错误码22。 + +如果使用格式如“iscsiadm -m node -p fe80::xxxx%enp3s0 -l”登录时,iscsi\_addr\_match函数会将地址“fe80::xxxx%enp3s0”与服务端返回的node信息中的地址“fe80::xxxx”对比,对比结果不匹配,导致登录失败。 + +因此,**iscsi-initiator-utils目前机制还不支持用链路本地地址(link-local address)登录iscsi服务端**。 + +#### 网卡down掉之后,IPv6地址丢失 + +##### 问题现象 + +通过ip link down+up网卡或ifconfig down+up网卡命令,将网卡down掉之后再上线,查看网卡上配置的ip地址,发现ipv4地址不丢失,而配置的IPv6地址丢失。 + +##### 原因分析 + +内核中的处理逻辑为如果网卡设置为down状态,会清空所有IPv4及IPv6地址,将网卡重新up之后,ipv4地址自动恢复,网卡上自动配置的IPv6链路本地地址也会恢复,但是其他IPv6地址默认会丢失。如果需要保留这些IPv6地址,可以通过“sysctl -w net.ipv6.conf.<网卡名\>.keep\_addr\_on\_down=1”来实现。 + +#### bond口已具有多个IPv6地址时,添加或删除IPv6地址耗时过久 + +##### 问题现象 + +下列方式配置或删除(包括flush)IPv6地址,X为动态变化的低16位,并且配置在bond口时,耗时会随已配置的IPv6地址数量成倍增加。例如由4个物理网卡组成的bond口添加IPv6地址时,单线程添加删除3000个IPv6地址均需大概5分钟,而普通物理网卡耗时在10秒内。 + +```shell +ip a add/del 192:168::18:X/64 dev DEVICE +``` + +##### 原因分析 + +bond口在添加IPv6地址时,会生成IPv6组播地址,并进行同步到所有的物理网卡上,此耗时会随IPv6数量增加而增加,导致耗时过长。 + +##### 解决方法 + +IPv6的组播地址是由IPv6地址的低24位与33-33-ff组合生成,组播地址过多会导致添加删除耗时增加,如果生成的组播地址为少量,耗时不会受此影响。 + +建议添加IPv6地址时,可保持低24位一致,保持高位变动,单网卡中仅需一个网段的一个地址即可与外部正常通信,此配置更符合常规使用。 + +#### Rsyslog在IPv4和IPv6混合使用场景中日志传输延迟 + +##### 问题现象 + +rsyslog客户端配置文件同时配置IPv4和IPv6地址,且端口配置相同的情况下,服务端收集log时会概率性出现日志打印延迟。 + +##### 原因分析 + +延迟是因为rsyslog内部存在缓冲队列机制,默认情况下需要缓冲区队列达到一定数量才会写入文件。 + +##### 解决方法 + +可在root权限下通过配置Direct模式,关闭缓冲队列机制解决该问题。在rsyslog远程传输服务端的/etc/rsyslog.d目录下新增的远程传输配置文件中,最开头增加如下配置: + +```shell +# ActionQueueType Direct +# MainMsgQueueType Direct +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- Direct模式减少队列大小为1,所以在队列中会保留1条日志到下次日志打印; +>- Direct模式会降低服务器端的rsyslog性能。 diff --git a/docs/zh/server/network/network_config/public_sys-resources/icon-caution.gif b/docs/zh/server/network/network_config/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/network/network_config/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/network/network_config/public_sys-resources/icon-danger.gif b/docs/zh/server/network/network_config/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/network/network_config/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/network/network_config/public_sys-resources/icon-note.gif b/docs/zh/server/network/network_config/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/network/network_config/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/network/network_config/public_sys-resources/icon-notice.gif b/docs/zh/server/network/network_config/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/network/network_config/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/network/network_config/public_sys-resources/icon-tip.gif b/docs/zh/server/network/network_config/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/network/network_config/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/network/network_config/public_sys-resources/icon-warning.gif b/docs/zh/server/network/network_config/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/network/network_config/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/_toc.yaml b/docs/zh/server/performance/cpu_optimization/kae/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c2c018a997511e31f9e78e89dca8b09d0c775682 --- /dev/null +++ b/docs/zh/server/performance/cpu_optimization/kae/_toc.yaml @@ -0,0 +1,6 @@ +label: 使用KAE加速引擎 +isManual: true +description: 使用 KAE 加速引擎降低处理器消耗,提高处理器效率 +sections: + - label: 使用KAE加速引擎 + href: ./using_the_kae.md diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/1665628542704.png b/docs/zh/server/performance/cpu_optimization/kae/figures/1665628542704.png new file mode 100644 index 0000000000000000000000000000000000000000..58907e0ed31c79b260be80480d4fd4c27e4e2e24 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/1665628542704.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/AT_CHECK_Process.png b/docs/zh/server/performance/cpu_optimization/kae/figures/AT_CHECK_Process.png new file mode 100644 index 0000000000000000000000000000000000000000..f32d5af3a31c740febf1a4783a1dd0daafacb0df Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/AT_CHECK_Process.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/zh/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/zh/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/PostgreSql_architecture.png b/docs/zh/server/performance/cpu_optimization/kae/figures/PostgreSql_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..f780ad9cb56378e7baa3497da68ca1610a6dfadb Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/PostgreSql_architecture.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/zh/server/performance/cpu_optimization/kae/figures/Process_Of_EXECVAT_ATCHECK.png new file mode 100644 index 0000000000000000000000000000000000000000..c8f54fe96648f0c012462073a8cd118fd552483c Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/Process_Of_EXECVAT_ATCHECK.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/RA-arch-1.png b/docs/zh/server/performance/cpu_optimization/kae/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..bc55e411637b825b0ce44a7efca08f7e52e0fa70 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/RA-arch-1.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/RA-arch-2.png b/docs/zh/server/performance/cpu_optimization/kae/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7effbaf881ffe42823142561b9135237989d7153 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/RA-arch-2.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/TPCM.png b/docs/zh/server/performance/cpu_optimization/kae/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..290bdb3471b46dca3e9f0c0907c3855367bd5b65 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/TPCM.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/creat_datadisk.png b/docs/zh/server/performance/cpu_optimization/kae/figures/creat_datadisk.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/creat_datadisk.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/creat_datadisk1.png b/docs/zh/server/performance/cpu_optimization/kae/figures/creat_datadisk1.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/creat_datadisk1.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/dim_architecture.jpg b/docs/zh/server/performance/cpu_optimization/kae/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a1e672d01dd7174c6f631bc0443cea5717a27bfb Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/dim_architecture.jpg differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/etmem-system-architecture.png b/docs/zh/server/performance/cpu_optimization/kae/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/etmem-system-architecture.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/ima_digest_list_update.png b/docs/zh/server/performance/cpu_optimization/kae/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/ima_digest_list_update.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/ima_performance.gif b/docs/zh/server/performance/cpu_optimization/kae/figures/ima_performance.gif new file mode 100644 index 0000000000000000000000000000000000000000..72fad8a8333f7357c64a160c1d1c174c31201eaa Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/ima_performance.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/ima_verification.png b/docs/zh/server/performance/cpu_optimization/kae/figures/ima_verification.png new file mode 100644 index 0000000000000000000000000000000000000000..d022b9d4ea08d4af386c7b76ca28115ad90e5451 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/ima_verification.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/logical_architectureofMariaDB.png b/docs/zh/server/performance/cpu_optimization/kae/figures/logical_architectureofMariaDB.png new file mode 100644 index 0000000000000000000000000000000000000000..8caa189a6fbf37bf4e9fd863c2ebb24e25547789 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/logical_architectureofMariaDB.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/login.png b/docs/zh/server/performance/cpu_optimization/kae/figures/login.png new file mode 100644 index 0000000000000000000000000000000000000000..d15c2cad98fba16320d587f3c7b0c80f435c5d3a Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/login.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_deployed_success.png b/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_deployed_success.png new file mode 100644 index 0000000000000000000000000000000000000000..9ffb2c142defbd690e5407659116bf8e5582ba73 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_deployed_success.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_start_failed.png b/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_start_failed.png new file mode 100644 index 0000000000000000000000000000000000000000..c8b855453433796265de42d7ffd0189c7ff9be2b Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_start_failed.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_start_success.png b/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_start_success.png new file mode 100644 index 0000000000000000000000000000000000000000..bc6929772fd98fac3494b4436f26910b09818cb7 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/nginx_start_success.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/postgres.png b/docs/zh/server/performance/cpu_optimization/kae/figures/postgres.png new file mode 100644 index 0000000000000000000000000000000000000000..e7fc36882718587ec949133fe9892185cb4c2158 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/postgres.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/root_of_trust_framework.png b/docs/zh/server/performance/cpu_optimization/kae/figures/root_of_trust_framework.png new file mode 100644 index 0000000000000000000000000000000000000000..354b40fa4c4f0ed6f7312e0ce3848ed42155732e Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/root_of_trust_framework.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/top_display.png b/docs/zh/server/performance/cpu_optimization/kae/figures/top_display.png new file mode 100644 index 0000000000000000000000000000000000000000..2d77d3dc2934763b5da896a827b9805da34d1c09 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/top_display.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/trusted_chain.png b/docs/zh/server/performance/cpu_optimization/kae/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/trusted_chain.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622729.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622729.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622729.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622789.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622789.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622789.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0230050789.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0230050789.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143176.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143176.png new file mode 100644 index 0000000000000000000000000000000000000000..300165189e6d3e8fa356f3d463cfc627c2ece0e2 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143176.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143177.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143177.png new file mode 100644 index 0000000000000000000000000000000000000000..ccafce4b0c58a4da0a9f7aece335ede24e5030c0 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143177.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143178.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143178.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143178.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143180.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143180.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143180.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143181.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143181.png new file mode 100644 index 0000000000000000000000000000000000000000..d3698e6c0e021a56be46b9f4944c858a425eb66c Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143181.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143183.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143183.png new file mode 100644 index 0000000000000000000000000000000000000000..55ffdfa2616ee259543c1539e46c3e05f9335354 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143183.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143185.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143185.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143185.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143187.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143187.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143187.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143189.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143189.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143191.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143191.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143193.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143193.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143195.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143195.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143196.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143196.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143197.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143197.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143198.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143198.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563132.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563132.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563134.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563134.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563135.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563135.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563136.png b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563136.png differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-caution.gif b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-danger.gif b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-note.gif b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-notice.gif b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-tip.gif b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-warning.gif b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/kae/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/performance/cpu_optimization/kae/using_the_kae.md b/docs/zh/server/performance/cpu_optimization/kae/using_the_kae.md new file mode 100644 index 0000000000000000000000000000000000000000..c344b06821c45b064be80d365d0e4123198458dd --- /dev/null +++ b/docs/zh/server/performance/cpu_optimization/kae/using_the_kae.md @@ -0,0 +1,710 @@ +# 使用KAE加速引擎 + +## 简介 + +KAE加速引擎为openEuler的一个软件加速库,搭载在Kunpeng 920处理器上联合提供硬件加速引擎功能,包含了对称加密、非对称加密和数字签名,用于加速SSL/TLS应用,可以显著降低处理器消耗,提高处理器效率。此外,用户通过OpenSSL标准接口可实现业务快速迁移。 + +KAE加速引擎支持以下算法: + +- 摘要算法SM3, 支持异步模式。 +- 对称加密算法SM4,支持异步模式,支持CTR/XTS/CBC模式。 +- 对称加密算法AES, 支持异步模式,支持ECB/CTR/XTS/CBC模式。 +- 非对称算法RSA,支持异步模式,支持 Key Sizes 1024/2048/3072/4096。 +- 密钥协商算法DH, 支持异步模式,支持 Key Sizes 768/1024/1536/2048/3072/4096。 + +## 应用场景 + +KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所示。 + +**表 1** 应用场景 + + + + + + + + + + + + + + + + + + + +

场景

+

数据

+

大数据

+

流数据

+

数据加密

+

块数据

+

智能安防

+

视频流数据

+

Web服务

+

握手连接

+
+ +## 安装、升级和卸载 + +### 安装加速器软件包 + +#### 安装前准备 + +##### 环境要求 + +- TaiShan 200服务器,开启加速引擎功能 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 需要导入加速器许可证,具体操作请参考《[TaiShan 机架服务器 iBMC \(V500及以上\) 用户指南](https://support.huawei.com/enterprise/zh/doc/EDOC1100121687)》中“许可证管理”章节。 +>- 物理机场景使用加速器需要关闭SMMU,具体操作请参考《[TaiShan 200服务器BIOS参数参考](https://support.huawei.com/enterprise/zh/doc/EDOC1100088653)》。 + +- CPU:Kunpeng 920 +- 操作系统:openEuler + +##### KAE加速引擎软件说明 + +**表 2** 加速引擎的rpm软件包 + + + + + + + + + + + + + + + + +

软件包名称

+

软件包说明

+

kae_driver-版本号-1.OS类型.aarch64.rpm

+

加速器驱动,包含内容:uacce.ko、hisi_qm.ko、hisi_sec2.ko、hisi_hpre.ko内核模块

+

支持:SM3/SM4/AES/RSA/DH算法

+

libwd-版本号-1.OS类型.aarch64.rpm

+

包含内容:libwd.so动态链接库

+

提供接口给KAE引擎

+

libkae-版本号-1.OS类型.aarch64.rpm

+

依赖:libwd rpm包

+

包含内容:libkae.so动态库

+

支持:SM3/SM4/AES/RSA/DH等算法

+
+ +#### 安装加速器软件包 + +##### 前提条件 + +- 已在本地安装远程SSH登录工具 +- 已安装openEuler操作系统 +- RPM工具能正常使用。 +- 已安装OpenSSL 1.1.1a或以上版本。 + + 使用如下命令查询OpenSSL的版本号 + + - openssl version + +##### 安装步骤 + +1. 以root帐号登录openEuler OS命令行界面。 +2. 新建目录用于存放加速器引擎软件包。 +3. 使用SSH远程登录工具,将所有加速引擎软件包拷贝到已建好的目录下。 +4. 在存放加速引擎软件包目录下,使用rpm -ivh命令安装加速器引擎软件包。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >由于libkae包的安装依赖libwd包,所以libwd的安装必须先于libkae。 + + ```shell + # rpm -ivh uacce*.rpm hisi*.rpm libwd-*.rpm libkae*.rpm + Verifying... ################################# [100%] + Preparing... ################################# [100%] + checking installed modules + uacce modules start to install + Updating / installing... + 1:uacce-1.2.10-4.oe1 ################################# [ 14%] + uacce modules installed + 2:libwd-1.2.10-3.oe1 ################################# [ 29%] + 3:libkae-1.2.10-3.oe1 ################################# [ 43%] + checking installed modules + hisi_hpre modules start to install + 4:hisi_hpre-1.2.10-4.oe1 ################################# [ 57%] + hisi_hpre modules installed + checking installed modules + hisi_rde modules start to install + 5:hisi_rde-1.2.10-4.oe1 ################################# [ 71%] + hisi_rde modules installed + checking installed modules + hisi_sec2 modules start to install + 6:hisi_sec2-1.2.10-4.oe1 ################################# [ 86%] + hisi_sec2 modules installed + checking installed modules + hisi_zip modules start to install + 7:hisi_zip-1.2.10-4.oe1 ################################# [100%] + hisi_zip modules installed + ``` + +5. 使用rpm -qa命令,查看加速器软件包是否已正常安装到系统内。使用rpm -ql命令 ,查看软件包的文件是否正确。示例如下。 + + ```shell + # rpm -qa|grep -E "hisi|uacce|libwd|libkae" + hisi_rde-1.2.10-4.oe1.aarch64 + hisi_sec2-1.2.10-4.oe1.aarch64 + libkae-1.2.10-3.oe1.aarch64 + hisi_hpre-1.2.10-4.oe1.aarch64 + uacce-1.2.10-4.oe1.aarch64 + libwd-1.2.10-3.oe1.aarch64 + hisi_zip-1.2.10-4.oe1.aarch64 + ``` + + ```shell + # rpm -ql uacce hisi* libwd* libkae + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_qm.ko + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/uacce.ko + /etc/modprobe.d/hisi_hpre.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_hpre.ko + /etc/modprobe.d/hisi_rde.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_rde.ko + /etc/modprobe.d/hisi_sec2.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_sec2.ko + /etc/modprobe.d/hisi_zip.conf + /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_zip.ko + /usr/include/warpdrive/config.h + /usr/include/warpdrive/include/uacce.h + /usr/include/warpdrive/smm.h + /usr/include/warpdrive/wd.h + /usr/include/warpdrive/wd_bmm.h + /usr/include/warpdrive/wd_cipher.h + /usr/include/warpdrive/wd_comp.h + /usr/include/warpdrive/wd_dh.h + /usr/include/warpdrive/wd_digest.h + /usr/include/warpdrive/wd_rsa.h + /usr/lib64/libwd.so.1.2.10 + /usr/local/lib/engines-1.1/libkae.so.1.2.10 + ``` + +6. 重启系统或通过命令行手动依次加载加速器引擎驱动到内核,并查看是否加载成功。 + + ```shell + # modprobe uacce + # lsmod | grep uacce + # modprobe hisi_qm + # lsmod | grep hisi_qm + # modprobe hisi_sec2 #加载hisi_sec2驱动时将根据/etc/modprobe.d/hisi_sec2.conf 下的配置文件加载到内核 + # modprobe hisi_hpre #加载hisi_hpre驱动时将根据/etc/modprobe.d/hisi_hpre.conf 下的配置文件加载到内核 + ``` + +##### 设置环境变量 + +通过以下命令导出环境变量:如果用户指定安装路径,则下面/usr/local应根据实际安装路径进行修改。 + +```shell +export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 +``` + +##### 安装后检查 + +执行**rpm -qa**命令查看加速器引擎软件包是否安装成功。 + +打印信息中包含“ _软件包名-版本号-_ ”表示该软件包安装成功。示例如下。 + +```shell +# rpm -qa|grep -E "hisi|uacce|libwd|libkae" +hisi_rde-1.2.10-4.oe1.aarch64 +hisi_sec2-1.2.10-4.oe1.aarch64 +libkae-1.2.10-3.oe1.aarch64 +hisi_hpre-1.2.10-4.oe1.aarch64 +uacce-1.2.10-4.oe1.aarch64 +libwd-1.2.10-3.oe1.aarch64 +hisi_zip-1.2.10-4.oe1.aarch64 +``` + +#### 安装后操作 + +##### OpenSSL加速器引擎测试 + +用户可以通过以下命令测试部分加速器功能。 + +- 使用OpenSSL的软件算法测试RSA性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed rsa2048 + ... + sign verify sign/s verify/s + rsa 2048 bits 0.001384s 0.000035s 724.1 28365.8. + ``` + +- 使用KAE引擎的测试RSA性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae rsa2048 + .... + sign verify sign/s verify/s + rsa 2048 bits 0.000355s 0.000022s 2819.0 45478.4 + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用KAE引擎加速后签名性能从724.1sign/s提升到2819sign/s。 + +- 使用OpenSSL的软件算法测试异步RSA性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -async_jobs 36 rsa2048 + .... + sign verify sign/s verify/s + rsa 2048 bits 0.001318s 0.000032s 735.7 28555 + ``` + +- 使用KAE引擎的测试异步RSA性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -engine kae -elapsed -async_jobs 36 rsa2048 + .... + sign verify sign/s verify/s + rsa 2048 bits 0.000018s 0.000009s 54384.1 105317.0 + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用KAE引擎加速后异步RSA签名性能从735.7 sign/s提升到 54384.1sign/s。 + +- 使用OpenSSL的软件算法测试SM4 CBC模式性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp sm4-cbc + You have chosen to measure elapsed time instead of user CPU time. + .... + Doing sm4-cbc for 3s on 10240 size blocks: 2196 sm4-cbc's in 3.00s .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + sm4-cbc 82312.53k 85196.80k 85284.18k 85000.85k 85284.18k 85261.26k + ``` + +- 使用KAE引擎的测试SM4 CBC模式性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae -evp sm4-cbc + engine "kae" set. + You have chosen to measure elapsed time instead of user CPU time. + ... + Doing sm4-cbc for 3s on 1048576 size blocks: 11409 sm4-cbc's in 3.00s + ... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + sm4-cbc 383317.33k 389427.20k 395313.15k 392954.73k 394264.58k 394264.58k + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用KAE加速后SM4 CBC模式在输入数据块大小为8M时,从82312.53k/s提升到383317.33k/s。 + +- 使用OpenSSL的软件算法测试SM3模式性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp sm3 + You have chosen to measure elapsed time instead of user CPU time. + Doing sm3 for 3s on 102400 size blocks: 1536 sm3's in 3.00s + .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + sm3 50568.53k 52428.80k 52428.80k 52428.80k 52428.80k 52428.80k + ``` + +- 使用KAE引擎测试SM3模式性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae -evp sm3 + engine "kae" set. + You have chosen to measure elapsed time instead of user CPU time. + Doing sm3 for 3s on 102400 size blocks: 19540 sm3's in 3.00s + .... + type 51200 bytes 102400 bytes 1048576 bytes 2097152 bytes 4194304 bytes 8388608 bytes + sm3 648243.20k 666965.33k 677030.57k 678778.20k 676681.05k 668292.44k + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用KAE加速后SM3算法在输入数据块大小为8M时,从52428.80 k/s提升到668292.44k/s。 + +- 使用OpenSSL软件算法测试AES算法CBC模式异步性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 + You have chosen to measure elapsed time instead of user CPU time. + Doing aes-128-cbc for 3s on 51200 size blocks: 65773 aes-128-cbc's in 3.00s + Doing aes-128-cbc for 3s on 102400 size blocks: 32910 aes-128-cbc's in 3.00s + .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + aes-128-cbc 1122525.87k 1123328.00k 1120578.22k 1121277.27k 1119879.17k 1115684.86k + ``` + +- 使用KAE引擎测试AES算法CBC模式异步性能。 + + ```shell + linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 -engine kae + engine "kae" set. + You have chosen to measure elapsed time instead of user CPU time. + Doing aes-128-cbc for 3s on 51200 size blocks: 219553 aes-128-cbc's in 3.00s + Doing aes-128-cbc for 3s on 102400 size blocks: 117093 aes-128-cbc's in 3.00s + .... + type 51200 bytes 102400 bytes1048576 bytes2097152 bytes4194304 bytes8388608 bytes + aes-128-cbc 3747037.87k 3996774.40k 1189085.18k 1196774.74k 1196979.11k 1199570.94k + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- AES仅支持数据长度为256KB及以下场景的异步使用。 +>- 使用KAE加速后AES算法在输入数据块为100K大小时,从1123328.00k/s提升到3996774.40 k/s 。 + +### 升级加速器软件包 + +#### 使用场景 + +当需要更新加速器软件版本时可以使用rpm -Uvh方式进行升级。 + +#### 操作步骤 + +1. 从openEuler社区下载最新版本的加速引擎软件包。 +2. 使用SSH远程登录工具,以root帐号进入Linux操作系统命令行界面。 +3. 将下载下来的最新版本的软件包都放在某个路径下。 +4. 在存放软件包的路径下使用rpm -Uvh 命令升级加速器驱动包及引擎库包。示例如下。 + + 命令和信息回显如下所示。 + + ![](./figures/zh-cn_image_0231143189.png) + + ![](./figures/zh-cn_image_0231143191.png) + +5. 使用rpm -qa 命令查询是否升级成功。确认查询到的版本是最新的升级后版本。 + + ![](./figures/zh-cn_image_0231143193.png) + + ![](./figures/zh-cn_image_0231143195.png) + +6. 重启系统或通过命令行手动卸载旧版本驱动,然后加载新版本驱动,并查看是否加载成功 + + ```shell + 卸载旧驱动 + # lsmod | grep uacce + uacce 262144 3 hisi_hpre,hisi_sec2,hisi_qm + # + # rmmod hisi_hpre + # rmmod hisi_sec2 + # rmmod hisi_qm + # rmmod uacce + # lsmod | grep uacce + # + 加载新驱动# modprobe uacce + # modprobe hisi_qm# modprobe hisi_sec2 #加载hisi_sec2驱动时将根据/etc/modprobe.d/hisi_sec2.conf 下的配置文件加载到内核 + # modprobe hisi_hpre #加载hisi_hpre驱动时将根据/etc/modprobe.d/hisi_hpre.conf 下的配置文件加载到内核 + # lsmod | grep uacce + uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre + ``` + +### 卸载加速器软件包 + +#### 使用场景 + +用户不再使用加速引擎软件,或进行新版本加速引擎软件的安装。 + +#### 操作步骤 + +1. 使用SSH远程登录工具,以root帐号进入Linux操作系统命令行界面。 +2. 重启系统或通过命令行手动将已加载到内核的驱动卸载掉,并查看是否卸载成功。 + + ```shell + # lsmod | grep uacce + uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre + # rmmod hisi_hpre + # rmmod hisi_sec2 + # rmmod hisi_qm + # rmmod uacce + # lsmod | grep uacce + # + ``` + +3. 通过rpm -e 命令卸载加速引擎软件包。示例如下。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >由于存在依赖关系,卸载libwd前须先卸载libkae引擎软件包。 + + ![](./figures/zh-cn_image_0231143196.png) + + ![](./figures/zh-cn_image_0231143197.png) + +4. 使用rpm -qa |grep 软件包名命令查询是否卸载成功。 + + ![](./figures/zh-cn_image_0231143198.png) + +## 日志查询 + +加速器引擎涉及日志信息如[表3](#table52821836)所示。 + +**表 3** 日志信息 + + + + + + + + + + + + + + + + +

目录

+

文件名

+

文件内容说明

+

/var/log/

+

kae.log

+

OpenSSL引擎日志默认打印等级为error级别,如需要设置日志级别按照如下操作:

+
  1. export KAE_CONF_ENV=/var/log/
  2. 在/var/log/下创建文件kae.cnf
  3. 在kae.cnf 文件中设置如下:

    [LogSection]

    +

    debug_level=error #取值内容none/error/info/warning/debug

    +
+
说明:

正常情况下不建议开启info或debug级别日志,否则会导致加速器性能的下降。

+
+

/var/log/

+

message/syslog

+
  • 内核日志路径为/var/log/message。
+
说明:

或通过dmesg > /var/log/dmesg.log日志收集内核相关日志,包含驱动及内核态日志。

+
+
+ +## 加速引擎的应用 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果用户未购买引擎许可证,建议用户不要通过kae引擎调用相应算法,否则可能会影响openSSL加密算法的性能。 +> +### KAE引擎使用示例代码 + +```c +#include + +#include + +/* OpenSSL headers */ + +#include + +#include + +#include + +#include + +int main(int argc, char **argv) + +{ + + /* Initializing OpenSSL */ + + SSL_load_error_strings(); + + ERR_load_BIO_strings(); + + OpenSSL_add_all_algorithms(); + + /*You can use ENGINE_by_id Function to get the handle of the Huawei Accelerator Engine*/ + + ENGINE *e = ENGINE_by_id("kae"); + + /*使能加速器异步功能,可选配置,设置为“0”表示不使能,设置为“1”表示使能,默认使能异步功能*/ + + ENGINE_ctrl_cmd_string(e, "KAE_CMD_ENABLE_ASYNC", "1", 0) + + ENGINE_init(e); + + + RSA *rsa = RSA_new_method(e);#指定引擎用于RSA加解密 + + /*The user code*/ + + …… + +; + + ENGINE_free(e); + +; + +} +``` + +### 通过OpenSSL配置文件openssl.cnf使用KAE引擎 + +新建openssl.cnf 需要添加如下配置信息 + +```text +openssl_conf=openssl_def +[openssl_def] +engines=engine_section +[engine_section] +kae=kae_section +[kae_section] +engine_id=kae +dynamic_path=/usr/local/lib/engines-1.1/kae.so +KAE_CMD_ENABLE_ASYNC=1 # 0,表示不使能异步功能,1表示使能异步功能,默认使能 +default_algorithms=ALL +init=1 +``` + +导出OPENSSL\_CONF环境变量: + +```shell +export OPENSSL_CONF=/home/app/openssl.cnf #该路径为openssl.cnf存放路径 +``` + +使用OpenSSL配置文件示例如下: + +```c +#include + +#include + +/* OpenSSL headers */ + +#include + +#include + +#include + +#include + +int main(int argc, char **argv) + +{ + + /* Initializing OpenSSL */ + + SSL_load_error_strings(); + + ERR_load_BIO_strings(); + +#Load openssl configure + +OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorithms(); + + /*You can use ENGINE_by_id Function to get the handle of the Huawei Accelerator Engine*/ + + ENGINE *e = ENGINE_by_id("kae"); + + /*The user code*/ + + …… + +; + + ENGINE_free(e); + +; +} +``` + +## 故障处理 + +### 初始化失败 + +#### 故障现象 + +加速器引擎没有完全加载成功。 + +#### 处理步骤 + +1. 检查加速器驱动是否加载成功,运行lsmod 命令查看uacce.ko、qm.ko 、sgl.ko 、hisi\_sec2.ko 、hisi\_hpre.ko 、hisi\_zip.ko、 hisi\_rde.ko是否在位。 + + ```shell + # lsmod | grep uacce + uacce 262144 2 hisi_hpre,hisi_qm,hisi_sec2,hisi_zip,hisi_rde + ``` + +2. 检查/usr/lib64(RPM方式安装时目录)或者/usr/local/lib(源码方式安装时目录)和OpenSSL安装目录是否有加速器引擎库,且建立正确的软链接。 + + ```shell + # 查询kae是否正确安装并建立软链接,如果有正确安装显示如下内容 + # ll /usr/local/lib/engines-1.1/ |grep kae + lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so -> kae.so.1.0.1 + lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so.0 -> kae.so.1.0.1 + -rwxr-xr-x. 1 root root 112632 May 25 2019 kae.so.1.0.1 + + # 查询libwd是否正确安装并建立软链接,如果有正确安装显示如下内容 + # ll /usr/lib64/ | grep libwd + lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so -> libwd.so.1.0.1 + lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so.0 -> libwd.so.1.0.1 + -rwxr-xr-x. 1 root root 137120 May 25 2019 libwd.so.1.0.1 + ``` + +3. 检查OpenSSL引擎库的路径是否能通过export命令进行导出。 + + ```shell + # echo $OPENSSL_ENGINES + # export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 + # echo $OPENSSL_ENGINES + /usr/local/lib/engines-1.1 + ``` + +### 安装完加速器引擎之后,查找不到加速器设备 + +#### 故障现象 + +安装完加速器引擎之后,查找不到加速器设备。 + +#### 解决方法 + +1. 检查虚拟文件系统下是否有相应设备。正常情况下有如下相应的加速器设备。 + + ```shell + # ls -al /sys/class/uacce/ + total 0 + lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2 + lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-3 -> ../../devices/pci0000:b8/0000:b8:00.0/0000:b9:00.0/uacce/hisi_hpre-3 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_rde-4 -> ../../devices/pci0000:78/0000:78:01.0/uacce/hisi_rde-4 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_rde-5 -> ../../devices/pci0000:b8/0000:b8:01.0/uacce/hisi_rde-5 + lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-0 -> ../../devices/pci0000:74/0000:74:01.0/0000:76:00.0/uacce/hisi_sec-0 + lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-1 -> ../../devices/pci0000:b4/0000:b4:01.0/0000:b6:00.0/uacce/hisi_sec-1 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-6 -> ../../devices/pci0000:74/0000:74:00.0/0000:75:00.0/uacce/hisi_zip-6 + lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-7 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-7 + ``` + +2. 若要使用hpre设备但是在[1](#li1760055514614)中未查询到,请按[初始化失败](#初始化失败)排查加速器软件是否已正确安装。 +3. 若[2](#li1600175515610)已确认加速器软件正确安装,请通过lspci命令排查物理设备是否存在。 + + ```shell + # lspci | grep HPRE + 79:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) + b9:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) + ## lspci | grep SEC + 76:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon SEC Engine (rev 21) + b6:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon SEC Engine (rev 21) + ## lspci | grep RDE + 78:01.0 RAID bus controller: Huawei Technologies Co., Ltd. HiSilicon RDE Engine (rev 21) + b8:01.0 RAID bus controller: Huawei Technologies Co., Ltd. HiSilicon RDE Engine (rev 21) + ## lspci | grep ZIP + 75:00.0 Processing accelerators: Huawei Technologies Co., Ltd. HiSilicon ZIP Engine (rev 21) + b5:00.0 Processing accelerators: Huawei Technologies Co., Ltd. HiSilicon ZIP Engine (rev 21) + # + ``` + +4. 若[3](#li1560012551369)未查询到相应的物理设备,请确认以下,不分先后: + - 确认是否已导入加速器许可证,若未导入,请参考《[TaiShan 机架服务器 iBMC \(V500及以上\) 用户指南](https://support.huawei.com/enterprise/zh/doc/EDOC1100121687)》中“许可证管理”章节,导入加速器许可证。导入加速器许可证之后,需要掉电重启iBMC,使能License。 + - 确认iBMC和BIOS版本是否支持加速器特性。 + +### 升级加速器驱动失败 + +#### 故障现象 + +升级加速器驱动后,重启系统驱动版本仍为旧版本。 + +#### 可能原因 + +在升级加速器驱动前,系统更新了其他驱动包,这些驱动包可能重新更新了引导文件系统initramfs,将未升级前的加速器驱动一起更新到了initramfs文件系统中。例如系统更新了网卡驱动,或者人为更新了initramfs文件系统,导致系统重启时优先从initramfs文件系统中加载加速器驱动。 + +#### 处理步骤 + +升级加速器驱动版本后,通过执行dracut \-\-force命令重新更新initramfs文件系统。 diff --git a/docs/zh/server/performance/cpu_optimization/sysboost/_toc.yaml b/docs/zh/server/performance/cpu_optimization/sysboost/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ca19c8348b85cc0880c0d42173931561bf479c95 --- /dev/null +++ b/docs/zh/server/performance/cpu_optimization/sysboost/_toc.yaml @@ -0,0 +1,10 @@ +label: sysBoost用户指南 +isManual: true +description: 优化代码与运行环境的 CPU 微架构的适应性,提升程序性能 +sections: + - label: 认识sysBoost + href: ./getting_to_know_sysboost.md + - label: 安装与部署 + href: ./installation_and_deployment.md + - label: 使用方法 + href: ./usage_instructions.md diff --git a/docs/zh/server/performance/cpu_optimization/sysboost/figures/icon-note.gif b/docs/zh/server/performance/cpu_optimization/sysboost/figures/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/performance/cpu_optimization/sysboost/figures/icon-note.gif differ diff --git "a/docs/zh/server/performance/cpu_optimization/sysboost/figures/\346\236\266\346\236\204.png" "b/docs/zh/server/performance/cpu_optimization/sysboost/figures/\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..92611802616844553a7c6ad79c12c0ed29d369ee Binary files /dev/null and "b/docs/zh/server/performance/cpu_optimization/sysboost/figures/\346\236\266\346\236\204.png" differ diff --git a/docs/zh/server/performance/cpu_optimization/sysboost/getting_to_know_sysboost.md b/docs/zh/server/performance/cpu_optimization/sysboost/getting_to_know_sysboost.md new file mode 100644 index 0000000000000000000000000000000000000000..81fff10694a7c12c96533d95d4b4ab98094acede --- /dev/null +++ b/docs/zh/server/performance/cpu_optimization/sysboost/getting_to_know_sysboost.md @@ -0,0 +1,61 @@ +# 认识sysBoost + +## 概述 + +通过代码重排技术对可执行文件和动态库文件在线重排操作,优化代码与运行环境的CPU微架构的适应性,提升程序性能。 + +## 问题背景 + +- 大型APP应用,使用大量的第3方或自研动态库,函数调用产生大量PLT跳转导致IPC指令执行效率下降。 + +- 汇编代码体积大内存占用大,导致iTLB miss概率高。热点代码段布局离散,导致iCache miss高,影响CPU流水线执行效率。 + +- 应用开发者对操作系统与CPU微架构不熟悉,IPC性能调优成本过大。 + +## 设计方案 + +### 关键技术 + +- 动态库拼接:通过ld加载阶段将分散的动态库的代码段数据段拼接聚合,然后使用大页内存提升iTLB命中率。 + +- 消除PLT跳转:应用代码调用动态库函数的流程,需要先跳转PLT表,然后跳转真实函数,消除PLT跳转能提升IPC。 + +- 热点Section在线重排:默认情况下代码段是按动态库粒度排布的,通过在线重排技术可以实现热点代码按Section粒度重排。 + +- exec原生大页:用户态大页机制需要应用修改配置和重编译,exec原生大页机制直接在内核加载ELF文件阶段使用大页内存,对APP透明。 + +### 架构 + +**图 1** sysBoost设计总体方案 + +![](./figures/架构.png) + +## sysBoost支持的功能特性 + +- 支持全静态合并场景:将应用与其依赖的动态库合并为一个二进制,并进行段级别的重排,将多个离散的代码段/数据段合并为一个,提升应用性能。 + +- 自动对系统中的二进制进行优化:sysBoost守护进程读取配置文件获取需要优化的二进制以及对应的优化方式,按照用户的要求进行优化,并将优化好的二进制存储在.rto后缀的文件中。 + +- 二进制代码段/数据段大页预加载:用户态页表映射物理内存时,使用大页(2M)映射可以提升性能,而当前openeuler不支持文件页的大页映射。sysBoost提供大页预加载的功能,在二进制优化完成后立即将其内容以大页形式加载到内核中,在应用启动时将预加载的内容批量映射到用户态页表,减少应用的缺页中断和访存延迟,提升启动速度和运行效率。 + +- 二进制异常监控:如果sysBoost生成的.rto二进制出现BUG,应用可能会crash。为了避免应用被反复拉起,反复crash等严重后果,防止故障扩散,sysBoost会对加载.rto二进制的进程进行监控。如果发现这样的进程发生了crash,sysBoost会回退优化,将该.rto文件和原应用文件的标记删除;同时也会将配置文件重命名,防止下次sysBoost服务重启后再次进行优化。 + +## 价值概述 + +### 场景一 + +在UnixBench的Bash测试中,通常会执行一些常见的命令和脚本,例如 ls、grep、awk 等。这些命令和脚本通常会调用一些系统库,例如 libc、libpthread 等,这些库文件通常需要动态链接。由于动态链接会增加程序的启动时间和延迟,因此采用二进制合并技术将这些库文件合并到可执行文件中,可以显著提高Bash的性能,从而提高UnixBench的得分。 + +### 场景二 + +云核等产品组件动态可装配设计, 使用大量动态库,带来了以下问题: + +- 动态库机制引入函数间接跳转和代码布局离散问题, 导致CPU执行效率降低。 +- 动态库大量的符号解析过程, 影响程序启动速度。 +- 基于特定业务模型的预先离线编译优化(Profile-Guided Optimization), 无法适应不同业务模型变化。 + +在业务进程现网部署阶段, 通过sysBoost生成大进程可有效解决上述问题: + +- 通过自研exec大页机制加载大进程, 使代码段和数据段利用大页内存, 降低TLB miss。 +- 大进程包含所有动态库代码和应用代码,消除函数间接跳转问题。 +- 智能识别业务, 选择合适的热点模型, 重新生成大进程,在线适应业务变化。 diff --git a/docs/zh/server/performance/cpu_optimization/sysboost/installation_and_deployment.md b/docs/zh/server/performance/cpu_optimization/sysboost/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..2f406aec9e1978c13832838812260944441fa753 --- /dev/null +++ b/docs/zh/server/performance/cpu_optimization/sysboost/installation_and_deployment.md @@ -0,0 +1,66 @@ +# 安装与部署 + +## 软硬件要求 + +- 硬件:鲲鹏920处理器 + +- 软件:操作系统openEuler 23.09 + +## 环境准备 + +- 安装openEuler系统。 + +- 安装sysBoost需要使用root权限。 + +## 安装sysBoost + +安装sysBoost的操作步骤如下(xxx在以下描述中代表版本号): + +1. 挂载openEuler的iso文件 + + ``` + # 使用对应的openEuler版本 + mount openEuler-xxx-aarch64-dvd.iso /mnt + ``` + +2. 配置本地yum源 + + ``` + vim /etc/yum.repos.d/local.repo + ``` + + 配置内容如下所示: + + ``` + [localosrepo] + name=localosrepo + baseurl=file:///mnt + enabled=1 + gpgcheck=1 + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + ``` + +3. 安装sysBoost + + ``` + yum install sysboost -y + ``` + +4. 验证是否安装成功,命令和回显如下表示安装成功 + + ``` + rpm -qa | grep sysboost + # sysboost-xxx + rpm -qa | grep native-turbo + # native-turbo-xxx + ``` + +5. 安装需要合并的ELF文件所对应的relocation包 + + ``` + yum install bash-relocation-xxx -y + yum install ncurses-relocation-xxx -y + ``` + +>![](./figures/icon-note.gif) **说明:** +> 若当前所需要的可执行ELF文件及其依赖库中已经包含relocation段,则可以跳过步骤5。 diff --git a/docs/zh/server/performance/cpu_optimization/sysboost/sysboost.md b/docs/zh/server/performance/cpu_optimization/sysboost/sysboost.md new file mode 100644 index 0000000000000000000000000000000000000000..8e4a4d115017583fe4c94ea436c8040e6afd17d5 --- /dev/null +++ b/docs/zh/server/performance/cpu_optimization/sysboost/sysboost.md @@ -0,0 +1,5 @@ +# sysBoost 用户指南 + +本文档介绍可执行ELF文件在线重排性能优化软件sysBoost的安装部署和使用方法,以指导用户快速了解并使用sysBoost。 + +本文档适用于使用openEuler系统并希望了解和使用sysBoost的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备基本的Linux操作系统知识。 diff --git a/docs/zh/server/performance/cpu_optimization/sysboost/usage_instructions.md b/docs/zh/server/performance/cpu_optimization/sysboost/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..35f4da2e16621ec885dfbf55d51cf7067d832bbd --- /dev/null +++ b/docs/zh/server/performance/cpu_optimization/sysboost/usage_instructions.md @@ -0,0 +1,96 @@ +# 使用方法 + + +## 总体说明 + +- 使用和配置sysBoost需要使用root权限。 +- sysBoost不支持多实例运行。 +- 请管理员确保配置文件的正确性。 + + +## 配置方法 +### 配置文件说明 +配置文件目录:/etc/sysboost.d/ + +**表 1** 客户端toml文件配置说明 + + + + + + + + + + + + + + + + + + + + + + + + + +

配置名称

+

配置说明

+

参数类型

+

取值范围

+

elf_path

+

需要合并的可执行ELF文件的名称

+

字符串

+

sysBoost支持的可执行ELF文件路径名称

+

mode

+

sysBoost的运行模式

+

字符串

+

"static-nolibc"

+

libs

+

elf_path所指定的可执行ELF文件的依赖库,sysBoost可以自动探测依赖库,故为可选项

+

字符串

+

sysBoost支持的可执行ELF文件的依赖库的路径名称

+
+ +### 配置示例 + +sysBoost的toml配置文件示例: + +``` +# /etc/sysboost.d/bash.toml +elf_path = "/usr/bin/bash" +mode = "static-nolibc" +libs = ["/usr/lib64/libtinfo.so.6"] +``` + +## 操作方法 + +- 启动sysBoost服务 + + ``` + systemctl start sysboost.service + ``` + +- 关闭sysBoost服务 + + ``` + systemctl stop sysboost.service + ``` + +- 状态查询(若没有标红字体,说明sysBoost运行正常) + + ``` + systemctl status sysboost.service + ``` + +- 日志(若sysBoost出现错误,可通过系统日志查询相关信息) + + ``` + cat /var/log/messages + ``` + + diff --git a/docs/zh/server/performance/overall/system_resource/_toc.yaml b/docs/zh/server/performance/overall/system_resource/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ea85bbe0467bdf4cbb8b2f9d70367d4cd3a86abf --- /dev/null +++ b/docs/zh/server/performance/overall/system_resource/_toc.yaml @@ -0,0 +1,6 @@ +label: 系统资源与性能 +isManual: true +description: 介绍CPU,内存,I/O 及常用性能分析工具 +sections: + - label: 系统资源与性能 + href: ./system_resources_and_performance.md diff --git a/docs/zh/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/zh/server/performance/overall/system_resource/system_resources_and_performance.md b/docs/zh/server/performance/overall/system_resource/system_resources_and_performance.md new file mode 100644 index 0000000000000000000000000000000000000000..03ec3004fd8c354c4552306946402e65839aeaa0 --- /dev/null +++ b/docs/zh/server/performance/overall/system_resource/system_resources_and_performance.md @@ -0,0 +1,330 @@ +# 系统资源与性能 + +## CPU + +### 基本概念 + +中央处理器(Central Processing Unit,简称CPU)是计算机的主要设备之一,其功能是解释计算机指令以及处理计算机软件中的数据。 + +1. 物理核:可以真实看到的CPU核,有独立的电路元件以及L1、L2缓存,可以独立地执行指令。一个CPU可以有多个物理核。 +2. 逻辑核:在同一个物理核内,逻辑层面上存在的核。一般一个物理核对应一个线程,但是如果开启了超线程,当超线程数量为n时,一个物理核可以分成n个逻辑核。可以通过lscpu命令查看服务器中有多少个CPU,每个CPU中有几个物理核,以及每个CPU有几个逻辑核。 + +### 常用CPU性能分析工具 + +1. uptime:可用于**打印系统平均负载**,通过查看最后三个数字,可以判断平均负载的变化趋势。 + 平均负载大于CPU数量时表示CPU不足以服务线程,部分线程在等待;平均负载小于CPU数量,代表当前还有余量。 + + ![zh-cn_image_0000001384808269](./images/zh-cn_image_0000001384808269.png) + +2. vmstat:可以**动态地了解系统资源的使用情况**,以及查看系统中是哪一个环节最占用系统资源。 + 通过**vmstat -h**命令可以查看命令详解参数。 + 例如: + + ```shell + #使用vmstat进行监测,每隔1秒刷新一次 + vmstat 1 + ``` + + ![](./images/zh-cn_image_0000001385585749.png) + + 在命令的输出信息中,各字段所代表的含义如下: + |字段|含义| + |--|--| + |procs|进程信息字段。| + |memory|内存信息字段。| + |swap|交换分区信息字段。| + |io|磁盘读/写信息字段。| + |system|系统信息字段。| + |cpu|CPU信息字段。-us:非内核进程消耗 CPU 运算时间的百分比。-sy:内核进程消耗 CPU 运算时间的百分比。-id:空闲。-wa:等待 I/O 所消耗的 CPU 百分比。-st:被虚拟机所盗用的 CPU 百分比。| + +3. sar:可用于**分析系统性能**,可以用来观察当前的活动以及配置,用以归档和报告历史统计信息。 + 例如: + + ```shell + # 安装sysstat + yum install -y sysstat + + # 查看系统CPU的整体负载情况,每3秒统计一次,共统计5次 + sar -u 3 5 + ``` + + ![zh-cn_image_0000001336448570](./images/zh-cn_image_0000001336448570.png) + + 在命令的输出信息中,各字段所代表的含义如下: + + |字段|含义| + |--|--| + |%user|用户模式下消耗的 CPU 时间的比例。| + |%nice|通过 nice 改变了进程调度优先级的进程,在用户模式下消耗的 CPU 时间的比例。| + |%system|系统模式下消耗的 CPU 时间的比例。| + |%iowait|CPU 等待磁盘 I/O 导致空闲状态消耗的时间比例。| + |%steal|利用操作系统等虚拟化技术,等待其他虚拟CPU计算占用的时间比例。| + |%idle|CPU空闲时间比例。| + +4. ps:可用于**查看正在运行的进程**。 + + ```shell + # 查看系统中所有的进程,以及查看进程的父进程的 PID 和进程优先级 + ps -le + ``` + + ![zh-cn_image_0000001337039920](./images/zh-cn_image_0000001337039920.png) + + ```shell + # 查看当前shell产生的进程 + ps -l + ``` + + ![zh-cn_image_0000001385611905](./images/zh-cn_image_0000001385611905.png) + +5. top:可以**动态地持续监听进程的运行状态,显示最消耗CPU的进程**。 + + ```shell + top + ``` + + ![zh-cn_image_0000001335457246](./images/zh-cn_image_0000001335457246.png) + +## 内存 + +### 基本概念 + +**内存**是计算机的重要组成部件,用于暂时存放CPU中的运算数据,以及与硬件等外部存储器交换的数据。特别地,**非统一内存访问架构**(non-uniform memory access,简称NUMA)是一种为多处理器的电脑设计的内存架构,**内存访问时间取决于内存相对于处理器的位置**。在NUMA下,处理器访问本地内存的速度比非本地内存速度(内存位于另一个处理器,或者是处理器之间共享的内存)快。 + +### 常用内存分析工具/方式 + +1. free:可用于**显示系统内存状态**。 + + 例如: + + ```shell + # 显示系统内存状态,以MB单位显示 + free -m + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# free -m + total used free shared buff/cache available + Mem: 2633 436 324 23 2072 2196 + Swap: 4043 0 4043 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |标识|含义| + |--|--| + |total|总内存数。| + |used|已经使用的内存数。| + |free|空闲的内存数。| + |shared|多个进程共享的内存总数。| + |buff/cache|缓冲和缓存内存总数。| + |available|估计有多少内存可用于启动新应用程序,而不交换。| + +2. vmstat:可以**动态地监控系统内存**,查看系统内存的使用情况。 + + 例如: + + ```shell + # 监测系统内存,显示活跃和非活跃内存 + vmstat -a + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# vmstat -a + procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- + r b swpd free inact active si so bi bo in cs us sy id wa st + 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 + ``` + + 在命令的输出信息中,与内存相关的memory字段所代表的含义如下: + + |字段|含义| + |--|--| + |memory|内存信息字段。-swpd:虚拟内存的使用情况,单位为 KB。-free:空闲的内存容量,单位为 KB。-inact:非活跃的内存容量,单位为 KB。-active:活跃的内存容量,单位为 KB。| + +3. sar:可用于**监控系统的内存使用情况**。 + + 例如: + + ```shell + # 系统内存在采样时间内的使用情况,每2秒统计一次,统计 3 次 + sar -r 2 3 + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# sar -r 2 3 + + 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb + dirty + 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |字段|含义| + |--|--| + |kbmemfree|内存的未使用空间。| + |kbmemused|内存的已使用空间。| + |%memused|已使用空间的百分比。| + |kbbuffers|缓冲区的数据存取量。| + |kbcached|系统全域的数据存取量。| + +4. numactl:可用于**查看NUMA节点配置和状态**。 + + 例如: + + ```shell + # 安装numactl + yum install -y numactl + # 查看当前的NUMA配置 + numactl -H + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# numactl -H + available: 1 nodes (0) + node 0 cpus: 0 1 2 3 + node 0 size: 2633 MB + node 0 free: 322 MB + node distances: + node 0 + 0: 10 + ``` + + 服务器共划分为1个NUMA节点。每个节点包含4个CPU core,每个节点的内存大小约为6GB。 + 同时,该命令还给出了不同节点间的距离,距离越远,跨NUMA内存访问的延时越大。应用程序运行时应减少跨NUMA访问内存。 + + numastat:可用于**观察各个NUMA节点的状态** + + ```shell + # 观察NUMA节点的状态 + numastat + ``` + + ```shell + [root@openEuler ~]# numastat + node0 + numa_hit 5386186 + numa_miss 0 + numa_foreign 0 + interleave_hit 17483 + local_node 5386186 + other_node 0 + ``` + + numastat命令输出字段及其含义如下: + + |标识|含义| + |--|--| + |numa_hit|节点内CPU核访问本地内存的次数。| + |numa_miss|节点内核访问其他节点内存的次数。| + |numa_foreign|初始分配在本地,最后分配在其他节点的叶数量。每个numa_foreign对应numa_miss事件。| + |interleave_hit|interleave策略页成功分配到这个节点。| + |local_node|该节点的进程成功在这个节点上分配内存访问的大小。| + |other_node|该节点的进程在其他节点上分配的内存访问大小。| + +## I/O + +### 基本概念 + +**I/O**表示输入(Input)/输出(Output),输入指系统接收信号或数据的操作,输出指从系统发出信号或数据的操作。对于CPU 和主存储器的组合,**任何信息传入或传出 CPU/内存组合,就会被认为是 I/O**。 + +### 常用I/O性能分析工具 + +1. iostat:可以**汇报所有在线磁盘的统计信息**。 + + 例如: + + ```shell + # 详细显示磁盘信息,以KB为单位显示,以100秒为周期统计(命令本身不会主动停止,需要执行Ctrl+C手动停止) + iostat -d -k -x 100 + + # 详细显示磁盘信息,以KB为单位显示,以1秒为周期统计,总共统计100s + iostat -d -k -x 1 100 + ``` + + ![zh-cn_image_0000001385905845](./images/zh-cn_image_0000001385905845.png) + + 在命令的输出信息中,各字段所代表的含义如下: + + |字段|含义| + |--|--| + |Device|监测设备名称。| + |r/s|设备每秒完成的读取请求数(合并后)。| + |rKB/s|每秒从磁盘读取KB数。| + |rrqm/s|每秒合并放入请求队列的读操作数。| + |%rrqm|读取请求在发送到设备之前合并在一起的百分比。| + |r_await|每个读请求耗费的平均时间。| + |rareq-sz|向设备发出的读取请求的平均大小(以KB为单位)。| + |w/s|设备每秒完成的写入请求数(合并后)。| + |wKB/s|每秒写入磁盘KB数。| + |wrqm/s|每秒合并放入请求队列的写操作数。| + |%wrqm|写入请求在发送到设备之前合并在一起的百分比。| + |w_await|每个写请求耗费的平均时间。| + |wareq-sz|向设备发出的写入请求的平均大小(以KB为单位)。| + |d/s|设备每秒完成的丢弃请求数。| + |dKB/s|每秒为设备丢弃的扇区(KB)数。| + |drqm/s|每秒合并到设备排队的丢弃请求数。| + |%drqm|丢弃请求在发送到设备之前合并在一起的百分比。| + |d_await|向要服务的设备发出丢弃请求的平均时间。| + |dareq-sz|向设备发出的丢弃请求的平均大小(以KB为单位)。| + |f/s|设备每秒完成的刷新请求数(合并后)。| + |f_await|向要服务的设备发出的刷新请求的平均时间。| + |aqu-sz|向设备发出的请求的平均队列长度。| + |%util|用于I/O操作时间的百分比,即使用率。| + +2. sar:可用于**查看系统磁盘的读写性能**。 + + 例如: + + ```shell + # 显示系统所有硬盘设备在采样时间内的使用状态,每3秒统计一次,统计5次 + sar -d 3 5 + ``` + + ![zh-cn_image_0000001386149037](./images/zh-cn_image_0000001386149037.png) + + 在命令的输出信息中,各字段所代表的含义如下: + + |标识|含义| + |--|--| + |tps|每秒向物理设备发出的传输总数。| + |rKB/s|每秒从设备读取的KB数。| + |wKB/s|每秒写入设备的KB数。| + |dKB/s|设备每秒丢弃的KB数。| + |areq-sz|向设备发出的I/O请求的平均大小(KB)。| + |aqu-sz|向设备发出的请求的平均队列长度。| + |await|向要服务的设备发出的I/O请求的平均时间。| + |%util|向设备发出I/O请求的已用时间百分比(设备的带宽利用率)。| + +3. vmstat + + ```shell + # 使用vmstat进行监测,报告磁盘相关统计信息 + vmstat -d + ``` + + ![zh-cn_image_0000001389098425](./images/zh-cn_image_0000001389098425.png) + + 在命令的输出信息中,各字段所代表的含义如下: + + |字段|含义| + |--|--| + |reads|-total:已成功完成的读取总数。-merged:分组读取(导致一次I/O)。-sectors:扇区读取成功。-ms:读取花费的毫秒数。| + |writes|-total:已成功完成的写入总数。-merged:分组写入(导致一次I/O)。-sectors:写入成功的扇区。-ms:写入所花费的毫秒数。| + |IO|-cur:正在进行的 I/O 数。-sec:I/O 所花费的秒数。| diff --git a/docs/zh/server/quickstart/quickstart/_toc.yaml b/docs/zh/server/quickstart/quickstart/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3eafbb9e48784703fce6e084076432c0bbd90db7 --- /dev/null +++ b/docs/zh/server/quickstart/quickstart/_toc.yaml @@ -0,0 +1,6 @@ +label: 快速入门 +isManual: true +description: 快速地安装和使用 openEuler 操作系统 +sections: + - label: 快速入门 + href: ./quick_start.md diff --git a/docs/zh/server/quickstart/quickstart/figures/Advanced_User_Configuration.png b/docs/zh/server/quickstart/quickstart/figures/Advanced_User_Configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..29fc332ed3ecdc70b2a031d2633a6ec4ec5a9f0b Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/Advanced_User_Configuration.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png b/docs/zh/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..9e87cfaf1bdee860b3cbc35150decd8db492f8aa Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/Image_dialog_box.png b/docs/zh/server/quickstart/quickstart/figures/Image_dialog_box.png new file mode 100644 index 0000000000000000000000000000000000000000..e72253b3d16d4388fa051c73b94e8923020ad467 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/Image_dialog_box.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/Installation_Overview.png b/docs/zh/server/quickstart/quickstart/figures/Installation_Overview.png new file mode 100644 index 0000000000000000000000000000000000000000..f6542ffc0c01cf2489071ebf5addb47f12b0a242 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/Installation_Overview.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/Installation_Procedure.png b/docs/zh/server/quickstart/quickstart/figures/Installation_Procedure.png new file mode 100644 index 0000000000000000000000000000000000000000..06a9d14a166bdfe86c5eec0be7929a7a99c5ea45 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/Installation_Procedure.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/Installation_wizard.png b/docs/zh/server/quickstart/quickstart/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..fc3a96c0cd4b5a2ece94a0b3fc484720440adace Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/Installation_wizard.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png b/docs/zh/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png new file mode 100644 index 0000000000000000000000000000000000000000..682f555c3a6da63e1cf6e6eed402e2851c4a7ebb Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/Target_installation_position.png b/docs/zh/server/quickstart/quickstart/figures/Target_installation_position.png new file mode 100644 index 0000000000000000000000000000000000000000..5dcf04a4bfa256efef32a1cf7dd146161030381d Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/Target_installation_position.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/choosesoftware.png b/docs/zh/server/quickstart/quickstart/figures/choosesoftware.png new file mode 100644 index 0000000000000000000000000000000000000000..e9f4dbfb6de56498a46752cbebe88ab623366160 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/choosesoftware.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/createuser.png b/docs/zh/server/quickstart/quickstart/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..a280f355f07f34e590bfcb5c33a16b2201051857 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/createuser.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/restarticon.png b/docs/zh/server/quickstart/quickstart/figures/restarticon.png new file mode 100644 index 0000000000000000000000000000000000000000..33bf7cd2e435ff04f3947eb39ba20019b12bf2d2 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/restarticon.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/root_password.png b/docs/zh/server/quickstart/quickstart/figures/root_password.png new file mode 100644 index 0000000000000000000000000000000000000000..acc7ac215cecfe996a991cf61c69c52d19a06d31 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/root_password.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/selectlanguage.png b/docs/zh/server/quickstart/quickstart/figures/selectlanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..4351e637cb673e156864cf5110e68efb3c3e1f2b Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/selectlanguage.png differ diff --git a/docs/zh/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png b/docs/zh/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png new file mode 100644 index 0000000000000000000000000000000000000000..86c61a4b8e2a5795baff2fc74629924d01d7b97b Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png differ diff --git a/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-caution.gif b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-danger.gif b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-note.gif b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-notice.gif b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-tip.gif b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-warning.gif b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/quickstart/quickstart/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/quickstart/quickstart/quick_start.md b/docs/zh/server/quickstart/quickstart/quick_start.md new file mode 100644 index 0000000000000000000000000000000000000000..b7cf9389778a8a8e8854457ecb751c3b6d41369c --- /dev/null +++ b/docs/zh/server/quickstart/quickstart/quick_start.md @@ -0,0 +1,296 @@ +# 快速入门 + +本文档以TaiShan 200服务器上安装 openEuler 为例,旨在指导用户快速地安装和使用openEuler操作系统,更详细的安装要求和安装方法请参考《[安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md)》。 + +## 安装要求 + +- 硬件兼容支持 + + 支持的服务器类型请参考[兼容性列表](https://www.openeuler.org/zh/compatibility/)。 + +- 最小硬件要求 + + 最小硬件要求如[表2](#tff48b99c9bf24b84bb602c53229e2541)所示。 + + **表 2** 最小硬件要求 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

部件名称

最小硬件要求

说明

架构

  • AArch64
  • x86_64
  • 支持Arm的64位架构。
  • 支持Intel的x86 64位架构。

CPU

  • 华为鲲鹏920系列CPU
  • Intel® Xeon®处理器

-

内存

不小于4GB(为了获得更好的应用体验,建议不小于8GB)

-

硬盘

为了获得更好的应用体验,建议不小于120GB

  • 支持IDE、SATA、SAS等接口的硬盘。
  • 用DIF功能的NVME盘,需要对应驱动支持,如果无法使用,请联系硬件厂商。

+ +## 获取安装源 + +请按以下步骤获取openEuler的发布包和校验文件: + +1. 登录[openEuler社区](https://openeuler.org)网站。 +2. 单击“下载”。 +3. 单击“社区发行版”,显示版本列表。 +4. 在版本列表的“openEuler 24.03 LTS SP1”版本处单击“前往下载”按钮,进入版本下载列表。 +5. 根据实际待安装环境的架构和场景选择需要下载的 openEuler 的发布包和校验文件。 + 1. 若为AArch64架构。 + 1. 单击“AArch64”。 + 2. 若选择本地安装,选择“Offline Standard ISO”或者“Offline Everything ISO”对应的“立即下载”将发布包 “openEuler-24.03-LTS-SP1-aarch64-dvd.iso”下载到本地。 + 3. 若选择网络安装,选择“Network Install ISO”将发布包 “openEuler-24.03-LTS-SP1-netinst-aarch64-dvd.iso”下载到本地。 + 2. 若为x86_64架构。 + 1. 单击“x86_64”。 + 2. 若选择本地安装,选择“Offline Standard ISO”或者“Offline Everything ISO”对应的“立即下载”将发布包 “openEuler-24.03-LTS-SP1-x86_64-dvd.iso”下载到本地。 + 3. 若选择网络安装,选择“Network Install ISO”将发布包 “openEuler-24.03-LTS-SP1-netinst-x86_64-dvd.iso ”下载到本地。 + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 网络安装方式的 ISO 发布包较小,在有网络的安装环境可以选择网络安装方式。 +> - AArch64架构的发布包支持UEFI模式,x86\_64架构的发布包支持UEFI模式和Legacy模式。 +> + +## 发布包完整性校验 + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> 本章节以AArch64架构的发布包完整性校验为例,x86\_64架构的发布包完整性校验的操作方法相同。 + +### 简介 + +为了确认软件包在传输过程中由于网络原因或者存储设备原因是否出现下载不完整的问题,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 + +这里通过对比校验文件中记录的校验值和手动方式计算的iso文件校验值,判断软件包是否完整。若两个值相同,说明iso文件完整,否则,iso完整性被破坏,请重新获取iso发布包。 + +### 前提条件 + +在校验发布包完整性之前,需要准备如下文件: + +iso文件:openEuler-24.03-LTS-SP1-aarch64-dvd.iso + +校验文件:ISO对应完整性校验值,复制保存对应的ISO值 + +### 操作指导 + +文件完整性校验操作步骤如下: + +1. 计算文件的sha256校验值。执行命令如下: + + ```sh + # sha256sum openEuler-24.03-LTS-SP1-aarch64-dvd.iso + ``` + + 命令执行完成后,输出校验值。 + +2. 对比步骤1计算的校验值与对刚刚复制的SHA256的值是否一致。 + + 如果校验值一致说明iso文件完整性没有被破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 + +## 启动安装 + +1. 登录服务器iBMC Web界面。具体方法请参考《[TaiShan 200 服务器 用户指南 (型号 2280)](https://support.huawei.com/enterprise/zh/doc/EDOC1100088652)》。 +2. 在上方标题栏中,选择“配置”,在左侧导航树中选择“系统启动项”,显示“系统启动项”界面。 + + 将“优先引导介质”设置为“光驱”,选择“单次有效”,并单击“保存”以保存配置。如[图1](#fig1011938131018)所示。 + + **图 1** 设置系统启动项 + ![](./figures/Setting_the_System_Boot_Option.png) + +3. 在上方标题栏中,选择“远程控制”,在左侧导航树中选择“远程控制”,显示“远程控制”界面。 + + 根据实际情况选择一个集成远程控制台以进入远程虚拟控制台,如选择“Java集成远程控制台\(共享\)”。 + +4. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 + + **图 2** 光驱图标 + ![](./figures/CD-ROM_drive_icon.png) + + 弹出镜像对话框,如下图所示。 + + **图 3** 镜像对话框 + ![](./figures/Image_dialog_box.png) + +5. 在镜像对话框中,选择“镜像文件”, 并单击“浏览”。弹出“打开”对话框。 +6. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 +7. 在工具栏中,单击重启工具重启设备,如下图所示。 + + **图 4** 重启图标 + ![](./figures/restarticon.png) + +8. 设备重启后进入到openEuler操作系统安装引导界面,如[图5](#fig1648754873314)所示。 + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler ”自动进入安装界面。 + > - 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 + > + + **图 5** 安装引导界面 + ![](./figures/Installation_wizard.png) + +9. 在安装引导界面,按“Enter”,进入默认选项“Test this media & install openEuler ”的图形化安装界面。 + +## 安装 + +进入图形化安装界面后,按如下步骤进行安装。 + +1. 设置安装语言,默认为英语,用户可根据实际情况进行调整,如[图6](#fig874344811484)所示,选择“中文”。 + + **图 6** 选择语言 + ![](./figures/selectlanguage.png) + +2. 在安装概览界面,根据实际情况设置各配置项。 + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 配置项有告警符号的,表示用户必须完成该选项配置后,告警符号消失,才能进行下一步操作。 + > - 配置项无告警符号的,表示该配置项已有默认配置。 + > - 所有配置项均无告警符号时用户才能单击“开始安装”进行系统安装。 + > + + **图 7** 安装概览 + ![](./figures/Installation_Overview.png) + + 1. 选择“软件选择”,设置“软件选择”配置项。 + + 用户需要根据实际的业务需求,在左侧选择一个“最小安装”,在右侧选择安装环境的附加选项,如[图8](#fig1133717611109)所示。 + + **图 8** 软件选择 + ![](./figures/choosesoftware.png) + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 + > - 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附加选项处选择是否安装ovs等组件。 + > + + 设置完成后,请单击左上角“完成”返回“安装概览”页面。 + + 2. 选择“安装目的地”,设置“安装目的地”配置项。 + + 在安装位置页面中,您可以选择计算机中的本地可用存储设备。 + + > ![](./public_sys-resources/icon-notice.gif) **须知:** + > + > - 由于很多服务器BIOS内置NVMe驱动程序版本较低,不支持NVMe的数据保护特性(数据保护:将磁盘扇区格式化为512+N或4096+N字节)。所以,在选择合适的存储介质时,建议不要选择开启数据保护特性的NVMe SSD存储介质作为系统盘,否则可能出现操作系统无法引导等问题。 + > - 用户可以选择优先咨询服务器厂商关于BIOS是否支持开启数据保护特性的NVMe磁盘作为系统盘。如果您无法确认BIOS是否支持,则不推荐使用NVMe安装操作系统,或者选择关闭NVMe盘的数据保护功能实现操作系统安装。 + > + + 您还需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。如[图9](#fig153381468101)所示。 + + **图 9** 安装目标位置 + ![](./figures/Target_installation_position.png) + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 + > - 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 + > - 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 + > + + 设置完成后,请单击左上角“完成”返回“安装概览”页面。 + + 3. 选择“根密码”,设置“根密码”配置项。 + + 在如图10所示的“ROOT密码”页面中,根据密码复杂度输入密码并再次输入密码进行确认。 + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - root帐户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root帐户。 + > - 在“ROOT密码”界面若选择“锁定root帐户”则root帐户将禁用。 + > + + **密码复杂度** + + 用户设置的root用户密码或新创建用户的密码均需要满足密码复杂度要求,否则会导致密码设置或用户创建失败。设置密码的复杂度的要求如下: + + 1. 口令长度至少8个字符。 + 2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 + 3. 口令不能和帐号一样。 + 4. 口令不能使用字典词汇。 + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 在已装好的openEuler环境中,可以通过`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt`命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 + + **图 10** root密码 + ![](./figures/root_password.png) + + 设置完成后,单击左上角的“完成”返回“安装概览”页面。 + + 4. 选择“创建用户”,设置“创建用户”配置项。 + + 在创建用户的界面如[图11](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码,其中密码复杂度要求与root密码复杂度要求一致。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图12](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 + + **图 11** 创建用户 + ![](./figures/createuser.png) + + **图 12** 高级用户配置 + ![ 高级用户配置](./figures/Advanced_User_Configuration.png) + + 完成设置后,单击左上角的“完成”返回“安装概览”页面。 + + 5. 设置其他配置项,其他配置项可以使用默认配置。 + +3. 单击“开始安装”进行系统安装,如[图13](#fig1717019357392)所示。 + + **图 13** 开始安装 + + ![](./figures/Installation_Procedure.png) +4. 安装完成后重启系统。 + + openEuler完成安装后,单击“重启”按钮,系统将重新启动。 + +## 查看系统信息 + +系统安装完成并重启后直接进入系统命令行登录界面,输入安装过程中设置的用户和密码,进入openEuler操作系统,查看如下系统信息。若需要进行系统管理和配置操作,请参考《[管理员指南](https://openeuler.org/zh/docs/24.03_LTS_SP1/docs/Administration/administration.html)》。 + +- 查看系统信息,命令如下: + + ```sh + cat /etc/os-release + ``` + +- 查看系统相关的资源信息。 + + 查看CPU信息,命令如下: + + ```sh + # lscpu + ``` + + 查看内存信息,命令如下: + + ```sh + # free + ``` + + 查看磁盘信息,命令如下: + + ```sh + # fdisk -l + ``` + +- 查看IP地址,命令如下: + + ```sh + # ip addr + ``` diff --git a/docs/zh/server/releasenotes/releasenotes/_toc.yaml b/docs/zh/server/releasenotes/releasenotes/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c72236f437eb3f479d3bc0f33f71b64787bebed8 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/_toc.yaml @@ -0,0 +1,30 @@ +label: 发行说明 +isManual: true +description: openEuler 25.03 版本的发行说明 +sections: + - label: 发行说明 + href: ./release_notes.md + - label: 简介 + href: ./introduction.md + - label: 法律声明 + href: ./terms_of_use.md + - label: 用户须知 + href: ./user_notice.md + - label: 帐号清单 + href: ./account_list.md + - label: 系统安装 + href: ./os_installation.md + - label: 关键特性 + href: ./key_features.md + - label: 已知问题 + href: ./known_issues.md + - label: 已修复问题 + href: ./resolved_issues.md + - label: CVE漏洞 + href: ./cve.md + - label: 源代码 + href: ./source_code.md + - label: 参与贡献 + href: ./contribution.md + - label: 致谢 + href: ./acknowledgment.md diff --git a/docs/zh/server/releasenotes/releasenotes/account_list.md b/docs/zh/server/releasenotes/releasenotes/account_list.md new file mode 100644 index 0000000000000000000000000000000000000000..594e43206644bc6da9625321958e802ed6e9d1c0 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/account_list.md @@ -0,0 +1,6 @@ +# openEuler帐号清单 + +| 用户名 | 默认密码 | 用户用途 | 用户状态 | 登录方式 | 备注 | +|--- |--- | --- | --- |--- |--- | +| root | openEuler12#$| 虚拟机镜像默认用户 | 启用 | 远程登录 | 登录使用openEuler虚拟机镜像安装的虚拟机 | +| root | openEuler#12 | 登录GRUB2 | 启用 | 本地登录、远程登录 | GRUB (GRand UnifiedBootloader) 是操作系统启动管理器,用来引导不同系统(如Windows、Linux)。
GRUB2是GRUB的升级版。系统启动时,可以通过GRUB2界面修改启动参数。为了确保系统的启动参数不被任意修改,需要对GRUB2界面进行加密,仅在输入正确的GRUB2口令时才能修改。 | diff --git a/docs/zh/server/releasenotes/releasenotes/acknowledgment.md b/docs/zh/server/releasenotes/releasenotes/acknowledgment.md new file mode 100644 index 0000000000000000000000000000000000000000..1bbe74bfc69de3609389419b1156abe4135b73ec --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/acknowledgment.md @@ -0,0 +1,3 @@ +# 致谢 + +我们衷心地感谢参与和协助openEuler项目的所有成员。是你们的辛勤付出使得版本顺利发布,也为openEuler更好地发展提供可能。 diff --git a/docs/zh/server/releasenotes/releasenotes/contribution.md b/docs/zh/server/releasenotes/releasenotes/contribution.md new file mode 100644 index 0000000000000000000000000000000000000000..2ca0b88e86daff77e168913e3960adb7d8b728cd --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/contribution.md @@ -0,0 +1,23 @@ +# 参与贡献 + +作为openEuler用户,你可以通过多种方式协助openEuler社区。参与社区贡献的方法请参见《[贡献攻略](https://www.openeuler.org/zh/community/contribution/)》,这里简单列出部分方式供参考。 + +## 特别兴趣小组 + +openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别兴趣小组(SIG)。当前已有的SIG请参见《[SIG列表](https://www.openeuler.org/zh/sig/sig-list/)》。 + +我们欢迎并鼓励你加入已有的SIG或创建新的SIG,创建方法请参见《[SIG管理指南](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/README.md)》。 + +## 邮件列表和任务 + +欢迎你积极地帮助用户解决在[邮件列表](https://www.openeuler.org/zh/community/mailing-list/)和issue任务(包括[代码仓任务](https://gitee.com/organizations/openeuler/issues)和[软件包仓任务](https://gitee.com/organizations/src-openeuler/issues))中提出的问题。另外,我们也欢迎你提出问题。这些都将帮助openEuler社区更好地发展。 + +## 文档 + +我们不仅欢迎你通过提交代码参与社区贡献,还欢迎你反馈遇到的问题、困难,或者对文档易用性、完整性等提出改进建议 + +我们不仅欢迎你通过提交代码参与社区贡献,还欢迎你反馈遇到的问题、困难,或者对文档易用性、完整性等提出改进建议。例如获取软件或文档过程中的问题,使用系统过程中的难点。欢迎关注并改进[openEuler社区](https://www.openeuler.org/zh/)的文档模块。 + +## IRC + +openEuler也在IRC开辟了频道,作为提供社区支持和交互的额外渠道。详情请参见[openEuler IRC](https://gitee.com/openeuler/community/blob/master/zh/communication/IRCs.md)。 diff --git a/docs/zh/server/releasenotes/releasenotes/cve.md b/docs/zh/server/releasenotes/releasenotes/cve.md new file mode 100644 index 0000000000000000000000000000000000000000..e826e0f56506b3ac239843c6a6bf0d607691b318 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/cve.md @@ -0,0 +1,3 @@ +# CVE漏洞 + +版本涉及的CVE可通过[CVE列表](https://www.openeuler.org/zh/security/cve)查询。 diff --git a/docs/zh/server/releasenotes/releasenotes/introduction.md b/docs/zh/server/releasenotes/releasenotes/introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..a784c4fe1c3c1893491aa30f1536bb68e4c93a9b --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/introduction.md @@ -0,0 +1,3 @@ +# 简介 + +openEuler是一款开源操作系统。当前openEuler内核源于Linux,支持鲲鹏及其他多种处理器,能够充分释放计算芯片的潜能,是由全球开源贡献者构建的高效、稳定、安全的开源操作系统,适用于数据库、大数据、云计算、人工智能等应用场景。同时,openEuler是一个面向全球的操作系统开源社区,通过社区合作,打造创新平台,构建支持多处理器架构、统一和开放的操作系统,推动软硬件应用生态繁荣发展。 diff --git a/docs/zh/server/releasenotes/releasenotes/key_features.md b/docs/zh/server/releasenotes/releasenotes/key_features.md new file mode 100644 index 0000000000000000000000000000000000000000..aac1413ac21bb45b13c38335e02ee57472382348 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/key_features.md @@ -0,0 +1,456 @@ +# 关键特性 + +## AI专项 + +智能时代,操作系统需要面向AI不断演进。一方面,在操作系统开发、部署、运维全流程以AI加持,让操作系统更智能;另一方面,openEuler已支持Arm,x86,RISC-V等全部主流通用计算架构,在智能时代,openEuler也率先支持NVIDIA、昇腾等主流AI处理器,成为使能多样性算力的首选。 +- **OS for AI**:openEuler兼容NVIDIA、Ascend等主流算力平台的软件栈,为用户提供高效的开发运行环境。通过将不同AI算力平台的软件栈进行容器化封装,即可简化用户部署过程,提供开箱即用的体验。同时,openEuler也提供丰富的AI框架,方便大家快速在openEuler上使用AI能力。 + - openEuler已兼容CANN、CUDA等硬件SDK,以及TensorFlow、PyTorch、MindSpore等相应的AI框架软件,支持AI应用在openEuler上高效开发与运行。 + - openEuler AI软件栈容器化封装优化环境部署过程,并面向不同场景提供以下三类容器镜像。 + 1. SDK镜像:以openEuler为基础镜像,安装相应硬件平台的SDK,如Ascend平台的CANN或NVIDIA的CUDA软件。 + 2. AI框架镜像:以SDK镜像为基础,安装AI框架软件,如PyTorch或TensorFlow。此外,通过此部分镜像也可快速搭建AI分布式场景,如Ray等AI分布式框架。 + 3. 模型应用镜像:在AI框架镜像的基础上,包含完整的工具链和模型应用。 + + 相关使用方式请参考《[openEuler AI 容器镜像用户指南](https://forum.openeuler.org/t/topic/4189/4)》。 +- **AI for OS**:当前,openEuler和AI深度结合,一方面使用基础大模型,基于大量openEuler操作系统的代码和数据,训练出openEuler Copilot System,初步实现代码辅助生成、智能问题智能分析、系统辅助运维等功能,让openEuler更智能。 + - 智能问答:openEuler Copilot System智能问答平台目前支持web和智能shell两个入口。 + 1. 工作流调度:原子化智能体操作流程:通过采用“流”的组织形式,openEuler Copilot System允许用户将智能体的多个操作过程组合成一个内部有序、相互关联的多步骤“工作流”;即时数据处理:智能体在工作流的每个步骤中生成的数据和结果能够立即得到处理,并无缝传递到下一个步骤;智能交互:在面对模糊或复杂的用户指令时,openEuler Copilot System能主动询问用户,以澄清或获取更多信息。 + 2. 任务推荐:智能响应:openEuler Copilot System能够分析用户输入的语义信息;智能指引:openEuler Copilot System综合分析当前工作流的执行状况、功能需求以及关联任务等多维度数据,为用户量身定制最适宜的下一步操作建议。 + 3. RAG:openEluer Copilot System中的RAG技术能更强的适应多种文档格式和内容场景,在不为系统增加较大负担的情况下,增强问答服务体验。 + 4. 语料治理:语料治理是openEuler Copilot System中的RAG技术的基础能力之一,其通过片段相对关系提取、片段衍生物构建和OCR等方式将语料以合适形态入库,以增强用户查询命中期望文档的概率。 + + 相关使用方式请参考《[openEuler Copilot System 智能问答用户指南](https://gitee.com/openeuler/docs/tree/stable2-22.03_LTS_SP3/docs/zh/docs/AI/openEuler_Copilot_System/%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97)》。 + - 智能调优:openEluer Copilot System 智能调优功能目前支持智能shell入口。 +在上述功能入口,用户可通过与openEluer Copilot System进行自然语言交互,完成性能数据采集、系统性能分析、系统性能优化等作业,实现启发式调优。 + - 智能诊断: + 1. 巡检:调用Inspection Agent,对指定IP进行异常事件检测,为用户提供包含异常容器ID以及异常指标(cpu、memory等)的异常事件列表。 + 2. 定界:调用Demarcation Agent,对巡检结果中指定异常事件进行定界分析,输出导致该异常事件的根因指标TOP3。 + 3. 定位:调用Detection Agent,对定界结果中指定根因指标进行Profiling定位分析,为用户提供该根因指标异常的热点堆栈、热点系统时间、热点性能指标等信息。 + - 智能容器镜像:openEuler Copilot System目前支持通过自然语言调用环境资源,在本地协助用户基于实际物理资源拉取容器镜像,并且建立适合算力设备调试的开发环境。当前版本支持三类容器,并且镜像源已同步在dockerhub发布,用户可手动拉取运行: + 1. SDK层:仅封装使能AI硬件资源的组件库,例如:cuda、cann等。 + 2. SDK + 训练/推理框架:在SDK层的基础上加装tensorflow、pytorch等框架,例如:tensorflow2.15.0-cuda12.2.0、pytorch2.1.0.a1-cann7.0.RC1等。 + 3. SDK + 训练/推理框架 + 大模型:在第2类容器上选配几个模型进行封装,例如llama2-7b、chatglm2-13b等语言模型。 + +## openEuler Embedded + +openEuler Embedded围绕以制造、机器人为代表的OT领域持续深耕,通过行业项目垂直打通,不断完善和丰富嵌入式系统软件栈和生态。openEuler发布面向嵌入式领域的版本openEuler 24.03 LTS SP1,构建了一个相对完整的综合嵌入系统软件平台,在南北向生态、关键技术特性、基础设施、落地场景等方面都有显著的进步。未来openEuler Embedded将协同openEuler社区生态伙伴、用户、开发者,逐步扩展支持龙芯等新的芯片架构和更多的南向硬件,完善工业中间件、嵌入式AI、嵌入式边缘、仿真系统等能力,打造综合嵌入式系统软件平台解决方案。 + +- **南向生态**:openEuler Embedded Linux当前主要支持ARM64、x86-64、ARM32、RISC-V等多种芯片架构,未来计划支持龙芯等架构,从24.03 版本开始,南向支持大幅改善,已经支持树莓派、海思、瑞芯微、瑞萨、德州仪器、飞腾、赛昉、全志等厂商的芯片。openEuler 24.03 LTS SP1新增鲲鹏920支持。 +- **嵌入式弹性虚拟化底座**:openEuler Embedded的弹性虚拟化底座是为了在多核片上系统(SoC, System On Chip)上实现多个操作系统共同运行的一系列技术的集合,包含了裸金属、嵌入式虚拟化、轻量级容器、LibOS、可信执行环境(TEE)、异构部署等多种实现形态。 +- **混合关键性部署框架**: openEuler Embedded打造了构建在融合弹性底座之上混合关键性部署框架,并命名为MICA(MIxed CriticAlity),旨在通过一套统一的框架屏蔽下层弹性底座形态的不同,从而实现Linux和其他OS运行时便捷地混合部署。依托硬件上的多核能力使得通用的Linux和专用的实时操作系统有效互补,从而达到全系统兼具两者的特点,并能够灵活开发、灵活部署。 +- **北向生态**:600+嵌入式领域常用软件包的构建;提供软实时能力,软实时中断响应时延微秒级;集成 OpenHarmony 的分布式软总线和hichain点对点认证模块,实现欧拉嵌入式设备之间互联互通、欧拉嵌入式设备和 OpenHarmony 设备之间互联互通;支持iSula容器,可以实现在嵌入式上部署openEuler或其他操作系统容器,简化应用移植和部署。支持生成嵌入式容器镜像,最小大小可到5MB,可以部署在其他支持容器的操作系统之上。 +- **UniProton硬实时系统**:UniProton 是一款实时操作系统,具备极致的低时延和灵活的混合关键性部署特性,可以适用于工业控制场景,既支持微控制器 MCU,也支持算力强的多核 CPU。目前关键能力如下: + 1. 支持Cortex-M、ARM64、X86_64、riscv64架构,支持M4、RK3568、RK3588、X86_64、Hi3093、树莓派4B、鲲鹏920、昇腾310、全志D1s。 + 2. 支持树莓派4B、Hi3093、RK3588、X86_64设备上通过裸金属模式和openEuler Embedded Linux混合部署。 + 3. 支持通过gdb在openEuler Embedded Linux侧远程调试。 + +## DevStation 开发者工作站支持 + +openEuler首个面向开发者的开发者工作站Devstation正式发布,预装VSCODE,Devstation将打通部署,编码,编译,构建,发布全流程,开发者可以方便的使用oeDeploy完成AI软件栈,云原生软件栈部署,使用oeDevPlugin插件进行一键拉取代码仓,一键使用AI4C编译器编译,一键调用EulerMaker,轻松使用Devstation版本进行软件开发;同时Devstation将会集成openEuler新型包管理体系EPKG,可以进行多环境,多版本安装,方便开发者在不同版本之间进行切换。 + +- **开发者友好的集成环境**:发行版预装了广泛的开发工具和 IDE,如 VS Code系列等。支持多种编程语言,满足从前端、后端到全栈开发的需求。 +- **软件包管理与自动部署**:提供简单便捷的软件包管理工具,支持通过一键安装和更新多种开发环境。同时,内置 Docker、Isula 等容器技术,方便开发者进行应用容器化与自动化部署,提供新型包管理体系EPKG,支持多版本部署,大大降低开发者在安装不同开发工具时的使用门槛。 +- **图形化编程环境**:集成了图形化编程工具,降低了新手的编程门槛,同时也为高级开发者提供了可视化编程的强大功能。 +- **AI开发支持**:针对 AI 领域的开发者,预装了 TensorFlow、PyTorch 等机器学习框架,同时优化了硬件加速器(如 GPU、NPU)的支持,提供完整的 AI 模型开发与训练环境。同时,openEuler Devstation集成了openEuler Copilot System,提供AI助手服务,帮助用户解决大部分操作系统使用问题。 +- **调试与测试工具**:内置 GDB、CUnit、gtest、perf等调试工具和测试、调优工具,帮助开发者快速调试和自动化测试,提升开发效率。 +- **版本控制和协作**:集成 Git、SVN 等版本控制工具,并支持多种远程协作工具,如 Slack、Mattermost 和 GitLab,使得团队开发和远程协作更加顺畅。 +- **安全与合规检查**:提供安全扫描和代码合规性检查工具,帮助开发者在开发阶段就能发现并修复潜在的安全漏洞和代码问题。 + +## epkg新型软件包 + +epkg是一款新型软件包,支持普通用户在操作系统中安装及使用。新的软件包格式相比现有软件包,主要解决多版本兼容性问题,用户可以在一个操作系统上通过简单地命令行安装不同版本的软件包。同时支持环境环境实现环境的创建/切换/使能等操作,来使用不同版本的软件包。目前epkg主要支持非服务类的软件包的安装和使用。 + +- **多版本兼容**:支持普通用户安装,支持安装不同版本的软件包,不同版本的同一软件包安装不冲突。使能用户在同一个节点上,快速安装同一软件包的不同版本,实现多版本软件包的共存。 +- **环境管理**:支持环境环境实现环境的创建/切换/使能等操作,用户通过环境的切换,在环境中使用不同的channel,实现在不同的环境中使用不同版本的软件包。用户可以基于环境,快速实现软件包版本的切换。 +- **普通用户安装**:epkg支持普通用户安装软件包,普通用户能够自行创建环境,对个人用户下的环境镜像管理,无需特权版本。降低软件包安装引起的安全问题。 +## GCC 14多版本编译工具链支持 + +为了使能多样算例新特性,满足不同用户对不同硬件特性支持的需求,在 openEuler 24.03 LTS SP1 版本推出 openEuler GCC Toolset 14编译工具链,该工具链提供一个高于系统主 GCC 版本的副版本 GCC 14编译工具链,为用户提供了更加灵活且高效的编译环境选择。通过使用 openEuler GCC Toolset 14副版本编译工具链,用户可以轻松地在不同版本的 GCC 之间进行切换,以便充分利用新硬件特性,同时享受到 GCC 最新优化所带来的性能提升。 +为了与系统默认主版本 GCC 解耦,防止副版本 GCC 安装与主版本GCC 安装的依赖库产生冲突,openEuler GCC Toolset 14工具链的软件包名均以前缀“gcc-toolset-14-”开头,后接原有GCC软件包名。 +此外,为便于版本切换与管理,本方案引入SCL版本切换工具。SCL工具的核心就是会在/opt/openEuler/gcc-toolset-14 路径下提供一个enable脚本,通过注册将 gcc-toolset-14 的环境变量注册到 SCL 工具中,从而可以使用 SCL 工具启动一个新的 bash shell,此 bash shell 中的环境变量即为 enable 脚本中设置的副版本环境变量,从而实现主副版本 GCC 工具链的便捷切换。 + +## 内核创新 + +openEuler 24.03 LTS SP1基于 Linux Kernel 6.6内核构建,在此基础上,同时吸收了社区高版本的有益特性及社区创新特性。 + +- **内存管理folio特性**:Linux内存管理基于page(页)转换到由folio(拉丁语 foliō,对开本)进行管理,相比page,folio可以由一个或多个page组成,采用struct folio参数的函数声明它将对整个(1个或者多个)页面进行操作,而不仅仅是PAGE_SIZE字节,从而移除不必要复合页转换,降低误用tail page问题;从内存管理效率上采用folio减少LRU链表数量,提升内存回收效率,另一方,一次分配更多连续内存减少page fault次数,一定程度降低内存碎片化;而在IO方面,可以加速大IO的读写效率,提升吞吐。全量支持匿名页、文件页的large folio,提供系统级别的开关控制,业务可以按需使用。对于ARM64架构,基于硬件contiguous bit技术(16个连续PTE只占一个 TLB entry),可以进一步降低系统TLB miss,从而提升整体系统性能。24.03 LTS SP1版本新增支持anonymous shmem分配mTHP与支持mTHP的lazyfree,进一步增加内存子系统对于large folio的支持;新增page cache分配mTHP的sysfs控制接口,提供系统级别的开关控制,业务可以按需使用。 + +- **MPTCP特性支持**:MPTCP协议诞生旨在突破传统 TCP 协议的单一路径传输瓶颈,允许应用程序使用多个网络路径进行并行数据传输。这一设计优化了网络硬件资源的利用效率,通过智能地将流量分配至不同传输路径,显著缓解了网络拥塞问题,从而提高数据传输的可靠性和吞吐量。 +目前,MPTCP 在下述网络场景中已经展现出了其优秀的性能: + 1. 网络通路的选择:在现有的网络通路中,根据延迟、带宽等指标评估,选择最优的通路。 + 2. 无缝切网:在不同类型网络之间切换时,数据传输不中断。 + 3. 数据分流:同时使用多个通道传输,对数据包进行分发实现并发传输,增加网络带宽。 + + 在实验环境中,采用MPTCP v1技术的RSYNC文件传输工具展现出了令人满意的效率提升。具体而言,传输1.3GB大小的文件时,传输时间由原来的114.83 s缩短至仅14.35s,平均传输速度由原来的11.08 MB/s提升至88.25 MB/s,可以极大程度的缩减文件传输时间。同时,实验模拟了传输过程中一条或多条路径突发故障而断开的场景,MPTCP在此种场景下可以将数据无缝切换至其他可用的数据通道,确保数据传输的连续性与完整性。 +在openEuler 24.03 LTS SP1中,已经完成了对linux主线内核6.9中MPTCP相关特性的全面移植与功能优化。 +- **ext4文件系统支持Large folio**:iozone性能总分可以提升80%,iomap框架回写流程支持批量映射block。支持ext4默认模式下批量申请block,大幅优化各类benchmark下ext4性能表现(华为贡献)。ext4 buffer io读写流程以及pagecache回写流程弃用老旧的buffer_head框架,切换至iomap框架,并通过iomap框架实现ext4支持large folio。24.03 LTS SP1版本新增对于block size < folio size场景的小buffered IO(<=4KB)的性能优化,性能提升20%。 +- **xcall/xint特性**:随着Linux内核的发展,系统调用成为性能瓶颈,尤其是在功能简单的调用中。AARCH64平台上的SYSCALL共享异常入口,包含安全检查等冗余流程。降低SYSCALL开销的方法包括业务前移和批量处理,但需业务适配。XCALL提供了一种无需业务代码感知的方案,通过优化SYSCALL处理,牺牲部分维测和安全功能来降低系统底噪,降低系统调用处理开销。 +内核为了使中断处理整体架构统一,将所有中断处理全部归一到内核通用中断处理框架中,同时随着内核版本演进,通用中断处理框架附加了很多与中断处理自身的功能关系不大的安全加固和维测特性,这导致中断处理的时延不确定性增大。xint通过提供一套精简的中断处理流程,来降低中断处理的时延和系统底噪。 +- **按需加载支持failover特性**:cachefiles在按需模式下,如果守护进程崩溃或被关闭,按需加载相关的读取和挂载将返回-EIO。所有挂载点必须要在重新拉起 daemon 后重新挂载后方可继续使用。这在公共云服务生产环境中发生时是无法接受的,这样的I/O错误将传播给云服务用户,可能会影响他们作业的执行,并危及系统的整体稳定性。cachefiles failover 特性避免了守护进程崩溃后重新挂载所有挂载点,只需快速重新拉起守护进程即可,用户和服务是不感知守护进程崩溃的。 +- **可编程调度特性**:支持可编程调度功能,为用户态提供可编程的调度接口,是CFS算法的扩展。用户可以根据实际的业务场景定制化调度策略,bypass原有的CFS调度算法。提供的功能包括支持标签机制、支持任务选核可编程、支持负载均衡可编程、支持任务选择可编程、支持任务抢占可编程以及kfunc接口函数。 +- **支持 SMC-D with loopback-ism 特性**:SMC-D (Shared Memory Communication over DMA) 是一种兼容 socket 接口,基于共享内存,透明加速 TCP 通信的内核网络协议栈。SMC-D 早期只能用于 IBM z S390 架构机器,SMC-D with loopback-ism 技术通过创建虚拟设备 loopback-ism 模拟 ISM 功能,使得 SMC-D 可用于非 S390 架构机器,成为内核通用机制。SMC-D with loopback-ism适用于采用TCP协议进行OS内进程间或容器间通信的场景,通过旁路内核TCP/IP协议栈等方法,实现通信加速。结合使用smc-tools工具,可以通过LD_PRELOAD预加载动态库的方法实现TCP协议栈透明替换,无需更改原有应用程序。根据社区反馈结果,与原生TCP相比,SMC-D with loopback-ism能够提升网络吞吐量提升40%以上。 +- **IMA RoT特性**:当前,Linux IMA(Integrity Measurement Architecture)子系统主要使用 TPM 芯片作为可信根(Root of Trust,RoT)设备,针对度量列表提供完整性证明,其在编码上也与 TPM 的操作紧耦合。而机密计算等新场景要求 IMA 可使用新型 RoT 设备,例如 openEuler 已支持的 VirtCCA。本特性为一套 IMA RoT 设备框架,在 IMA 子系统和 RoT 设备之间实现一个抽象层,既简化各类 RoT 设备对 IMA 子系统的适配,也方便用户和 IMA 子系统对各类 RoT 设备实施配置和操作。 +- **支持脚本类病毒程序防护**:目前勒索病毒主要是脚本类文件(如JSP文件),而当前内核防御非法入侵的IMA完整性保护技术,主要针对ELF类病毒文件。脚本类病毒文件通过解释器运行,能够绕开内核中的安全技术实施攻击。为了支持内核中的IMA完整性保护技术可以检查系统中间接执行的脚本类文件,通过系统调用execveat()新增执行检查的flags,查验其执行权限,并在检查中调用IMA完整性度量接口以实现对脚本类文件的完整性保护。经测试验证,目前已经支持脚本解释器主动调用execveat()系统调用函数并传入AT_CHECK参数对脚本文件进行可执行权限检查(包括IMA检查),只有当权限检查成功后,才可继续运行脚本文件。 +- **haltpoll特性**:haltpoll特性通过虚拟机guest vcpu在空闲时进行轮询的机制,避免vcpu唤醒时发送IPI中断,降低了中断发送和处理的开销,并且由于轮询时虚拟机不需要陷出,减少了陷入陷出的开销,该特性能够降低进程间通信时延,显著提升上下文切换效率,提升虚机性能。 + +- **内核TCP/IP协议栈支持CAQM拥塞**:内核TCP/IP协议栈支持CAQM拥塞控制算法:CAQM是一种主动队列管理算法,一种网络拥塞控制机制,主要运行于数据中心使用TCP传输数据的计算端侧节点和传输路径上的网侧交换机节点。通过网侧交换节点主动计算网络空闲带宽和最优带宽分配,端侧协议栈与网侧交换机协同工作,在高并发场景下获得网络交换机“零队列“”拥塞控制效果和极低传输时延。CAQM算法通过在以太链路层增加拥塞控制标记字段,实现动态调整队列长度,减少延迟和丢包,提高网络资源的利用率。对于数据中心低延时通算场景,可极大减少延迟和丢包的发生,增强用户体验。在数据中心典型场景下,对比经典Cubic算法,关键指标提升:1)传输时延:CAQM vs Cubic 时延降低92.4%。2)带宽利用率:在交换机队列缓存占用降低90%的情况下,仍保持TCP传输带宽利用率逼近100%(99.97%)。CAQM算法使用说明:1)本算法需要端侧服务器和网侧交换机协同配合,故中间节点交换机,需要支持CAQM协议(协议头识别,拥塞控制字段调整等);2)本算法通过内核编译宏(CONFIG_ETH_CAQM)控制,默认不使能,用户需通过打开编译宏,重新编译替换内核后,使能算法功能。 + +## NestOS容器操作系统 + +NestOS是在openEuler社区孵化的云底座操作系统,集成了rpm-ostree支持、ignition配置等技术。采用双根文件系统、原子化更新的设计思路,使用nestos-assembler快速集成构建,并针对K8S、OpenStack等平台进行适配,优化容器运行底噪,使系统具备十分便捷的集群组建能力,可以更安全的运行大规模的容器化工作负载。 + + - **开箱即用的容器平台**:NestOS集成适配了iSulad、Docker、Podman等主流容器引擎,为用户提供轻量级、定制化的云场景OS。 + - **简单易用的配置过程**:NestOS通过ignition技术,可以以相同的配置方便地完成大批量集群节点的安装配置工作。 + - **安全可靠的包管理**:NestOS使用rpm-ostree进行软件包管理,搭配openEuler软件包源,确保原子化更新的安全稳定状态。 + - **友好可控的更新机制**:NestOS使用zincati提供自动更新服务,可实现节点自动更新与重新引导,实现集群节点有序升级而服务不中断。 + - **紧密配合的双根文件系统**:NestOS采用双根文件系统的设计实现主备切换,确保NestOS运行期间的完整性与安全性。 + +## syscare特性增强 + +SysCare是一个系统级热修复软件,为操作系统提供安全补丁和系统错误热修复能力,主机无需重新启动即可修复该系统问题。​ SysCare将内核态热补丁技术与用户态热补丁技术进行融合统一,用户仅需聚焦在自己核心业务中,系统修复问题交予SysCare进行处理。后期计划根据修复组件的不同,提供系统热升级技术,进一步解放运维用户提升运维效率。 + +- **热补丁制作**:用户仅需输入目标软件的源码RPM包、调试信息RPM包与待打补丁的路径,无需对软件源码进行任何修改,即可生成对应的热补丁RPM包。 +- **热补丁生命周期管理**:SysCare提供一套完整的,傻瓜式补丁生命周期管理方式,旨在减少用户学习、使用成本,通过单条命令即可对热补丁进行管理。依托于RPM系统,SysCare构建出的热补丁依赖关系完整,热补丁分发、安装、更新与卸载流程均无需进行特殊处理,可直接集成放入软件仓repo。 +- **内核热补丁与用户态热补丁融合**:SysCare基于upatch和kpatch技术,覆盖应用、动态库、内核,自顶向下打通热补丁软件栈,提供用户无感知的全栈热修复能力。 +- **新增特性**:支持重启后按照用户操作顺序恢复。ACCEPTED状态热补丁。 + +## iSula支持NRI插件式扩展 + +NRI (Node Resource Interface), 是用于控制节点资源的公共接口, 是CRI兼容的容器运行时插件扩展的通用框架。它为扩展插件提供了跟踪容器状态,并对其配置进行有限修改的基本机制。允许将用户某些自定的逻辑插入到OCI兼容的运行时中,此逻辑可以对容器进行受控更改,或在容器生命周期的某些时间点执行 OCI 范围之外的额外操作。iSulad新增对NRI插件式扩展的支持,减少k8s场景下对于容器资源管理维护成本,消除调度延迟,规范信息的一致性。 + +NRI插件通过请求isula-rust-extension组件中启动的NRI runtime Service服务与iSulad建立连接后,可订阅Pod与Container的生命周期事件: + +1.可订阅Pod生命周期事件,包括:creation、stopping和removal。 +2.可订阅Container生命周期事件,包括creation、post-creation、starting、post-start、updating、post-update、stopping和removal。 + +iSulad在接收到k8s下发的CRI请求后,对于所有订阅了对应生命周期事件的NRI插件都发送的请求,NRI插件可在请求中获得Pod与Container的元数据与资源信息。之后NRI插件可根据需求更新Pod与Container的资源配置,并将更新的信息传递给iSulad,iSulad将更新后的配置传递给容器运行时,生效配置。 + +## oeAware采集、调优插件等功能增强 + +oeAware是在openEuler上实现低负载采集感知调优的框架,目标是动态感知系统行为后智能使能系统的调优特性。传统调优特性都以独立运行且静态打开关闭为主,oeAware将调优拆分为采集、感知和调优三层,每层通过订阅方式关联,各层采用插件式开发尽可能复用。 +oeAware 的每个插件都是按oeAware 标准接口开发的动态库,包含若干个实例,每个实例可以是一个独立的采集、感知或调优功能集,每个实例包含若干个topic,其中 topic 主要用于提供采集或者感知的数据结果,这些数据结果可供其他插件或者外部应用进行调优或分析。 + +- SDK提供的接口可以实现订阅插件的topic,回调函数接收oeAware的数据,外部应用可以通过SDK开发定制化功能,例如完成集群各节点信息采集,分析本节点业务特征。 +- PMU信息采集插件:采集系统PMU性能记录。 +- Docker 信息采集插件:采集当前环境Docker的一些参数信息。 +- 系统信息采集插件:采集当前环境的内核参数、线程信息和一些资源信息(CPU、内存、IO、网络)等。 +- 线程感知插件:感知关键线程信息。 +- 评估插件:分析业务运行时系统的NUMA和网络信息,给用户推荐使用的调优方式。 +- 系统调优插件:(1)stealtask :优化CPU调优 (2)smc_tune(SMC-D):基于内核共享内存通信特性,提高网络吞吐,降低时延 (3)xcall_tune :跳过非关键流程的代码路径,优化 SYSCALL的处理底噪。 +- Docker调优插件:利用cpuburst特性在突发负载下环境CPU性能瓶颈。 + +## KubeOS特性增强 + +KubeOS是针对云原生场景而设计、轻量安全的云原生操作系统及运维工具,提供基于kubernetes的云原生操作系统统一运维能力。KubeOS设计了专为容器运行的云原生操作系统,通过根目录只读,仅包含容器运行所需组件,dm-verity安全加固,减少漏洞和攻击面,提升资源利用率和启动速度,提供云原化的、轻量安全的操作系统。KubeOS支持使用kubernetes原生声明式API,统一对集群worker节点OS的进行升级、配置和运维,从而降低云原生场景的运维难度、解决用户集群节点OS版本分裂,缺乏统一的OS运维管理方案的问题。 +KubeOS新增配置能力、定制化镜像制作能力和rootfs完整性保护dm-verity如图所示,具体能力如下: + +- KubeOS支持集群参数统一配置,支持通过KubeOS统一settings配置,支持如下配置: +(1)KubeOS支持limits.conf文件参数统一配置; +(2)KubeOS支持containerd、kubelet等集群参数统一配置。 +- KubeOS支持镜像定制化,镜像制作时支持systemd服务、grub密码、系统盘分区、用户/用户组、文件、脚本和persist分区目录的自定义配置。 +- KubeOS支持静态完整性保护dm-verity,支持在虚拟机镜像制作时开启dm-verity,对rootfs进行完整行校验,并支持dm-verity开启时的升级和配置。 + +## IMA特性增强 + +内核完整性度量架构(IMA, Integrity Measurement Architecture)是Linux开源,且在业界被广泛使用的文件完整性保护技术。在实际应用场景中,IMA可以用来对系统运行的程序发起完整性检查,一方面检测应用程序篡改,另一方面通过白名单机制以保证只有经过认证(如签名或HMAC)的文件才可以被运行。 +目前运行在Linux操作系统上的应用程序可分为两种: + +- 二进制可执行程序:即符合ELF格式标准的程序文件,可直接通过exec/mmap系统调用运行。 +- 解释器类应用程序:即通过解释器间接运行的程序文件,如通过Bash/Python/Lua等解释器加载运行的脚本程序,或JVM运行的Java程序等。 + +对于二进制可执行程序,IMA可以通过在exec/mmap系统调用的hook函数发起度量或校验流程,从而实现完整性保护。 +但是针对解释器类应用程序,现有的IMA机制无法进行有效保护。其原因是此类应用程序主要通过read系统调用由解释器加载并解析运行,而IMA无法将其和其他可变的文件(如配置文件、临时文件等)进行区分,一旦针对read系统调用配置开启IMA机制,则会将其他可变文件也纳入保护范围,而可变文件无法预先生成度量基线或校验凭据,从而导致完整性检查失败。 +因此本特性旨在对现有IMA机制进行增强,有效提升对解释器类应用程序的完整性保护能力。 + +## 异构可信根 + +典型的攻击手段往往伴随着信息系统真实性、完整性的破坏,目前业界的共识是通过硬件可信根对系统关键组件进行度量/验证,一旦检测到篡改或仿冒行为,就执行告警或拦截。 +当前业界主流是采用TPM作为信任根,结合完整性度量软件栈逐级构筑系统信任链,从而保证系统各组件的真实性和完整性。openEuler当前支持的完整性度量特性包括:度量启动、IMA文件度量、DIM内存度量等。 +openEuler 24.03 LTS SP1版本在内核的integrity子模块中实现了一套可信根框架,南向支持多种可信根驱动,北向提供统一度量接口,对接上层完整性保护软件栈,将完整性度量特性的硬件可信根支持范围从单TPM扩展为多元异构可信根。 + +## secGear特性增强 + +secGear远程证明统一框架是机密计算远程证明相关的关键组件,屏蔽不同TEE远程证明差异,提供Attestation Agent和Attestation Service两个组件,Agent供用户集成获取证明报告,对接证明服务;Service可独立部署,支持iTrustee、virtCCA远程证明报告的验证。 + +远程证明统一框架聚焦机密计算相关功能,部署服务时需要的服务运维等相关能力由服务部署第三方提供。远程证明统一框架的关键技术如下: + +- 报告校验插件框架:支持运行时兼容iTrustee、vritCCA、CCA等不同TEE平台证明报告检验,支持扩展新的TEE报告检验插件。 +- 证书基线管理:支持对不同TEE类型的TCB/TA基线值管理及公钥证书管理,集中部署到服务端,对用户透明。 +- 策略管理:提供默认策略(易用)、用户定制策略(灵活)。 +- 身份令牌:支持对不同TEE签发身份令牌,由第三方信任背书,实现不同TEE类型相互认证。 +- 证明代理:支持对接证明服务/点对点互证,兼容TEE报告获取,身份令牌验证等,易集成,使用户聚焦业务。 + +根据使用场景,支持点对点验证和证明服务验证两种模式。 +证明服务验证流程如下: +(1)用户(普通节点或TEE)对TEE平台发起挑战。 +(2)TEE平台通过证明代理获取TEE证明报告,并返回给用户。 +(3)用户端证明代理将报告转发到远程证明服务。 +(4)远程证明服务完成报告校验,返回由第三方信任背书的统一格式身份令牌。 +(5)证明代理验证身份令牌,并解析得到证明报告校验结果。 +点对点验证流程(无证明服务)如下: +(1)用户向TEE平台发起挑战,TEE平台返回证明报告给用户。 +(2)用户使用本地点对点TEE校验插件完成报告验证。 +注意:点对点验证和远程证明服务验证时的证明代理不同,在编译时可通过编译选项,决定编译有证明服务和点对点模式的证明代理。 + +## 容器干扰检测,分钟级完成业务干扰源(CPU/IO)识别与干扰源发现 + +gala-anteater是一款基于AI的操作系统灰度故障的异常检测平台,集成了多种异常检测算法,通过自动化模型预训练、线上模型的增量学习和模型更新,可以实现系统级故障发现和故障点上报。 +在线容器高密部署场景下,存在资源无序竞争现象,导致容器实例间相互干扰,使用gala-anteater可以分钟级完成业务干扰源(CPU/IO)识别与干扰源发现,辅助运维人员快速跟踪并解决问题,保障业务Qos。 + +gala-anteater通过线上线下相结合,利用在线学习技术,实现模型的线下学习,线上更新,并应用于线上异常检测。 + +1. Offline:首先,利用线下历史KPI数据集,经过数据预处理、特征选择,得到训练集;然后,利用得到的训练集,对无监督神经网络模型(例如Variational Autoencoder)进行训练调优。最后,利用人工标注的测试集,选择最优模型。 +2. Online:将线下训练好的模型,部署到线上,然后利用线上真实的数据集,对模型进行在线训练以及参数调优,然后利用训练好的模型,进行线上环境的实时异常检测。 + +## Aops适配authHub统一用户鉴权 + +authhub是一个基于oauth2协议开发的统一用户鉴权中心,Aops通过authHub管理应用注册,实现应用间的统一用户鉴权。 +authHub基于oauth2协议,实现统一用户鉴权中心,用户鉴权中心功能包括: + +- 应用管理:应用部署后需要在authHub应用管理界面进行注册和配置,用户可以使用注册的应用的功能。 +- 用户鉴权:在authHub管理的应用中,用户可以实现单点登录和单点登出。 + +## 微服务性能问题分钟级定界/定位(TCP,IO,调度等) + +基于拓扑的根因推导技术提供了大规模集群情况下的故障检测、根因定位服务,新增云原生场景故障定界定位能力,特别是针对网络L7层协议,如HTTPS、PGSQL、MYSQL等。这项技术通过 gala-gopher、gala-spider和 gala-anteater实现,新增内容提供了更细粒度的故障定界能力,通过这种能力运维团队可以快速定位问题源头,从而提高系统的稳定性和可靠性。该服务主要功能如下: + +- 指标采集服务:gala-gopher 通过 ebpf 技术提供网络、IO相关的指标采集上报功能。 +- 集群拓扑构建服务:gala-spider 通过接受指标采集服务上报的数据信息,构建容器、进程级别的调用关系拓扑图构建。 +- 故障检测服务:gala-anteater通过故障检测模型对应用上报的指标采集进行分类, 判断是否发生异常。 +- 根因定位服务:gala-anteater 通过节点异常信息和拓扑图信息, 定位导致此次异常的根因节点。 + +## utsudo项目发布 + +Sudo 是 Unix 和 Linux 操作系统中常用的工具之一,它允许用户在需要超级用户权限的情况下执行特定命令。然而, 传统 Sudo 在安全性和可靠性方面存在一些缺陷,为此 utsudo 项目应运而生。 + utsudo 是一个采用 Rust 重构 Sudo 的项目,旨在提供一个更加高效、安全、灵活的提权工具,涉及的模块主要有通用工具、整体框架和功能插件等。 + +**基本功能** +- 访问控制:可以根据需求,限制用户可以执行的命令,并规定所需的验证方式。 +- 审计日志:可以记录和追踪每个用户使用 utsudo 执行的命令和任务。 +- 临时提权:允许普通用户通过输入自己的密码,临时提升为超级用户执行特定的命令或任务。 +- 灵活配置:可以设置参数如命令别名、环境变量、执行参数等,以满足复杂的系统管理需求。 + +**增强功能** +utsudo在openEuler 24.09版本中是0.0.2版本,当前版本主要功能有: + +- 提权流程:把普通用户执行命令的进程,提权为root权限。 +- 插件加载流程:实现了对插件配置文件的解析,以及对插件库的动态加载。 + +## utshell 项目发布 + +utshell 是一个延续了 bash 使用习惯的全新 shell,它能够与用户进行命令行交互,响应用户的操作去执行命令并给予 反馈。并且能执行自动化脚本帮助运维。 + +**基本功能** +- 命令执行:可以执行部署在用户机器上的命令,并将执行的返回值反馈给用户。 +- 批处理:通过脚本完成自动任务执行。 +- 作业控制:能够将用户命令作为后台作业,从而实现多个命令同时执行。并对并行执行的任务进行管理和控制。 +- 历史记录:记录用户所输入的命令。 +- 别名功能:能够让用户对命令起一个自己喜欢的别名,从而个性化自己的操作功能。 + +**增强功能** +utshell在openEuler24.09版本中是0.5版本,当前版本主要功能有: + +- 实现对shell脚本的解析。 +- 实现对第三方命令的执行。 + +## GCC for openEuler + +GCC for openEuler基线版本已经从GCC 10.3升级到GCC 12.3版本,支持自动反馈优化、软硬件协同、内存优化、SVE向量化、矢量化数学库等特性。 + +1. GCC版本升级到12.3,默认语言标准从C14/C++14升级到C17/C++17标准,支持Armv9-a架构,X86的AVX512 FP16等更多硬件架构特性。 +2. 支持结构体优化,指令选择优化等,充分使能ARM架构的硬件特性,运行效率高,在SPEC CPU 2017等基准测试中性能大幅优于上游社区的GCC 10.3版本。 +3. 支持自动反馈优化特性,实现应用层MySQL数据库等场景性能大幅提升。 + +**功能描述** + +- 支持ARM架构下SVE矢量化优化,在支持SVE指令的机器上启用此优化后能够提升程序运行的性能。 +- 支持内存布局优化,通过重新排布结构体成员的位置,使得频繁访问的结构体成员放置于连续的内存空间上,提升Cache的命中率,提升程序运行的性能。 +- 支持SLP转置优化,在循环拆分阶段增强对连续访存读的循环数据流分析能力,同时在SLP矢量化阶段,新增转置操作的分析处理,发掘更多的矢量化机会,提升性能。 +- 支持冗余成员消除优化,消除结构体中从不读取的结构体成员,同时删除冗余的写语句,缩小结构体占用内存大小,降低内存带宽压力,提升性能。 +- 支持数组比较优化,实现数组元素并行比较,提高执行效率。 +- 支持ARM架构下指令优化,增强ccmp指令适用场景,简化指令流水。 +- 支持if语句块拆分优化,增强程序间常量传播能力。 +- 增强SLP矢量优化,覆盖更多矢量化场景,提升性能。 +- 支持自动反馈优化,使用perf收集程序运行信息并解析,完成编译阶段和二进制阶段反馈优化,提升MySQL数据库等主流应用场景的性能。 + +## Gazelle特性增强 + +Gazelle是一款高性能用户态协议栈。它基于DPDK在用户态直接读写网卡报文,共享大页内存传递报文,使用轻量级LwIP协议栈。能够大幅提高应用的网络I/O吞吐能力。专注于数据库网络性能加速,兼顾高性能与通用性。本次版本新增容器场景xdp部署模式及openGauss数据库tpcc支持,丰富用户态协议栈。 + +- 高性能(超轻量):基于 dpdk、lwip 实现高性能轻量协议栈能力。 +- 极致性能:基于区域大页划分、动态绑核、全路径零拷贝等技术,实现高线性度并发协议栈。 +- 硬件加速:支持 TSO/CSUM/GRO 等硬件卸载,打通软硬件垂直加速路径。 +- 通用性(posix 兼容):接口完全兼容 posix api,应用零修改,支持 udp 的 recvfrom 和 sendto 接口。 +- 通用网络模型:基于 fd 路由器、代理式唤醒等机制实现自适应网络模型调度,udp 多节点的组播模型,满足任意网络应用场景。 +- 易用性(即插即用):基于 LD_PRELOAD 实现业务免配套,真正实现零成本部署。 +- 易运维(运维工具):具备流量统计、指标日志、命令行等完整运维手段。 + +**新增特性** + +- 支持基于ipvlan 的l2模式网卡上通过xdp的方式部署使用Gazelle。 +- 新增中断模式,可以支持在无流量或低流量场景下,lstack不再占满CPU核。 +- 优化pingpong模式的网络,在数据包进行pingpong收发时,优化报文的发送行为。 +- 新增对openGauss数据库的单机及单主备tpcc测试支持。 + +## virtCCA机密虚机 + +virtCCA机密虚机特性基于鲲鹏920系列S-EL2能力,在TEE侧实现机密虚机能力,实现现有普通虚机中的软件栈无缝迁移到机密环境中。基于Arm CCA标准接口,在Trustzone固件基础上构建TEE虚拟化管理模块,实现机密虚机间的内存隔离、上下文管理、生命周期管理和页表管理等机制,支持客户应用无缝迁移到机密计算环境中。 + +1. 设备直通: +设备直通是基于华为鲲鹏920新型号通过预埋在PCIE Root Complex里的PCIE保护组件,在PCIE总线上增加选通器,对CPU与外设间的通信进行选通,即对SMMU的Outbound Traffic和Inbound Traffic的控制流和数据流进行控制,以此保证整体数据链路的安全性。 +基于virtCCA PCIPC的设备直通能力,实现对PCIE设备的安全隔离和性能提升,存在以下优势: +(1)安全隔离 +TEE侧控制设备的访问权限,Host侧软件无法访问TEE侧设备; +(2)高性能 +机密设备直通,相比业界加解密方案,数据面无损耗; +(3)易用性 +兼容现有开源OS,无需修改开源OS内核驱动代码。 +2. 国密硬件加速: +国密硬件加速是基于华为鲲鹏芯片,通过KAE加速器能力复用到安全侧,并采用openEuler UADK用户态加速器框架,提供客户机密虚机内国密加速性能提升以及算法卸载的能力。 + +## 海光CSV3支持 + +海光第三代安全虚拟化技术(CSV3)在前二代技术的基础上继续增强,在CPU内部实现了虚拟机数据的安全隔离,禁止主机操作系统读写CSV3虚拟机内存,禁止主机操作系统读写虚拟机嵌套页表,保证了虚拟机数据的完整性,实现了CSV3虚拟机数据机密性和完整性的双重安全。 + +**安全内存隔离单元** +安全内存隔离单元是海光第三代安全虚拟化技术的专用硬件,是实现虚拟机数据完整性的硬件基础。该硬件集成于CPU内部,放置于CPU核心访问内存控制器的系统总线路径上。该硬件可获取CSV3虚拟机安全内存的信息,包括内存物理地址,虚拟机VMID,及相关的权限等。CPU在访问内存时,访问请求先经过安全内存隔离单元做合法性检查,若访问允许,继续访问内存,否则访问请求被拒绝。 +以CSV3架构图为例,在CSV3虚拟机运行过程中读取或写入内存时,先经过页表翻译单元完成虚拟机物理地址(GPA, Guest Physical Address)到主机物理地址(HPA, Host Physical Address)的转换,再向地址总线发出内存访问请求。访问请求中除了包含读写命令、内存地址(HPA),还必须同时发出访问者的VM ID。 +当CPU读取内存数据时,若安全内存隔离单元判断内存读取请求者的VMID错误,返回固定模式的数据。当CPU写入内存数据时,若安全内存隔离单元判断内存写入请求者的VMID错误,丢弃写入请求。 + +**安全处理器** +安全内存隔离单元是海光第三代安全虚拟化保护虚拟机内存完整性的核心硬件,对此硬件单元的配置必须保证绝对安全,无法被主机操作系统修改。 +海光安全处理器是SoC内独立于主CPU之外的处理器,是CPU的信任根。安全处理器在CPU上电后,通过内置验签密钥验证固件的完整性,并加载执行。安全处理器具有独立硬件资源和封闭的运行环境,是CPU内最高安全等级硬件,管理整个CPU的安全。安全内存隔离单元的内容仅安全处理器有权限配置和管理,主机操作系统无权读写。 +在虚拟机启动时,主机操作系统向安全处理器发送请求,安全处理器对安全内存隔离单元做初始配置。虚拟机运行期间,安全处理器固件更新安全内存隔离单元。虚拟机退出后,安全处理器清除安全内存隔离单元的配置。安全处理器会检查主机发来的配置请求是否合法,主机向安全处理器发起的任何非法配置请求,都会被拒绝。 +虚拟机整生命周期内,安全内存隔离单元都在安全处理器的管理控制之下,保证了其配置的安全性。 + +**Virtual Machine Control Block(VMCB)保护** +Virtual Machine Control Block(VMCB)是虚拟机的控制信息块,保存了虚拟机ID(VMID),虚拟机页表基地址,虚拟机寄存器页面基地址等控制信息,主机操作系统通过修改虚拟机控制信息能够影响并更改虚拟机内存数据。 +CSV3增加了对虚拟机控制信息的保护,安全处理器负责创建VMCB,并配置于安全内存隔离单元的硬件保护之下。主机操作系统无法更改CSV3虚拟机VMCB的内容。 +为更好的与主机操作系统的软件配合,CSV3创建了真实VMCB与影子VMCB页面。主机操作系统创建影子VMCB,填入控制信息,传递给安全处理器。安全处理器创建真实VMCB页面,复制影子VMCB中除虚拟机ID,虚拟机页表基地址,虚拟机寄存器页面基地址等关键信息之外的控制信息,并自行添加关键控制信息。虚拟机使用真实VMCB页面启动和运行,阻止了主机操作系统对虚拟机VMCB的攻击。 + +## 密码套件openHiTLS + +openHiTLS旨在通过提供轻量化、可裁剪的软件技术架构及丰富的国际主流及中国商用密码算法、协议,满足云计算、大数据、AI、金融等多样化行业的安全需求。它具备算法先进、性能卓越、安全可靠、开放架构及多语言平滑兼容等特点,为开发者提供了一套安全、可扩展的密码解决方案。通过社区共建与生态建设,openHiTLS推动密码安全标准在各行各业的加速落地,同时构建以openEuler为核心的安全开源生态,为用户带来更加安全、可靠的数字环境。 + +**支持主流的密码协议和算法** +支持国际主流及中国商用密码算法和协议,可根据场景需求选择合适的密码算法和协议。 + +- 支持中国商用密码算法:SM2、SM3、SM4等 +- 支持国际主流算法:AES、RSA、(EC)DSA、(EC)DH、SHA3、HMAC等 +- 支持GB/T 38636-2020 TLCP标准,即双证书国密通信协议 +- 支持TLS1.2、TLS1.3、DTLS1.2协议 + +**开放架构实现全场景密码应用覆盖** +通过开放架构、技术创新及全产业链的应用实践,向产业界提供一站式全场景覆盖。 + +- 灵活南、北向接口:北向统一接口行业应用快速接入;南向设备抽象,广泛的运行在各类业务系统。 +- 多语言平滑兼容:统一接口层(FFI)提供多语言兼容的能力,一套密码套件支持多种语言应用。 +- 广泛的产品应用实践:全产业链应用场景密码技术实践,确保密码套件在不同场景下的高性能、高安全和高可靠。 + +**分层分级解耦、按需裁剪,实现密码套件轻量化** +加密内存成本无法回避,分层分级解耦实现密码算法软件极致成本。 + +- 分层分级解耦:TLS、证书、算法功能分层解耦、算法抽象、调度管理、算法原语分级解耦、高内聚低耦合、按需组合。 +- 高级抽象接口:提供高级抽象接口,避免算法裁剪引入对外接口变更,降低软件成本前提下,保持对外接口不变。 +- 极致成本:按需裁剪,特性依赖关系自动管理,可实现PBKDF2 + AES算法BIN20K、堆内存1K、栈内存256字节。 + +**密码算法敏捷架构,应对后量子迁移** +通过密码算法敏捷架构、技术创新实现应用快速迁移和先进算法的快速演进。 + +- 统一北向接口:提供对算法标准化、可扩展的接口,避免算法切换造成接口变动,上层业务应用需要大范围适配新接口。 +- 算法插件化管理框架:实现对算法插件化管理,算法Provider层支持算法运行时动态加载,提供热加载算法的能力。 +- 算法使用配置化:支持通过配置文件获取算法信息,可避免算法标识代码硬编码。 + +## AI集群慢节点快速发现 Add Fail-slow Detection + +AI集群在训练过程中不可避免会发生性能劣化,导致性能劣化的原因很多且复杂。现有方案是在发生性能劣化之后利用日志分析,但是从日志收集到问题定界根因诊断以及现网闭环问题需要长达3-4天之久。基于上述痛点问题,我们设计了一套在线慢节点定界方案,该方案能够实时在线观测系统关键指标,并基于模型和数据驱动的算法对观测数据进行实时分析给出劣慢节点的位置,便于系统自愈或者运维人员修复问题。 +基于分组的指标对比技术提供了AI集群训练场景下的的慢节点/慢卡检测能力。这项技术通过 gala-anteater实现,新增内容包括配置文件、算法库、慢节点空间维度对比算法和慢节点时间维度对比,最终输出慢节点异常时间、异常指标以及对应的慢节点/慢卡ip, 从而提高系统的稳定性和可靠性。该服务主要功能如下: + +- 配置文件:主要包括待观测指标类型、指标算法配置参数以及数据接口,用于初始化慢节点检测算法。 +- 算法库:包括常用的时序异常检测算法spot算法,k-sigma算法,异常节点聚类算法和相似度度量算法。 +- 数据:包括指标数据、作业拓扑数据以及通信域数据,指标数据表示指标的时序序列,作业拓扑数据表示训练作业所用的节点信息,通信域数据表示节点通信的连接关系,包括数据并行、张量并行和流水线并行等。 +- 指标分组对比: 包括组内空间异常节点筛选和单节点时间异常筛选。组内空间异常节点筛选根据异常聚类算法输出异常节点;单节点时间异常筛选根据单节点历史数据进行时序异常检测判断节点是否异常。 + +## rubik在离线混部调度协同增强 + +云数据中心资源利用率低(< 20%)是行业普遍存在的问题,提升资源利用率已经成为了一个重要的技术课题。将业务区分优先级混合部署(简称混部)运行是典型有效的资源利用率提升手段。然而,将多种类型业务混合部署能够显著提升集群资源利用率,也带来了共峰问题,会导致关键业务服务质量(QoS)受损。因此,如何在提升资源利用率之后,保障业务 QoS 不受损是技术上的关键挑战。 +rubik 是 openEuler提供的容器混部引擎,提供一套自适应的单机算力调优和服务质量保障机制,旨在保障关键业务服务质量不下降的前提下,提升节点资源利用率。 + +- Cache 及内存带宽控制:支持对低优先级虚拟机的 LLC 和内存带宽进行限制,当前仅支持静态分配。 +- CPU 干扰控制:支持CPU时间片us级抢占及SMT干扰隔离,同时具有防优先级反转能力。 +- 内存资源抢占:支持在节点OOM时优先杀死离线业务,从而保证在线业务的服务质量。 +- memcg异步内存回收:支持限制混部时离线应用使用的总内存,并在在线内存使用量增加时动态压缩离线业务内存使用。 +- QuotaBurst柔性限流:支持关键在线业务被 CPU 限流时允许短时间突破 limit 限制,保障在线业务运行的服务质量。 +- PSI 指标观测增强:支持 cgroup v1 级别的压力信息统计,识别和量化资源竞争导致的业务中断风险,支撑用户实现 硬件资源利用率提升。 +- IOCost限制业务io权重:支持限制混部是离线业务的磁盘读写速率,防止离线业务争抢在线业务的磁盘带宽,从而提升在线业务服务质量。 +- CPI指标观测:支持通过观察CPI指标统计当前节点的压力,识别并驱逐离线业务以保证在线应用的服务质量。 + +此版本新增以下特性: + +- 节点CPU/内存干扰控制和驱逐:支持通过观测当前节点的CPU和内存水位,在资源紧张情况下通过驱逐离线业务,保证节点水位安全。 + +## CFGO反馈优化特性增强 + +日益膨胀的代码体积导致当前处理器前端瓶颈成为普遍问题,影响程序运行性能。编译器反馈优化技术可以有效解决此类问题。 +CFGO(Continuous Feature Guided Optimization)是GCC for openEuler和毕昇编译器的反馈优化技术名,指多模态(源代码、二进制)、全生命周期(编译、链接、链接后、运行时、OS、库)的持续反馈优化,主要包括以下两类优化技术: + +- 代码布局优化:通过基本块重排、函数重排、冷热分区等技术,优化目标程序的二进制布局,提升i-cache和i-TLB命中率。 +- 高级编译器优化:内联、循环展开、向量化、间接调用等提升编译优化技术受益于反馈信息,能够使编译器执行更精确的优化决策。 + +GCC CFGO反馈优化共包含三个子特性:CFGO-PGO、CFGO-CSPGO、CFGO-BOLT,通过依次使能这些特性可以缓解处理前端瓶颈,提升程序运行时性能。为了进一步提升优化效果,建议CFGO系列优化与链接时优化搭配使用,即在CFGO-PGO、CFGO-CSPGO优化过程中增加-flto=auto编译选项。 + +- CFGO-PGO + +CFGO-PGO在传统PGO优化的基础上,利用AI4C对部分优化遍进行增强,主要包括inline、常量传播、去虚化等优化,从而进一步提升性能。 + +- CFGO-CSPGO + +PGO的profile对上下文不敏感,可能导致次优的优化效果。通过在PGO后增加一次CFGO-CSPGO插桩优化流程,收集inline后的程序运行信息,从而为代码布局和寄存器优化等编译器优化遍提供更准确的执行信息,实现性能进一步提升。 + +- CFGO-BOLT + +CFGO-BOLT在基线版本的基础上,新增aarch64架构软件插桩、inline优化支持等优化,最终进一步提升性能。 + +## AI4C编译选项调优和AI编译优化提升典型应用性能 + +AI4C(AI for Compiler)代表AI辅助编译优化套件,是一个使用AI技术优化编译选项和优化遍关键决策的软件框架,旨在突破当前编译器领域的两个关键业务挑战: + +1. 性能提升困难:传统编译器优化开发周期长,新的编译优化技术与已有编译优化过程难以兼容达到1+1>=2的效果,导致性能提升无法达到预期效果。 +2. 调优效率低下:硬件架构或者软件业务场景变更,需要根据新的负载条件投入大量人力成本,重新调整编译优化的成本模型,导致调优时间长。 + +AI4Compiler框架提供编译选项自动调优和AI模型辅助编译优化两个主要模块。 +框架上层调度模块驱动中层编译器核心优化过程,通过不同编译器各自的适配模块调用底层AI模型和模型推理引擎,以优化特性相关数据和硬件架构参数作为模型输入特征运行模型推理,获得编译过程关键参数最佳决策,从而实现编译优化。 + +- 编译自动调优(Autotuner) +AI4C的自动调优基于OpenTuner(2015 Ansel et al.)开发,通过插件驱动编译器采集优化特性相关参数信息,通过搜索算法调整关键决策参数(例如循环展开系数),通过插件注入编译过程修改决策,运行编译输出二进制获得反馈因子,迭代自动调优。 +(1)已集成一系列搜索算法,动态选择算法并共享搜索进; +(2)支持用户配置yaml自定义搜索空间和扩展底层搜索算法; +(3)支持细粒度代码块调优与粗粒度编译选项自动调优; +(4)在cormark、dhrystone、Cbench等benchmark上获得3%~5%不等的收益。 +- AI辅助编译优化(ACPO) +ACPO提供全面的工具、库、算法,为编译器工程师提供简单易用的接口使用AI模型能力,替代或增强编译器中启发式优化决策算法。在编译器优化过程中,使用插件提取优化遍的输入结构化数据作为模型输入特征,getAdvice运行预训练模型获得决策系数,编译器使用模型决策结果替代部分启发式决策,获得更好的性能。 +(1)解耦编译器与AI模型和推理引擎,帮助算法开发者专注AI算法模型开发,简化模型应用成本,同时兼容多个编译器、模型、AI推理框架等主流产品,提供AI模型的热更新能力; +(2)实践落地IPA Loop Inline、RTL Loop Unroll等不同优化阶段和优化过程,获得相对显著的收益。 + +## RPM国密签名支持 + +根据国内相关安全技术标准,在某些应用场景中需要采用国密算法实现对重要可执行程序来源的真实性和完整性保护。openEuler当前采用RPM格式的软件包管理,软件包签名算法基于openPGP签名规范。openEuler 24.03 LTS SP1版本基于RPM包管理机制扩展对于SM2签名算法和SM3摘要算法的支持。 + +本特性主要基于RPM组件以及其调用的GnuPG2签名工具,在现有openPGP签名体系的基础上,进行国密算法使能。在RPM软件包签名场景,用户可调用gpg命令生成SM2签名私钥和证书,并调用rpmsign命令为指定的RPM包添加基于SM2+SM3算法的数字签名。在RPM软件包验签场景,用户可调用rpm命令导入验签证书,并通过校验RPM包的数字签名信息从而验证软件包的真实性和完整性。 + +## oneAPI 框架支持 + +Unified Acceleration Foundation(UXL)正在推动构建开放的异构加速软件框架的标准化。其中oneAPI作为初始项目的目标是提供一种跨行业、开放、基于标准的统一编程模型,并为异构加速器(如 CPU、GPU、FPGA 和专用加速器)提供统一的开发体验。oneAPI规范扩展了现有的开发者编程模型,通过并行编程语言(Data Parallel C++)或者一组加速软件库以及底层的硬件抽象接口(Level Zero)来支持跨架构的编程,从而支持多种加速硬件和处理器平台。为了提供兼容性并提高开发效率,oneAPI 规范基于行业标准,提供了多种开放的、跨平台和易用的开发者软件套件。 + +为了在openEuler上完整的支持oneAPI,我们从openEuler 24.03 LTS开始分别集成了oneAPI的开发环境Basekit和运行态环境的Runtime容器镜像。并从openEuler 24.03 LTS SP1开始,openEuler原生支持了oneAPI系列底层框架库的适配和集成,包括oneAPI运行所需的各类依赖库,以及英特尔的图形加速编译器,以及OpenCL的runtime,和支持不同平台(x86_64和aarch64)的底层硬件抽象层(Level-Zero)等。同时为了完整支持Data Parallels C++和基于加速库的API的编程模式,我们也对oneAPI官方提供的各类软件包在openEuler上做了相应的适配和验证的工作,这样我们可以方便的通过在openEuler中增加oneAPI的官方DNF/YUM源来安装和更新所有的oneAPI的运行依赖、开发工具和调试工具等。 + +## OpenVINO 支持 + +OpenVINO是一套开源的AI工具套件和运行库,其能用于优化几乎各类主流框架的深度学习模型,并在各种Intel处理器和加速器以及其他硬件平台如ARM上以最佳性能进行部署并高效提供AI服务。我们从openEuler 24.03 LTS SP1开始,提供了OpenVINO原生的适配和集成,从而在openEuler上提供了完整的OpenVINO的计算能力。 + +OpenVINO的模型转化功能可以将已经使用流行框架(如 TensorFlow、PyTorch、ONNX和PaddlePaddle等)训练的模型进行转换和优化。并在各类的Intel处理器和加速器或者ARM的硬件环境中进行部署,包括在本地、设备端、浏览器或云端等场景下提供服务能力。 + +## 鲲鹏KAE加速器 + +鲲鹏加速引擎KAE(Kunpeng Accelerator Engine)是基于鲲鹏920处理器提供的硬件加速器解决方案,包含了KAE加解密和KAEZip。KAE加解密和KAEZip分别用于加速SSL(Secure Sockets Lyaer) / TLS(Transport Layer Security)应用和数据压缩,可以显著降低处理器消耗,提高处理器效率。此外,鲲鹏加速引擎对应用层屏蔽了其内部细节,用户通过OpenSSL、zlib标准接口即可实现快速迁移现有业务。 +KAE加解密是鲲鹏加速引擎的加解密模块,使用鲲鹏加速引擎实现RSA/SM3/SM4/DH/MD5/AES算法,结合无损用户态驱动框架,提供高性能对称加解密、非对称加解密算法能力,兼容OpenSSL 1.1.1x系列版本,支持同步&异步机制。 +KAEzip是鲲鹏加速引擎的压缩模块,使用鲲鹏硬加速模块实现deflate算法,结合无损用户态驱动框架,提供高性能Gzip/zlib格式压缩接口。通过加速引擎可以实现不同场景下应用性能的提升,例如在分布式存储场景下,通过zlib加速库加速数据压缩和解压。 diff --git a/docs/zh/server/releasenotes/releasenotes/known_issues.md b/docs/zh/server/releasenotes/releasenotes/known_issues.md new file mode 100644 index 0000000000000000000000000000000000000000..d275b84efdda5e5eafe46e053eb1a8d58e8c577d --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/known_issues.md @@ -0,0 +1,7 @@ +# 已知问题 + +|ISSUE ID|关联仓库|问题描述|ISSUE 链接| +|-|-|-|-| +|IBA13Y|yocto-meta-openeuler|【2403LTSSP1】raspberrypi4-64镜像测试用例oe_test_nfs-utils_test_001失败|https://gitee.com/open_euler/dashboard?issue_id=IBA13Y| +|IBACHW|yocto-meta-openeuler|【2403LTSSP1】qemu-aarch64-mcs-ros镜像名称错误,并且micad启动失败|https://gitee.com/open_euler/dashboard?issue_id=IBACHW| +|IBANAZ|yocto-meta-openeuler|【2403LTSSP1】x86-64-hmi-mcs-ros-rt镜像mica启动失败|https://gitee.com/open_euler/dashboard?issue_id=IBANAZ| diff --git a/docs/zh/server/releasenotes/releasenotes/os_installation.md b/docs/zh/server/releasenotes/releasenotes/os_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..13c6de0db001817495798599b59781622606ce5c --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/os_installation.md @@ -0,0 +1,307 @@ +# 系统安装 + +## 发布件 + +openEuler发布件包括[ISO发布包](https://www.openeuler.org/zh/download/archive/)、[虚拟机镜像](http://repo.openeuler.org/openEuler-24.03-LTS/virtual_machine_img/)、[容器镜像](http://repo.openeuler.org/openEuler-24.03-LTS/docker_img/)、[嵌入式镜像](http://repo.openeuler.org/openEuler-24.03-LTS/embedded_img/)和[repo源](http://repo.openeuler.org/openEuler-24.03-LTS/)。 + +**表 1** 发布ISO列表 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

名称

+

描述

+

openEuler-24.03-LTS-SP1-aarch64-dvd.iso

+

AArch64架构的基础安装ISO,包含了运行最小系统的核心组件

+

openEuler-24.03-LTS-SP1-everything-aarch64-dvd.iso

+

AArch64架构的全量安装ISO,包含了运行完整系统所需的全部组件

+

openEuler-24.03-LTS-SP1-everything-debug-aarch64-dvd.iso

+

AArch64架构下openEuler的调试ISO,包含了调试所需的符号表信息

+

openEuler-24.03-LTS-SP1-x86_64-dvd.iso

+

x86_64架构的基础安装ISO,包含了运行最小系统的核心组件

+

openEuler-24.03-LTS-SP1-everything-x86_64-dvd.iso

+

x86_64架构的全量安装ISO,包含了运行完整系统所需的全部组件

+

openEuler-24.03-LTS-SP1-everything-debug-x86_64-dvd.iso

+

x86_64架构下openEuler的调试ISO,包含了调试所需的符号表信息

+

openEuler-24.03-LTS-SP1-source-dvd.iso

+

openEuler源码ISO

+

openEuler-24.03-LTS-SP1-edge-aarch64-dvd.iso

+

AArch64架构的边缘ISO,包含了运行最小系统的核心组件

+

openEuler-24.03-LTS-SP1-edge-x86_64-dvd.iso

+

x86_64架构的边缘ISO,包含了运行最小系统的核心组件

+

openEuler-24.03-LTS-SP1-Desktop-aarch64-dvd.iso

+

AArch64架构的开发者桌面ISO,包含了运行开发桌面的最小软件集合

+

openEuler-24.03-LTS-SP1-Desktop-x86_64-dvd.iso

+

x86_64架构的开发者桌面ISO,包含了运行开发桌面的最小软件集合

+
+ +**表 2** 虚拟机镜像 + + + + + + + + + + + + + + +

名称

+

描述

+

openEuler-24.03-LTS-SP1-aarch64.qcow2.xz

+

AArch64架构下openEuler虚拟机镜像

+

openEuler-24.03-LTS-SP1-x86_64.qcow2.xz

+

x86_64架构下openEuler虚拟机镜像

+
+ +>![](./public_sys-resources/icon-note.gif) **说明:** +>虚拟机镜像root用户默认密码为:openEuler12\#$,首次登录后请及时修改。 + +**表 3** 容器镜像列表 + + + + + + + + + + + + + +

名称

+

描述

+

openEuler-docker.aarch64.tar.xz

+

AArch64架构下openEuler容器镜像

+

openEuler-docker.x86_64.tar.xz

+

x86_64架构下openEuler容器镜像

+
+ +**表 4** 嵌入式镜像列表 + +| 名称 | 描述 | +| -------------------------------------- | ------------------------------- | +| arm64/aarch64-std/zImage | AArch64架构下支持qemu的内核镜像 | +| arm64/aarch64-std/\*toolchain-24.03.sh | AArch64架构下对应的开发编译链 | +| arm64/aarch64-std/\*rootfs.cpio.gz | AArch64架构下支持qemu的文件系统 | +| arm32/arm-std/zImage | Arm架构下支持qemu的内核镜像 | +| arm32/arm-std/\*toolchain-24.03.sh | Arm架构下对应的开发编译链 | +| arm32/arm-std/\*rootfs.cpio.gz | Arm架构下支持qemu的文件系统 | +| source-list/manifest.xml | 构建使用的源码清单 | + +**表 5** repo源列表 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

目录

+

描述

+

ISO

+

存放ISO镜像

+

OS

+

存放基础软件包源

+

debuginfo

+

存放调试包源

+

docker_img

+

存放容器镜像

+

virtual_machine_img

+

存放虚拟机镜像

+

embedded_img

+

存放嵌入式镜像

+

everything

+

存放全量软件包源

+

extras

+

存放扩展软件包源

+

source

+

存放源码软件源

+

update

+

存放升级软件包源

+

EPOL

+

存放openEuler扩展包

+
+ +## 最小硬件要求 + +安装 openEuler 所需的最小硬件要求如[表6](#zh-cn_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541)所示。 + +**表 6** 最小硬件要求 + + + + + + + + + + + + + + + + +

部件名称

+

最小硬件要求

+

CPU

+

鲲鹏 920(架构为AArch64)

+

Skylake以上(架构为x86_64)

+

内存

+

不小于8GB

+

硬盘

+

不小于120GB

+
+ +## 硬件兼容性 + +openEuler已验证支持的服务器和各部件典型配置请参见[表7](#zh-cn_topic_0227922427_table39822012)。openEuler后续将逐步增加对其他服务器的支持,也欢迎广大合作伙伴/开发者参与贡献和验证。openEuler当前支持的服务器可见[兼容列表](https://www.openeuler.org/zh/compatibility/)。 + +**表 7** 支持的服务器及典型配置 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

厂商

+

服务器名称

+

服务器具体型号

+

部件名称

+

典型配置

+

华为

+

TaiShan 200

+

2280均衡型

+

CPU

+

HiSilicon Kunpeng 920

+

内存

+

32G*4 2933MHz

+

RAID卡

+

LSI SAS3508

+

网络

+

TM210

+

华为

+

FusionServer Pro

+

2288H V5(机架服务器)

+

CPU

+

Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz

+

内存

+

32G*4 2400MHz

+

RAID卡

+

LSI SAS3508

+

网络

+

X722

+
diff --git a/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/releasenotes/releasenotes/release_notes.md b/docs/zh/server/releasenotes/releasenotes/release_notes.md new file mode 100644 index 0000000000000000000000000000000000000000..0647b3ba561ff00e261b8a0bc46438905a919c19 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/release_notes.md @@ -0,0 +1,3 @@ +# 发行说明 + +本文档是 openEuler 24.03-LTS-SP1 版本的发行说明。 diff --git a/docs/zh/server/releasenotes/releasenotes/resolved_issues.md b/docs/zh/server/releasenotes/releasenotes/resolved_issues.md new file mode 100644 index 0000000000000000000000000000000000000000..454b9dc00319b3ffe62520e1d52ae92898a6a33a --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/resolved_issues.md @@ -0,0 +1,414 @@ +# 已修复问题 + +完整问题清单请参见[完整问题清单](https://gitee.com/organizations/src-openeuler/issues)。 + +已修复问题请参见下表。 + +**表 1** 修复问题列表 + +|ISSUE ID|关联仓库|问题描述|ISSUE 路径| +|-|-|-|-| +|IA4E07|gtk-doc|【x86/arm】gtk-doc软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4E07| +|IA4E50|qt5-qtenginio|【x86/arm】qt5-qtenginio-help软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4E50| +|IA4V4R|mathjax|【x86/arm】mathjax各个子包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4V4R| +|IA4VRO|libcrystalhd|【x86/arm】crystalhd-firmware软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4VRO| +|IA4VRW|mecab-ipadic|【x86/arm】mecab-ipadic、mecab-ipadic-EUCJP软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4VRW| +|IA4VU8|python-cssutils|【x86/arm】python3-cssutils、python-cssutils-help软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4VU8| +|IA4W5L|raspberrypi-eeprom|【x86/arm】raspberrypi-eeprom软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4W5L| +|IA4W60|raspberrypi-firmware|【x86/arm】raspberrypi-firmware软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4W60| +|IA4WCX|shared-desktop-ontologies|【x86/arm】shared-desktop-ontologies、shared-desktop-ontologies-devel软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IA4WCX| +|IAGS0Z|umdk|【x86/arm】umdk-urma-bin、umdk-urma-compat-hns-libumdk-urma-devel、umdk-urma-lib、umdk-urma-tools软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IAGS0Z| +|IAGS5K|tidb|【x86/arm】tidb、tidb-debuginfo、tidb-debugsource 软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IAGS5K| +|IAGS6O|tidb|【x86/arm】tidb、tidb-debuginfo、tidb-debugsource软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IAGS6O| +|IAGWFV|aisleriot|【x86/arm】aisleriot、aisleriot-debuginfo、aisleriot-debugsource软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IAGWFV| +|IAGX7M|libmd|【x86/arm】软件包libmd、libmd-devel的license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IAGX7M| +|IAGXT0|plasma-workspace|【x86/arm】plasma-workspace-doc软件包license信息识别审阅|https://gitee.com/open_euler/dashboard?issue_id=IAGXT0| +|IB2D21|python-lxml|【EulerMaker】python-lxml 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2D21| +|IB2DUG|libclc|【EulerMaker】libclc 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2DUG| +|IB2ET1|gtk-doc|【EulerMaker】gtk-doc 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2ET1| +|IB2HEA|python-sybil|【EulerMaker】python-sybil在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2HEA| +|IB2HF9|python-h5py|【EulerMaker】python-h5py 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2HF9| +|IB2HIR|spirv-llvm-translator|【EulerMaker】spirv-llvm-translator 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2HIR| +|IB2HNW|nodejs-commander|【EulerMaker】nodejs-commander 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2HNW| +|IB2HOQ|gcc-cross|【EulerMaker】gcc-cross 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2HOQ| +|IB2HQ0|phonon|【EulerMaker】phonon 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2HQ0| +|IB2IHP|mold|【EulerMaker】mold 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2IHP| +|IB2IIT|intel-ipp-crypto-mb|【EulerMaker】intel-ipp-crypto-mb 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2IIT| +|IB2IKX|intel-ipsec-mb|【EulerMaker】intel-ipsec-mb 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2IKX| +|IB2IO5|intel-qatzip|【EulerMaker】intel-ipp-crypto-mb 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2IO5| +|IB2IOK|intel-qatengine|【EulerMaker】intel-ipp-crypto-mb 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2IOK| +|IB2LOS|kata-containers|【EulerMaker】kata-containers 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB2LOS| +|IB2VQS|trace-cmd|【24.03-LTS-SP1-alpha】【arm】卸载trace-cmd软件包出现报错:Failed to disable unit: Unit file trace-cmd.service does not exist.|https://gitee.com/open_euler/dashboard?issue_id=IB2VQS| +|IB2W03|crash-trace-command|【24.03-LTS-SP1-alpha】【arm】卸载crash-trace-command软件包出现报错:Failed to disable unit: Unit file trace-cmd.service does not exist.|https://gitee.com/open_euler/dashboard?issue_id=IB2W03| +|IB3RFB|moby|【24.03-LTS-SP1-alpha】【arm/x86】安装docker后执行dnf update,出现依赖错误|https://gitee.com/open_euler/dashboard?issue_id=IB3RFB| +|IB3RUN|python-commonmark|【openEuler-24.03-LTS-SP1-alpha】【arm/x86】 nodejs-commonmark和python3-commonmark存在安装冲突|https://gitee.com/open_euler/dashboard?issue_id=IB3RUN| +|IB3S3F|mandoc|【openEuler-24.03-LTS-SP1-alpha】【arm/x86】 mandoc和groff-help和man-pages-help存在安装冲突|https://gitee.com/open_euler/dashboard?issue_id=IB3S3F| +|IB3SMV|native-turbo|【24.03-SP1-alpha】【autotest】native-turbo 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SMV| +|IB3SMW|lxcfs-tools|【24.03-SP1-alpha】【autotest】lxcfs-tools 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SMW| +|IB3SMY|python-zmq|【24.03-SP1-alpha】【autotest】python-zmq 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SMY| +|IB3SMZ|gcc|【24.03-SP1-alpha】【autotest】gcc 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SMZ| +|IB3SN1|python-inotify|【24.03-SP1-alpha】【autotest】python-inotify 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SN1| +|IB3SN2|python-memcached|【24.03-SP1-alpha】【autotest】python-memcached 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SN2| +|IB3SN3|i2c-tools|【24.03-SP1-alpha】【autotest】i2c-tools 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SN3| +|IB3SN4|pytorch|【24.03-SP1-alpha】【autotest】pytorch 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SN4| +|IB3SN5|secGear|【24.03-SP1-alpha】【autotest】secGear 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SN5| +|IB3SN6|ghostscript|【24.03-SP1-alpha】【autotest】ghostscript 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SN6| +|IB3SN7|qpdf|【24.03-SP1-alpha】【autotest】qpdf 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SN7| +|IB3SNA|check|【24.03-SP1-alpha】【autotest】check 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNA| +|IB3SNB|enchant2|【24.03-SP1-alpha】【autotest】enchant2 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNB| +|IB3SNC|python-XlsxWriter|【24.03-SP1-alpha】【autotest】python-XlsxWriter 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNC| +|IB3SND|edk2|【24.03-SP1-alpha】【autotest】edk2 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SND| +|IB3SNF|kata-containers|【24.03-SP1-alpha】【autotest】kata-containers 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNF| +|IB3SNG|libstoragemgmt|【24.03-SP1-alpha】【autotest】libstoragemgmt 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNG| +|IB3SNH|python-pythran|【24.03-SP1-alpha】【autotest】python-pythran 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNH| +|IB3SNI|librdkafka|【24.03-SP1-alpha】【autotest】librdkafka 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNI| +|IB3SNJ|oec-hardware|【24.03-SP1-alpha】【autotest】oec-hardware 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNJ| +|IB3SNL|python-hamcrest|【24.03-SP1-alpha】【autotest】python-hamcrest 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNL| +|IB3SNM|kmod-kvdo|【24.03-SP1-alpha】【autotest】kmod-kvdo 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNM| +|IB3SNO|sscg|【24.03-SP1-alpha】【autotest】sscg 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNO| +|IB3SNP|python-pydantic|【24.03-SP1-alpha】【autotest】python-pydantic 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNP| +|IB3SNQ|python-eventlet|【24.03-SP1-alpha】【autotest】python-eventlet 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNQ| +|IB3SNR|gstreamer1-plugins-bad-free|【24.03-SP1-alpha】【autotest】gstreamer1-plugins-bad-free 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNR| +|IB3SNS|pybind11|【24.03-SP1-alpha】【autotest】pybind11 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNS| +|IB3SNU|tftp|【24.03-SP1-alpha】【autotest】tftp 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNU| +|IB3SNV|lwip|【24.03-SP1-alpha】【autotest】lwip 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNV| +|IB3SNW|tpm2-tss|【24.03-SP1-alpha】【autotest】tpm2-tss 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNW| +|IB3SNX|python-certifi|【24.03-SP1-alpha】【autotest】python-certifi 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNX| +|IB3SNZ|automake|【24.03-SP1-alpha】【autotest】automake 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SNZ| +|IB3SO1|python-jedi|【24.03-SP1-alpha】【autotest】python-jedi 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO1| +|IB3SO2|lftp|【24.03-SP1-alpha】【autotest】lftp 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO2| +|IB3SO3|autoconf|【24.03-SP1-alpha】【autotest】autoconf 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO3| +|IB3SO4|memleax|【24.03-SP1-alpha】【autotest】memleax 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO4| +|IB3SO5|grub2|【24.03-SP1-alpha】【autotest】grub2 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO5| +|IB3SO6|jetty|【24.03-SP1-alpha】【autotest】jetty 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO6| +|IB3SO7|gala-gopher|【24.03-SP1-alpha】【autotest】gala-gopher 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO7| +|IB3SO8|kiwi|【24.03-SP1-alpha】【autotest】kiwi 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SO8| +|IB3SOA|inih|【24.03-SP1-alpha】【autotest】inih 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOA| +|IB3SOB|containerd|【24.03-SP1-alpha】【autotest】containerd 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOB| +|IB3SOC|openEuler-repos|【24.03-SP1-alpha】【autotest】openEuler-repos 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOC| +|IB3SOD|criu|【24.03-SP1-alpha】【autotest】criu 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOD| +|IB3SOE|python-filelock|【24.03-SP1-alpha】【autotest】python-filelock 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOE| +|IB3SOF|uadk_engine|【24.03-SP1-alpha】【autotest】uadk_engine 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOF| +|IB3SOG|autofdo|【24.03-SP1-alpha】【autotest】autofdo 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOG| +|IB3SOJ|dhcp|【24.03-SP1-alpha】【autotest】dhcp 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOJ| +|IB3SOL|python-iniparse|【24.03-SP1-alpha】【autotest】python-iniparse 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOL| +|IB3SOM|gazelle|【24.03-SP1-alpha】【autotest】gazelle 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOM| +|IB3SON|bcc|【24.03-SP1-alpha】【autotest】bcc 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SON| +|IB3SOO|ethtool|【24.03-SP1-alpha】【autotest】ethtool 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOO| +|IB3SOP|rootsh|【24.03-SP1-alpha】【autotest】rootsh 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOP| +|IB3SOQ|python-moto|【24.03-SP1-alpha】【autotest】python-moto 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOQ| +|IB3SOR|kylin-usb-creator|【24.03-SP1-alpha】【autotest】kylin-usb-creator 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOR| +|IB3SOS|dtkgui|【24.03-SP1-alpha】【autotest】dtkgui 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOS| +|IB3SOT|kylin-burner|【24.03-SP1-alpha】【autotest】kylin-burner 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOT| +|IB3SOU|ukui-session-manager|【24.03-SP1-alpha】【autotest】ukui-session-manager 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOU| +|IB3SOV|ukui-menu|【24.03-SP1-alpha】【autotest】ukui-menu 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOV| +|IB3SOW|k3s-containerd|【24.03-SP1-alpha】【autotest】k3s-containerd 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOW| +|IB3SOX|ukui-greeter|【24.03-SP1-alpha】【autotest】ukui-greeter 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOX| +|IB3SOY|python-faust|【24.03-SP1-alpha】【autotest】python-faust 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SOY| +|IB3SP0|cri-tools|【24.03-SP1-alpha】【autotest】cri-tools 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SP0| +|IB3SP2|ukui-bluetooth|【24.03-SP1-alpha】【autotest】ukui-bluetooth 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SP2| +|IB3SP3|ukui-panel|【24.03-SP1-alpha】【autotest】ukui-panel 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SP3| +|IB3SP5|distributed-build|【24.03-SP1-alpha】【autotest】distributed-build 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SP5| +|IB3SP6|apptainer|【24.03-SP1-alpha】【autotest】apptainer 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SP6| +|IB3SP7|ukui-system-monitor|【24.03-SP1-alpha】【autotest】ukui-system-monitor 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SP7| +|IB3SP8|ukui-screensaver|【24.03-SP1-alpha】【autotest】ukui-screensaver 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SP8| +|IB3SPA|indicator-china-weather|【24.03-SP1-alpha】【autotest】indicator-china-weather 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPA| +|IB3SPC|peony-extensions|【24.03-SP1-alpha】【autotest】peony-extensions 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPC| +|IB3SPE|dde|【24.03-SP1-alpha】【autotest】dde 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPE| +|IB3SPF|kylin-recorder|【24.03-SP1-alpha】【autotest】kylin-recorder 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPF| +|IB3SPG|kiran-icon-theme|【24.03-SP1-alpha】【autotest】kiran-icon-theme 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPG| +|IB3SPH|python-blurb|【24.03-SP1-alpha】【autotest】python-blurb 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPH| +|IB3SPI|cri-o|【24.03-SP1-alpha】【autotest】cri-o 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPI| +|IB3SPK|distributed-build_lite|【24.03-SP1-alpha】【autotest】distributed-build_lite 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPK| +|IB3SPL|migration-tools|【24.03-SP1-alpha】【autotest】migration-tools 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPL| +|IB3SPM|ukui-search|【24.03-SP1-alpha】【autotest】ukui-search 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPM| +|IB3SPN|ukui-control-center|【24.03-SP1-alpha】【autotest】ukui-control-center 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPN| +|IB3SPO|kylin-nm|【24.03-SP1-alpha】【autotest】kylin-nm 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPO| +|IB3SPP|kylin-calculator|【24.03-SP1-alpha】【autotest】kylin-calculator 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPP| +|IB3SPQ|python-pytimeparse|【24.03-SP1-alpha】【autotest】python-pytimeparse 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPQ| +|IB3SPR|peony|【24.03-SP1-alpha】【autotest】peony 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPR| +|IB3SPS|ukui-clock|【24.03-SP1-alpha】【autotest】ukui-clock 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPS| +|IB3SPT|python-jose|【24.03-SP1-alpha】【autotest】python-jose 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPT| +|IB3SPU|python-pytest-metadata|【24.03-SP1-alpha】【autotest】python-pytest-metadata 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPU| +|IB3SPV|python-asgiref|【24.03-SP1-alpha】【autotest】python-asgiref 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPV| +|IB3SPW|kylin-scanner|【24.03-SP1-alpha】【autotest】kylin-scanner 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPW| +|IB3SPY|libkysdk-applications|【24.03-SP1-alpha】【autotest】libkysdk-applications 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SPY| +|IB3SQ0|kylin-music|【24.03-SP1-alpha】【autotest】kylin-music 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SQ0| +|IB3SQ1|ukui-notification-daemon|【24.03-SP1-alpha】【autotest】ukui-notification-daemon 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SQ1| +|IB3SQ2|k3s-selinux|【24.03-SP1-alpha】【autotest】k3s-selinux 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3SQ2| +|IB3TSL|python-parse-type|【openEuler-24.03-LTS-SP1-alpha】【arm/x86】 python3-parse_type和python3-parse-type存在安装冲突|https://gitee.com/open_euler/dashboard?issue_id=IB3TSL| +|IB3U4K|python-fonttools|【24.03-SP1-alpha】【autotest】fonttools 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U4K| +|IB3U5L|openjfx11|【24.03-SP1-alpha】【autotest】openjfx 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U5L| +|IB3U5Z|etcd|【24.03-SP1-alpha】【autotest】etcd 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U5Z| +|IB3U66|KubeOS|【24.03-SP1-alpha】【autotest】KubeOS 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U66| +|IB3U6G|xdp-tools|【24.03-SP1-alpha】【autotest】xdp-tools 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U6G| +|IB3U6O|perl-Text-BibTeX|【24.03-SP1-alpha】【autotest】perl-Text-BibTeX 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U6O| +|IB3U6X|jboss-servlet-2.5-api|【24.03-SP1-alpha】【autotest】jboss-servlet-2.5-api 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U6X| +|IB3U77|openapi-schema-validator|【24.03-SP1-alpha】【autotest】openapi-schema-validator 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB3U77| +|IB44JW|moby|【openEuler-24.03-LTS-SP1-alpha】【arm/x86】 libnetwork和docker-engine-25.0.3-17.oe2403sp1存在安装冲突|https://gitee.com/open_euler/dashboard?issue_id=IB44JW| +|IB47CH|netavark|【EulerMaker】netavark 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB47CH| +|IB47EL|tomcatjss|【EulerMaker】tomcatjss 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB47EL| +|IB47GD|firefox|【EulerMaker】firefox 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB47GD| +|IB47IK|osinfo-db-tools|【EulerMaker】osinfo-db-tools 在openEuler-24.03-LTS-SP1:everything 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB47IK| +|IB4DCG|fwupd|【24.03_LTS_SP1_alpha】【x86/arm】fwupd存在不安全的编译选项RPATH|https://gitee.com/open_euler/dashboard?issue_id=IB4DCG| +|IB4VTI|commonlibrary_c_utils|【EulerMaker】 commonlibrary_c_utils 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VTI| +|IB4VYF|communication_ipc|【EulerMaker】 communication_ipc 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYF| +|IB4VYG|distributedhardware_device_manager|【EulerMaker】 distributedhardware_device_manager 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYG| +|IB4VYH|nautilus-python|【EulerMaker】 nautilus-python 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYH| +|IB4VYI|oceanbase-ce|【EulerMaker】 oceanbase-ce 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYI| +|IB4VYJ|notification_eventhandler|【EulerMaker】 notification_eventhandler 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYJ| +|IB4VYK|security_dataclassification|【EulerMaker】 security_dataclassification 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYK| +|IB4VYL|security_device_auth|【EulerMaker】 security_device_auth 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYL| +|IB4VYM|security_device_security_level|【EulerMaker】 security_device_security_level 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYM| +|IB4VYN|security_huks|【EulerMaker】 security_huks 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYN| +|IB4VYO|systemabilitymgr_safwk|【EulerMaker】 systemabilitymgr_safwk 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYO| +|IB4VYP|systemabilitymgr_samgr|【EulerMaker】 systemabilitymgr_samgr 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4VYP| +|IB4W1O|butane|【EulerMaker】 butane 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1O| +|IB4W1P|cinnamon|【EulerMaker】 cinnamon 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1P| +|IB4W1Q|dde-launcher|【EulerMaker】 dde-launcher 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1Q| +|IB4W1R|dde-session-shell|【EulerMaker】 dde-session-shell 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1R| +|IB4W1S|dpu-utilities|【EulerMaker】 dpu-utilities 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1S| +|IB4W1U|dsoftbus|【EulerMaker】 dsoftbus 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1U| +|IB4W1V|ffmpegthumbnailer|【EulerMaker】 ffmpegthumbnailer 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1V| +|IB4W1W|kde-connect|【EulerMaker】 kde-connect 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1W| +|IB4W1X|kf5-akonadi-mime|【EulerMaker】 kf5-akonadi-mime 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1X| +|IB4W1Y|kf5-akonadi-server|【EulerMaker】 kf5-akonadi-server 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1Y| +|IB4W1Z|kf5-bluez-qt|【EulerMaker】 kf5-bluez-qt 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W1Z| +|IB4W20|kf5-kactivities|【EulerMaker】 kf5-kactivities 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W20| +|IB4W21|kf5-kauth|【EulerMaker】 kf5-kauth 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W21| +|IB4W22|kf5-kconfig|【EulerMaker】 kf5-kconfig 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W22| +|IB4W23|kf5-khtml|【EulerMaker】 kf5-khtml 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W23| +|IB4W24|kf5-kimap|【EulerMaker】 kf5-kimap 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W24| +|IB4W25|kf5-kirigami2|【EulerMaker】 kf5-kirigami2 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W25| +|IB4W26|kf5-kjs|【EulerMaker】 kf5-kjs 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W26| +|IB4W27|kf5-knotifications|【EulerMaker】 kf5-knotifications 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W27| +|IB4W28|kf5-knotifyconfig|【EulerMaker】 kf5-knotifyconfig 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W28| +|IB4W29|kf5-mailcommon|【EulerMaker】 kf5-mailcommon 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W29| +|IB4W2A|kf5-solid|【EulerMaker】 kf5-solid 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2A| +|IB4W2B|kf5-syndication|【EulerMaker】 kf5-syndication 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2B| +|IB4W2C|Kmesh|【EulerMaker】 Kmesh 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2C| +|IB4W2D|kuserfeedback|【EulerMaker】 kuserfeedback 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2D| +|IB4W2E|kwin|【EulerMaker】 kwin 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2E| +|IB4W2F|kylin-screenshot|【EulerMaker】 kylin-screenshot 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2F| +|IB4W2G|libksysguard|【EulerMaker】 libksysguard 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2G| +|IB4W2H|mate-power-manager|【EulerMaker】 mate-power-manager 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2H| +|IB4W2I|octave|【EulerMaker】 octave 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2I| +|IB4W2J|okular|【EulerMaker】 okular 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2J| +|IB4W2K|ovirt-engine-ui-extensions|【EulerMaker】 ovirt-engine-ui-extensions 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2K| +|IB4W2M|plasma-workspace|【EulerMaker】 plasma-workspace 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2M| +|IB4W2N|polkit-kde|【EulerMaker】 polkit-kde 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2N| +|IB4W2O|python-plum-py|【EulerMaker】 python-plum-py 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2O| +|IB4W2P|python-typeguard|【EulerMaker】 python-typeguard 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2P| +|IB4W2Q|qtav|【EulerMaker】 qtav 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2Q| +|IB4W2R|zram-generator|【EulerMaker】 zram-generator 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2R| +|IB4W2S|ukui-kwin|【EulerMaker】 ukui-kwin 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB4W2S| +|IB4YJK|stratovirt|[openEuler-24.03-LTS-SP1-RC1][arm] 使用源自带的镜像启动虚拟机失败|https://gitee.com/open_euler/dashboard?issue_id=IB4YJK| +|IB519M|CBS|【2024-1230】简化k8s部署,说明文档修改|https://gitee.com/open_euler/dashboard?issue_id=IB519M| +|IB54RM|hiviewdfx_hilog|【EulerMaker】hiviewdfx_hilog 在openEuler-24.03-LTS-SP1:epol中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB54RM| +|IB5662|epkg_manager|【2024-1230】main环境下 安装epkg软件包失败|https://gitee.com/open_euler/dashboard?issue_id=IB5662| +|IB57E7|epkg_manager|【2024-1230】EPKG global模式下 user用户不应该保留common环境|https://gitee.com/open_euler/dashboard?issue_id=IB57E7| +|IB57N7|epkg_manager|【2024-1230】epkg 安装使用过程中易用性问题|https://gitee.com/open_euler/dashboard?issue_id=IB57N7| +|IB5NFO|sysmaster|【24.03 SP1】虚拟机场景,yum install sysmaster, reboot无法使用卸载后reboot正常|https://gitee.com/open_euler/dashboard?issue_id=IB5NFO| +|IB5OPE|epkg_manager|【2024-1230】root用户下user模式安装,切换普通用户执行init 异常退出|https://gitee.com/open_euler/dashboard?issue_id=IB5OPE| +|IB5R1U|kae_driver|【24.03-SP1-rc1】【autotest】kae_driver 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R1U| +|IB5R1W|selinux-policy|【24.03-SP1-rc1】【autotest】selinux-policy 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R1W| +|IB5R1X|python-mypy|【24.03-SP1-rc1】【autotest】python-mypy 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R1X| +|IB5R1Y|shadow|【24.03-SP1-rc1】【autotest】shadow 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R1Y| +|IB5R21|hadoop|【24.03-SP1-rc1】【autotest】hadoop 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R21| +|IB5R22|intel-sgx-ssl|【24.03-SP1-rc1】【autotest】intel-sgx-ssl 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R22| +|IB5R24|xorg-x11-drv-nouveau|【24.03-SP1-rc1】【autotest】xorg-x11-drv-nouveau 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R24| +|IB5R25|libnetfilter_queue|【24.03-SP1-rc1】【autotest】libnetfilter_queue 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R25| +|IB5R26|xorg-x11-xauth|【24.03-SP1-rc1】【autotest】xorg-x11-xauth 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R26| +|IB5R27|lsscsi|【24.03-SP1-rc1】【autotest】lsscsi 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R27| +|IB5R28|xorg-x11-drv-fbdev|【24.03-SP1-rc1】【autotest】xorg-x11-drv-fbdev 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R28| +|IB5R29|mock|【24.03-SP1-rc1】【autotest】mock 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R29| +|IB5R2A|qt6-qtquick3dphysics|【24.03-SP1-rc1】【autotest】qt6-qtquick3dphysics 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2A| +|IB5R2C|kata_integration|【24.03-SP1-rc1】【autotest】kata_integration 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2C| +|IB5R2D|lldpad|【24.03-SP1-rc1】【autotest】lldpad 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2D| +|IB5R2E|protobuf|【24.03-SP1-rc1】【autotest】protobuf 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2E| +|IB5R2F|spice-vdagent|【24.03-SP1-rc1】【autotest】spice-vdagent 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2F| +|IB5R2G|containernetworking-plugins|【24.03-SP1-rc1】【autotest】containernetworking-plugins 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2G| +|IB5R2I|libepoxy|【24.03-SP1-rc1】【autotest】libepoxy 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2I| +|IB5R2K|crash|【24.03-SP1-rc1】【autotest】crash 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2K| +|IB5R2N|libXtst|【24.03-SP1-rc1】【autotest】libXtst 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2N| +|IB5R2O|libteam|【24.03-SP1-rc1】【autotest】libteam 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2O| +|IB5R2P|ipmitool|【24.03-SP1-rc1】【autotest】ipmitool 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2P| +|IB5R2Q|musl|【24.03-SP1-rc1】【autotest】musl 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2Q| +|IB5R2R|xorg-x11-drv-evdev|【24.03-SP1-rc1】【autotest】xorg-x11-drv-evdev 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2R| +|IB5R2S|kexec-tools|【24.03-SP1-rc1】【autotest】kexec-tools 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2S| +|IB5R2W|supermin|【24.03-SP1-rc1】【autotest】supermin 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2W| +|IB5R2X|openjdk-1.8.0|【24.03-SP1-rc1】【autotest】openjdk-1.8.0 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2X| +|IB5R2Y|openjfx8|【24.03-SP1-rc1】【autotest】openjfx8 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2Y| +|IB5R2Z|curl|【24.03-SP1-rc1】【autotest】curl 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2Z| +|IB5R31|kpatch|【24.03-SP1-rc1】【autotest】kpatch 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R31| +|IB5R32|rpmrebuild|【24.03-SP1-rc1】【autotest】rpmrebuild 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R32| +|IB5R33|golang|【24.03-SP1-rc1】【autotest】golang 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R33| +|IB5R35|open-isns|【24.03-SP1-rc1】【autotest】open-isns 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R35| +|IB5R36|thai-scalable-fonts|【24.03-SP1-rc1】【autotest】thai-scalable-fonts 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R36| +|IB5R37|keybinder3|【24.03-SP1-rc1】【autotest】keybinder3 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R37| +|IB5R38|coreutils|【24.03-SP1-rc1】【autotest】coreutils 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R38| +|IB5R3B|lxc|【24.03-SP1-rc1】【autotest】lxc 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3B| +|IB5R3C|secpaver|【24.03-SP1-rc1】【autotest】secpaver 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3C| +|IB5R3F|dmidecode|【24.03-SP1-rc1】【autotest】dmidecode 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3F| +|IB5R3L|openssl|【24.03-SP1-rc1】【autotest】openssl 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3L| +|IB5R3O|iotop|【24.03-SP1-rc1】【autotest】iotop 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3O| +|IB5R3R|sssd|【24.03-SP1-rc1】【autotest】sssd 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3R| +|IB5R3T|xorg-x11-drv-v4l|【24.03-SP1-rc1】【autotest】xorg-x11-drv-v4l 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3T| +|IB5R3U|efivar|【24.03-SP1-rc1】【autotest】efivar 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3U| +|IB5R3V|lua|【24.03-SP1-rc1】【autotest】lua 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3V| +|IB5R3W|libXxf86vm|【24.03-SP1-rc1】【autotest】libXxf86vm 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3W| +|IB5R3X|cryfs|【24.03-SP1-rc1】【autotest】cryfs 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3X| +|IB5R3Y|libchardet|【24.03-SP1-rc1】【autotest】libchardet 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3Y| +|IB5R3Z|gnome-settings-daemon|【24.03-SP1-rc1】【autotest】gnome-settings-daemon 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R3Z| +|IB5R40|mate-control-center|【24.03-SP1-rc1】【autotest】mate-control-center 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R40| +|IB5R43|dtkcommon|【24.03-SP1-rc1】【autotest】dtkcommon 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R43| +|IB5R44|python-pyeclib|【24.03-SP1-rc1】【autotest】python-pyeclib 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R44| +|IB5R46|deepin-clone|【24.03-SP1-rc1】【autotest】deepin-clone 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R46| +|IB5R48|kubekey|【24.03-SP1-rc1】【autotest】kubekey 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R48| +|IB5R49|cppzmq|【24.03-SP1-rc1】【autotest】cppzmq 包在24.03-LTS-SP1中相比24.03-LTS version版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R49| +|IB5R4A|pushgateway|【24.03-SP1-rc1】【autotest】pushgateway 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4A| +|IB5R4B|deepin-log-viewer|【24.03-SP1-rc1】【autotest】deepin-log-viewer 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4B| +|IB5R4C|qt5integration|【24.03-SP1-rc1】【autotest】qt5integration 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4C| +|IB5R4D|pigpio|【24.03-SP1-rc1】【autotest】pigpio 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4D| +|IB5R4E|dde-calendar|【24.03-SP1-rc1】【autotest】dde-calendar 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4E| +|IB5R4G|tidb|【24.03-SP1-rc1】【autotest】tidb 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4G| +|IB5R4I|python-jaeger-client|【24.03-SP1-rc1】【autotest】python-jaeger-client 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4I| +|IB5R4K|mate-menus|【24.03-SP1-rc1】【autotest】mate-menus 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4K| +|IB5R4M|deepin-compressor|【24.03-SP1-rc1】【autotest】deepin-compressor 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R4M| +|IB5RII|A-Tune|【24.03-SP1-rc1】【autotest】A-Tune 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5RII| +|IB5RJK|cscope|【24.03-SP1-rc1】【autotest】cscope 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5RJK| +|IB5RKT|rubygem-actionpack|【24.03-SP1-rc1】【autotest】rubygem-actionpack 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5RKT| +|IB5SQT|scap-security-guide|【openEuler-24.03-LTS-SP1】content_rule_configure_dump_journald_log规则存在问题|https://gitee.com/open_euler/dashboard?issue_id=IB5SQT| +|IB5T8Q|bash|【openEuler-24.03-LTS-SP1】5.2.15-11版本 构建iso镜像无法正常启动|https://gitee.com/open_euler/dashboard?issue_id=IB5T8Q| +|IB5XUK|rubik|【openEuler-24.03-LTS-SP1-round1】rubik cpuevict功能 验证过程中,rubik持续输出error日志|https://gitee.com/open_euler/dashboard?issue_id=IB5XUK| +|IB5Z0F|hplip|【24.03-SP1-rc1】【arm/x86】hplip源码包本地自编译失败|https://gitee.com/open_euler/dashboard?issue_id=IB5Z0F| +|IB60DF|gcc|【EulerMaker】gcc-12.3.1-37版本缺少头文件,导致多包编译失败|https://gitee.com/open_euler/dashboard?issue_id=IB60DF| +|IB66JT|systemtap|【openEuler-24.03-LTS-SP1 rc1 】【autotest 】【arm】stap-exporter.service 服务启动有报错信息|https://gitee.com/open_euler/dashboard?issue_id=IB66JT| +|IB6709|kylin-video|【EulerMaker】 kylin-video 在openEuler-24.03-LTS-SP1:epol 中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB6709| +|IB6DM2|oeAware-manager|sar 等命令 缺少 sysstat require|https://gitee.com/open_euler/dashboard?issue_id=IB6DM2| +|IB6Q5P|scap-security-guide|【openEuler-24.03-LTS-SP1】规则Build and Test AIDE Database检查结果失败|https://gitee.com/open_euler/dashboard?issue_id=IB6Q5P| +|IB6R4K|xorg-x11-server|【openEuler-24.03-sp1-rc2】【x86】UEFI模式安装没有进入到图形化安装页面,而是进入到了text模式|https://gitee.com/open_euler/dashboard?issue_id=IB6R4K| +|IB6UPE|dde-control-center|【24.03-SP1-rc2】【autotest】dde-control-center 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB6UPE| +|IB6UQ2|kylin-video|【24.03-SP1-rc2】【autotest】kylin-video 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB6UQ2| +|IB6USO|kylin-screenshot|【24.03-SP1-rc2】【autotest】kylin-screenshot 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB6USO| +|IB6UU1|dde-dock|【24.03-SP1-rc2】【autotest】dde-dock 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB6UU1| +|IB6UV0|three-eight-nine-ds-base|[24.03-LTS-SP1-RC2]dsctl localhost cockpit open-firewall执行报错|https://gitee.com/open_euler/dashboard?issue_id=IB6UV0| +|IB6WYQ|python-commonmark|【openEuler-24.03-LTS-SP1-round2】【arm/x86】 nodejs-commonmark与python3-commonmark有共同文件/usr/bin/commonmark,导致安装冲突|https://gitee.com/open_euler/dashboard?issue_id=IB6WYQ| +|IB6XNG|spdk|【EulerMaker】spdk 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB6XNG| +|IB6XSB|libxcvt|【openEuler-24.03-LTS-SP1-round2】【arm/x86】 xorg-x11-server-help和cvt 有共同文件/usr/share/man/man1/cvt.1.gz导致安装冲突|https://gitee.com/open_euler/dashboard?issue_id=IB6XSB| +|IB6XT5|scap-security-guide|【openEuler-24.03-LTS-SP1】对应当正确配置硬盘空间阈值规则进行扫描,存在问题|https://gitee.com/open_euler/dashboard?issue_id=IB6XT5| +|IB6XVI|mandoc|【openEuler-24.03-LTS-SP1-round2】【arm/x86】 mandoc和groff-help, mandoc和man-pages-help存在安装冲突|https://gitee.com/open_euler/dashboard?issue_id=IB6XVI| +|IB6ZHB|gcc-cross|【24.03-SP1-rc2】【arm/x86】gcc-cross源码包本地自编译失败,build阶段报错,build.sh不存在|https://gitee.com/open_euler/dashboard?issue_id=IB6ZHB| +|IB6ZKC|python-dns|【24.03-SP1-rc2】【arm/x86】python-dns源码包本地自编译失败,check阶段报错|https://gitee.com/open_euler/dashboard?issue_id=IB6ZKC| +|IB71JF|kata-containers|【24.03-SP1-rc2】【autotest】kata-containers 软件包arm架构和x86架构的二进制包版本不一致|https://gitee.com/open_euler/dashboard?issue_id=IB71JF| +|IB71L7|three-eight-nine-ds-base|[24.03-LTS-SP1-RC2]dsidm -b "dc=example,dc=com" localhost role subtree-status dc=example,dc=com执行报错|https://gitee.com/open_euler/dashboard?issue_id=IB71L7| +|IB73JZ|clevis|[24.03-LTS-SP1] tang命令问题|https://gitee.com/open_euler/dashboard?issue_id=IB73JZ| +|IB746P|powerapi|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm】调用SetSmartGridLevel接口,打印信息为SetSmartGridState succeed|https://gitee.com/open_euler/dashboard?issue_id=IB746P| +|IB74HE|autofdo|[24.03-LTS-SP1 RC2]dump_gcov 使用--gcov_version=2时报错|https://gitee.com/open_euler/dashboard?issue_id=IB74HE| +|IB76HT|ods|【2024-1230】离线登录 /api/modify-auth-code接口 新旧密码相同 修改密码成功 |https://gitee.com/open_euler/dashboard?issue_id=IB76HT| +|IB77RL|aops-hermes|[24.03-LTS-SP1-RC2][arm/x86]创建主机组,主机组名称校验不正确|https://gitee.com/open_euler/dashboard?issue_id=IB77RL| +|IB7C0A|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装oeAware-manager之后,执行oeawarectl -e smc_tune显示enable成功,实际实例状态仍为smc_tune(available, close)|https://gitee.com/open_euler/dashboard?issue_id=IB7C0A| +|IB7E17|oeAware-manager|sdk权限及服务卡住问题|https://gitee.com/open_euler/dashboard?issue_id=IB7E17| +|IB7FDZ|aops-hermes|[24.03-LTS-SP1-RC2][arm/x86] 脚本管理,编辑脚本后再点击“新建脚本”,页面为“修改脚本”|https://gitee.com/open_euler/dashboard?issue_id=IB7FDZ| +|IB7FSL|aops-zeus|[24.03-LTS-SP1-RC2][arm/x86]操作名可修改为已存在的值|https://gitee.com/open_euler/dashboard?issue_id=IB7FSL| +|IB7GCE|eagle|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装eagle查看日志文件中存在拼写错误,应为service|https://gitee.com/open_euler/dashboard?issue_id=IB7GCE| +|IB7HS0|nototools|[24.03-LTS-SP1 RC2][autotest]部分命令无法使用|https://gitee.com/open_euler/dashboard?issue_id=IB7HS0| +|IB7JLG|intel-compute-runtime|【EulerMaker】intel-compute-runtime 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB7JLG| +|IB7JNQ|mailman|【EulerMaker】mailman 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB7JNQ| +|IB7JPP|pipewire|【EulerMaker】pipewire 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB7JPP| +|IB7KB5|secpaver|【openEuler-24.03-LTS-SP1】使用工具配置dim功能,创建基线时未考虑国密算法|https://gitee.com/open_euler/dashboard?issue_id=IB7KB5| +|IB7KEB|iSulad|【EulerMaker】iSulad 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB7KEB| +|IB7KXY|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装oeAware-manager,执行oeawarectl -l libsystem_tune.so打印结果中缺少换行|https://gitee.com/open_euler/dashboard?issue_id=IB7KXY| +|IB7LC7|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装oeAware-manager,执行oeawarectl -e xcall_tune;oeawarectl -r libsystem_tune.so结果异常|https://gitee.com/open_euler/dashboard?issue_id=IB7LC7| +|IB7LDI|k3s-selinux|【openEuler-24.03-LTS-SP1-round2】【arm/x86】 k3s-selinux包安装过程中有报错|https://gitee.com/open_euler/dashboard?issue_id=IB7LDI| +|IB7LDQ|secpaver|【openEuler-24.03-LTS-SP1】使用工具配置dim功能,未考虑模块参数log_cap的最大值|https://gitee.com/open_euler/dashboard?issue_id=IB7LDQ| +|IB7MRU|setroubleshoot|【EulerMaker】setroubleshoot 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB7MRU| +|IB7NRV|secpaver|【openEuler-24.03-LTS-SP1】使用工具检查dim功能,缺少对kernel静态基线的检查|https://gitee.com/open_euler/dashboard?issue_id=IB7NRV| +|IB7P1W|oeAware-manager|command_collector缺少参数校验|https://gitee.com/open_euler/dashboard?issue_id=IB7P1W| +|IB7PCT|aops-hermes|[24.03-LTS-SP1-RC2][arm/x86] 上传安全公告报400错误|https://gitee.com/open_euler/dashboard?issue_id=IB7PCT| +|IB7PIH|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm】安装oeAware-manager,执行oeawarectl -i numafast显示:/sbin/ldconfig: /usr/lib64/libkperf.so is not a symbolic link|https://gitee.com/open_euler/dashboard?issue_id=IB7PIH| +|IB7PNH|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装oeAware-manager,执行oeawarectl -r libdocker_collector.so之后执行oeawarectl -e docker_cpu_burst(依赖libdocker_collector.so)显示成功|https://gitee.com/open_euler/dashboard?issue_id=IB7PNH| +|IB7PXL|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装oeAware-manager,执行oeawarectl --query-dep xcall_tune显示依赖关系图生成成功,实际查看依赖关系图异常|https://gitee.com/open_euler/dashboard?issue_id=IB7PXL| +|IB7Q47|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装oeAware-manager,执行oeawarectl -e xcall_tune;oeawarectl --query-dep xcall_tune显示依赖关系图生成成功,实际查看依赖关系图缺少依赖|https://gitee.com/open_euler/dashboard?issue_id=IB7Q47| +|IB7RMQ|secpaver|【openEuler-24.03-LTS-SP1】使用工具配置ima功能,需要自行导入摘要列表,缺少提示信息|https://gitee.com/open_euler/dashboard?issue_id=IB7RMQ| +|IB7SUK|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm/x86】安装oeAware-manager,配置/etc/oeAware/config.yaml格式不正确,重启服务日志中没有报错提示|https://gitee.com/open_euler/dashboard?issue_id=IB7SUK| +|IB7SYE|oeAware-manager|【openEuler-24.03-LTS-SP1-rc2】【autotest】【arm】虚拟机安装oeAware-manager,执行oeawarectl -e pmu_spe_collector(只在物理上支持的实例),显示使能成功,状态为running|https://gitee.com/open_euler/dashboard?issue_id=IB7SYE| +|IB7VUC|secpaver|【openEuler-24.03-LTS-SP1】使用工具开启ima功能后,再关闭ima,未恢复被度量文件的selinux标签|https://gitee.com/open_euler/dashboard?issue_id=IB7VUC| +|IB7YD4|aops-apollo|[24.03-LTS-SP1-RC2][arm/x86] 任务详情页面,任务描述的部分内容显示可读性差|https://gitee.com/open_euler/dashboard?issue_id=IB7YD4| +|IB810U|secpaver|【openEuler-24.03-LTS-SP1】sec_conf工具中选择是否安装包时,选择未安装且环境上没有对应包,应退出执行|https://gitee.com/open_euler/dashboard?issue_id=IB810U| +|IB81LE|gazelle|22.03SP4发布最新的gazelle包时,对应的dpdk包未更新|https://gitee.com/open_euler/dashboard?issue_id=IB81LE| +|IB82Z3|gazelle|【openGauss】用户态备执行gs_ctl switchover会导致数据库异常中断|https://gitee.com/open_euler/dashboard?issue_id=IB82Z3| +|IB83OJ|gazelle|【openGauss】用户态起gaussdb后使用tpcc进行测试报错|https://gitee.com/open_euler/dashboard?issue_id=IB83OJ| +|IB89HL|gcc|[24.03-LTS-SP1 RC3][Angha]-O3 -fif-split编译报ICE:during GIMPLE pass: profile_estimate(at cfganal.cc:1587)|https://gitee.com/open_euler/dashboard?issue_id=IB89HL| +|IB89PH|gcc|[24.03-LTS-SP1 RC3][Angha]-O3 -fif-split编译报Segmentation fault: during GIMPLE pass: local-pure-const|https://gitee.com/open_euler/dashboard?issue_id=IB89PH| +|IB8HD7|prometheus|[24.03-LTS-SP1-RC3]promtool check metrics执行报错|https://gitee.com/open_euler/dashboard?issue_id=IB8HD7| +|IB8JZ2|AI4C|【24.03-LTS-SP1 RC3】编译报ICE:in get_attr_type|https://gitee.com/open_euler/dashboard?issue_id=IB8JZ2| +|IB8KDT|scap-security-guide|【openEuler-24.03-LTS-SP1】检查和修复确保弱口令字典设置正确规则时,存在问题|https://gitee.com/open_euler/dashboard?issue_id=IB8KDT| +|IB8KYZ|gcc|[24.03-LTS-SP1 RC3]-O3 -fwhole-program -flto-partition=one -fipa-struct-reorg=2编译运行运行报core dump|https://gitee.com/open_euler/dashboard?issue_id=IB8KYZ| +|IB8P6E|trafficserver|【openEuler -24.03-LTS-SP1 rc3 】【autotest 】trafficserver.service 服务启动有报错信息|https://gitee.com/open_euler/dashboard?issue_id=IB8P6E| +|IB8PD4|python-blivet|[24.03-LTS-SP1]安装界面添加超出可用空间的分区时,提示不正确|https://gitee.com/open_euler/dashboard?issue_id=IB8PD4| +|IB8Q55|ncbi-blast|【openEuler-24.03-LTS-SP1-round3】【arm/x86】 ncbi-blast和bzip2-devel, ncbi-blast和proj-devel存在安装文件冲突|https://gitee.com/open_euler/dashboard?issue_id=IB8Q55| +|IB8QB5|oeAware-manager|缺少执行多条命令的功能|https://gitee.com/open_euler/dashboard?issue_id=IB8QB5| +|IB8RF9|scap-security-guide|【openEuler-24.03-LTS-SP1】修复确保普通用户不能借助pkexec配置提权root规则,应保持与规范一致|https://gitee.com/open_euler/dashboard?issue_id=IB8RF9| +|IB8TGJ|gcc|[24.03-LTS-SP1 RC3]-fcfgo-profile-generate不指定路径时编译报ICE:Segmentation fault|https://gitee.com/open_euler/dashboard?issue_id=IB8TGJ| +|IB8TSE|KubeOS|【24.03-lts-sp1】使用镜像制作脚本制作镜像,报错后返回值依旧为0|https://gitee.com/open_euler/dashboard?issue_id=IB8TSE| +|IB8U1L|scap-security-guide|【openEuler-24.03-LTS-SP1】修复确保SSH服务MACs算法配置正确规则后,sshd服务启动失败|https://gitee.com/open_euler/dashboard?issue_id=IB8U1L| +|IB8U5R|secpaver|【openEuler-24.03-LTS-SP1】使用工具检查dim配置时,未默认检查dim_core、dim_monitor模块是否加载|https://gitee.com/open_euler/dashboard?issue_id=IB8U5R| +|IB8UDV|KubeOS|【24.03-lts-sp1】下发sysctl参数时,配置格式中存在引号,会配置失败|https://gitee.com/open_euler/dashboard?issue_id=IB8UDV| +|IB8UQO|scap-security-guide|【openEuler-24.03-LTS-SP1】修复确保口令中不包含账号字符串规则,结果为error|https://gitee.com/open_euler/dashboard?issue_id=IB8UQO| +|IB8W9N|criu|【EulerMaker】criu 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB8W9N| +|IB8X9N|dde|【openEuler 24.03 LTS SP1 rc3】控制中心中的声音输入界面卡死或闪崩|https://gitee.com/open_euler/dashboard?issue_id=IB8X9N| +|IB8XDM|dde|【openEuler 24.03 LTS SP1 rc3】画图应用选择添加文字后应用界面消失|https://gitee.com/open_euler/dashboard?issue_id=IB8XDM| +|IB8XSC|dde|【openEuler 24.03 LTS SP1 rc3】应用“Rygel首选项” 的X关闭应用按钮无法点击并关闭应用|https://gitee.com/open_euler/dashboard?issue_id=IB8XSC| +|IB8YID|secpaver|【openEuler-24.03-LTS-SP1】使用工具配置和检查secure_boot功能,wget下载外网证书时限制重试次数和超时时间|https://gitee.com/open_euler/dashboard?issue_id=IB8YID| +|IB8ZOX|stratovirt|[openEuler-24.03-LTS-SP1-RC3][arm/x86] 使用快照恢复虚拟机失败|https://gitee.com/open_euler/dashboard?issue_id=IB8ZOX| +|IB90VA|secpaver|【openEuler-24.03-LTS-SP1】使用工具检查ima功能时,只检查了当前环境是否支持ima,不符合预期|https://gitee.com/open_euler/dashboard?issue_id=IB90VA| +|IB91QR|oeAware-manager|评估模式客户端无法输出报告|https://gitee.com/open_euler/dashboard?issue_id=IB91QR| +|IB91ZE|oeAware-manager|pmu 相关数据interval 字段计算不准|https://gitee.com/open_euler/dashboard?issue_id=IB91ZE| +|IB96L3|scap-security-guide|【openEuler-24.03-LTS-SP1】修复确保at、cron配置正确规则后,部分文件权限不符合要求|https://gitee.com/open_euler/dashboard?issue_id=IB96L3| +|IB9EDA|dde|【openEuler 24.03 LTS SP1 rc3】DDE创建的管理员用户在特殊情况下无法登录系统|https://gitee.com/open_euler/dashboard?issue_id=IB9EDA| +|IB9EM9|KubeOS|【24.03-lts-sp1】kubelte/containerd等配置下发存在:1、格式转换等问题会导致节点配置卡住,2、仅配置value值后修改正确的值但是value值一直不变,3、pam.limits下发时未打印setting日志|https://gitee.com/open_euler/dashboard?issue_id=IB9EM9| +|IB9FF8|oeAware-manager|steal task 在不同内核下使能方式有差异,6.6 下 需要配置sched_steal_node_limit=[numa number]|https://gitee.com/open_euler/dashboard?issue_id=IB9FF8| +|IB9K6P|CBS|【2024-1230】eulermaker支持一键导入EulerMaker生成对应update版本构建工程,提供的默认yaml文件中build_tag字段错误|https://gitee.com/open_euler/dashboard?issue_id=IB9K6P| +|IB9K7F|pesign|[24.03-LTS-SP1-RC3]pesign -i部分命令执行失败|https://gitee.com/open_euler/dashboard?issue_id=IB9K7F| +|IB9M1F||【openEuler-24.03-LTS-SP1-round3】【block】kubeedge镜像需要替换成k3s|https://gitee.com/open_euler/dashboard?issue_id=IB9M1F| +|IB9NT0|autoconf|【EulerMaker】autoconf更新导致 多个包在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB9NT0| +|IB9RFD|gazelle|【openGauss】使用tpcc进行预热测试的时候会打印一堆fail日志|https://gitee.com/open_euler/dashboard?issue_id=IB9RFD| +|IB9RGW|gazelle|【openGauss】使用tpcc测试时首次测试必定出现The connection attempt failed|https://gitee.com/open_euler/dashboard?issue_id=IB9RGW| +|IB9RUF|KubeOS|【24.03-lts-sp1】operation配置错误时,提示语中多了一层引号;imagetype和opstype配置错误时下发直接报错,与之前行为不一致|https://gitee.com/open_euler/dashboard?issue_id=IB9RUF| +|IB9WSS|ao.space|【EulerMaker】ao.space 在openEuler-24.03-LTS-SP1:everything中构建失败|https://gitee.com/open_euler/dashboard?issue_id=IB9WSS| +|IB9XFN|secpaver|【openEuler-24.03-LTS-SP1】配置和检查modsign功能时,修改grub参数部分待优化|https://gitee.com/open_euler/dashboard?issue_id=IB9XFN| +|IBA5E4|gazelle|【openGauss】分别带gazelle启动gauss一主两备,反复手动切换主备三小时左右出现Cannot reserve memory,gauss进程退出|https://gitee.com/open_euler/dashboard?issue_id=IBA5E4| +|IBA7CU|aops-hermes|[24.03-LTS-SP1-RC4][arm/x86] CVE详情页部分展示不正确|https://gitee.com/open_euler/dashboard?issue_id=IBA7CU| +|IBA897|CBS|【2024-1230】yaml 导入方式创建工程,yaml软件包配置不传入git_tag/commit_id/spec_branch,build_tag传入值,工程刚创建后,软件包配置显示的是spec_branch,经过一次构建后包配置显示spec_branch的commit_id|https://gitee.com/open_euler/dashboard?issue_id=IBA897| +|IBA8N5|utshell|[24.03-LTS-SP1-RC4]utshell -c "echo {a..z}"执行报错Segmentation fault(核心已转储)|https://gitee.com/open_euler/dashboard?issue_id=IBA8N5| +|IBA918|utshell|[24.03-LTS-SP1-RC4]utshell -c 'type -p pwd'返回码为255|https://gitee.com/open_euler/dashboard?issue_id=IBA918| +|IBAAW2|oeAware-manager|spe 采样周期单向增大,无法回退|https://gitee.com/open_euler/dashboard?issue_id=IBAAW2| +|IBADES|euler-copilot-rag|生成问答对脚本只能针对单个文件或整个目录|https://gitee.com/open_euler/dashboard?issue_id=IBADES| +|IBADFM|ods|【2024-1230】版本测试在EulerPipeline运行:指定x86虚拟机os_version为20.03-LTS-SP4版本运行job,任务超时|https://gitee.com/open_euler/dashboard?issue_id=IBADFM| +|IBAEW1|gnome-settings-daemon|【openEuler-24.03-LTS-SP1-round4】【x86】 gnome-settings-daemon 卸载有Failed信息|https://gitee.com/open_euler/dashboard?issue_id=IBAEW1| +|IBAFG5|scap-security-guide|【openEuler-24.03-LTS-SP1】修复确保UMASK配置正确规则时,不符合规范|https://gitee.com/open_euler/dashboard?issue_id=IBAFG5| +|IBAGYK|ods|【2024-1230】版本测试在EulerPipeline运行:指定arm虚拟机os_version为20.03-LTS-SP4版本运行job,任务超时|https://gitee.com/open_euler/dashboard?issue_id=IBAGYK| +|IBALNI|KubeOS|【24.03-lts-sp1】pxe镜像配置磁盘名称有误时,安装时提示语是磁盘空间不足|https://gitee.com/open_euler/dashboard?issue_id=IBALNI| +|IBALTA|KubeOS|【24.03-lts-sp1】[chroot_script]配置rm = true,制作完成的镜像中的chroot脚本未删除|https://gitee.com/open_euler/dashboard?issue_id=IBALTA| +|IBALZL|KubeOS|【24.03-lts-sp1】admin镜像制作时dockerfile中的COPY ./set-ssh-pub-key.sh ./hostshell /usr/local/bin后面需要加/|https://gitee.com/open_euler/dashboard?issue_id=IBALZL| +|IBAPM3|gazelle|【SDV】在服务端启动后,立即启动客户端TCP V6无法建连|https://gitee.com/open_euler/dashboard?issue_id=IBAPM3| +|IBAPNP|gazelle|【SDV】开启单网卡后带gazelle启动,使用sysbench打流偶现coredump|https://gitee.com/open_euler/dashboard?issue_id=IBAPNP| +|IBARLD|gcc|[24.03-LTS-SP1 RC4][csmith]-O3 -fif-split编译报Segmentation fault: during GIMPLE pass:if-split|https://gitee.com/open_euler/dashboard?issue_id=IBARLD| +|IBAU9O|hadoop|【EulerMaker】hadoop在openEuler-24.03-LTS-SP1:everything构建失败|https://gitee.com/open_euler/dashboard?issue_id=IBAU9O| +|IBAWUP|sysSentry|rasdaemon插件缺少配置文件|https://gitee.com/open_euler/dashboard?issue_id=IBAWUP| +|IBAYOV|sysSentry|type=period, onstart=no时rasdaemon插件功能异常|https://gitee.com/open_euler/dashboard?issue_id=IBAYOV| +|IBAYW8|KubeOS|【24.03-lts-sp1】镜像制作参数存在部分值为空未校验|https://gitee.com/open_euler/dashboard?issue_id=IBAYW8| +|IBB1PX|gcc|[24.03-LTS-SP1 RC4]-flto -fipa-reorder-fields运行结果不一致|https://gitee.com/open_euler/dashboard?issue_id=IBB1PX| +|IBB1UK|gcc|[24.03-LTS-SP1 RC4]-flto -fipa-struct-reorg运行结果不一致|https://gitee.com/open_euler/dashboard?issue_id=IBB1UK| +|IBB67T|oncn-bwm|【EulerMaker】oncn-bwm 在openEuler-24.03-LTS-SP1:everything构建失败|https://gitee.com/open_euler/dashboard?issue_id=IBB67T| +|IBBP4Y|multipath-tools|构造两次网络故障,多路径未进入降级状态|https://gitee.com/open_euler/dashboard?issue_id=IBBP4Y| +|IBBPDD|rpcbind|pwck检查有报错:user 'rpc': directory '/var/lib/rpcbind' does not exist|https://gitee.com/open_euler/dashboard?issue_id=IBBPDD| +|IBBQ1S|secDetector|openEuler 24.03-LTS-SP1版本,文件探针失效|https://gitee.com/open_euler/dashboard?issue_id=IBBQ1S| +|IBBWT2|gcc|[24.03-LTS-SP1 RC5]-O3 -fif-split编译报ICE:during GIMPLE pass: profile_estimate(at cfganal.cc:1587)|https://gitee.com/open_euler/dashboard?issue_id=IBBWT2| +|IBBWT3|mariadb|【24.03 LTS SP1 auto-test】mysqladmin命令执行报错|https://gitee.com/open_euler/dashboard?issue_id=IBBWT3| +|IBBWTS|yocto-meta-openeuler|【24.03-LTS-SP1】kp920配置机器网卡时因没有驱动导致网卡不显示|https://gitee.com/open_euler/dashboard?issue_id=IBBWTS| +|IBBWXI|openGemini|【EulerMaker】openGemini 在openEuler-24.03-LTS-SP1:epol构建失败|https://gitee.com/open_euler/dashboard?issue_id=IBBWXI| +|IBC1X0|opengauss-server|【openEuler-24.03-LTS-SP1-round5】【arm/x86】 opengauss 由24.03-LTS升级24.03-LTS-SP1的版本 失败|https://gitee.com/open_euler/dashboard?issue_id=IBC1X0| +|IBC3CT|oeAware-manager|【openEuler-24.03-LTS-SP1-rc5】【arm】安装oeAware-manager,执行oeawarectl -e tune_numa_mem_access报错:can't connect to server!|https://gitee.com/open_euler/dashboard?issue_id=IBC3CT| +|IB5R2L|python-selenium|【24.03-SP1-rc1】【autotest】python-selenium 包在24.03-LTS-SP1中相比24.03-LTS release版本降级|https://gitee.com/open_euler/dashboard?issue_id=IB5R2L| \ No newline at end of file diff --git a/docs/zh/server/releasenotes/releasenotes/source_code.md b/docs/zh/server/releasenotes/releasenotes/source_code.md new file mode 100644 index 0000000000000000000000000000000000000000..d6fc6ff3afb3c8bf3d099e72a76d4c3587a0ff39 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/source_code.md @@ -0,0 +1,8 @@ +# 源代码 + +openEuler主要包含两个代码仓库: + +- 代码仓:[https://gitee.com/openeuler](https://gitee.com/openeuler) +- 软件包仓:[https://gitee.com/src-openeuler](https://gitee.com/src-openeuler) + +openEuler发布件同时也提供source iso,具体请参见“系统安装”的内容。 diff --git a/docs/zh/server/releasenotes/releasenotes/terms_of_use.md b/docs/zh/server/releasenotes/releasenotes/terms_of_use.md new file mode 100644 index 0000000000000000000000000000000000000000..e9af6a7a85f9a8c9540cb89c8b4fc089eec8adf1 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/terms_of_use.md @@ -0,0 +1,13 @@ +# 法律声明 + +**版权所有 © 2024 openEuler社区** + +您对“本文档”的复制、使用、修改及分发受知识共享\(Creative Commons\)署名—相同方式共享4.0国际公共许可协议\(以下简称“CC BY-SA 4.0”\)的约束。为了方便用户理解,您可以通过访问[https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/)了解CC BY-SA 4.0的概要 \(但不是替代\)。CC BY-SA 4.0的完整协议内容您可以访问如下网址获取:[https://creativecommons.org/licenses/by-sa/4.0/legalcode](https://creativecommons.org/licenses/by-sa/4.0/legalcode)。 + +**商标声明** + +文档中提及的商标或注册商标,由各自所有人拥有。对openEuler商标的使用,应当遵从[openEuler品牌使用规范](https://www.openeuler.org/zh/other/brand/)。 + +**免责声明** + +本文档仅作为使用指导,除非适用法强制规定或者双方有明确书面约定, openEuler社区对本文档中的所有陈述、信息和建议不做任何明示或默示的声明或保证,包括但不限于不侵权、时效性或满足特定目的的担保。 diff --git a/docs/zh/server/releasenotes/releasenotes/user_notice.md b/docs/zh/server/releasenotes/releasenotes/user_notice.md new file mode 100644 index 0000000000000000000000000000000000000000..1490add98610e003d485be3e02034d0680f86986 --- /dev/null +++ b/docs/zh/server/releasenotes/releasenotes/user_notice.md @@ -0,0 +1,5 @@ +# 用户须知 + +- openEuler版本号计数规则由openEuler x.x变更为以年月为版本号,以便用户了解版本发布时间,例如openEuler 21.03表示发布时间为2021年3月。 +- [Python核心团队](https://www.python.org/dev/peps/pep-0373/#update)已经于2020年1月停止对Python 2的维护。2021年,openEuler 21.03版本仅修复Python 2的致命CVE。 +- 从openEuler 22.03-LTS版本开始,停止支持和维护Python 2,仅支持Python 3,请您切换并使用Python 3。 diff --git a/docs/zh/server/security/cert_signature/_toc.yaml b/docs/zh/server/security/cert_signature/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a661dbbf71a1cc4698a7ad3807a03706539a8e30 --- /dev/null +++ b/docs/zh/server/security/cert_signature/_toc.yaml @@ -0,0 +1,10 @@ +label: 证书签名 +isManual: true +description: openEuler 签名平台提供签名服务,保护系统文件的完整性 +sections: + - label: 认识证书和签名 + href: ./overview_of_certificates_and_signatures.md + - label: 签名证书介绍 + href: ./introduction_to_signature_certificates.md + - label: 安全启动 + href: ./secure_boot.md diff --git a/docs/zh/server/security/cert_signature/figures/cert-tree.png b/docs/zh/server/security/cert_signature/figures/cert-tree.png new file mode 100644 index 0000000000000000000000000000000000000000..cfbea157cb7b7308d668196ca5b0b0386067fd9e Binary files /dev/null and b/docs/zh/server/security/cert_signature/figures/cert-tree.png differ diff --git a/docs/zh/server/security/cert_signature/figures/mokutil-db.png b/docs/zh/server/security/cert_signature/figures/mokutil-db.png new file mode 100644 index 0000000000000000000000000000000000000000..82dbe6e04cafe3e9ac039ba19acd5996d4cf2259 Binary files /dev/null and b/docs/zh/server/security/cert_signature/figures/mokutil-db.png differ diff --git a/docs/zh/server/security/cert_signature/figures/mokutil-sb-off.png b/docs/zh/server/security/cert_signature/figures/mokutil-sb-off.png new file mode 100644 index 0000000000000000000000000000000000000000..f3018c9fd0236e9c2cf560f0da3827ed2a877f6d Binary files /dev/null and b/docs/zh/server/security/cert_signature/figures/mokutil-sb-off.png differ diff --git a/docs/zh/server/security/cert_signature/figures/mokutil-sb-on.png b/docs/zh/server/security/cert_signature/figures/mokutil-sb-on.png new file mode 100644 index 0000000000000000000000000000000000000000..449b6774dc61a601cf884845fbd0be5d314108e1 Binary files /dev/null and b/docs/zh/server/security/cert_signature/figures/mokutil-sb-on.png differ diff --git a/docs/zh/server/security/cert_signature/figures/mokutil-sb-unsupport.png b/docs/zh/server/security/cert_signature/figures/mokutil-sb-unsupport.png new file mode 100644 index 0000000000000000000000000000000000000000..525c72f78b897ffaba0d356406ab9d9e64024d91 Binary files /dev/null and b/docs/zh/server/security/cert_signature/figures/mokutil-sb-unsupport.png differ diff --git a/docs/zh/server/security/cert_signature/introduction_to_signature_certificates.md b/docs/zh/server/security/cert_signature/introduction_to_signature_certificates.md new file mode 100644 index 0000000000000000000000000000000000000000..fb4bf823ac41655f9f2f7845d2501fbb87042ca1 --- /dev/null +++ b/docs/zh/server/security/cert_signature/introduction_to_signature_certificates.md @@ -0,0 +1,46 @@ +# 签名证书介绍 + +openEuler当前支持两种签名机制:openPGP和CMS,分别用于不同的文件类型: + +| 文件类型 | 签名类型 | 签名格式 | +| --------------- | ------------ | -------- | +| EFI文件 | authenticode | CMS | +| 内核模块文件 | modsig | CMS | +| IMA摘要列表文件 | modsig | CMS | +| RPM软件包 | RPM | openPGP | + +## openPGP证书签名 + +openEuler通过openPGP证书实现RPM软件包的签名,签名证书随操作系统镜像发布,用户可通过两种方式获取到当前openEuler版本所使用的证书: + +方法一:通过REPO源下载,以openEuler 24.03 LTS版本为例,可通过如下路径下载: + +``` +https://repo.openeuler.org/openEuler-24.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler +``` + +方法二:进入系统通过指定路径获取: + +``` +cat /etc/pki/rpm-gpg/RPM-GPG-KEY-openEuler +``` + +## CMS证书签名 + +openEuler签名平台采用三级证书链管理签名的私钥和证书: + +![](./figures/cert-tree.png) + +根据不同等级的证书分别具有不同的有效期,当前规划为: + +| 证书类型 | 有效期 | +| -------- | ------ | +| 根证书 | 30年 | +| 二级证书 | 10年 | +| 三级证书 | 3年 | + +openEuler根证书可通过社区证书中心下载: + +``` +https://www.openeuler.org/zh/security/certificate-center/ +``` diff --git a/docs/zh/server/security/cert_signature/overview_of_certificates_and_signatures.md b/docs/zh/server/security/cert_signature/overview_of_certificates_and_signatures.md new file mode 100644 index 0000000000000000000000000000000000000000..ddec74977c565a539c3d11af7f96e361c471bacf --- /dev/null +++ b/docs/zh/server/security/cert_signature/overview_of_certificates_and_signatures.md @@ -0,0 +1,29 @@ +# 认识证书和签名 + +## 概述 + +数字签名是保护操作系统完整性的重要技术。通过对系统关键组件添加签名,并在后续的组件启动加载、运行访问等流程中进行签名验证,可以有效检查组件的完整性,避免组件被篡改而导致的安全问题。业界已支持多种系统完整性保护机制,在系统运行的各个阶段对不同类型的组件进行完整性保护,典型的技术机制有: + +- 安全启动; +- 内核模块签名; +- IMA完整性度量架构; +- RPM签名验证。 + +上述完整性保护的安全机制都需要依赖签名(通常需要在组件发布阶段集成),而开源社区普遍存在缺乏签名私钥和证书管理机制,因此社区发布的操作系统发行版通常不提供默认签名,或仅使用构建阶段临时生成的私钥进行签名。往往需要用户或者下游OSV厂商进行二次签名后才可开启这些完整性保护安全机制,增加了安全功能的使用成本并降低了易用性。 + +## 解决方案 + +openEuler社区基础设施支持签名服务,通过签名平台统一管理签名私钥和证书,并与EulerMaker构建平台结合,实现在社区发行版的软件包构建过程中对关键文件进行自动签名。当前支持的文件类型有: + +- EFI文件; +- 内核模块文件; +- IMA摘要列表文件; +- RPM软件包。 + +## 约束限制 + +openEuler社区的签名服务功能存在如下约束限制: + +- 当前仅支持为openEuler社区官方发布分支进行签名,暂不支持对个人构建分支进行签名; +- 当前仅支持对OS安全启动相关的EFI文件进行签名,包括shim、grub、kernel文件; +- 当前仅支持对kernel软件包提供的内核模块文件进行签名。 diff --git a/docs/zh/server/security/cert_signature/secure_boot.md b/docs/zh/server/security/cert_signature/secure_boot.md new file mode 100644 index 0000000000000000000000000000000000000000..2d8d7481bb06c5e2ebb30d74942fb51ca200e3e2 --- /dev/null +++ b/docs/zh/server/security/cert_signature/secure_boot.md @@ -0,0 +1,75 @@ +# 安全启动 + +## 概述 + +安全启动(Secure Boot)就是利用公私钥对启动部件进行签名和验证。在启动过程中,前一个部件验证后一个部件的数字签名,如果能验证通过,则运行后一个部件;如果验证不通过,则暂停启动。通过安全启动可以保证系统启动过程中各个部件的完整性,防止没有经过认证的部件被加载运行,从而防止对系统及用户数据产生安全威胁。 + +安全启动涉及的验证组件: BIOS->shim->grub->vmlinuz(依次验签通过并加载),其中vmlinuz是内核镜像。 + +相关的EFI启动组件采用signcode方式进行签名。公钥证书由BIOS集成到签名数据库DB中,启动过程中BIOS对shim进行验证,shim和grub组件从BIOS的签名数据库DB中获取公钥证书并对下一级组件进行验证。 + +## 背景和解决方案 + +前期openEuler版本中,安全启动相关组件没有签名,无法直接使用安全启动功能保障系统组件的完整性。 + +从22.03-LTS-SP3版本开始,openEuler使用社区签名平台对OS侧的相关组件进行签名,包括grub和vmlinuz组件,并将社区签名根证书内嵌于shim组件中。 + +从24.03-LTS版本开始,openEuler提供了CFCA签名的安全启动组件。 + +## 使能安全启动 + +### 前置条件 + +- 已安装openEuler-22.03-LTS-SP3及以上版本(若使用CFCA安全启动,则需安装openEuler-24.03-LTS及以上版本) +- 配置openEuler-everything源 +- 系统配置为uefi启动方式 + +### 使用步骤 + +**步骤1:** 获取安全启动证书 + +如采用openEuler证书,则在如下网址获取:,进入“证书中心”目录下载。网页上根证书识别名称为“openEuler Shim Default CA”,default-x509ca.cert。 + +如采用CFCA官网获取根证书,则在如下网址获取:(当前证书暂未发布,如需使用,可联系openEuler安全委员会openeuler-security@openeuler.org) + +**步骤2:** 将获取的证书放置到/boot/efi/EFI目录: +``` +mv <证书文件> /boot/efi/EFI/ +``` + +**步骤3:** 安装shim-signed子包(若不使用CFCA签名的安全启动组件则跳过): +``` +yum install -y shim-signed +``` + +**步骤4:** 如使用openEuler签名的shim文件,则跳过该步骤;如使用CFCA的shim文件,则需要安装如下步骤备份以及替换: +``` +mv /boot/efi/EFI/openEuler/shimx64.efi /boot/efi/EFI/openEuler/shimx64_bck.efi +mv /boot/efi/EFI/BOOT/BOOTX64.EFI /boot/efi/EFI/BOOT/BOOTX64_bck.EFI +cp /boot/efi/EFI/BOOT/BOOTX64_CFCA.EFI /boot/efi/EFI/BOOT/BOOTX64.EFI +cp /boot/efi/EFI/BOOT/BOOTX64_CFCA.EFI /boot/efi/EFI/openEuler/shimx64.efi +``` + +**步骤5:** 将根证书导入BIOS的db证书库中,并在BIOS中开启安全启动开关,可实现安全启动功能。BIOS证书导入方法及安全启动开启方法可参考具体BIOS厂商提供的资料。 + +**步骤6:** 重启后,查看系统安全启动状态 +``` +mokutil --sb +``` +- SecureBoot disabled:安全启动关闭 + +![](./figures/mokutil-sb-off.png) + +- SecureBoot enabled:安全启动开启 + +![](./figures/mokutil-sb-on.png) + +- not supported:系统不支持安全启动 + +![](./figures/mokutil-sb-unsupport.png) + +## 约束限制 + +- **软件限制**:OS系统需要采用UEFI启动 +- **架构限制**:ARM/X86 +- **硬件约束**:需要BIOS支持安全启动相关校验功能 diff --git a/docs/zh/server/security/cve_ease/_toc.yaml b/docs/zh/server/security/cve_ease/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a47ef64180124a6000753b7b110bd72d29cc5305 --- /dev/null +++ b/docs/zh/server/security/cve_ease/_toc.yaml @@ -0,0 +1,8 @@ +label: CVE-ease设计指南 +isManual: true +description: 帮助用户快速应对系统漏洞 +sections: + - label: CVE-ease设计介绍 + href: ./cve_ease_design_introduction.md + - label: CVE-ease介绍和安装说明 + href: ./cve_ease_introduction_and_installation_instructions.md diff --git a/docs/zh/server/security/cve_ease/cve_ease_design_introduction.md b/docs/zh/server/security/cve_ease/cve_ease_design_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..dbfef5cbb1ee3c810077f1a5c08c51f1e64d19c4 --- /dev/null +++ b/docs/zh/server/security/cve_ease/cve_ease_design_introduction.md @@ -0,0 +1,33 @@ +# CVE-ease设计介绍 + +## 1.概述 + +CVE(通用漏洞披露)是关乎系统安全稳定的关键信息,因此对CVE信息的处理和管理就显得尤为重要。基于此,开发CVE-ease的CVE漏洞管理系统,以实现漏洞信息实时获取、管理和播报。 + +## 2.主要功能 + +CVE-ease主要有以下功能: + +* CVE信息获取和分析 +* CVE信息整理和存放 +* 历史CVE和实时CVE信息查看 +* CVE状态实时跟踪 +* CVE动态信息实时播报 + +## 3.模块功能 + +![](./figures/CVE-ease_desigin_table.png) + +### 3.1 CVE获取 + +当CVE-ease运行时,系统会按照特定时间间隔从CVE披露网站抓取CVE信息。抓取CVE信息前,需要对CVE数据库进行扫描。建立已有CVE编号的索引,并测试系统和各CVE平台是否连通。抓取过程中,首先抓取最新披露的CVE信息编号,再根据CVE编号抓取CVE描述等具体信息,如果信息正常抓取到,流程结束。否则重新执行抓取,直到抓取到。 + +### 3.2 CVE信息整理和存放 + +抓取到的CVE需要进行整理,按照特定的数据结构放入数据库,并计算特征值。如果爬取到的CVE编号不存在于数据库中,则直接放入漏洞数据库,如果存在,则对比特征值是否一致,不一致则根据差异对该条CVE内容进行更新。 + +### 3.3 历史CVE和实时CVE信息查看 + +在用户交互界面,可以通过交互指令查询特定的CVE信息。默认展示的是最新的前10条CVE信息,也可通过修改指令选项来查询特定范围的历史CVE信息(CVE分数,年份等)。 + +![](./figures/CVE-ease_function.png) \ No newline at end of file diff --git a/docs/zh/server/security/cve_ease/cve_ease_introduction_and_installation_instructions.md b/docs/zh/server/security/cve_ease/cve_ease_introduction_and_installation_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..b1347d0cebc7f1a9d907088fb7a9d9cf386684ff --- /dev/null +++ b/docs/zh/server/security/cve_ease/cve_ease_introduction_and_installation_instructions.md @@ -0,0 +1,567 @@ +# CVE-ease project + +## 项目介绍 + +CVE-ease +是一个专注于CVE信息的平台,它搜集了社区发布的各种CVE信息,并通过邮件、微信、钉钉等多种渠道及时通知用户。用户可以通过CVE-ease平台查看CVE信息的详细内容,包括漏洞描述、影响范围、修复建议等,并根据自己的系统情况选择合适的修复方案。 + +CVE-ease 平台旨在帮助用户快速了解和应对系统中存在的漏洞,提高系统安全性和稳定性。 + +CVE-ease 是**天翼云自主创新项目**,它已经在欧拉社区开放源码,严格遵循**Mulan PSL2**开源规范,期待社区的朋友们加入项目开发,共同打造一个安全、稳定、可靠的国产操作系统生态。 + +开源说明: + +* 本仓库**严格**遵循 [木兰宽松许可证, 第2版](http://license.coscl.org.cn/MulanPSL2)。 +* **本仓库严格遵守 天翼云科技有限公司 开源规范,经过严格的审核和准备,提交优质开源项目,相关的文档和资料都皆以齐备**。 +* 本仓库由公司指派专人负责,**LTS长期跟进维护**,持续孵化产出。 + +## 软件架构 + +CVE-ease是一个专注于CVE信息的平台,它的架构主要由四个模块组成,分别是CVE爬虫、CVE分析器、CVE通知器和CVE前端。下面我们分别介绍这四个模块的功能和设计。 + +* CVE爬虫 + +这个模块负责从openEuler社区提供的各个CVE数据源抓取CVE信息,并将其存储到MySQL等关系型数据库中。这些关键信息主要来源于cve-manager项目。目前,cve-manager支持从以下数据源获取CVE信息:NVD、CNNVD、CNVD、RedHat、Ubuntu、Debian等。CVE-ease使用Python编写了多个爬虫脚本,每个脚本对应一个数据源,可以定时或手动运行。爬虫脚本会将抓取到的原始CVE信息格式化后持久化存储,以便后续的分析和处理。 + +* CVE分析器 + +这个模块负责对CVE信息进行解析、归类、评分等操作。CVE-ease使用Python编写了一个分析器脚本,它会定期从关系型数据库中读取原始CVE信息,并进行以下操作:解析CVE信息的基本属性(如编号、标题、描述等)、归类CVE信息的影响范围(如操作系统、软件包等)、评分CVE信息的危害程度(如CVSS评分等)、匹配CVE信息的修复建议(如补丁链接等)。分析器脚本会将处理后的结构化CVE信息以SQL格式持久化到数据库中,以便后续的查询和展示。 + +* CVE通知器 + +这个模块负责根据用户的订阅配置,通过邮件、微信、钉钉等方式发送CVE通知给用户。CVE-ease使用Python编写了一个通知器脚本,它会定期从MySQL数据库中读取结构化CVE信息,并进行以下操作:过滤出用户关注的影响范围(如操作系统、软件包等)、生成适合不同渠道的通知内容(如文本、图片等)、调用不同渠道的API发送通知给用户(如SMTP协议发送邮件、HTTP协议发送微信或钉钉消息等)。通知器脚本会记录发送结果和反馈情况,并更新MySQL数据库中的订阅状态。 + +* CVE前端 + +这个模块负责提供一个友好的cli终端命令,让用户可以查看、搜索、订阅CVE信息。 + +CVE-ease的架构设计旨在实现高效、灵活、可扩展的CVE信息平台,为用户提供及时准确地安全漏洞情报服务。 + +## 研发规划 + +1. repodata 适配多厂家 OSV( Operating System Software Provider ) +2. motd 登录播报功能 +3. dnf 插件扩展修复功能 +4. 自动修复特定包功能 +5. 增加特定包感知功能 +6. ... + +**我们非常欢迎您对 CVE-ease 研发方向的宝贵意见,如果您有任何想法或建议,请不要犹豫,尽情地与我们分享,我们将十分感激~** + +## 安装教程 + +目前CVE-ease处于快速迭代研发阶段,支持的安装方式有,直接安装,容器安装,rpm包安装。 + +### 直接安装 + +```shell +git clone https://gitee.com/openeuler/cve-ease cve-ease.git +cd cve-ease.git/cve-ease +make install +``` + +### 容器安装 + +```shell +git clone https://gitee.com/openeuler/cve-ease cve-ease.git +cd cve-ease.git/cve-ease +make run-in-docker +``` + +### rpm包安装 + +```shell +git clone https://gitee.com/openeuler/cve-ease cve-ease.git +cd cve-ease.git/cve-ease +make gensrpm +cd .. +rpm -ivh *.src.rpm +cd ~/rpmbuild +rpmbuild -ba SPECS/cve-ease.spec +cd RPMS/noarch +rpm -ivh *.rpm +``` + +## 使用说明 + +### 帮助信息 + +* cve-ease命令不带任何参数,则显示帮助信息。 +* cve-ease子命令有多个,按类别分为basic、info、notifier。 +* help子命令用于显示不同类别命令帮助信息。 + +```shell +# cve-ease + +Available commands: + +basic commands: + config Print cve-ease config + daemon Run as daemon without interactive + motd Motd info manager + service Service manager + +info commands: + cve OpenEuler CVE info + cvrf OpenEuler CVRF info + db Database manager + help List available commands + logger Logger config + repodata Repodata info + rpm Rpm info + sa OpenEuler security notice info + +notifier commands: + dingding Notifier of dingding + feishu Notifier of feishu + mail163 Notifier of mail163 + mailqq Notifier of mailqq + wecom Notifier of wecom + +Try "cve-ease --help" for help about global gconfig +Try "cve-ease help" to get all available commands +Try "cve-ease --help" for help about the gconfig of a particular command +Try "cve-ease help " to get commands under a particular category +Available commands are: basic, info, notifier + +# cve-ease help info +Available commands: + +info commands: + cve OpenEuler CVE info + cvrf OpenEuler CVRF info + db Database manager + help List available commands + logger Logger config + repodata Repodata info + rpm Rpm info + sa OpenEuler security notice info + +Try "cve-ease --help" for help about global gconfig +Try "cve-ease help" to get all available commands +Try "cve-ease --help" for help about the gconfig of a particular command +Try "cve-ease help " to get commands under a particular category +Available commands are: basic, info, notifier +``` + +### 配置文件 + +配置文件位于 ```/etc/cve-ease/cve-ease.cfg```: + +``` +[main] +pid_file_path = /var/log/cve-ease/cve-ease.pid +lock_file_path = /var/log/cve-ease/cve-ease.lock + +# log configuration + +# debug/ error(default) / warn +log_level = debug +log_file_path = /var/log/cve-ease/cve-ease.log +log_maxbytes = 10240 +log_backup_num = 30 + +# sql configuration +db_type = sqlite +db_file_path = /usr/share/cve-ease/cve-ease.db +db_user = +db_password = +db_host = +db_port = +product = openEuler-{version} +expiration_days = 14 + +# notifier +notifier_record_num = 9 + +# filter +focus_on = kernel,systemd,openssh,openssl + +[wecom] +enabled = 1 +# https://developer.work.weixin.qq.com/document/path/91770?version=4.0.19.6020&platform=win +# https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=fe9eae1f-xxxx-4ae3-xxxx-ecf9f77abba6 + +update_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3 +status_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3 + + +[dingding] +enabled = 1 +# just for test +update_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb +status_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb + + +[feishu] +enabled = 1 +# just for test +update_key = 5575739b-f59d-48db-b737-63672b2c32ab +status_key = 5575739b-f59d-48db-b737-63672b2c32ab + + +[mail163] +enabled = 0 +mail_sender = xxxxxxx@163.com +mail_recver = xxxxxxx@163.com +mail_smtp_token = xxxxxx + + +[mailqq] +enabled = 0 +mail_sender = xxxxxxx@qq.com +mail_recver = xxxxxxx@qq.com +mail_smtp_token = xxxxxxxx +``` + +### CVE-ease服务 + +CVE-ease服务包含 cve-ease.service 和 cve-ease.timer 两个文件,基于systemd timer机制实现周期周期执行。 + +``` +# /usr/lib/systemd/system/cve-ease.timer +# CTyunOS cve-ease: MulanPSL2 +# +# This file is part of cve-ease. +# + +[Unit] +Description=CTyunOS cve-ease Project +Documentation=https://gitee.com/openeuler/cve-ease + +[Timer] +OnBootSec=1m +OnUnitActiveSec=10m +RandomizedDelaySec=10 + +[Install] +WantedBy=timers.target +``` + +``` +# systemctl enable --now cve-ease.timer +Created symlink /etc/systemd/system/timers.target.wants/cve-ease.timer → /usr/lib/systemd/system/cve-ease.timer. +# systemctl status cve-ease.timer +● cve-ease.timer - CTyunOS cve-ease Project + Loaded: loaded (/usr/lib/systemd/system/cve-ease.timer; enabled; vendor preset: disabled) + Active: active (waiting) since Sat 2023-03-18 17:55:53 CST; 5s ago + Trigger: Sat 2023-03-18 18:05:55 CST; 9min left + Docs: https://gitee.com/openeuler/cve-ease + +Mar 18 17:55:53 56d941221b41 systemd[1]: Started CTyunOS cve-ease Project. +# systemctl status cve-ease.service +● cve-ease.service - CTyunOS cve-ease project + Loaded: loaded (/usr/lib/systemd/system/cve-ease.service; disabled; vendor preset: disabled) + Active: inactive (dead) since Sat 2023-03-18 17:55:56 CST; 5s ago + Docs: https://gitee.com/openeuler/cve-ease + Process: 196 ExecStart=/usr/bin/cve-ease daemon (code=exited, status=0/SUCCESS) + Main PID: 196 (code=exited, status=0/SUCCESS) + +Mar 18 17:55:53 56d941221b41 systemd[1]: Starting CTyunOS cve-ease project... +Mar 18 17:55:56 56d941221b41 systemd[1]: cve-ease.service: Succeeded. +Mar 18 17:55:56 56d941221b41 systemd[1]: Started CTyunOS cve-ease project. +``` + +### basic基础命令 + +#### config配置相关子命令 + +``` +Usage: cve-ease config +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -r, --rawdata print raw config file content +``` + +```shell +cve-ease config # 显示配置文件路径及有效配置 +cve-ease config -r # 显示配置文件路径及裸数据 +``` + +#### daemon服务 + +* daemon命令用户systemd service服务入口,一般不直接执行。 +* 该服务由对应cve-ease 的systemd timer服务定时执行。 + +``` +# /usr/lib/systemd/system/cve-ease.service +# CTyunOS cve-ease: MulanPSL2 +# +# This file is part of cve-ease. +# + +[Unit] +Description=CTyunOS cve-ease project +Documentation=https://gitee.com/openeuler/cve-ease + +[Service] +Type=oneshot +ExecStart=/usr/bin/cve-ease daemon + +[Install] +WantedBy=multi-user.target +``` + +#### motd更新通知相关子命令 + +* TODO 待实现。 + +#### service相关子命令 + +CVE-ease服务的相关控制命令: + +``` +Usage: cve-ease service +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -k, --kill kill cve-ease service + -r, --restart restart cve-ease service + -s, --status get cve-ease service status + -v, --verbose show verbose output +``` + +``` +cve-ease service -k # 暂停cve-ease服务 +cve-ease service -r # 重启cve-ease服务 +cve-ease service -s # 查看cve-ease服务状态 +``` + +### info信息类别命令 + +#### cve子命令 + +爬取openEuler社区CVE公告信息,地址: [openEuler 官方CVE公告](https://www.openeuler.org/zh/security/cve/) + +```shell +Usage: cve-ease cve +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -r, --rawdata get cve cache and print raw data without write db + -m, --makecache get cve cache + -l, --list list all cve info + -t, --total get cve info statistics + -v, --verbose show verbose output +``` + +```shell +cve-ease cve -m # 爬取 CVE 信息并写入数据库 +cve-ease cve -l # 从数据库获取并格式化显示 CVE 信息 +cve-ease cve -t # 从数据库获取并显示 CVE 统计信息 +cve-ease cve -r # 爬取 CVE 信息并显示裸数据(未写入数据库) +``` + +#### sa子命令 + +爬取openEuler社区安全公告信息,地址: [openEuler 官方CVE公告](https://www.openeuler.org/zh/security/safety-bulletin/) + +```shell +Usage: cve-ease sa +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -r, --rawdata get sa cache and print raw data without write db + -m, --makecache get sa cache + -l, --list list all sa info + -t, --total get sa info statistics + -v, --verbose show verbose output +``` + +```shell +cve-ease sa -m # 爬取 SA 信息并写入数据库 +cve-ease sa -l # 从数据库获取并格式化显示 SA 信息 +cve-ease sa -t # 从数据库获取并显示 SA 统计信息 +cve-ease sa -r # 爬取 SA 信息并显示裸数据(未写入数据库) +``` + +#### cvrf子命令 + +安全公告相关: + +```shell +cve-ease cvrf -m # 爬取 CVRF 信息并写入数据库 +cve-ease cvrf -l # 从数据库获取并格式化显示 CVRF 信息 +cve-ease cvrf -t # 从数据库获取并显示 CVRF 统计信息 +``` + +#### rpm子命令 + +``` +Usage: cve-ease rpm +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -l, --list list all rpm info + -v, --verbose show verbose output +``` + +``` +cve-ease rpm -l # 调用rpm接口列出当前系统中已安装的rpm包信息 +``` + +#### repodata子命令 + +``` +Usage: cve-ease repodata +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -m, --makecache cache repodata to database + -p PRODUCT, --product=PRODUCT + specific product (work with --check) + --osv=OSV specific osv rpm release + -t, --total get total rpm statistics + -l, --list list all rpm + -c, --check check repo cve + -v, --verbose show verbose output +``` + +``` +cve-ease repodata -p ctyunos2 -m # 选定ctyunos2作为OSV版本,缓存ctyunos2的源数据,写入数据库 +cve-ease repodata --osv ctyunos2 -p openEuler-23.09 -c # ctyunos2的源于openEuler源做比对 +cve-ease repodata -l # 列出数据库中包含的包信息 +cve-ease repodata -t # 获取数据库中源包的统计信息 +``` + +#### logger子命令 + +``` +Usage: cve-ease logger +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -l, --list list all logger info + -t, --total get logger statistics + -v, --verbose show verbose output +``` + +#### db子命令 + +``` +Usage: cve-ease db +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -p, --purge purge db and recreate it (Danger Operation) + -s, --stats get database statistics + -v, --verbose show verbose output +``` + +### notifier消息通知类命令 + +#### wecom企业微信群聊机器人 + +```shell +Usage: cve-ease wecom +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +``` +cve-ease wecom -t # 发送测试消息到企业微信群 +cve-ease wecom -t -c 'helloworld' # 发送自定义测试消息到企业微信群 +``` + +#### dingding钉钉群聊机器人 + +```shell +Usage: cve-ease dingding +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +``` +cve-ease dingding -t # 发送测试消息到钉钉群 +cve-ease dingding -t -c 'helloworld' # 发送自定义测试消息到钉钉群 +``` + +#### feishu飞书群聊机器人 + +```shell +Usage: cve-ease feishu +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +``` +cve-ease feishu -t # 发送测试消息到飞书群 +cve-ease feishu -t -c 'helloworld' # 发送自定义测试消息到飞书群 +``` + +#### mail163邮箱 + +```shell +Usage: cve-ease mail163 +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +``` +cve-ease mail163 -t # 发送测试消息到163邮箱 +cve-ease mail163 -t -c 'helloworld' # 发送自定义测试消息到163邮箱 +``` + +#### mailqq邮箱 + +```shell +Usage: cve-ease mailqq +(Specify the --help global option for a list of other help options) + +Options: + -h, --help show this help message and exit + -t, --test run test + -v, --verbose show verbose output + -c CONTENT, --content=CONTENT + show verbose output +``` + +``` +cve-ease mailqq -t # 发送测试消息到QQ邮箱 +cve-ease mailqq -t -c 'helloworld' # 发送自定义测试消息到QQ邮箱 +``` + +## 如何参与贡献 + +1. Fork 本仓库。 +2. 当前快速迭代期间,仅 master 分支,因此您只需在 master 做变更后提交。 +3. 创建 pr ,描述清楚 pr 的具体功能、作用,并提供相关测试用例。 +4. 通知仓库 maintainer 审核 pr。 + +## 核心研发人员及联系方式 + +* 游益锋 - [Gitee私信](https://gitee.com/youyifeng) +* 吴开顺 - [Gitee私信](https://gitee.com/wuzimo) diff --git a/docs/zh/server/security/cve_ease/figures/CVE-ease_desigin_table.png b/docs/zh/server/security/cve_ease/figures/CVE-ease_desigin_table.png new file mode 100644 index 0000000000000000000000000000000000000000..8164b9a10207a376200a162ec153b536a1d32e22 Binary files /dev/null and b/docs/zh/server/security/cve_ease/figures/CVE-ease_desigin_table.png differ diff --git a/docs/zh/server/security/cve_ease/figures/CVE-ease_function.png b/docs/zh/server/security/cve_ease/figures/CVE-ease_function.png new file mode 100644 index 0000000000000000000000000000000000000000..b645dc750378127ca11b49720deba12569a884bc Binary files /dev/null and b/docs/zh/server/security/cve_ease/figures/CVE-ease_function.png differ diff --git a/docs/zh/server/security/secharden/_toc.yaml b/docs/zh/server/security/secharden/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9c0a77dd69944bbf177a9c0359cd2eb0a9f5ec48 --- /dev/null +++ b/docs/zh/server/security/secharden/_toc.yaml @@ -0,0 +1,29 @@ +label: 安全加固指南 +isManual: true +description: 指导用户进行安全加固 +sections: + - label: 操作系统加固概述 + href: ./os_hardening_overview.md + - label: 安全配置说明 + href: ./security_configuration_benchmark.md + - label: 加固指导 + href: ./secharden.md + sections: + - label: 帐户口令 + href: ./account_passwords.md + - label: 授权认证 + href: ./authentication_and_authorization.md + - label: 系统服务 + href: ./system_services.md + - label: 文件权限 + href: ./file_permissions.md + - label: 内核参数 + href: ./kernel_parameters.md + - label: SELinux配置 + href: ./selinux_configuration.md + - label: 安全加固工具 + href: ./security_hardening_tools.md + - label: 附录 + href: ./appendix.md + - label: 安全配置加固工具 + href: ./security_configuration_hardening_tool.md diff --git a/docs/zh/server/security/secharden/account_passwords.md b/docs/zh/server/security/secharden/account_passwords.md new file mode 100644 index 0000000000000000000000000000000000000000..032fdbf17faea1d7b86f3c8f4db79fdf47151c57 --- /dev/null +++ b/docs/zh/server/security/secharden/account_passwords.md @@ -0,0 +1,320 @@ +# 帐户口令 + +## 屏蔽系统帐户 + +### 说明 + +除了用户帐户外,其他帐号称为系统帐户。系统帐户仅系统内部使用,禁止用于登录系统或其他操作,因此屏蔽系统帐户。 + +### 实现 + +将系统帐户的Shell修改为/sbin/nologin。 + +``` +usermod -L -s /sbin/nologin $systemaccount +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> $systemaccount 指系统帐户。 + +## 限制使用su命令的帐户 + +### 说明 + +su命令用于在不同帐户之间切换。为了增强系统安全性,有必要对su命令的使用权进行控制,只允许root和wheel群组的帐户使用su命令,限制其他帐户使用。 + +### 实现 + +su命令的使用控制通过修改/etc/pam.d/su文件实现,配置如下: + +``` +auth required pam_wheel.so use_uid +``` + +**表 1** pam\_wheel.so配置项说明 + + + + + + + + + + +

配置项

+

说明

+

use_uid

+

基于当前帐户的uid。

+
+ +## 设置口令复杂度 + +### 说明 + +用户可以通过修改对应配置文件设置口令的复杂度要求,建议用户根据实际情况设置口令复杂度。 + +### 实现 + +口令复杂度通过/etc/pam.d/password-auth和/etc/pam.d/system-auth文件中的pam\_pwquality.so和pam\_pwhistory.so模块实现。用户可以通过修改这两个模块中的配置项修改口令复杂度。 + +### 设置举例 + +这里给出一个配置口令复杂度的例子,供用户参考。 + +**密码复杂度要求** + +1. 口令长度至少8个字符。 +2. 口令必须包含如下至少3种字符的组合: + + -至少一个小写字母 + + -至少一个大写字母 + + -至少一个数字 + + -至少一个特殊字符:\`\~!@\#$%^&\*\(\)-\_=+\\|\[\{\}\];:'",<.\>/?和空格 + +3. 口令不能和帐号或者帐号的倒写一样。 +4. 不能修改为过去5次使用过的旧口令。 + +**配置实现** + +在/etc/pam.d/password-auth和/etc/pam.d/system-auth文件中password配置项的前两行添加如下配置内容: + +``` +password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root try_first_pass local_users_only retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0 +password required pam_pwhistory.so use_authtok remember=5 enforce_for_root +``` + +**配置项说明** + +pam\_pwquality.so和pam\_pwhistory.so的配置项请分别参见[表2](#table201221044172117)和[表3](#table1212544452120)。 + +**表 2** pam\_pwquality.so配置项说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

配置项

+

说明

+

minlen=8

+

口令长度至少包含8个字符

+

minclass=3

+

口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种

+

ucredit=0

+

口令包含任意个大写字母

+

lcredit=0

+

口令包含任意个小写字母

+

dcredit=0

+

口令包含任意个数字

+

ocredit=0

+

口令包含任意个特殊字符

+

retry=3

+

每次修改最多可以尝试3次

+

enforce_for_root

+

本设置对root帐户同样有效

+
+ +**表 3** pam\_pwhistory.so配置项说明 + + + + + + + + + + + + + +

配置项

+

说明

+

remember=5

+

口令不能修改为过去5次使用过的旧口令

+

enforce_for_root

+

本设置对root帐户同样有效

+
+ +## 设置口令有效期 + +### 说明 + +出于系统安全性考虑,建议设置口令有效期限,且口令到期前通知用户更改口令。 + +### 实现 + +口令有效期的设置通过修改/etc/login.defs文件实现,加固项如[表7](#zh-cn_topic_0152100281_t77b5d0753721450c81911c18b74e82eb)所示。表中所有的加固项都在文件/etc/login.defs中。表中字段直接通过修改配置文件完成。 + +**表 4** login.defs配置项说明所示 + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

建议加固

+

openEuler默认是否已加固为建议值

+

PASS_MAX_DAYS

+

口令最大有效期

+

90

+

+

PASS_MIN_DAYS

+

两次修改口令的最小间隔时间

+

0

+

+

PASS_WARN_AGE

+

口令过期前开始提示天数

+

7

+

+
+ +>![](./public_sys-resources/icon-note.gif) **说明:** +>login.defs是设置用户帐号限制的文件,可配置口令的最大过期天数、最大长度约束等。该文件里的配置对root用户无效。如果/etc/shadow文件里有相同的选项,则以/etc/shadow配置为准,即/etc/shadow的配置优先级高于/etc/login.defs。口令过期后用户重新登录时,提示口令过期并强制要求修改,不修改则无法进入系统。 + +## 设置口令的加密算法 + +### 说明 + +出于系统安全考虑,口令不允许明文存储在系统中,应该加密保护。在不需要还原口令的场景,必须使用不可逆算法加密。设置口令的加密算法为sha512,openEuler默认已设置。通过上述设置可以有效防范口令泄露,保证口令安全。 + +### 实现 + +口令的加密算法设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,添加如下配置: + +``` +password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok +``` + +**表 5** pam\_unix.so配置项说明 + + + + + + + + + + +

配置项

+

说明

+

sha512

+

使用sha512算法对口令加密。

+
+ +## 登录失败超过三次后锁定 + +### 说明 + +为了保障用户系统的安全,建议用户设置口令出错次数的阈值(建议3次),以及由于口令出错次数超过阈值,导致账户被锁定的自动解锁时间(建议300秒)。 + +用户锁定期间,任何输入被判定为无效,锁定时间不因用户的再次输入而重新计时;解锁后,用户的错误输入记录被清空。通过上述设置可以有效防范口令被暴力破解,增强系统的安全性。 + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> openEuler默认口令出错次数的阈值为3次,系统被锁定后自动解锁时间为60秒。 + +### 实现 + +口令复杂度的设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,设置口令的最大出错次数为3次,系统锁定后的解锁时间为300秒的配置如下: + +```text +auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=300 +auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=300 +auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=300 +``` + +**表 6** pam\_faillock.so配置项说明 + + + + + + + + + + + + + + + + + + + +

配置项

+

说明

+

authfail

+

捕获用户登录失败的事件。

+

deny=3

+

用户连续登录失败次数超过3次即被锁定。

+

unlock_time=300

+

普通用户自动解锁时间为300秒(即5分钟)。

+

even_deny_root

+

同样限制root帐户。

+
+ +## 加固su命令 + +### 说明 + +为了增强系统安全性,防止使用“su”切换用户时将当前用户环境变量带入其他环境,openEuler默认已做配置。总是在使用su切换用户时初始化PATH。 + +### 实现 + +通过修改/etc/login.defs实现,配置如下: + +``` +ALWAYS_SET_PATH=yes +``` diff --git a/docs/zh/server/security/secharden/appendix.md b/docs/zh/server/security/secharden/appendix.md new file mode 100644 index 0000000000000000000000000000000000000000..777aca0869a9a155e9366724c4037f06ce9f74a9 --- /dev/null +++ b/docs/zh/server/security/secharden/appendix.md @@ -0,0 +1,27 @@ +# 附录 + +介绍文件权限的含义和umask值的含义。 + +## 文件和目录权限含义 + +Linux系统中文件和目录权限用于限定谁能通过何种方式对文件和目录进行访问和操作。文件和目录的访问权限分为只读,只写和可执行三种。 + +有三种不同类型的用户可对文件和目录进行访问: + +- 文件所有者:文件的创建者。 +- 同组用户:与文件所有者在同一个属组的用户。 +- 其他用户:与文件所有者不在同一个属组的用户。 + +文件和目录的权限含义通过以下例子说明: + +假设/usr/src的权限为755,将每位数字转化为二进制后为:111101101,含义如下: + +- 左侧三个bit位111表示文件所有者的权限依次为:可读、可写、可执行。 +- 中间三个bit位101表示同组用户的权限依次为:可读、不可写、可执行。 +- 右侧三个bit位101表示其他用户的权限依次为:可读、不可写、可执行。 + +## umask值含义 + +当用户新创建文件或目录时,该文件或目录具有一个缺省权限。该缺省权限由umask值来指定。 + +umask值代表的是权限的“补码”,即用缺省最大权限值减去umask值得到实际权限值。文件的缺省最大权限为可读可写,目录的缺省最大权限为可读可写可执行。即一个文件的实际缺省权限为666减去umask值。目录的实际缺省权限为777减去umask值。 diff --git a/docs/zh/server/security/secharden/authentication_and_authorization.md b/docs/zh/server/security/secharden/authentication_and_authorization.md new file mode 100644 index 0000000000000000000000000000000000000000..607d8f8487fd5c5b468edced8ce7110f9af099c0 --- /dev/null +++ b/docs/zh/server/security/secharden/authentication_and_authorization.md @@ -0,0 +1,145 @@ +# 授权认证 + +## 设置网络远程登录的警告信息 + +### 说明 + +设置网络远程登录的警告信息,用于在登录进入系统之前向用户提示警告信息,明示非法侵入系统可能受到的惩罚,吓阻潜在的攻击者。同时也可以隐藏系统架构及其他系统信息,避免招致对系统的目标性攻击。 + +### 实现 + +该设置可以通过修改/etc/issue.net文件的内容实现。将/etc/issue.net文件原有内容替换为如下信息(openEuler默认已设置): + +```text +Authorized users only. All activities may be monitored and reported. +``` + +## 禁止通过Ctrl+Alt+Del重启系统 + +### 说明 + +操作系统默认能够通过“Ctrl+Alt+Del”进行重启,建议禁止该项特性,防止因为误操作而导致数据丢失。 + +### 实现 + +禁止通过“Ctrl+Alt+Del”重启系统的操作步骤如下: + +1. 删除两个ctrl-alt-del.target文件,参考命令如下: + + ```shell + rm -f /etc/systemd/system/ctrl-alt-del.target + rm -f /usr/lib/systemd/system/ctrl-alt-del.target + ``` + +2. 修改/etc/systemd/system.conf文件,将\#CtrlAltDelBurstAction=reboot-force修改为CtrlAltDelBurstAction=none。 +3. 重启systemd,使修改生效,参考命令如下: + (注:使用 systemctl daemon-reexec 命令可能会导致短暂的系统服务不可用或重启,并且必须具有 root 或具有 sudo 权限的用户才能执行这个操作) + + ```shell + systemctl daemon-reexec + ``` + +## 设置终端的自动退出时间 + +### 说明 + +无人看管的终端容易被侦听或被攻击,可能会危及系统安全。因此建议设置终端在停止运行一段时间后能够自动退出。 + +### 实现 + +自动退出时间由/etc/profile文件的TMOUT字段(单位为秒)控制,在/etc/profile的尾部添加如下配置: + +```shell +export TMOUT=300 +``` + +## 设置用户的默认umask值为077 + +### 说明 + +umask值用于为用户新创建的文件和目录设置缺省权限。如果umask的值设置过小,会使群组用户或其他用户的权限过大,给系统带来安全威胁。因此设置所有用户默认的umask值为0077,即用户创建的目录默认权限为700,文件的默认权限为600。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见"附录 > umask值含义"。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler默认已设置用户的默认umask值为022。 + +### 实现 + +1. 分别在/etc/bashrc文件和/etc/profile.d/目录下的所有文件中加入“umask 0077”。 + + ```shell + echo "umask 0077" >> $FILE + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >_$FILE_ 为具体的文件名,例如:echo "umask 0077" \>\> /etc/bashrc + +2. 设置/etc/bashrc文件和/etc/profile.d/目录下所有文件的属主为root,群组为root。 + + ```shell + chown root.root $FILE + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >_$FILE_ 为具体的文件名,例如:chown root.root /etc/bashrc + +## 设置GRUB2加密口令 + +### 说明 + +GRUB是GRand Unified Bootloader的缩写,它是一个操作系统启动管理器,用来引导不同系统(如Windows、Linux),GRUB2是GRUB的升级版。 + +系统启动时,可以通过GRUB2界面修改系统的启动参数。为了确保系统的启动参数不被任意修改,需要对GRUB2界面进行加密,仅在输入正确的GRUB2口令时才能修改启动参数。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>GRUB2默认设置的口令为openEuler\#12,建议用户首次登录时修改默认密码并定期更新,避免密码泄露后,启动选项被篡改,导致系统启动异常。 + +### 实现 + +1. 使用grub2-mkpasswd-pbkdf2命令生成加密的口令: + + >![](./public_sys-resources/icon-note.gif) **说明:** + >GRUB2加密算法使用PBKDF2。 + + ```shell + # grub2-mkpasswd-pbkdf2 + Enter password: + Reenter password: + PBKDF2 hash of your password is + grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >在Enter password和Reenter password输入相同的口令。 + >grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08为openEuler\#12经过grub2-mkpasswd-pbkdf2加密后的输出,每次输出的密文不同。 + +2. 使用vi工具打开/boot/efi/EFI/openEuler/grub.cfg文件(不同模式下grub.cfg文件所在路径不同,详见说明),并在开头位置追加如下字段: + + ```text + set superusers="root" + password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >- 不同模式下grub.cfg文件所在路径不同:x86架构的UEFI模式下路径为/boot/efi/EFI/openEuler/grub.cfg,legacy BIOS模式下路径为/boot/grub2/grub.cfg;aarch64架构下路径为/boot/efi/EFI/openEuler/grub.cfg。 + >- superusers字段用于设置GRUB2的超级管理员的帐户名。 + >- password\_pbkdf2字段后的参数,第1个参数为GRUB2的帐户名,第2个为该帐户的加密口令。 + +## 安全单用户模式 + +### 说明 + +单用户模式是以root权限进入系统,如不设置密码,将存在较大安全隐患。 + +### 实现 + +该设置可以通过修改/etc/sysconfig/init文件内容实现。将SINGLE选项配置为SINGLE=/sbin/sulogin。 + +## 禁止交互式启动 + +### 说明 + +使用交互式引导,控制台用户可以禁用审计、防火墙或其他服务,削弱了系统安全性。用户可以禁止使用交互式引导,提升安全性。openEuler默认已禁止。 + +### 实现 + +该设置可以通过修改/etc/sysconfig/init文件内容实现。将PROMPT选项配置为PROMPT=no。 diff --git a/docs/zh/server/security/secharden/figures/zh-cn_image_0221925211.png b/docs/zh/server/security/secharden/figures/zh-cn_image_0221925211.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/server/security/secharden/figures/zh-cn_image_0221925211.png differ diff --git a/docs/zh/server/security/secharden/figures/zh-cn_image_0221925212.png b/docs/zh/server/security/secharden/figures/zh-cn_image_0221925212.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/server/security/secharden/figures/zh-cn_image_0221925212.png differ diff --git a/docs/zh/server/security/secharden/file_permissions.md b/docs/zh/server/security/secharden/file_permissions.md new file mode 100644 index 0000000000000000000000000000000000000000..62d889fb73050618b7e4eb63e76de8608e625b39 --- /dev/null +++ b/docs/zh/server/security/secharden/file_permissions.md @@ -0,0 +1,222 @@ +# 文件权限 + +## 设置文件的权限和属主 + +### 说明 + +Linux将所有对象都当作文件来处理,即使一个目录也被看作是包含有多个其他文件的大文件。因此,Linux中最重要的就是文件和目录的安全性。文件和目录的安全性主要通过权限和属主来保证。 + +openEuler默认对系统中的常用目录、可执行文件和配置文件设置了权限和属主。 + +### 实现 + +以/bin目录为例,修改文件权限和文件属主的操作如下: + +- 修改文件权限。例如将/bin目录权限设置为755。 + + ``` + chmod 755 /bin + ``` + +- 修改文件属主。例如将/bin目录的拥有者和群组设置为root:root。 + + ``` + chown root:root /bin + ``` + +## 删除无主文件 + +### 说明 + +系统管理员在删除用户/群组时,存在着忘记删除该用户/该群组所拥有文件的问题。如果后续新创建的用户/群组与被删除的用户/群组同名,则新用户/新群组会拥有部分不属于其权限的文件,建议将此类文件删除。 + +### 实现 + +删除用户ID不存在的文件 + +1. 查找用户ID不存在的文件。 + + ``` + find / -nouser + ``` + +2. 删除查找到的文件。其中 filename 为用户ID不存在文件的文件名。 + + ``` + rm -f filename + ``` + +删除群组ID不存在的文件 + +1. 查找群组ID不存在的文件。 + + ``` + find / -nogroup + ``` + +2. 删除查找到的文件。其中 filename 为群组ID不存在文件的文件名。 + + ``` + rm -f filename + ``` + +## 处理空链接文件 + +### 说明 + +无指向的空链接文件,可能会被恶意用户利用,影响系统安全性。建议用户删除无效的空链接文件,提高系统安全性。 + +### 特殊场景 + +openEuler系统安装完成后,可能存在空链接文件,这些空链接文件可能有对应用途(有些空链接文件是预制的,会被其他组件依赖)。请用户根据实际环境进行处理,处理方式请参见[实现](#zh-cn_topic_0152100319_s1b24647cdd834a8eaca3032611baf072)。 + +例如,openEuler支持UEFI和legacy BIOS两种安装模式,两种引导场景支持的grub相关包默认都安装,当用户选择legacy BIOS模式安装时,形成空链接文件“/etc/grub2-efi.cfg”;当用户选择UEFI模式安装时,会形成空链接文件“/etc/grub2.cfg”,需要用户根据实际情况处理空链接。 + +### 实现 + +1. 通过如下命令查找系统中的空链接文件。 + + ``` + find dirname -type l -follow 2>/dev/null + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > dirname为搜索目录的名称,通常需要关注系统关键目录:/bin、/boot、/usr、/lib64、/lib、/var等。 + +2. 如果此类文件无实际作用,可通过如下命令删除。 + + ``` + rm -f filename + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >filename为[步骤1](#zh-cn_topic_0152100319_l4dc74664c4fb400aaf91fb314c4f9da6)找出的文件名。 + +## 设置守护进程的umask值 + +### 说明 + +umask值用来为新创建的文件和目录设置缺省权限。如果没有设定umask值,则生成的文件具有全局可写权限,存在一定的风险。守护进程负责系统上某个服务,让系统可以接受来自用户或者是网络客户的要求。为了提高守护进程所创建文件和目录的安全性,建议设置其umask值为0027。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见 "[附录 > umask值含义](附录.md/#umask值含义)" 。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler默认已设置守护进程的umask值为0022。 + +### 实现 + +在配置文件/etc/sysconfig/init中新增一行:umask 0027。 + +## 为全局可写目录添加粘滞位属性 + +### 说明 + +任意用户可以删除、修改全局可写目录中的文件和目录,为了确保全局可写目录中的文件和目录不会被任意删除,需要为全局可写目录添加粘滞位属性。 + +### 实现 + +1. 搜索全局可写目录。 + + ``` + find / -type d -perm -0002 ! -perm -1000 -ls | grep -v proc + ``` + +2. 为全局可写目录添加粘滞位属性。dirname 为实际查找到的目录名。 + + ``` + chmod +t dirname + ``` + +## 删除非授权文件的全局可写属性 + +### 说明 + +全局可写文件可被系统中的任意用户修改,影响系统完整性。 + +### 实现 + +1. 列举系统中所有的全局可写文件。 + + ``` + find / -type d ( -perm -o+w ) | grep -v proc + find / -type f ( -perm -o+w ) | grep -v proc + ``` + +2. 查看步骤1列举的所有文件\(粘滞位的文件和目录可以排除在外\),删除文件或去掉其全局可写权限。使用以下命令去掉权限,其中filename为对应文件名: + + ``` + chmod o-w filename + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >可通过如下命令确定对应文件或目录是否设置了粘滞位,若回显中包含T标记,则为粘滞位文件或目录。命令中的filename为需要查询文件或目录的名称。 +> + >``` + >ls -l filename + >``` + +## 限制at命令的使用权限 + +### 说明 + +at命令用于创建在指定时间自动执行的任务。为避免任意用户通过at命令安排工作,造成系统易受攻击,需要指定可使用该命令的用户。 + +### 实现 + +1. 删除/etc/at.deny文件。 + + ``` + rm -f /etc/at.deny + ``` + +2. 创建/etc/at.allow文件并将/etc/at.allow的文件属主改为root:root。 + + ``` + touch /etc/at.allow + chown root:root /etc/at.allow + ``` + +3. 控制/etc/at.allow的文件权限,仅root可操作。 + + ``` + chmod og-rwx /etc/at.allow + ``` + +## 限制cron命令的使用权限 + +### 说明 + +cron命令用于创建例行性任务。为避免任意用户通过cron命令安排工作,造成系统易受攻击,需要指定可使用该命令的用户。 + +### 实现 + +1. 删除/etc/cron.deny文件。 + + ``` + rm -f /etc/cron.deny + ``` + +2. 创建/etc/cron.allow文件并将/etc/cron.allow的文件属主改为root:root。 + + ``` + touch /etc/cron.allow + chown root:root /etc/cron.allow + ``` + +3. 控制/etc/cron.allow的文件权限,仅root可操作。 + + ``` + chmod og-rwx /etc/cron.allow + ``` + +## 限制sudo命令的使用权限 + +### 说明 + +sudo命令用于普通用户以root权限执行命令。为了增强系统安全性,有必要对sudo命令的使用权进行控制,只允许root使用sudo命令,限制其他帐户使用。openEuler默认未限制非root用户使用sudo命令的权限。 + +### 实现 + +sudo命令的使用控制通过修改/etc/sudoers文件实现,需要注释掉如下配置行: + +``` +#%wheel ALL=(ALL) ALL +``` diff --git a/docs/zh/server/security/secharden/kernel_parameters.md b/docs/zh/server/security/secharden/kernel_parameters.md new file mode 100644 index 0000000000000000000000000000000000000000..489d23d0dc846b40076c0bd549e3b56c06e73343 --- /dev/null +++ b/docs/zh/server/security/secharden/kernel_parameters.md @@ -0,0 +1,226 @@ +# 内核参数 + +## 加固内核参数 + +### 说明 + +内核参数决定配置和应用特权的状态。内核提供用户可配置的系统控制,这一系统控制可微调或配置,该功能特性可通过控制各种可配置的内核参数,来提高操作系统的安全特性。比如:通过微调或配置网络选项,可有效提高系统的安全性。 + +### 实现 + +1. 将[表1](#zh-cn_topic_0152100187_t69b5423c26644b26abe94d88d38878eb)中的加固项写入/etc/sysctl.conf文件中。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >写入方式如下: + > + > ```text + > net.ipv4.icmp_echo_ignore_broadcasts = 1 + > net.ipv4.conf.all.rp_filter = 1 + > net.ipv4.conf.default.rp_filter = 1 + > ``` + > + + **表 1** 内核参数加固策略说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

加固建议

+

openEuler默认是否已加固为建议值

+

net.ipv4.icmp_echo_ignore_broadcasts

+

是否接受ICMP广播报文。加固策略为不接受。

+

1

+

+

net.ipv4.conf.all.rp_filter

+

验证数据包使用的实际源地址是否与路由表相关,以及使用该特定源IP地址的数据包是否通过接口获取其响应。加固策略为启用该项。

+

1

+

+

net.ipv4.conf.default.rp_filter

+

1

+

+

net.ipv4.ip_forward

+

IP Forwarding可阻止未授权的IP数据包渗透至网络。加固策略为禁用该特性。

+

0

+

+

net.ipv4.conf.all.accept_source_route

+

accept_source_route指允许数据包的发送者指定数据包的发送路径,以及返回给发送者的数据包所走的路径。加固策略为禁用该特性。

+

0

+

+

net.ipv4.conf.default.accept_source_route

+

0

+

+

net.ipv4.conf.all.accept_redirects

+

是否发送ICMP重定向报文。加固策略为禁止发送。

+

0

+

+

net.ipv4.conf.default.accept_redirects

+

0

+

+

net.ipv6.conf.all.accept_redirects

+

0

+

+

net.ipv6.conf.default.accept_redirects

+

0

+

+

net.ipv4.conf.all.send_redirects

+

是否将ICMP重定向报文发送至其他主机。只有当主机作为路由时,应启用该策略。加固策略为禁用该项。

+

0

+

+

net.ipv4.conf.default.send_redirects

+

0

+

+

net.ipv4.icmp_ignore_bogus_error_responses

+

忽略伪造的ICMP数据包,不会将其记录到日志,将节省大量的硬盘空间。加固策略为启用该项。

+

1

+

+

net.ipv4.tcp_syncookies

+

SYN Attack是一种通过占用系统资源迫使系统重启的DoS攻击。加固策略为开启TCP-SYN cookie保护。

+

1

+

+

kernel.dmesg_restrict

+

加固dmesg信息,仅允许管理员查看。

+

1

+

+

kernel.sched_autogroup_enabled

+

该选项决定内核是否对线程进行自动分组调度。开启后调度组之间互相竞争时间片,调度组内的线程再竞争调度组分配到的时间片。加固策略为不启用该项。

+

0

+

+

kernel.sysrq

+

禁用魔术键。

+
说明:

建议禁用魔术键,避免由于直接发送命令到内核对系统造成影响,增强内核安全性。

+
+

0

+

+

net.ipv4.conf.all.secure_redirects

+

设置系统是接收来自任何主机的ICMP重定向消息还是从默认网关列表中的网关处接收ICMP重定向消息。加固策略为采用前者。

+

0

+

+

net.ipv4.conf.default.secure_redirects

+

0

+

+
+ +2. 加载sysctl.conf文件中设置的内核参数。 + + ```sh + # sysctl -p /etc/sysctl.conf + ``` + +### 其他安全建议 + +- net.ipv4.icmp\_echo\_ignore\_all:忽略ICMP请求。 + + 出于安全考虑,建议开启此项(当前默认值为0,开启将值设为1)。 + + 但开启后会忽略所有接收到的icmp echo请求的包\(会导致机器无法ping通\),建议用户根据实际组网场景决定是否开启此项。 + +- net.ipv4.conf.all.log\_martians/net.ipv4.conf.default.log\_martians:对于仿冒/源路由/重定向数据包开启日志记录。 + + 出于安全考虑,建议开启此项(当前默认值为0,开启将值设为1)。 + + 但是开启后会记录带有不允许的地址的数据到内核日志中,存在冲日志风险,建议用户根据实际使用场景决定是否开启此项。 + +- net.ipv4.tcp\_timestamps:关闭tcp\_timestamps。 + + 出于安全考虑,建议关闭tcp\_timestamps(当前默认值为1,关闭将值设为0)。 + + 但是关闭此项会影响TCP超时重发的性能,建议用户根据实际使用场景决定是否关闭此项。 + +- net.ipv4.tcp\_max\_syn\_backlog:决定了SYN\_RECV状态队列的数量。 + + 该参数决定了SYN\_RECV状态队列的数量,超过这个数量,系统将不再接受新的TCP连接请求,一定程度上可以防止系统资源耗尽。建议由用户根据实际使用场景配置合适的值。 diff --git a/docs/zh/server/security/secharden/os_hardening_overview.md b/docs/zh/server/security/secharden/os_hardening_overview.md new file mode 100644 index 0000000000000000000000000000000000000000..bc09658ee33923c8b6d36aa4328cfaa9ccc36082 --- /dev/null +++ b/docs/zh/server/security/secharden/os_hardening_overview.md @@ -0,0 +1,127 @@ +# 操作系统加固概述 + +介绍对openEuler系统进行加固的目的和加固方案。 + +## 须知 + +由于安全加固对系统至关重要,因此只有root用户允许修改并应用安全加固策略。 + +## 加固目的 + +操作系统作为信息系统的核心,承担着管理硬件资源和软件资源的重任,是整个信息系统安全的基础。操作系统之上的各种应用,要想获得信息的完整性、机密性、可用性和可控性,必须依赖于操作系统。脱离了对操作系统的安全保护,仅依靠其他层面的防护手段来阻止黑客和病毒等对网络信息系统的攻击,是无法满足安全需求的。 + +因此,需要对操作系统进行安全加固,构建动态、完整的安全体系,增强产品的安全性,提升产品的竞争力。 + +## 加固方案 + +本章描述openEuler的安全加固方案,包括加固方式和加固内容。 + +### 加固方式 + +用户可以通过手动修改加固配置或执行相关命令对系统进行加固,也可以通过加固工具批量修改加固项。openEuler的安全加固工具security-tool以openEuler-security.service服务的形式运行。系统首次启动时会自动运行该服务去执行默认加固策略,服务运行后会将该服务自动设置为后续开机不启动。 + +用户可以通过修改security.conf,使用安全加固工具实现个性化安全加固的效果。 + +### 加固内容 + +openEuler系统加固内容主要分为以下5个部分: + +- 系统服务 +- 文件权限 +- 内核参数 +- 授权认证 +- 帐号口令 + +## 加固影响 + +对文件权限、帐户口令等安全加固,可能造成用户使用习惯变更,从而影响系统的易用性。影响系统易用性的常见加固项请参见[表1](#zh-cn_topic_0152100325_ta4a48f54ff2849ada7845e2380209917)。 + +**表 1** 加固影响说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

建议加固

+

易用性影响

+

openEuler默认是否设置了该加固项

+

字符界面等待超时限制

+

当字符界面长时间处在空闲状态,字符界面会自动退出。

+
说明:

当用户通过SSH登录,超时时间由/etc/profile文件的TMOUT字段和/etc/ssh/sshd_config文件的ClientAliveInterval字段两个值中较小的值决定。建议加固为300秒。

+
+

用户长时间不操作字符界面,字符界面会自动退出。

+

+

口令复杂度限制

+

口令长度最小为8位,口令至少包含大写字母、小写字母、数字和特殊字符中的3种。

+

系统中所有用户不能设置简单的口令,口令必须符合复杂度要求。

+

+

限定登录失败时的尝试次数

+

当用户登录系统时,口令连续输错3次,帐户将被锁定60秒,锁定期间不能登录系统。

+

用户不能随意登录系统,帐户被锁定后必须等待60秒。

+

+

用户默认umask值限制

+

设置所有用户的默认umask值为077,使用户创建文件的默认权限为600、目录权限为700。

+

用户需要按照需求修改指定文件或目录的权限。

+

+

口令有效期

+

口令有效期的设置通过修改/etc/login.defs文件实现,加固默认值为口令最大有效期90天,两次修改口令的最小间隔时间为0,口令过期前开始提示天数为7。

+

口令过期后用户重新登录时,提示口令过期并强制要求修改,不修改则无法进入系统。

+

+

su权限限制

+

su命令用于在不同帐户之间切换。为了增强系统安全性,有必要对su命令的使用权进行控制,只允许root和wheel群组的帐户使用su命令,限制其他帐户使用。

+

普通帐户执行su命令失败,必须加入wheel群组才可以su成功。

+

+

禁止root帐户直接SSH登录系统

+

设置/etc/ssh/sshd_config文件的PermitRootLogin字段的值为no,用户无法使用root帐户直接SSH登录系统。

+

用户需要先使用普通帐户SSH登录后,再切换至root帐户。

+

+

SSH强加密算法

+

SSH服务的MACs和Ciphers配置,禁止对CBC、MD5、SHA1算法的支持,修改为CTR、SHA2算法。

+

当前 Windows下使用的部分低版本的Xshell、PuTTY不支持aes128-ctr、aes192-ctr、aes256-ctr、hmac-sha2-256、hmac-sha2-512算法,可能会出现无法通过SSH登录系统的情况,请使用最新的PuTTY(0.63版本以上)、Xshell(5.0版本及以上版本)登录。

+

+
diff --git a/docs/zh/server/security/secharden/public_sys-resources/icon-caution.gif b/docs/zh/server/security/secharden/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/security/secharden/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/security/secharden/public_sys-resources/icon-danger.gif b/docs/zh/server/security/secharden/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/security/secharden/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/security/secharden/public_sys-resources/icon-note.gif b/docs/zh/server/security/secharden/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/security/secharden/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/security/secharden/public_sys-resources/icon-notice.gif b/docs/zh/server/security/secharden/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/security/secharden/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/security/secharden/public_sys-resources/icon-tip.gif b/docs/zh/server/security/secharden/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/security/secharden/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/security/secharden/public_sys-resources/icon-warning.gif b/docs/zh/server/security/secharden/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/security/secharden/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/security/secharden/secharden.md b/docs/zh/server/security/secharden/secharden.md new file mode 100644 index 0000000000000000000000000000000000000000..004a6114a8c7a9720d6c013a0879f00ec5e9fd41 --- /dev/null +++ b/docs/zh/server/security/secharden/secharden.md @@ -0,0 +1,5 @@ +# 安全加固指南 + +本文档给出openEuler的加固介绍和加固方法,指导用户进行安全加固。 + +本文档主要适用于需要对openEuler进行安全加固的管理员。管理员需要熟悉操作系统安全架构和安全技术。 diff --git a/docs/zh/server/security/secharden/security_configuration_benchmark.md b/docs/zh/server/security/secharden/security_configuration_benchmark.md new file mode 100644 index 0000000000000000000000000000000000000000..1f12011defdaf8af964a937023d798d6b08302b1 --- /dev/null +++ b/docs/zh/server/security/secharden/security_configuration_benchmark.md @@ -0,0 +1,3 @@ +# openEuler安全配置说明 + +详细内容请参考[openEuler安全配置说明](https://gitee.com/openeuler/security-committee/tree/master/secure-configuration-benchmark)。 diff --git a/docs/zh/server/security/secharden/security_configuration_hardening_tool.md b/docs/zh/server/security/secharden/security_configuration_hardening_tool.md new file mode 100644 index 0000000000000000000000000000000000000000..be9a7044ea8e62bbfaf1a86e1025266e8efe545e --- /dev/null +++ b/docs/zh/server/security/secharden/security_configuration_hardening_tool.md @@ -0,0 +1,156 @@ +# 安全配置加固工具 + +## 前言 + +本文档为安全配置加固工具sec_conf基本介绍以及使用说明。 + +## sec_conf简介 + +### 背景和概述 + +openEuler已支持多种安全特性,包括Linux原生安全特性和社区自研安全特性,但是存在特性分散,配置难度大,用户学习成本高等问题。同时对于一些具备拦截功能的安全特性(如IMA评估、安全启动、访问控制等),一旦用户配置错误,可能导致系统无法启动或无法正常运行。因此,sec_conf旨在实现自动化安全配置机制,用户可基于工具进行系统的安全检查和加固,以更好地推进openEuler安全特性在各应用场景的落地。 + +### 功能介绍 + +sec_conf是一个帮助管理员配置openEuler安全特性(如IMA、DIM、secure boot等)的安全加固工具。用户可以输入配置信息,即需要实现的安全加固目标,生成相应的安全特性配置脚本。 + +目前sec_conf支持可配置的安全机制为IMA、DIM、secure boot、modsign,其他安全特性暂未支持。 + +## 安装与部署 + +### 安装依赖软件包 + +编译secPaver需要的软件有: + +* make +* golang 1.11+ + +### 下载源码 + +``` +git clone https://gitee.com/openeuler/secpaver.git -b sec_conf +``` + +### 编译安装 + +``` +cd secpaver +make +``` +安装软件: +``` +make install +``` + +## 工程文件格式说明 + +sec_conf工程文件由策略配置文件、检查脚本模板文件、配置脚本模板文件组成。 + +### 策略配置文件 + +策略配置文件保护DIM\IMA\安全启动\内核模块校验相关特性配置,采用yaml格式表示,各字段说明如下: + + + + + + + + + + + + + + + + + + + + + +
一级配置项二级配置项类型属性说明
nameN/Astringoptional配置文件命名
versionN/Astringoptional配置策略版本号
dimenablebooloptional打开/关闭DIM功能
measure_liststring arrayoptionalDIM需要度量的文件;用户态文件,需要指定绝对路径;内核模块,需要指定有效的内核模块名称;内核,需要指定为“kernel”
log_capintoptional度量日志最大条数,当记录的度量日志数量达到参数设置时,停止记录度量日志,默认值为100000
scheduleintoptional度量完一个进程/模块后调度的时间,单位毫秒,设置为0代表不调度,默认值为0
intervalintoptional自动度量周期,单位分钟,设置为0代表不设置自动度量,默认值为0
hashstringoptional度量哈希算法,默认值为sha256
core_pcrintoptional将dim_core度量结果扩展至TPM芯片的PCR寄存器,设置为0代表不扩展(注意需要与芯片实际的PCR编号保持一致),默认值为0
monitor_pcrintoptional将dim_monitor度量结果扩展至TPM芯片的PCR寄存器,设置为0代表不扩展(注意需要与芯片实际的PCR编号保持一致),默认值为0
signaturebooloptional是否启用策略文件和签名机制
auto_baselinebooloptional是否建立DIM基线,若为false,则需管理员手动生成基线
secure_bootenablebooloptional是否使能安全启动
anti_rollbackbooloptional打开/关闭安全启动防回滚策略
verbosebooloptional打开/关闭安全启动相关日志
modsignenablebooloptional是否使能内核模块校验特性
imameasure_liststring arrayoptionalIMA保护文件列表(需要指定绝对路径)
appraise_liststring arrayoptionalIMA评估文件列表(需要指定绝对路径)
+ +>![](./public_sys-resources/icon-note.gif) **说明:** +> 1. sec_conf.yaml文件必须放在/usr/share/secpaver/scripts/sec_conf/sec_conf.yaml,不可重命名。 +> 2. 参数类型需遵守上述表格要求。 +> 3. 相关配置若不存在,则使用默认值。 + +### 检查脚本模板、配置脚本模板文件 +模板文件实现利用go-tamplate引擎,将脚本文件与数据结合,生成最终的文本输出。 + +检查脚本模板统一放置/usr/share/secpaver/scripts/sec_conf/check/目录,该目录下存放DIM、IMA等特性的脚本模板,这些脚本模板不能单独执行,只能通过sec_conf生成最新的脚本去执行openEuler特性检查。 + +配置脚本模板统一放置/usr/share/secpaver/scripts/sec_conf/gen/目录,该目录下存放DIM、IMA等特性的脚本模板,这些脚本模板不能单独执行,只能通过sec_conf生成最新的脚本去执行openEuler特性配置。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> 1. 配置、检查模板文件不可修改,仅用于被sec_conf解析生成脚本。 + +## 安全配置命令行接口 + +| 参数 | 功能介绍 | 命令格式 | +| :--------: | :--------: |:--------: | +|--help,-h|打印sec_conf命令行帮助信息|sec_conf -h| +|gen_check|生成安全配置检查脚本,并输出到命令行界面|sec_conf gen_check| +|gen_config|生成安全配置脚本,并输出到命令行界面|sec_conf gen_config| +|--output,-o|将生成的配置脚本输出到指定文件|sec_conf gen_config -o config.sh| + +## 使用说明 + +配置yaml文件,示例: +``` +# cat /usr/share/secpaver/scripts/sec_conf/sec_conf.yaml +--- +name: "openEuler security configuration" +version: "1" +dim: + enable: true + measure_list: + - "/usr/bin/bash" + - "nf_nat" + - "kernel" + log_cap: 100000 + schedule: 0 + interval: 0 + hash: "sha256" + core_pcr: 11 + monitor_pcr: 12 + signature: true + auto_baseline: true +secure_boot: + enable: true + anti_rollback: true + verbose: true +modsign: + enable: true +ima: + measure_list: + - "/usr/bin/ls" + - "/usr/bin/cat" + - "/usr/bin/base64" + - "/usr/bin/base32" + appraise_list: + - "/usr/bin/base64" + - "/usr/bin/base32" + - "/usr/bin/sleep" + - "/usr/bin/date" +... +``` +生成特性配置脚本、检查脚本 +``` +sec_conf gen_config -o ./config.sh +sec_conf gen_check -o ./check.sh +``` +执行配置脚本,并检查配置是否正确,若配置正确,则重启系统使配置生效 +``` +sh ./config.sh -s +sh ./check.sh -s +reboot +``` + +重启后再次执行配置脚本,并检查配置是否正确,此时预期所有功能检查通过 +``` +sh ./config.sh -s +sh ./check.sh -s +``` diff --git a/docs/zh/server/security/secharden/security_hardening_guide.md b/docs/zh/server/security/secharden/security_hardening_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..d8f4f7cd5b1e0c5d07d9c7c33b62a4cfac5965ab --- /dev/null +++ b/docs/zh/server/security/secharden/security_hardening_guide.md @@ -0,0 +1,3 @@ +# 加固指导 + +用户可以通过修改加固策略配置文件或加固脚本进行系统加固。本节介绍各加固项的含义以及openEuler是否已默认加固,并给出加固方法,指导用户进行安全加固。 diff --git a/docs/zh/server/security/secharden/security_hardening_tools.md b/docs/zh/server/security/secharden/security_hardening_tools.md new file mode 100644 index 0000000000000000000000000000000000000000..dcda6aa1acd6f223359808ea323b465f496af31e --- /dev/null +++ b/docs/zh/server/security/secharden/security_hardening_tools.md @@ -0,0 +1,122 @@ +# 安全加固工具 + +## 加固操作 + +### 概述 + +安全加固工具会根据usr-security.conf设置加固策略,使用加固工具设置加固策略需要用户修改usr-security.conf。本节介绍usr-security.conf的修改规则。用户可配置的加固项请参见[加固指导](https://openeuler.org/zh/docs/21.03/docs/SecHarden/%E5%8A%A0%E5%9B%BA%E6%8C%87%E5%AF%BC.html)对应内容。 + +### 注意事项 + +- 修改配置后,需要重启安全加固服务使配置生效。重启方法请参见[加固生效](#加固生效)对应内容。 +- 用户修改加固配置时,仅修改/etc/openEuler\_security/usr-security.conf文件,不建议修改/etc/openEuler\_security/security.conf。security.conf中为基本加固项,仅运行一次。 +- 当重启安全加固服务使配置生效后,在usr-security.conf中删除对应加固项并重启安全加固服务并不能清除之前已生效的配置。 +- 安全加固操作记录在日志文件/var/log/openEuler-security.log中。 + +### 配置格式 + +usr-security.conf中的每一行代表一项配置,根据配置内容的不同有不同配置格式,这里给出各类配置的格式说明。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 所有配置项以执行ID开头,执行ID仅为了方便用户识别配置内容,取值为正整数,由用户自行定义。 +>- 配置项的各内容之间使用@作为分隔符。 +>- 若实际配置内容中包含@,需要使用@@表示以和分隔符区分,例如实际内容为xxx@yyy,则配置为xxx@@yyy。目前不支持@位于配置内容的开头和结尾。 + +- d:注释 + + 格式:执行ID@d@对象文件@匹配项 + + 功能:将对象文件中以匹配项开头(行首可以有空格)的行注释(在行首添加\#)。 + + 示例:执行ID为401,注释/etc/sudoers文件中以%wheel开头的行。 + + ``` + 401@d@/etc/sudoers@%wheel + ``` + +- m:替换 + + 格式:执行ID@m@对象文件@匹配项@替换目标值 + + 功能:将对象文件中以匹配项开头(行首可以有空格)的行替换为“匹配项加替换目标值 ”。若匹配行开头有空格,替换后将删除这些空格。 + + 示例:执行ID为101,将/etc/ssh/sshd\_config文件中以Protocol 开头的行替换为Protocol 2。匹配和替换时也会考虑Protocol后的空格。 + + ``` + 101@m@/etc/ssh/sshd_config@Protocol @2 + ``` + +- sm:精确修改 + + 格式:执行ID@sm@对象文件@匹配项@替换目标值 + + 功能:将对象文件中以匹配项开头(行首可以有空格)的行替换为“匹配项加替换目标值 ”。若匹配行开头有空格,替换后将保留这些空格,这是sm和m的区别。 + + 示例:执行ID为201,将/etc/audit/hzqtest文件中以size开头的行替换为size 2048。 + + ``` + 201@sm@/etc/audit/hzqtest@size@ 2048 + ``` + +- M:修改子项 + + 格式:执行ID@M@对象文件@匹配项@匹配子项\[@匹配子项的值\] + + 功能:匹配对象文件中以匹配项开头(行首可以有空格)的行,并将该行中以匹配子项开始的内容替换为“匹配子项和匹配子项的值”,其中匹配子项的值可选。 + + 示例:执行ID为101,找到file文件中以key开头的行,并将这些行中以key2开始的内容替换为key2value2。 + + ``` + 101@M@file@key@key2@value2 + ``` + +- systemctl:管理服务 + + 格式:执行ID@systemctl@对象服务@具体操作 + + 功能:使用systemctl管理对象服务,具体操作可取值为start、stop、restart、disable等systemctl所有可用的命令。 + + 示例:执行ID为218,停止cups.service服务,等同于systemctl stop cups.service的配置行。 + + ``` + 218@systemctl@cups.service@stop + ``` + +- 其他命令 + + 格式:执行ID@命令@对象文件 + + 功能:执行对应命令,即执行命令行“命令 对象文件”。 + + 示例一:执行ID为402,使用rm -f命令删除文件/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem。 + + ``` + 402@rm -f @/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem + ``` + + 示例二:执行ID为215,使用touch命令创建文件/etc/cron.allow。 + + ``` + 215@touch @/etc/cron.allow + ``` + + 示例三:执行ID为214,使用chown命令将文件/etc/at.allow的属主改为root:root。 + + ``` + 214@chown root:root @/etc/at.allow + ``` + + 示例四:执行ID为214,使用chmod命令去除文件/etc/at.allow属主所在群组及其他非属主用户的rwx权限。 + + ``` + 214@chmod og-rwx @/etc/at.allow + ``` + +## 加固生效 + +完成修改usr-security.conf文件后,请运行如下命令使新添加的配置生效。 + +``` +systemctl restart openEuler-security.service +``` diff --git a/docs/zh/server/security/secharden/selinux_configuration.md b/docs/zh/server/security/secharden/selinux_configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..a4aaa4d7b6acaec9588113ad70fd2de5dcc6de0f --- /dev/null +++ b/docs/zh/server/security/secharden/selinux_configuration.md @@ -0,0 +1,273 @@ +# SELinux配置 + +## 概述 + +自主访问控制DAC(Discretionary Access Control)基于用户、组和其他权限,决定一个资源是否能被访问的因素是某个资源是否拥有对应用户的权限,它不能使系统管理员创建全面和细粒度的安全策略。SELinux(Security-Enhanced Linux)是Linux内核的一个模块,也是Linux的一个安全子系统。SELinux的实现了强制访问控制MAC(Mandatory Access Control ),每个进程和系统资源都有一个特殊的安全标签,资源能否被访问除了DAC规定的原则外,还需要判断每一类进程是否拥有对某一类资源的访问权限。 + +openEuler默认使用SELinux提升系统安全性。SELinux分为三种模式: + +- permissive:SELinux仅打印告警而不强制执行。 +- enforcing:SELinux安全策略被强制执行。 +- disabled:不加载SELinux安全策略。 + +## 配置说明 + +- 获取当前SELinux运行状态: + + ``` + # getenforce + Enforcing + ``` + +- SELinux开启的前提下,设置运行状态为enforcing模式: + + ``` + # setenforce 1 + # getenforce + Enforcing + ``` + +- SELinux开启的前提下,设置运行状态为permissive模式: + + ``` + # setenforce 0 + # getenforce + Permissive + ``` + +- SELinux开启的前提下,设置当前SELinux运行状态为disabled(关闭SELinux,需要重启系统)。 + 1. 修改SELinux配置文件/etc/selinux/config,设置“SELINUX=disabled”。 + + ``` + # cat /etc/selinux/config | grep "SELINUX=" + SELINUX=disabled + ``` + + 2. 重启系统: + + ``` + # reboot + ``` + + 3. 状态切换成功: + + ``` + # getenforce + Disabled + ``` + +- SELinux关闭的前提下,设置SELinux运行状态为permissive。 + 1. 修改SELinux配置文件/etc/selinux/config,设置“SELINUX=permissive”: + + ``` + # cat /etc/selinux/config | grep "SELINUX=" + SELINUX=permissive + ``` + + 2. 在根目录下创建.autorelabel文件: + + ``` + # touch /.autorelabel + ``` + + 3. 重启系统,此时系统会重启两次: + + ``` + # reboot + ``` + + 4. 状态切换成功: + + ``` + # getenforce + Permissive + ``` + +- SELinux关闭的前提下,设置SELinux运行状态为enforcing。 + 1. 按照上一步骤所述,设置SELinux运行状态为permissive。 + 2. 修改SELinux配置文件/etc/selinux/config,设置“SELINUX=enforcing”: + + ``` + # cat /etc/selinux/config | grep "SELINUX=" + SELINUX=enforcing + ``` + + 3. 重启系统: + + ``` + # reboot + ``` + + 4. 状态切换成功: + + ``` + # getenforce + Enforcing + ``` + +## SELinux相关命令 + +- 查询运行SELinux的系统状态。SELinux status表示SELinux的状态,enabled表示启用SELinux,disabled表示关闭SELinux。Current mode表示SELinux当前的安全策略。 + + ``` + # sestatus + SELinux status: enabled + SELinuxfs mount: /sys/fs/selinux + SELinux root directory: /etc/selinux + Loaded policy name: targeted + Current mode: enforcing + Mode from config file: enforcing + Policy MLS status: enabled + Policy deny_unknown status: allowed + Memory protection checking: actual (secure) + Max kernel policy version: 31 + ``` + +## 策略添加 + +- 从audit日志中获取并添加缺失策略(需要audit服务开启且audit日志中已经存在SELinux访问拒绝日志)。 + 1. 查询audit日志中是否有SELinux访问拒绝日志,其中audit日志的路径视具体情况决定。 + + ``` + # grep avc /var/log/audit/audit.log* + ``` + + 2. 查询缺失规则。 + + ``` + # audit2allow -a /var/log/audit/audit.log* + ``` + + 3. 根据缺失规则生成一个策略模块,命名为demo。 + + ``` + # audit2allow -a /var/log/audit/audit.log* -M demo + ******************** IMPORTANT *********************** + To make this policy package active, execute: + semodule -i demo.pp + ``` + + 4. 加载demo策略模块。 + + ``` + # semodule -i demo.pp + ``` + +- 编写并添加SELinux策略模块。 + 1. 编写FC文件(涉及新增文件安全上下文需要编写)。 + + ``` + # cat demo.fc + /usr/bin/example -- system_u:object_r:example_exec_t:s0 + /resource -- system_u:object_r:resource_file_t:s0 + ``` + + 2. 编写TE文件(仅供参考)。 + + ``` + # cat demo.te + module demo 1.0; + require + { + role unconfined_r; + role system_r; + type user_devpts_t; + type root_t; + attribute file_type; + attribute domain; + class dir { getattr search add_name create open remove_name rmdir setattr write }; + class file { entrypoint execute getattr open read map setattr write create }; + class process { sigchld rlimitinh siginh transition setcap getcap }; + class unix_stream_socket { accept bind connect listen recvfrom sendto listen create lock read write getattr setattr getopt setopt append shutdown ioctl connectto }; + class capability { chown dac_override dac_read_search }; + class chr_file { append getattr ioctl read write }; + }; + role unconfined_r types example_t; + role system_r types example_t; + type example_exec_t, file_type; + type resource_file_t, file_type; + type example_t, domain; + allow example_t user_devpts_t : chr_file { append getattr ioctl read write }; + allow example_t file_type : dir { getattr search }; + allow example_t example_exec_t : file { entrypoint execute getattr map open read }; + allow domain example_exec_t : file { execute getattr map open read }; + allow example_t example_exec_t : process { sigchld }; + allow domain example_t : process { rlimitinh siginh transition }; + allow example_t resource_file_t : file { create getattr open read setattr write }; + allow example_t root_t : dir { add_name create getattr open remove_name rmdir search setattr write }; + allow example_t example_t : unix_stream_socket { accept append bind connect create getattr getopt ioctl listen listen lock read recvfrom sendto setattr setopt shutdown write }; + allow example_t domain : unix_stream_socket { connectto }; + allow example_t example_t : capability { chown dac_override dac_read_search }; + allow example_t example_t : process { getcap setcap }; + type_transition domain example_exec_t : process example_t; + type_transition example_t root_t : file resource_file_t "resource"; + ``` + + 3. 编译demo.te为demo.mod。 + + ``` + # checkmodule -Mmo demo.mod demo.te + ``` + + 4. 打包demo.mod和demo.fc为策略模块文件。 + + ``` + semodule_package -m demo.mod -f demo.fc -o demo.pp + ``` + + 5. 加载策略模块。 + + ``` + # semodule -i demo.pp + ``` + + 6. 删除加载的策略模块。 + + ``` + # semodule -r demo + libsemanage.semanage_direct_remove_key: Removing last demo module (no other demo module exists at another priority). + ``` + +## 功能验证 + +- SELinux为白名单机制,未配置合理策略的模块可能会由于缺少权限无法正常运行。故对模块进行功能验证并适配合理的规则是很有必要的。 + 1. 查看audit服务是否开启。 + + ``` + # systemctl status auditd + ``` + + 2. 设置SELinux模式为permissive(仅打印告警而不强制执行,参考 配置说明 )。 + + ``` + # getenforce + Permissive + ``` + + 3. 全量跑测试模块的功能用例,查看audit日志中SELinux访问拒绝日志。 + + ``` + # grep avc /var/log/audit/audit.log* + ``` + + 4. 分析访问拒绝日志,并过滤出缺失的合理规则。 + + ``` + type=AVC msg=audit(1596161643.271:1304): avc: denied { read } for pid=1782603 comm="smbd" name=".viminfo" dev="dm-0" ino=2488208 scontext=system_u:system_r:smbd_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file permissive=1 + 表示进程smbd(安全上下文为system_u:system_r:smbd_t:s0)对文件.viminfo(安全上下文为staff_u:object_r:user_home_t:s0)执行文件读操作被权限拒绝。 + permissive=1表示当前运行的是permissive模式,该日志只记录未执行禁止。 + ``` + + 5. 参考“策略添加”章节,将缺少的合理规则补全。 + +## 注意事项 + +- 如用户需使能SELinux功能,建议通过dnf升级方式将selinux-policy更新为最新版本,否则应用程序有可能无法正常运行。升级命令示例: + + ``` + dnf update selinux-policy -y + ``` + +- 如果用户由于SELinux配置不当(如误删策略或未配置合理的规则或安全上下文)导致系统无法启动,可以在启动参数中添加selinux=0,关闭SELinux功能,系统即可正常启动。 + +- 开启SELinux后,会对访问行为进行权限检查,对操作系统性能会有一定程度(与运行环境访问操作频率相关)的影响。 diff --git a/docs/zh/server/security/secharden/system_services.md b/docs/zh/server/security/secharden/system_services.md new file mode 100644 index 0000000000000000000000000000000000000000..a85d53b25891497f7646c503e8749dd5af0d5a5e --- /dev/null +++ b/docs/zh/server/security/secharden/system_services.md @@ -0,0 +1,456 @@ +# 系统服务 + +## 加固SSH服务 + +### 说明 + +SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网络服务提供安全性保障的协议。利用SSH协议可以有效防止远程管理过程中的信息泄露问题。通过SSH可以对所有传输的数据进行加密,并防止DNS欺骗和IP欺骗。OpenSSH是SSH协议的免费开源实现。 + +加固SSH服务,是指修改SSH服务中的配置来设置系统使用OpenSSH协议时的算法、认证等参数,从而提高系统的安全性。[表1](#zh-cn_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95)中详细说明了各加固项含义、建议加固值及其默认策略。 + +### 实现 + +服务端加固操作如下: + +1. 打开服务端SSH服务的配置文件/etc/ssh/sshd\_config,在该文件中修改或添加对应加固项及其加固值。 +2. 保存/etc/ssh/sshd\_config文件。 +3. 重启SSH服务,命令如下: + + ```sh + # systemctl restart sshd + ``` + +客户端加固操作如下: + +1. 打开客户端SSH服务的配置文件/etc/ssh/ssh\_config,在该文件中修改或添加对应加固项及其加固值。 +2. 保存/etc/ssh/ssh\_config文件。 +3. 重启SSH服务,命令如下: + + ```sh + # systemctl restart sshd + ``` + +### 加固项说明 + +- 服务端加固策略 + + SSH服务的所有加固项均保存在配置文件/etc/ssh/sshd\_config中,服务端各加固项的含义、加固建议以及openEuler默认是否已经加固为建议加固值请参见[表1](#zh-cn_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95)。 + + **表 1** SSH服务端加固项说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

加固建议

+

openEuler默认是否已加固为建议值

+

Protocol

+

设置使用SSH协议的版本

+

2

+

+

SyslogFacility

+

设置SSH服务的日志类型。加固策略将其设置为“AUTH”,即认证类日志

+

AUTH

+

+

LogLevel

+

设置记录sshd日志消息的层次

+

VERBOSE

+

+

X11Forwarding

+

设置使用SSH登录后,能否使用图形化界面

+

no

+

+

MaxAuthTries

+

最大认证尝试次数

+

3

+

+

PubkeyAuthentication

+

设置是否允许公钥认证。

+

yes

+

+

RSAAuthentication

+

设置是否允许只有RSA安全验证

+

yes

+

+

IgnoreRhosts

+

设置是否使用rhosts文件和shosts文件进行验证。rhosts文件和shosts文件用于记录可以访问远程计算机的计算机名及关联的登录名

+

yes

+

+

RhostsRSAAuthentication

+

设置是否使用基于rhosts的RSA算法安全验证。rhosts文件记录可以访问远程计算机的计算机名及关联的登录名

+

no

+

+

HostbasedAuthentication

+

设置是否使用基于主机的验证。基于主机的验证是指已信任客户机上的任何用户都可以使用SSH连接

+

no

+

+

PermitRootLogin

+

+

是否允许root帐户直接使用SSH登录系统

+
说明:

若需要直接使用root帐户通过SSH登录系统,请修改/etc/ssh/sshd_config文件的PermitRootLogin字段的值为yes。

+
+

no

+

+

PermitEmptyPasswords

+

设置是否允许用口令为空的帐号登录

+

no

+

+

PermitUserEnvironment

+

设置是否解析 ~/.ssh/environment和~/.ssh/authorized_keys中设定的环境变量

+

no

+

+

Ciphers

+

设置SSH数据传输的加密算法

+

aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com

+

+

ClientAliveCountMax

+

设置超时次数。服务器发出请求后,客户端没有响应的次数达到一定值,连接自动断开

+

0

+

+

Banner

+

指定登录SSH前后显示的提示信息的文件

+

/etc/issue.net

+

+

MACs

+

设置SSH数据校验的哈希算法

+

hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

+

+

StrictModes

+

设置SSH在接收登录请求之前是否检查用户HOME目录和rhosts文件的权限和所有权

+

yes

+

+

UsePAM

+

使用PAM登录认证

+

yes

+

+

AllowTcpForwarding

+

设置是否允许TCP转发

+

no

+

+

Subsystem sftp /usr/libexec/openssh/sftp-server

+

sftp日志记录级别,记录INFO级别以及认证日志。

+

-l INFO -f AUTH

+

+

AllowAgentForwarding

+

设置是否允许SSH Agent转发

+

no

+

+

GatewayPorts

+

设置是否允许连接到转发客户端端口

+

no

+

+

PermitTunnel

+

Tunnel设备是否允许使用

+

no

+

+

KexAlgorithms

+

设置SSH密钥交换算法

+

curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

+ 		  

LoginGraceTime

+

限制用户必须在指定的时限内认证成功,0 表示无限制。缺省值是 60 秒。

+

60

+

+
+ + >![](./public_sys-resources/icon-note.gif) **说明:** + >默认情况下,登录SSH前后显示的提示信息保存在/etc/issue.net文件中,/etc/issue.net默认信息为“Authorized users only. All activities may be monitored and reported.”。 + +- 客户端加固策略 + + SSH服务的所有加固项均保存在配置文件/etc/ssh/ssh\_config中,客户端各加固项的含义、加固建议以及openEuler默认是否已经加固为建议加固值请参见[表2](#zh-cn_topic_0152100390_tb289c5a6f1c7420ab4339187f9018ea4)。 + + **表 2** SSH客户端加固项说明 + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

加固建议

+

openEuler默认是否已加固为建议值

+

KexAlgorithms

+

设置SSH密钥交换算法

+

ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256

+

+

VerifyHostKeyDNS

+

是否使用DNS或者SSHFP资源记录验证HostKey

+

ask

+

+
+ + >![](./public_sys-resources/icon-note.gif) **说明:** + >对于使用dh算法进行密钥交换的第三方客户端和服务端工具,要求允许建立连接的最低长度为2048bits。 + +### 其他安全建议 + +- SSH服务仅侦听指定IP地址 + + 出于安全考虑,建议用户在使用SSH服务时,仅在必需的IP上进行绑定侦听,而不是侦听0.0.0.0,可修改/etc/ssh/sshd\_config文件中的ListenAddress配置项。 + + 1. 打开并修改/etc/ssh/sshd\_config文件 + + ```sh + # vi /etc/ssh/sshd_config + ``` + + 修改内容如下,表示绑定侦听IP为 _192.168.1.100_,用户可根据实际情况修改需要侦听的IP + + ```Conf + ... + ListenAddress 192.168.1.100 + ... + ``` + + 2. 重启SSH服务 + + ```sh + # systemctl restart sshd.service + ``` + +- 限制SFTP用户向上跨目录访问 + + SFTP是FTP over SSH的安全FTP协议,对于访问SFTP的用户建议使用专用帐号,只能上传或下载文件,不能用于SSH登录,同时对SFTP可以访问的目录进行限定,防止目录遍历攻击,具体配置如下: + + >![](./public_sys-resources/icon-note.gif) **说明:** + >sftpgroup为示例用户组,sftpuser为示例用户名。 + + 1. 创建SFTP用户组 + + ```sh + # groupadd sftpgroup + ``` + + 2. 创建SFTP根目录 + + ```sh + # mkdir /sftp + ``` + + 3. 修改SFTP根目录属主和权限 + + ```sh + # chown root:root /sftp + # chmod 755 /sftp + ``` + + 4. 创建SFTP用户 + + ```sh + # useradd -g sftpgroup -s /sbin/nologin sftpuser + ``` + + 5. 设置SFTP用户的口令 + + ```sh + # passwd sftpuser + ``` + + 6. 创建SFTP用户上传目录 + + ```sh + # mkdir /sftp/sftpuser + ``` + + 7. 修改SFTP用户上传目录属主和权限 + + ```sh + # chown root:root /sftp/sftpuser + # chmod 777 /sftp/sftpuser + ``` + + 8. 修改/etc/ssh/sshd\_config文件 + + ```sh + # vi /etc/ssh/sshd_config + ``` + + 修改内容如下: + + ```sh + #Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH + Subsystem sftp internal-sftp -l INFO -f AUTH + ... + + Match Group sftpgroup + ChrootDirectory /sftp/%u + ForceCommand internal-sftp + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- %u代表当前sftp用户的用户名,这是一个通配符,用户原样输入即可。 + >- 以下内容必须加在/etc/ssh/sshd\_config文件的末尾。 + > + > ```Conf + > Match Group sftpgroup + > ChrootDirectory /sftp/%u + > ForceCommand internal-sftp + > ``` + + 9. 重启SSH服务 + + ```sh + # systemctl restart sshd.service + ``` + +- SSH远程执行命令 + + OpenSSH通用机制,在远程执行命令时,默认不开启tty,如果执行需要密码的命令,密码会明文回显。出于安全考虑,建议用户增加-t选项,确保密码输入安全。如下: + + ```sh + # ssh -t testuser@192.168.1.100 su + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >192.168.1.100为示例IP,testuser为示例用户。 diff --git a/docs/zh/server/security/shangmi/_toc.yaml b/docs/zh/server/security/shangmi/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..451626cb29004db91f8f7630fab9e90dc2a43a9b --- /dev/null +++ b/docs/zh/server/security/shangmi/_toc.yaml @@ -0,0 +1,26 @@ +label: 国密 +isManual: true +description: 对操作系统的关键安全特性进行国密算法使能 +sections: + - label: 概述 + href: ./overview.md + - label: 磁盘加密 + href: ./drive_encryption.md + - label: 内核模块签名 + href: ./kernel_module_signing.md + - label: 算法库 + href: ./algorithm_library.md + - label: 文件完整性保护 + href: ./file_integrity_protection.md + - label: 用户身份鉴别 + href: ./user_identity_authentication.md + - label: 证书 + href: ./certificates.md + - label: 安全启动 + href: ./secure_boot.md + - label: SSH协议栈 + href: ./ssh_stack.md + - label: TLCP协议栈 + href: ./tlcp_stack.md + - label: RPM支持国密签名验签 + href: ./rpm_signature_verification.md diff --git a/docs/zh/server/security/shangmi/algorithm_library.md b/docs/zh/server/security/shangmi/algorithm_library.md new file mode 100644 index 0000000000000000000000000000000000000000..1f0468b07548234917287d4276919b15a678b73f --- /dev/null +++ b/docs/zh/server/security/shangmi/algorithm_library.md @@ -0,0 +1,194 @@ +# 算法库 + +## openSSL加密接口 + +openSSL是常用的密码算法库软件,当前已经支持商密算法SM2/3/4,用户可以通过命令行或API调用商密算法的加解密功能。 + +### 前置条件 + +openSSL大于或等于1.1.1m-6版本: + +``` +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` + +### 如何使用 + +#### 场景1:使用命令行调用密码算法 + +1. SM2公钥算法 + +生成SM2私钥: + +``` +$ openssl ecparam -genkey -name SM2 -out priv.key +``` + +根据私钥生成公钥: + +``` +$ openssl ec -in priv.key -pubout -out pub.key +read EC key +writing EC key +``` + +使用SM2算法对文件进行签名,摘要算法指定为SM3: + +``` +$ openssl dgst -sm3 -sign priv.key -out data.sig data +``` + +使用公钥进行验签: + +``` +$ openssl dgst -sm3 -verify pub.key -signature data.sig data +Verified OK +``` + +2. SM3摘要算法 + +使用SM3算法计算数据摘要: + +``` +$ openssl dgst -sm3 data +SM3(data)= a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 +``` + +3. SM4对称加密算法 + +使用SM4算法对数据进行加密,其中-K和-iv分别指定加密所使用的key值和iv值,通常需要随机生成: + +``` +$ openssl enc -sm4 -in data -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.enc +``` + +使用SM4算法对数据进行解密: + +``` +$ openssl enc -d -sm4 -in data.enc -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.raw +``` + +对比加解密数据,结果一致: + +``` +$ diff data data.raw +``` + +#### 场景2:使用API调用密码算法 + +可直接安装openssl-help并查询man手册: + +``` +$ yum install openssl-help +$ man sm2 +$ man EVP_sm3 +$ man EVP_sm4_cbc +``` + +## 内核加密接口 + +### 概述 + +Linux内核的加密算法采用crypto框架管理,不同的算法实现在crypto框架中分别进行注册和调用。openEuler提供的5.10内核提供了对商密算法(SM2/3/4)的支持,其中SM2/3算法默认编译在内核中,SM4算法以内核模块的形式提供。 + +### 前置条件 + +内核大于或等于5.10.0-106版本: + +``` +# rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +### 如何使用 + +#### 场景1:查询内核支持的加密算法 + +通过/proc/crypto查询已注册的商密算法,其中SM2/SM3算法默认加载: + +``` +$ cat /proc/crypto | grep sm3 -A8 +name : sm3 +driver : sm3-generic +module : kernel +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : shash +blocksize : 64 +digestsize : 32 + +$ cat /proc/crypto | grep sm2 -A6 +name : sm2 +driver : sm2-generic +module : kernel +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : akcipher +``` + +sm4算法默认不加载,需要先插入对应模块: + +``` +$ modprobe sm4-generic +$ cat /proc/crypto | grep sm4 -A8 +name : sm4 +driver : sm4-generic +module : sm4_generic +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : cipher +blocksize : 16 +min keysize : 16 +max keysize : 16 +``` + +#### 场景2:算法API调用 + +商密算法的调用和其他相同类型的算法调用方法一致,可参考Linux内核文档: + +``` +https://www.kernel.org/doc/html/v5.10/crypto/userspace-if.html +``` + +#### 场景3:指令集优化 + +Crypto框架支持注册架构相关的算法实现,可以通过特定指令集实现算法性能的优化。当前openEuler 5.10内核支持的指令集优化包括: + +| 驱动 | 指令集支持 | 优先级 | +| -------------------------------- | ---------------------- | ------ | +| sm4-neon(ecb/cbc/cfb/ctr) | ARM64-NEON指令集 | 200 | +| sm3-avx | X86-AVX指令集 | 300 | +| sm4-aesni-avx (ecb/cbc/cfb/ctr) | X86-AVX指令集 | 400 | +| sm4-aesni-avx 2(ecb/cbc/cfb/ctr) | X86-AVX2指令集 | 500 | + +当同一个算法注册多个实例时,按照各个算法实例注册的priority选择默认的算法实现,priority数值越大则优先级越高,纯软件的算法实现(后缀为-generic)的priority固定为100。商密算法的指令集优化不默认使能,以内核模块的形式对用户提供,如使能SM3算法的AVX指令集优化的方法为: + +``` +$ modprobe sm3-avx +$ cat /proc/crypto | grep sm3 -A8 +name : sm3 +driver : sm3-avx +module : sm3_avx_x86_64 +priority : 300 +refcnt : 1 +selftest : passed +internal : no +type : shash +blocksize : 64 +digestsize : 32 + +...... +``` + +#### 注意事项 + +1. 算法指令集优化使能的前提是CPU支持对应指令集,可以通过/proc/cpuinfo接口查询当前CPU支持的指令集; +2. 特定指令集的调用本身存在一定开销,因此并不能保证在所有的场景下,指令集优化的性能都高于软件实现; +3. 部分指令集优化存在一定限制,如neon指令集仅在支持并行计算的加密模式下存在优化效果。 diff --git a/docs/zh/server/security/shangmi/certificates.md b/docs/zh/server/security/shangmi/certificates.md new file mode 100644 index 0000000000000000000000000000000000000000..53668592fe4366f73224c65fce327e268ad7dc93 --- /dev/null +++ b/docs/zh/server/security/shangmi/certificates.md @@ -0,0 +1,89 @@ +# 证书 + +## 概述 + +商密证书指的是满足《SM2椭圆曲线公钥密码算法》以及《基于SM2密码算法的数字证书格式规范》等标准的数字证书。openEuler发布的openSSL软件提供了对商密证书的支持。 + +## 前置条件 + +openSSL大于或等于1.1.1m-6版本: + +``` +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` + +## 如何使用 + +### 场景1:生成商密证书 + +1. 生成SM2签名私钥: + +``` +$ openssl ecparam -genkey -name SM2 -out sm2.key +``` + +2. 生成签名请求: + +``` +$ openssl req -new -sm3 -key sm2.key -out sm2.csr +``` + +3. 生成商密证书(可使用-extfile指定证书配置文件): + +``` +$ openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt +``` + +4. 查看证书信息: + +``` +$ openssl x509 -text -in sm2.crt +``` + +### 场景2:构建证书链 + +#### 使用x509命令(一般用于功能测试) + +1. 生成CA私钥和证书: + +``` +$ openssl ecparam -genkey -name SM2 -out ca.key +$ openssl req -new -sm3 -key ca.key -out ca.csr +$ openssl x509 -req -days 3650 -signkey ca.key -in ca.csr -out ca.crt +``` + +1. 生成二级签名私钥和签名请求: + +``` +$ openssl ecparam -genkey -name SM2 -out sm2.key +$ openssl req -new -sm3 -key sm2.key -out sm2.csr +``` + +2. 基于一级证书生成二级证书(可使用-extfile指定证书配置文件): + +``` +$ openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -in sm2.csr -out sm2.crt +``` + +#### 使用ca配置文件(一般用于正式场景) + +1. 准备用于生成证书的配置文件(可使用openssl源码目录下的apps/openssl.cnf); +2. 生成自签名CA证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.0以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +$ openssl ecparam -name SM2 -out SM2.pem +$ openssl req -config ./openssl.cnf -nodes -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr +$ openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt +``` + +3. 生成二级证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +$ openssl req -config ./openssl.cnf -nodes -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr +$ openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial +``` + +### 场景3:生成TLCP通信证书 + +详见《TLCP协议栈》章节。 diff --git a/docs/zh/server/security/shangmi/drive_encryption.md b/docs/zh/server/security/shangmi/drive_encryption.md new file mode 100644 index 0000000000000000000000000000000000000000..9b5bbca32bcd8b3dba20a47b00babd877ae6825c --- /dev/null +++ b/docs/zh/server/security/shangmi/drive_encryption.md @@ -0,0 +1,90 @@ +# 磁盘加密 + +## 概述 + +磁盘加密是对重要数据存储机密性进行保护,按照给定加密算法对数据进行加密后写入磁盘,从而保障重要数据的机密性。该特性主要涉及用户态工具cryptsetup和内核态的dm-crypt模块。当前openEuler操作系统提供的磁盘加密特性已支持商密算法。相关参数如下: + +- 加密模式:支持luks2和plain两种模式; +- 密钥长度:支持256位; +- 摘要算法:支持商密SM3算法; +- 加密算法:支持商密sm4-xts-plain64算法。 + +## 前置条件 + +1. 内核大于或等于5.10.0-106版本: + +``` +$ rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +2. cryptsetup大于或等于2.4.1-1版本: + +``` +$ rpm -qa cryptsetup +cryptsetup-2.4.1-1.oe2209.x86_64 +``` + +## 如何使用 + +通过将磁盘格式化成指定加密模式的磁盘,然后映射到/dev/mapper下作为dm设备,后续对磁盘的读写都通过该dm设备进行,数据的加解密过程由内核态完成,用户态不感知。参考步骤如下: + +1. 格式化磁盘,将磁盘映射为dm设备: + +a. luks2模式 + +加密模式使用luks2,加密算法使用sm4-xts-plain64,密钥大小为256位,摘要算法使用sm3: + +``` +# cryptsetup luksFormat /dev/sdd -c sm4-xts-plain64 --key-size 256 --hash sm3 +# cryptsetup luksOpen /dev/sdd crypt1 +``` + +b. plain模式 + +加密模式使用plain,加密算法使用sm4-xts-plain64,密钥大小为256位,摘要算法使用sm3: + +``` +# cryptsetup plainOpen /dev/sdd crypt1 -c sm4-xts-plain64 --key-size 256 --hash sm3 +``` + +2. 映射成功后可通过lsblk查看设备信息: + +``` +# lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +...... +sdd 8:48 0 50G 0 disk +└─crypt1 253:3 0 50G 0 crypt +...... +``` + +3. 对加密后的设备进行IO读写: + +直接对裸盘下发IO: + +``` +# dd if=/dev/random of=/dev/mapper/crypt1 bs=4k count=10240 +``` + +通过文件系统下发IO: + +``` +# mkfs.ext4 /dev/mapper/crypt1 +# mount /dev/mapper/crypt1 /mnt/crypt/ +# dd if=/dev/random of=/mnt/crypt/tmp bs=4k count=10240 +``` + +4. 关闭设备映射: + +如果挂载了文件系统,需要先卸载: + +``` +# umount /mnt/crypt +``` + +关闭设备: + +``` +# cryptsetup close crypt1 +``` diff --git a/docs/zh/server/security/shangmi/file_integrity_protection.md b/docs/zh/server/security/shangmi/file_integrity_protection.md new file mode 100644 index 0000000000000000000000000000000000000000..ba5628edfb7c8125d436dee0f2960366979b539c --- /dev/null +++ b/docs/zh/server/security/shangmi/file_integrity_protection.md @@ -0,0 +1,439 @@ +# 文件完整性保护 + +## 内核完整性度量架构(IMA) + +IMA全称Integrity Measurement Architecture,是Linux内核提供的强制访问控制子系统,通过在文件访问系统调用添加检查hook,实现文件的完整性度量/校验。 + +### 前置条件 + +1. 准备openEuler内核编译环境,可参考: + +2. 建议选取最新内核源码进行编译; + +3. 生成IMA校验证书(仅评估模式涉及): + + ``` + # 生成证书配置文件(配置文件其他字段可按需定义) + echo 'subjectKeyIdentifier=hash' > ima.cfg + echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg + echo 'keyUsage=digitalSignature,nonRepudiation' >> ima.cfg + # 生成SM2签名私钥 + # openssl ecparam -genkey -name SM2 -out ima.key + # 生成签名请求 + # openssl req -new -sm3 -key ima.key -out ima.csr + # 生成SM2证书 + # openssl x509 -req -days 3650 -extfile ima.cfg -signkey ima.key -in ima.csr -out ima.crt + ``` + +4. 将根证书放置到内核源码目录,并修改内核编译选项CONFIG_SYSTEM_TRUSTED_KEYS,将指定证书编译到内核TRUSTED密钥中(仅评估模式涉及): + + ```sh + # cp /path/to/ima.crt . + # make openeuler_defconfig + # cat .config | grep CONFIG_SYSTEM_TRUSTED_KEYS + CONFIG_SYSTEM_TRUSTED_KEYS="ima.crt" + ``` + +5. 编译并安装内核(仅评估模式涉及): + + ```sh + make -j64 + make modules_install + make install + ``` + +### 如何使用 + +### 场景1:原生IMA + +#### IMA度量模式 + +启动参数配置IMA策略和摘要算法,关闭IMA评估模式,重启系统: + +```text +ima_policy=tcb ima_hash=sm3 ima_appraise=off +``` + +检查度量日志,可以发现IMA对于所有目标保护文件都进行了度量,且摘要算法为SM3: + +```sh +# cat /sys/kernel/security/ima/ascii_runtime_measurements +10 601989730f01fb4688bba92d0ec94340cd90757f ima-sig sm3:0000000000000000000000000000000000000000000000000000000000000000 boot_aggregate +10 dc0a98316b03ab15edd2b8daae75a0d64bca7c56 ima-sig sm3:3c62ee3c13ee32d7a287e04c843c03ebb428a5bb3dd83561efffe9b08444be22 /usr/lib/systemd/systemd +10 1d0a5140e3924e2542963ad887a80def0aa8acac ima-sig sm3:4d3b83e143bd9d5288ef099eff4d01444947516d680165c6dd08cd5900768032 /usr/lib64/ld-linux-x86-64.so.2 +...... +``` + +#### IMA评估模式(hash) + +启动参数配置IMA策略和摘要算法,开启IMA评估fix模式,重启系统: + +```text +ima_policy=appraise_tcb ima_hash=sm3 ima_appraise=fix +``` + +appraise_tcb代表对所有 root 属主的文件进行评估。 + +对所有需要评估的文件进行一次open操作,以自动标记ima扩展属性: + +```sh +# find / -fstype ext4 -type f -uid 0 -exec dd if='{}' of=/dev/null count=0 status=none \; +``` + +完成标记后,可以看到所有的文件都标记了SM3摘要算法的ima扩展属性: + +```sh +getfattr -m - -d -e hex /bin/bash +getfattr: Removing leading '/' from absolute path names +# file: bin/bash +security.ima=0x0411a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 +security.selinux=0x73797374656d5f753a6f626a6563745f723a7368656c6c5f657865635f743a733000 + +openssl dgst -sm3 /bin/bash +SM3(/bin/bash)= a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 +``` + +开启enforce模式后重启,系统可正常运行: + +```text +ima_policy=appraise_tcb ima_hash=sm3 ima_appraise=enforce +``` + +#### IMA评估模式(签名) + +**前置条件:** + +1. 内核预置商密根证书; +2. 安装ima-evm-utils软件包,且大于或等于指定版本: + +```sh +$ rpm -qa ima-evm-utils +ima-evm-utils-1.3.2-4.oe2209.x86_64 +``` + +对需要进行保护的文件执行签名操作,如此处对/usr/bin目录下所有root用户的可执行文件进行签名: + +```sh +# find /usr/bin -fstype ext4 -type f -executable -uid 0 -exec evmctl -a sm3 ima_sign --key /path/to/ima.key '{}' \; +``` + +开启enforce模式后重启,系统可正常运行: + +```text +ima_policy=appraise_tcb ima_hash=sm3 ima_appraise=enforce +``` + +检查签名模式的保护效果: + +```sh +# getfattr -m - -d /bin/echo +getfattr: Removing leading '/' from absolute path names +# file: bin/echo +security.ima=0sAwIRNJFkBQBIMEYCIQDLBg/bYlrkBqSaXNQMyK7rhiZj+qRiKdu+0fqW8lSmPQIhAJY2qSZJ0HgSu7kygydrS4MCC0KTK59nUkvISenZAUCo +security.selinux="system_u:object_r:bin_t:s0" + +# echo 123 >> /bin/echo +-bash: /bin/echo: Permission denied +``` + +**注意事项:** + +对于每一个在IMA防护范围内的文件,都需要选择使用hash模式和签名模式其中之一的方法标记完整性信息。一般情况下,对于可能发生变化的文件(如数据文件、配置文件等)采用hash模式标记,对于不会发生变化的文件(如可执行文件、动态链接库等)采用签名模式标记。 + +### 场景2:IMA摘要列表模式 + +#### 生成SM3摘要列表 + +gen_digest_lists支持-a sm3参数,支持生成SM3摘要列表: + +```sh +gen_digest_lists -a sm3 -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/bash -d -i i: +gen_digest_lists -a sm3 -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/bash -d -i i: -T +``` + +#### 配置SM3摘要算法 + +整体步骤与开启IMA摘要列表特性相同,唯一区别在于将ima_hash启动参数配置为SM3。启动参数参考配置如下: + +```sh +# log模式 +ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sm3 ima_appraise=log evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest +# enforce模式 +ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sm3 ima_appraise=enforce-evm evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest +``` + +其余步骤可参考 **管理员指南->可信计算->摘要列表场景初次部署** 章节。 + +配置完成后重启系统,通过查询度量日志可以看到,度量日志中的默认算法已变成SM3: + +```sh +cat /sys/kernel/security/ima/ascii_runtime_measurements +...... +11 9e32183b5b1da72c6ff4298a44026e3f9af510c9 ima-sig sm3:5a2d81cd135f41e73e0224b9a81c3d8608ccde8caeafd5113de959ceb7c84948 /usr/bin/upload_digest_lists +11 f3b9264761dbaeaf637d08b86cc3655e8f3380f7 ima-sig sm3:cc6faecee9976c12279dab1627a78ef36f6998c65779f3b846494ac5fe5493a1 /usr/libexec/rpm_parser +11 dc0a98316b03ab15edd2b8daae75a0d64bca7c56 ima-sig sm3:3c62ee3c13ee32d7a287e04c843c03ebb428a5bb3dd83561efffe9b08444be22 /usr/lib/systemd/systemd +...... +``` + +#### 配置SM2证书校验摘要列表(评估模式) + +**前置条件:** + +1. 内核预置商密根证书; +2. 安装digest-list-tools和ima-evm-utils软件包,且大于或等于指定版本: + +```sh +# rpm -qa ima-evm-utils +ima-evm-utils-1.3.2-4.oe2209.x86_64 +# rpm -qa digest-list-tools +digest-list-tools-0.3.95-10.oe2209.x86_64 +``` + +**执行步骤**: + +将IMA摘要列表使用IMA/EVM证书对应的私钥进行签名,签名后可被正常导入内核: + +```sh +# 使用evmctl对摘要列表进行签名 +# evmctl ima_sign --key /path/to/ima.key -a sm3 0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 +# 检查签名后的扩展属性 +# getfattr -m - -d 0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 +file: 0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 +security.ima=0sAwIRNJFkBQBHMEUCIQCzdKVWdxw1hoVm9lgZB6sl+sxapptUFNjqHt5XZD87hgIgBMuZqBdrcNm7fXq/reQw7rzY/RN/UXPrIOxrVvpTouw= +security.selinux="unconfined_u:object_r:admin_home_t:s0" +# 将签名后的摘要列表文件导入内核 +# echo /root/tree/etc/ima/digest_lists/0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 > /sys/kernel/security/ima/digest_list_data +# 检查度量日志,可以看到摘要列表的导入记录 +# cat /sys/kernel/security/ima/ascii_runtime_measurements +11 43b6981f84ba2725d05e91f19577cedb004adffb ima-sig sm3:b9430bbde2b7f30e935d91e29ab6778b6a825a2c3e5e7255895effb8747b7c1a /root/tree/etc/ima/digest_lists/0-metadata_list-compact-tree-1.8.0-2.oe2209.x86_64 0302113491640500473045022100b374a556771c35868566f6581907ab25facc5aa69b5414d8ea1ede57643f3b86022004cb99a8176b70d9bb7d7abfade430eebcd8fd137f5173eb20ec6b56fa53a2ec +``` + +**注意:** + +1. openEuler默认提供的摘要列表中使用的哈希算法为SHA256。当IMA摘要列表度量算法配置为SM3算法时,必须将/etc/ima/digest_lists目录下的摘要列表移除,然后重新生成并签名,否则会导致文件完整性校验错误。参考步骤如下: + + ```sh + # 重置磁盘SELinux标签(开启IMA扩展属性校验,并开启SELinux时执行) + fixfiles -F restore + # 为所有文件生成摘要列表(也可自行设置生成范围) + gen_digest_lists -a sm3 -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/ -d /etc/ima/digest_lists -i i: + # 修改生成的摘要列表文件名(可选) + mv /etc/ima/digest_lists/0-metadata_list-compact- /etc/ima/digest_lists/0-metadata_list-compact-everything-sm3 + # 签名 + evmctl ima_sign --key /path/to/ima.key -a sm3 /etc/ima/digest_lists/0-metadata_list-compact-everything-sm3 + # 重新制作initrd + dracut -f -e xattr + ``` + +2. 对于openEuler发布的软件包,会默认提供IMA摘要列表文件。由于默认提供的摘要算法为sha256,因此当摘要算法切换为SM3时,会导致openEuler发布的摘要列表无法被导入,在软件包安装过程中可能出现提示信息: + + ```sh + Cannon parse /etc/ima/digest_lists/0-metadata_list-rpm-...... + ``` + +3. 当前openEuler 24.03内核暂不支持二级商密IMA证书(/etc/keys/x509_ima.der和/etc/keys/x509_evm.der)导入。 + +## 轻量入侵检测(AIDE) + +AIDE是一款轻量级的入侵检测工具,主要通过检测文件的完整性,以及时发现针对系统的恶意入侵行为。AIDE数据库能够使用sha256、sha512等哈希算法,用密文形式建立每个文件的校验码或散列号。openEuler提供的AIDE在开源软件的基础上新增了对SM3算法的支持。 + +### 前置条件 + +AIDE大于或等于0.17.4-1版本: + +```sh +$ rpm -qa aide +aide-0.17.4-1.oe2209.x86_64 +``` + +### 如何使用 + +修改/etc/aide.conf配置文件,添加SM3算法支持: + +```sh +...... +FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256+sm3 +...... +DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256+sm3 +...... +``` + +3. 初始化数据库,并保存数据库作为基准: + +初始化数据库 + +```sh +aide -c /etc/aide.conf -i +``` + +示例输出如下: + +```text +AIDE initialized database at /var/lib/aide/aide.db.new.gz + +Number of entries: 64249 + +--------------------------------------------------- +The attributes of the (uncompressed) database(s): +--------------------------------------------------- + +/var/lib/aide/aide.db.new.gz + MD5 : a7y5ErdpBAezV2iGdaVleg== + SHA1 : u7W7jxomFtZn8rwMlkIRCN0r7iQ= + SHA256 : 88Kw5b2yJ9bejwO+NqT6lyAieno+K0+W + BPVBjXcUl08= + SHA512 : WyOIgRxk9SeSoktF6BYVV0tRL7nGNDKQ + A9QyxVCgzg+PwPMV7tzxmwOZI/dB64pP + vQ/D2jqJdf3NS2PHMI4yvg== + RMD160 : qTEPs2SIxPm3iEwsCnwvp9hR4s4= + TIGER : 0HgLucmhCcB56bxOMj+j1Kuja8UIsFRg + CRC32 : VKE1TA== + WHIRLPOOL : JSA35/NmkMOkUWEpcZJf3PR1UUz5WcLG + AmBKPkao3fzQUsLMTJizCV4CwAE0G/Yc + KX0mpW5vx+gk3njya8rAvA== + GOST : yKjiytOwRr3bJcFsxnJ310t1FY6YE3HB + YNT8XP93xpc= + STRIBOG256: 9bzS+5j4ZAoU/P7v3tkKOWn4ZfggcX28 + 9dLQVhaiJtQ= + STRIBOG512: 9LLXgqsRIRiXP2WOrOJt1qhx6psfbACd + un+GTVmu441quX4zaaPIIG9lzDMBAqMg + hZx5DlxsQj3YjMezSUsXLg== + SM3 : Vwii+uw3Ge5Hh3eo1KOombxn2jWgyYRX + ZdyCRZqWZ/E= + + +End timestamp: 2022-08-12 09:01:25 +0800 (run time: 2m 43s) +``` + +保存数据库作为基准: + +```sh +mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz +``` + +### 场景1:检测被保护文件变化 + +```sh +$ aide -c /etc/aide.conf --check +--------------------------------------------------- +Detailed information about changes: +--------------------------------------------------- + +File: /boot/config-5.10.0-106.3.0.57.oe2209.aarch64 + Size : 182936 | 182938 + Mtime : 2022-08-04 08:00:00 +0800 | 2022-08-12 09:05:34 +0800 + Ctime : 2022-08-11 01:42:44 +0800 | 2022-08-12 09:05:34 +0800 + SHA256 : ae0fOzf7U+e/evTZKpk6JQa00kvSkc5J | gOlhcUgnZWhcyJYMEPxCYccXwFr9lERX + vMTX5Ysh+1k= | KK3O/ytfR/g= + SHA512 : zAPIxIAM7YvJPjwl/PH23leBb/HiO0Rf | p+WxVOZ6DX323rHDRF864w297yh7POk6 + PlRME7yvpzFZk/5BrNe2ofQWR/0sFu1m | 11dOzahlKTWpAKaexC/u+4REiCzjl1rm + JsDSy8m57wzCpJA9iUFq1g== | eb/kd3Xgp1LoKwn49mtqxw== + SM3 : CW0GnITxNeGeYOCAm4xfu78Vqm+wLp/Z | GWq/3nXL16tMYyxyFD/HTZbvJi2h+ttg + cOmXmIKJT4Q= | 6d8XmSHu26A= +``` + +### 场景2:更新数据库 + +执行以下命令进行数据库更新,更新后数据库文件为 /var/lib/aide/aide.db.new.gz: + +```sh +$ aide -c /etc/aide.conf --update +--------------------------------------------------- +Detailed information about changes: +--------------------------------------------------- + +File: /boot/config-5.10.0-106.3.0.57.oe2209.aarch64 + Size : 182936 | 182938 + Mtime : 2022-08-04 08:00:00 +0800 | 2022-08-12 09:05:34 +0800 + Ctime : 2022-08-11 01:42:44 +0800 | 2022-08-12 09:05:34 +0800 + SHA256 : ae0fOzf7U+e/evTZKpk6JQa00kvSkc5J | gOlhcUgnZWhcyJYMEPxCYccXwFr9lERX + vMTX5Ysh+1k= | KK3O/ytfR/g= + SHA512 : zAPIxIAM7YvJPjwl/PH23leBb/HiO0Rf | p+WxVOZ6DX323rHDRF864w297yh7POk6 + PlRME7yvpzFZk/5BrNe2ofQWR/0sFu1m | 11dOzahlKTWpAKaexC/u+4REiCzjl1rm + JsDSy8m57wzCpJA9iUFq1g== | eb/kd3Xgp1LoKwn49mtqxw== + SM3 : CW0GnITxNeGeYOCAm4xfu78Vqm+wLp/Z | GWq/3nXL16tMYyxyFD/HTZbvJi2h+ttg + cOmXmIKJT4Q= | 6d8XmSHu26A= +``` + +### 场景3:比较数据库 + +在/etc/aide.conf中配置两个数据库: + +```sh +# The location of the database to be read. +database_in=file:@@{DBDIR}/aide.db.gz +database_new=file:@@{DBDIR}/aide.db.new.gz +``` + +执行以下命令进行数据库比较: + +```sh +$ aide -c /etc/aide.conf --compare +--------------------------------------------------- +Detailed information about changes: +--------------------------------------------------- + +File: /boot/config-5.10.0-106.3.0.57.oe2209.aarch64 + Size : 182936 | 182938 + Mtime : 2022-08-04 08:00:00 +0800 | 2022-08-12 09:05:34 +0800 + Ctime : 2022-08-11 01:42:44 +0800 | 2022-08-12 09:05:34 +0800 + SHA256 : ae0fOzf7U+e/evTZKpk6JQa00kvSkc5J | gOlhcUgnZWhcyJYMEPxCYccXwFr9lERX + vMTX5Ysh+1k= | KK3O/ytfR/g= + SHA512 : zAPIxIAM7YvJPjwl/PH23leBb/HiO0Rf | p+WxVOZ6DX323rHDRF864w297yh7POk6 + PlRME7yvpzFZk/5BrNe2ofQWR/0sFu1m | 11dOzahlKTWpAKaexC/u+4REiCzjl1rm + JsDSy8m57wzCpJA9iUFq1g== | eb/kd3Xgp1LoKwn49mtqxw== + SM3 : CW0GnITxNeGeYOCAm4xfu78Vqm+wLp/Z | GWq/3nXL16tMYyxyFD/HTZbvJi2h+ttg + cOmXmIKJT4Q= | 6d8XmSHu26A= + +--------------------------------------------------- +The attributes of the (uncompressed) database(s): +--------------------------------------------------- + +/var/lib/aide/aide.db.gz + MD5 : a7y5ErdpBAezV2iGdaVleg== + SHA1 : u7W7jxomFtZn8rwMlkIRCN0r7iQ= + SHA256 : 88Kw5b2yJ9bejwO+NqT6lyAieno+K0+W + BPVBjXcUl08= + SHA512 : WyOIgRxk9SeSoktF6BYVV0tRL7nGNDKQ + A9QyxVCgzg+PwPMV7tzxmwOZI/dB64pP + vQ/D2jqJdf3NS2PHMI4yvg== + RMD160 : qTEPs2SIxPm3iEwsCnwvp9hR4s4= + TIGER : 0HgLucmhCcB56bxOMj+j1Kuja8UIsFRg + CRC32 : VKE1TA== + WHIRLPOOL : JSA35/NmkMOkUWEpcZJf3PR1UUz5WcLG + AmBKPkao3fzQUsLMTJizCV4CwAE0G/Yc + KX0mpW5vx+gk3njya8rAvA== + GOST : yKjiytOwRr3bJcFsxnJ310t1FY6YE3HB + YNT8XP93xpc= + STRIBOG256: 9bzS+5j4ZAoU/P7v3tkKOWn4ZfggcX28 + 9dLQVhaiJtQ= + STRIBOG512: 9LLXgqsRIRiXP2WOrOJt1qhx6psfbACd + un+GTVmu441quX4zaaPIIG9lzDMBAqMg + hZx5DlxsQj3YjMezSUsXLg== + SM3 : Vwii+uw3Ge5Hh3eo1KOombxn2jWgyYRX + ZdyCRZqWZ/E= + +/var/lib/aide/aide.db.new.gz + MD5 : sKt4dVDKY/8A9EY/X4Ue2A== + SHA1 : hagLXMv7G+KbEKh861kjjFSYpRw= + SHA256 : HTHF7k5U294ECjCLneoZ3o8bH6PYgY5u + AzoIyCacZp4= + SHA512 : 5gWi7K/ztWMl7H+PK1doV/tWDHmaE2m/ + ndRXGR7b5J3v82Jv2HeJPoOt5A4Z/9FH + 5H+uCLYaHwRleyalyy5Wew== + RMD160 : uMM1HtAbfz+G3Y9Z+rVR4qjdqcQ= + TIGER : OTHdXNQOxnHnOl6C9M3czSC42+SeZAZA + CRC32 : T9G1Tw== + WHIRLPOOL : FRMnQ2wHgylsTmpKE8RwdUvkzXucHwu1 + W9ZkUrxoXeci2g7jIgoMmpoeDPhH73qz + nZ7fKj1lStSpiUGD5KPeWA== + GOST : haeO5dhT+t34C1GJf+2dc3q1GMN71FqB + kqoiODo+j2o= + STRIBOG256: lgZUZhhd9JfMOXgNzYptapqagwgmvdM+ + 7uWzJsmOxoY= + STRIBOG512: PA6jksprS37xQzHm1ZIvLR9ROa+FxoiF + /xbAe0pSi4lMXXzABrPKkjyK0WtjxFvx + 07Poj2iDwNNcUJWekbaEXA== + SM3 : R5/HXng5MNvrjoCh8/JzrWle1IO8ggsR + P5i2ePX5BpY= +``` diff --git a/docs/zh/server/security/shangmi/kernel_module_signing.md b/docs/zh/server/security/shangmi/kernel_module_signing.md new file mode 100644 index 0000000000000000000000000000000000000000..ed342d923911518ac20cb8fe2a017d9840c66e70 --- /dev/null +++ b/docs/zh/server/security/shangmi/kernel_module_signing.md @@ -0,0 +1,107 @@ +# 内核模块签名 + +## 概述 + +内核模块签名机制是保护Linux内核安全的重要机制,通过在内核模块文件末尾按照一定格式追加签名信息,并在内核模块加载时检查签名是否与内核预置的公钥匹配,从而保障内核模块文件的真实性和完整性。 + +## 前置条件 + +1. 准备openEuler内核编译环境,可参考:https://gitee.com/openeuler/kernel/wikis/kernel; +2. 内核模块签名支持商密算法在openEuler 5.10内核支持,建议选取最新5.10内核源码进行编译; +3. 生成用于内核模块签名的SM2私钥和证书。使用openssl生成的参考命令如下: + +``` +# 生成证书配置文件(配置文件其他字段可按需定义) +$ echo 'subjectKeyIdentifier=hash' > mod.cfg +# 生成SM2签名私钥 +$ openssl ecparam -genkey -name SM2 -out mod.key +# 生成签名请求 +$ openssl req -new -sm3 -key mod.key -out mod.csr +# 生成SM2证书 +$ openssl x509 -req -days 3650 -extfile mod.cfg -signkey mod.key -in mod.csr -out mod.crt +``` + +## 如何使用 + +### 场景1:自动签名 + +将证书和私钥写入到mod.pem文件中: + +``` +$ cat /path/to/mod.key > mod.pem +$ cat /path/to/mod.crt >> mod.pem +``` + +在内核编译选项中配置使用SM3算法进行内核模块签名,参考步骤如下: + +``` +$ make openeuler_defconfig +$ make menuconfig +``` + +在图形界面中配置 Enable loadable module support -> Sign modules with SM3: + +``` +Which hash algorithm should modules be signed with? (Sign modules with SM3) +``` + +指定内核签名使用的私钥和证书从mod.pem中读取 Cryptographic API -> Certificates for signature checking: + +``` +(mod.pem) File name or PKCS#11 URI of module signing key +``` + +编译内核: + +``` +$ make -j64 +$ make modules_install +$ make install +``` + +通过modinfo检查内核模块的签名信息: + +``` +$ modinfo /usr/lib/modules/5.10.0/kernel/crypto/sm4.ko +filename: /usr/lib/modules/5.10.0/kernel/crypto/sm4.ko +license: GPL v2 +description: Generic SM4 library +srcversion: 371050FDB8BF9878D9B5B9B +depends: +retpoline: Y +intree: Y +name: sm4 +vermagic: 5.10.0 SMP mod_unload modversions +sig_id: PKCS#7 +signer: Internet Widgits Pty Ltd +sig_key: 33:0B:96:3E:1F:C1:CA:28:98:72:F5:AE:FF:3F:A4:F3:50:5D:E1:87 +sig_hashalgo: sm3 +signature: 30:45:02:21:00:81:96:8D:40:CE:7F:7D:AE:3A:4B:CC:DC:9A:F2:B4: + 16:87:3E:C3:DC:77:ED:BC:6E:F5:D8:F3:DD:77:2B:D4:05:02:20:3B: + 39:5A:89:9D:DC:27:83:E8:D8:B4:75:86:FF:33:2B:34:33:D0:90:76: + 32:4D:36:88:84:34:31:5C:83:63:6B +``` + +### 场景2:手动签名 + +在内核源码目录下调用sign_file对指定内核模块进行签名: + +``` +$ ./scripts/sign-file sm3 /path/to/mod.key /path/to/mod.crt +``` + +其余步骤与场景1相同。 + +### 场景3:模块加载校验 + +在内核启动参数中添加module.sig_enforce,开启内核模块强制签名校验: + +``` +linux /vmlinuz-5.10.0-106.1.0.55.oe2209.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap crashkernel=512M module.sig_enforce +``` + +重启系统后,只有通过指定证书校验的内核模块才能被正常加载: + +``` +# insmod /usr/lib/modules/5.10.0/kernel/crypto/sm4.ko +``` diff --git a/docs/zh/server/security/shangmi/overview.md b/docs/zh/server/security/shangmi/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..bac4db358ed3a0b22b75db08f73025d209ab4d5a --- /dev/null +++ b/docs/zh/server/security/shangmi/overview.md @@ -0,0 +1,27 @@ +# 概述 +国产商用密码算法(后文简称商密)属于商用的、不涉及国家秘密的密码技术。密码算法是信息系统的安全技术基础,在国际上已经有广泛使用的RSA、AES、SHA256等密码算法。与之相对的,国内也有一系列自主研发的密码算法,可以覆盖主流的应用场景。其中在操作系统场景,相对应用广泛的算法是SM2/3/4: +| 算法 | 是否公开 | 类型 | 应用场景 | +|---|---|---|---| +| SM2 | 是 | 非对称加解密算法 | 数字签名、密钥交换、加解密,广泛应用于PKI体系 | +| SM3 | 是 | 杂凑算法(哈希算法) | 应用于完整性保护、单向加密等通用场景 | +| SM4 | 是 | 对称加解密算法) | 数据加密存储、安全传输 | + +除此之外,还包括SM9、ZUC等公开算法,以及SM1、SM7等非公开算法。值得一提的是,所有已经公开的国产算法都已经纳入ISO/IEC标准,成为了被国际所认可的密码算法。围绕这些密码算法,我国制定并发布一系列密码技术规范和应用标准,如商密证书标准、TLCP协议栈等。它们共同构成了我国的商密标准体系,指导了国内的密码安全产业链的构建。 + +openEuler操作系统商密支持旨在对操作系统的关键安全特性进行商密算法使能,并为上层应用提供商密算法库、证书、安全传输协议等密码服务。 + +当前已支持的商密特性包括: + +1. openSSL/libgcrypt等用户态算法库支持SM2/3/4算法; +2. openSSH支持SM2/3/4商密算法套件; +3. openSSL支持商密TLCP协议栈; +4. 磁盘加密(dm-crypt/cryptsetup)支持SM3/SM4算法; +5. 用户身份鉴别(pam/libuser/shadow)支持SM3口令加密; +6. 入侵检测(AIDE)支持SM3摘要算法; +7. 内核加密框架(crypto)支持SM2/3/4算法,以及AVX/CE/NEON等指令集优化; +8. 内核完整性度量架构(IMA/EVM)支持SM3摘要算法和SM2证书; +9. 内核模块签名/验签支持SM2证书; +10. 内核KTLS支持SM4-CBC和SM4-GCM算法; +11. 鲲鹏KAE加速引擎支持SM3/4算法加速; +12. UEFI安全启动支持SM3摘要算法和SM2数字签名; +13. RPM支持国密SM2加解密算法+SM3摘要算法的签名及验签。 \ No newline at end of file diff --git a/docs/zh/server/security/shangmi/rpm_signature_verification.md b/docs/zh/server/security/shangmi/rpm_signature_verification.md new file mode 100644 index 0000000000000000000000000000000000000000..fc25d382d77937df5993d4b079a1de33d9c8e89f --- /dev/null +++ b/docs/zh/server/security/shangmi/rpm_signature_verification.md @@ -0,0 +1,85 @@ +# RPM验签 + +## 概述 + +openEuler当前采用RPM格式的软件包管理,RPM采用符合openPGP签名规范,openEuler-24.03-LTS-SP1版本发布的RPM软件在开源版本的基础上增加了对SM2/3算法的签名/验签功能支持。 + +对如下软件包进行商密使能: + +- GnuPG:gpg命令行应用程序支持生成国密签名 +- RPM:支持调用gpg命令以及openSSL API实现国密签名生成/验证 +- openSSL:支持国密签名验证(开源已支持) + +## 前置条件 + +1. openEuler操作系统安装的gnupg2、libgcrypt、rpm软件版本号需大于等于如下版本: + + ``` + $ rpm -qa libgcrypt + libgcrypt-1.10.2-3.oe2403sp1.x86_64 + + $ rpm -qa gnupg2 + gnupg2-2.4.3-5.oe2403sp1.x86_64 + + $ rpm -qa rpm + rpm-4.18.2-20.oe2403sp1.x86_64 + ``` +2. ecdsa的签名及验签仅支持sm2的 + +## 使用方法 + +1. 生成秘钥 + + 方法1: + ```sh + $ gpg --full-generate-key --expert + ``` + 方法2: + ```sh + $ gpg --quick-generate-key <密钥标识> sm2p256v1 + ``` + 中间会要求输入密码,后续操作秘钥或签名需要输入密码,若直接不输入,按回车,则表示无密码。 + +2. 导出证书 + + ```sh + $ gpg -o <证书路径> --export <密钥标识> + ``` +3. 打开配置sm3哈希算法和sm2算法的宏 + ``` + $ vim /usr/lib/rpm/macros + %_enable_sm2p256v1_sm3_algo 1 + ``` +4. 将证书导入rpm数据库 + ```sh + $ rpm --import <证书路径> + ``` +5. 编写签名所需的macro + + ``` + $ vim ~/.rpmmacros + %_signature gpg + %_gpg_path /root/.gnupg + %_gpg_name <密钥标识> + %_gpgbin /usr/bin/gpg2 + + %__gpg_sign_cmd %{shescape:%{__gpg}} \ + gpg --no-verbose --no-armor --no-secmem-warning --passphrase-file /root/passwd \ + %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \ + %{?_gpg_sign_cmd_extra_args} \ + %{?_gpg_name:-u %{shescape:%{_gpg_name}}} \ + -sbo %{shescape:%{?__signature_filename}} \ + %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + ``` + 其中%__gpg_sign_cmd信息为默认信息加上了--passphrase-file /root/passwd,passwd文件存的是密码,若步骤1没有设置密码,则无需添加。 + +6. 生成RPM包签名 + ```sh + $ rpmsign --addsign + ``` + +7. 验证RPM包签名 + ```sh + $ rpm -Kv + ``` + 如果输出中显示“Header V4 ECDSA/SM3 Signature”,并且显示“OK”,则说明签名验证成功。 diff --git a/docs/zh/server/security/shangmi/secure_boot.md b/docs/zh/server/security/shangmi/secure_boot.md new file mode 100644 index 0000000000000000000000000000000000000000..a61fe41cd2b488ae470bdfd69543586ee0eccedd --- /dev/null +++ b/docs/zh/server/security/shangmi/secure_boot.md @@ -0,0 +1,186 @@ +# 安全启动 + +安全启动是UEFI规范的标准功能,通过对系统启动中的各个组件进行逐级签名验证,实现启动过程的完整性和真实性保证。Linux系统的UEFI安全启动主要包括以下三个流程: + +1. BIOS通过内置证书验证shim组件的签名信息; +2. shim组件通过内置证书验证grub组件的签名信息; +3. grub组件通过shim组件提供的接口验证kernel组件的签名信息。 + +openEuler对EFI签名工具(pesign及其算法库nss)和shim进行了商密算法扩展支持,即支持使用SM3算法进行EFI文件的哈希计算,使用SM2数字签名算法进行EFI文件的签名/验签,从而建立基于商密算法的操作系统启动安全保障。 + +## 约束限制 + +- openEuler shim组件支持商密安全启动,即支持shim验签grub,grub验签kernel流程。shim组件的验签依赖BIOS支持; +- 需要基于支持UEFI安全启动的arm64/x86物理机运行; +- pesign工具最多支持二级证书签名; +- pesign工具当前仅支持生成签名,不支持验证签名。 + +## 前置条件 + +1. 系统中安装下列软件包且高于指定版本: + +```shell +openssl-1.1.1m-15.oe2203.aarch64 +nss-3.72.0-4.oe2203.aarch64 +pesign-115-2.oe2203.aarch64 +shim-15.6-7.oe2203.aarch64 +crypto-policies-20200619-3.git781bbd4.oe2203.noarch +``` + +2. 下载openEuler shim组件源码,注意需要检查spec文件中的版本号大于15.6-7: + +```shell +git clone https://gitee.com/src-openeuler/shim.git -b openEuler-{version} --depth 1 +``` + +3. 安装编译shim组件所需要的软件包: + +```shell +yum install elfutils-libelf-devel gcc gnu-efi gnu-efi-devel openssl-devel make git rpm-build +``` + +4. 检查nss是否使能SM3算法,如果未使能则按照如下所示修改: + +```shell +cat /usr/share/crypto-policies/DEFAULT/nss.txt | grep SM3 +config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048:SM3" +``` + +## 生成密钥和证书 + +1. 生成用于签名shim组件的密钥和证书,shim组件由BIOS校验签名,由于当前大部分BIOS不支持商密算法,此处选择使用RSA算法,如支持商密算法,可按照步骤2生成SM2密钥和证书: + +```shell +openssl genrsa -out rsa.key 4096 +openssl req -new -key rsa.key -out rsa.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot BIOS' +openssl x509 -req -days 365 -in rsa.csr -signkey rsa.key -out rsa.crt +openssl x509 -in rsa.crt -out rsa.der -outform der +``` + +2. 生成用签名grub和kernel组件的SM2密钥和证书: + +```shell +openssl ecparam -genkey -name SM2 -out sm2.key +openssl req -new -sm3 -key sm2.key -out sm2.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot shim' +openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt +openssl x509 -in sm2.crt -out sm2.der -outform der +``` + +3. 建立NSS数据库,并将以上两步骤生成的密钥和证书导入NSS数据库: + +```shell +# NSS数据库以目录形式组织,存放位置可自定义 +mkdir certdb +certutil -N -d certdb +# 将SM2证书和RSA证书导入NSS数据库,分别命名为sm2和rsa +certutil -A -n sm2 -d certdb -t CT,CT,CT -i sm2.crt +certutil -A -n rsa -d certdb -t CT,CT,CT -i rsa.crt +# 将SM2密钥和RSA密钥导入NSS数据库,需要先打包成pkcs12文件 +openssl pkcs12 -export -out rsa.p12 -inkey rsa.key -in rsa.crt +openssl pkcs12 -export -out sm2.p12 -inkey sm2.key -in sm2.crt +pk12util -d certdb -i rsa.p12 +pk12util -d certdb -i sm2.p12 +``` + +## 编译shim组件 + +1. 进入shim源码目录,修改shim.spec中的配置变量,开启商密算法支持,并指定内置SM2证书: + +```shell +%global enable_sm 1 +%global vendor_cert /path/to/sm2.der +``` + +2. 编译shim软件包: + +```shell +rpmbuild -ba shim.spec --define "_sourcedir $PWD" +``` + +3. 安装编译完成的shim软件包: + +```shell +rpm -Uvh ~/rpmbuild/RPMS/aarch64/shim-xxx.rpm +``` + +## UEFI文件商密签名 + +1. 使用RSA密钥和证书签名shim组件并替换: + +```shell +# arm64架构 +pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimaa64.efi -o shimaa64.efi.signed +cp shimaa64.efi.signed /boot/efi/EFI/openEuler/shimaa64.efi +# x86架构 +pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimx64.efi -o shimx64.efi.signed +cp shimx64.efi.signed /boot/efi/EFI/openEuler/shimx64.efi +``` + +2. 使用SM2密钥和证书签名grub组件并替换: + +```shell +# arm64架构 +pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubaa64.efi -o grubaa64.efi.signed -d sm3 +cp grubaa64.efi.signed /boot/efi/EFI/openEuler/grubaa64.efi +# x86架构 +pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubx64.efi -o grubx64.efi.signed -d sm3 +cp grubx64.efi.signed /boot/efi/EFI/openEuler/grubx64.efi +``` + +3. 使用SM2密钥和证书签名kernel组件并替换(注意文件名包含实际的版本号): + +```shell +# arm64架构,需要解压、签名、重新压缩 +cp /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz +gzip -d vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz +pesign -n certdb -c sm2 -s -i vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed -d sm3 +gzip vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed +cp vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed.gz /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 +# x86架构 +pesign -n certdb -c sm2 -s -i /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed -d sm3 +cp vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 +``` + +4. 检查签名信息,以shim和grub为例: + +```shell +pesign -S -i /boot/efi/EFI/openEuler/grubaa64.efi +pesign -S -i /boot/efi/EFI/openEuler/shimaa64.efi +``` + +## 安全启动 + +进入BIOS,导入shim组件的签名证书,并开启安全启动选项。不同的BIOS操作方法不同,以鲲鹏2280 v2服务器为例: + +1. 将签名shim组件的RSA证书放入/boot/efi/EFI/openEuler目录下: + +```shell +cp rsa.der /boot/efi/EFI/openEuler +``` + +2. 重启系统; + +3. 进入BIOS配置界面开启安全启动,配置路径: + +```shell +Setup->安全->安全启动->启用 +``` + +4. 配置安全启动为自定义模式,配置路径: + +```shell +Setup->安全->安全启动证书配置->安全启动模式->自定义模式 +``` + +5. 导入安全启动证书,配置路径: + +```shell +Setup->安全->安全启动证书配置->安全启动自定义模式相关选项->DB相关选项->导入签名->通过文件添加签名->选择rsa.der->保存并退出 +``` + +6. 保存配置后重启系统,系统启动成功,查询安全启动状态为开启: + +```shell +mokutil --sb-state +SecureBoot enabled +``` diff --git a/docs/zh/server/security/shangmi/ssh_stack.md b/docs/zh/server/security/shangmi/ssh_stack.md new file mode 100644 index 0000000000000000000000000000000000000000..5b0c9f637d22351b26132bf2b6b5e9703ec37a5f --- /dev/null +++ b/docs/zh/server/security/shangmi/ssh_stack.md @@ -0,0 +1,52 @@ +# SSH协议栈 + +## 概述 + +openSSH组件是以C语言的openSSL的libcrypto为基础,实现的安全外壳协议(Secure Shell)组件。主要功能为远程登录系统,保证非安全网络环境中信息加密完整可靠。openEuler提供的SSH的服务端和客户端配置项中涉及密钥交换、公钥认证、对称加密和完整性认证的配置参数取值可以选择为商密算法套件(包含SM2/3/4算法)。 + +## 前置条件 + +openssh大于等于8.8p1-5版本: + +``` +$ rpm -qa | grep openssh +openssh-8.8p1-5.oe2209.x86_64 +openssh-server-8.8p1-5.oe2209.x86_64 +openssh-clients-8.8p1-5.oe2209.x86_64 +``` + +## 如何使用 + +### 场景1:用户远程登录 + +1. 客户端调用ssh-keygen生成用户密钥,默认保存为“\~/.ssh/id_sm2”和“\~/.ssh/id_sm2.pub”,将“\~/.ssh/id_sm2.pub”发送给服务端(也可使用ssh-copy-id命令发送): + +``` +$ ssh-keygen -t sm2 -m PEM +``` + +2. 服务端调用ssh-keygen生成主机密钥,并将客户端发送的公钥加入授权密钥文件列表(如使用ssh-copy-id命令传输,则会自动写入): + +``` +$ ssh-keygen -t sm2 -m PEM -f /etc/ssh/ssh_host_sm2_key +$ cat /path/to/id_sm2.pub >> ~/.ssh/authorized_keys +``` + +3. 修改配置文件,配置支持商密算法登录。服务端的配置文件路径为/etc/ssh/sshd_config,客户端配置文件路径为/etc/ssh/ssh_config。可配置的商密参数如下表: + +| 配置项含义 | 配置项参数 | 配置项参数的商密取值 | +|---------------------|------------------------|---------------| +| HostKey | 主机密钥公钥认证密钥 | /etc/ssh/ssh_host_sm2_key | +| HostKeyAlgorithms | 主机密钥公钥认证算法 | sm2 | +| KexAlgorithms | 密钥交换算法 | sm2-sm3 | +| Ciphers | 对称加密算法 | sm4-ctr | +| MACs | 完整性校验算法 | hmac-sm3 | +| PubkeyAcceptedKeyTypes | 用户公钥认证算法 | sm2 | +| IdentityFile | 用户公钥认证密钥 | ~/.ssh/id_sm2 | +| FingerprintHash | 打印密钥指纹使用的哈希算法 | sm3 | + +4. 客户端配置商密算法完成登录。客户端可以使用命令行方式或者修改配置文件(默认配置文件路径为/etc/ssh/ssh_config)的方式使能商密算法套件。使用命令行登录方式如下: + +``` +ssh -o PreferredAuthentications=publickey -o HostKeyAlgorithms=sm2 -o PubkeyAcceptedKeyTypes=sm2 -o Ciphers=sm4-ctr -o MACs=hmac-sm3 -o KexAlgorithms=sm2-sm3 -i ~/.ssh/id_sm2 [remote-ip] +``` diff --git a/docs/zh/server/security/shangmi/tlcp_stack.md b/docs/zh/server/security/shangmi/tlcp_stack.md new file mode 100644 index 0000000000000000000000000000000000000000..dae1ccdd6a155d3ef7f37dd944b8eae1f854ec85 --- /dev/null +++ b/docs/zh/server/security/shangmi/tlcp_stack.md @@ -0,0 +1,521 @@ +# TLCP协议栈 + +## 概述 + +TLCP是指符合《GB/T38636 2020信息安全技术 传输层密码协议(TLCP)》的安全通信协议,其特点是采用加密证书/私钥和签名证书/私钥相分离的方式。openEuler 发布的openSSL软件在开源版本的基础上增加了对商密TLCP协议的支持,提供了如下主要的功能: + +- 新增对TLCP商密双证书加载的支持; +- 新增对ECC_SM4_CBC_SM3和ECDHE_SM4_CBC_SM3算法套件的支持; +- 新增对SM2证书的支持。 + +## 前置条件 + +openEuler操作系统安装的openSSL软件版本号大于1.1.1m-4: + +``` +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` +注意:当前仅openssl 1.1.1支持TLCP协议栈,openssl 3.x版本暂未支持。 + +## 如何使用 + +### 场景1:生成SM2双证书 + +根据TLCP协议标准,通信过程需要两本证书:签名证书和加密证书。签名证书在认证过程使用,作用是验证身份;加密证书在密钥协商时使用,作用是数据加密。CA是证书认证机构(Certificate Authority)的缩写。CSR证书请求文件得到CA的签发后才可形成证书。下面是一个参考案例,介绍使用自签名的CA证书来签发实体证书: + +1. 准备生成证书所需要使用的配置文件openssl.cnf,参考的内容如下(基于openssl源码apps/openssl.cnf修改): + +``` +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3enc_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = keyAgreement, keyEncipherment, dataEncipherment + +[ v3_ca ] + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) +``` + +2. 生成自签名CA证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +openssl ecparam -name SM2 -out SM2.pem +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=root ca' -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr +openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt +``` + +3. 生成服务端签名证书和加密证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server sign' -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr +openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server enc' -keyout SE.key -newkey ec:SM2.pem -new -out SE.csr +openssl x509 -sm3 -req -days 30 -in SE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out SE.crt -CAcreateserial +``` + +4. 生成客户端签名证书和加密证书: + +``` +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client sign' -keyout CS.key -newkey ec:SM2.pem -new -out CS.csr +openssl x509 -sm3 -req -days 30 -in CS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out CS.crt -CAcreateserial +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client enc' -keyout CE.key -newkey ec:SM2.pem -new -out CE.csr +openssl x509 -sm3 -req -days 30 -in CE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out CE.crt -CAcreateserial +``` + +### 场景2:使用openSSL命令行验证TLCP协议栈 + +openSSL中提供的s_server/s_client工具可以用来测试TLCP协议: +``` +# 开启服务端 +openssl s_server -verify 5 -accept 4433 \ + -cert SS.crt \ + -key SS.key \ + -dcert SE.crt \ + -dkey SE.key \ + -CAfile CA.crt + +# 开启客户端 +openssl s_client -verify 5 -connect 127.0.0.1:4433 \ + -cert CS.crt \ + -key CS.key \ + -dcert CE.crt \ + -dkey CE.key \ + -CAfile CA.crt -tlcp +``` + +### 场景3:openSSL API使用 + +服务端参考代码: + +``` +int main() { + // 变量定义 + SSL_CTX *ctx = NULL; + const char *sign_cert_file = "SS.crt"; + const char *sign_key_file = "SS.key"; + const char *enc_cert_file = "SE.crt"; + const char *enc_key_file = "SE.key"; + + // 生成上下文 + ctx = SSL_CTX_new(TLS_server_method()); + + // 加载签名证书,加密证书及其私钥 + if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + SSL_CTX_set_options(ctx, SSL_OP_ENCCERT_SECOND_POSITION); + + // 后续同标准tls流程 + SSL *ssl = SSL_new(ctx); +} +``` + +客户端参考代码: +``` +int main() { + // 变量定义 + SSL_CTX *ctx = NULL; + const char *sign_cert_file = "CS.crt"; + const char *sign_key_file = "CS.key"; + const char *enc_cert_file = "CE.crt"; + const char *enc_key_file = "CE.key"; + + // 生成上下文 + ctx = SSL_CTX_new(TLCP_client_method()); + + // 加载签名证书,加密证书及其私钥 + if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + // 设置算法套件为ECC-SM4-CBC-SM3或者ECDHE-SM4-CBC-SM3 + // 这一步并不强制编写,默认ECC-SM4-CBC-SM3优先 + if(SSL_CTX_set_cipher_list(ctx, "ECC-SM4-CBC-SM3") <= 0) + goto err; + + // 后续同标准tls流程 + SSL *ssl = SSL_new(ctx); +} +``` + +# KTLS卸载 + +## 概述 + +Linux内核协议栈仅实现了TCP/IP模型,并不支持SSL/TLS会话层协议。目前TLS加解密一般由用户态来实现。但在部分场景下,如内核sendfile发送文件,会产生多次跨态拷贝导致性能开销。因此内核实现了KTLS,即支持对socket配置加密上下文,从而将数据加密过程卸载到内核态或下层硬件实现。 + +openEuler 5.10内核的KTLS特性提供了对商密算法的支持,目前支持SM4-GCM和SM4-CCM两种算法。 + +## 前置条件 + +内核大于或等于5.10.0-106版本: + +``` +# rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +## 如何使用 + +商密算法的调用和其他相同类型的加密算法调用方法一致,可参考Linux内核文档: + +``` +https://www.kernel.org/doc/html/v5.10/networking/tls.html +``` diff --git a/docs/zh/server/security/shangmi/user_identity_authentication.md b/docs/zh/server/security/shangmi/user_identity_authentication.md new file mode 100644 index 0000000000000000000000000000000000000000..06c0d358558c8643af68275e61e17c3e924f72bd --- /dev/null +++ b/docs/zh/server/security/shangmi/user_identity_authentication.md @@ -0,0 +1,131 @@ +# 用户身份鉴别 + +操作系统通常使用口令的机制完成用户身份鉴别,openEuler提供了PAM、passwd、shadow、libuser等用户口令管理组件。用户口令在设置完成后,需要进行加密存储,通常使用哈希算法进行加密。openEuler提供的用户口令管理组件新增了对商密SM3的支持。 + +## PAM配置用户口令加密 + +### 概述 + +PAM是系统的可插拔认证模块,为上层应用提供认证机制。openEuler发布的PAM新增了对SM3算法用户口令加密的支持。 + +### 前置条件 + +1. PAM软件包大于或等于1.5.2-2版本: + + ```sh + $ rpm -qa pam + pam-1.5.2-2.oe2209.x86_64 + ``` + +2. libxcrypt软件包大于或等于4.4.26-2版本: + + ```sh + $ rpm -qa libxcrypt + pam-4.4.26-2.oe2209.x86_64 + ``` + +### 如何使用 + +1. 修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件,找到文件中“password sufficient pam_unix.so”开头的行,修改该行中算法字段为sm3: + + ```sh + $ cat /etc/pam.d/password-auth + ...... + password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok + ...... + + $ cat /etc/pam.d/system-auth + ...... + password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok + ...... + ``` + +2. 修改配置之后通过passwd命令修改密码或新增用户创建的密码,会使用sm3算法加密,加密结果以sm3开头存储在/etc/shadow中: + + ```sh + $ passwd testuser + Changing password for user testuser. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + $ cat /etc/shadow | grep testuser + testuser:$sm3$wnY86eyUlB5946gU$99LlMr0ddeZNDqnB2KRxn9f30SFCCvMv1WN1cFdsKJ2:19219:0:90:7:35:: + ``` + +### 注意事项 + +1. PAM配置默认使用sha512算法,修改配置使用商密SM3算法后,对已存在的用户密码无影响,需要修改密码才能更新密码算法; +2. 若PAM和libxcrypt要降级到非商密版本,并且已存在帐户密码使用SM3算法加密,则需先修改配 + 置为非商密算法,再修改帐号密码,再降级到非商密版本,否则这些帐户将无法正常登录。 + +## shadow配置用户口令加密 + +### 概述 + +shadow是Linux系统中常用的用户管理组件,提供了chpasswd、chgpasswd与newusers等命令。openEuler提供的shadow组件新增了对商密算法SM3的支持,以便在用户管理时使用SM3加密算法。因为shadow默认使用PAM安全认证机制,因此该组件支持商密算法只影响chpasswd与chgpasswd命令。 + +### 前置条件 + +shadow大于或等于4.9-4版本: + +```sh +$ rpm -qa shadow +shadow-4.9-4.oe2209.x86_64 +``` + +### 如何使用 + +1. chpasswd默认使用pam配置,通过-c指定SM3算法,会以SM3算法加密,加密结果以sm3开头存储在/etc/shadow中: + + ```sh + $ echo testuser:testPassword |chpasswd -c SM3 + $ cat /etc/shadow | grep testuser + testuser:$sm3$moojQQeBfdGOrL14$NqjckLHlk3ICs1cx.0rKZwRHafjVlqksdSJqfx9eYh6:19220:0:99999:7::: + ``` + +2. chgpasswd默认使用pam配置,通过-c指定SM3算法,会以SM3算法加密,加密结果以sm3开头存储在/etc/shadow中: + + ```sh + $ echo testGroup:testPassword |chpasswd -c SM3 + $ cat /etc/gshadow | grep testGroup + testGroup:$sm3$S3h3X6U6KsXg2Gkc$LFCAnKbi6JItarQz4Y/Aq9/hEbEMQXq9nQ4rY1j9BY9:: + ``` + +### 注意事项 + +shadow默认使用PAM安全认证机制,相关命令使用-c参数指定加密算法时,不使用PAM机制。 + +## libuser配置用户口令加密 + +### 概述 + +libuser库实现了一个标准化的接口,用于操作和管理用户和组帐户。该库经过封装,对外提供了命令行接口和python接口,用于管理用户和组。其中涉及用户密码的管理,支持使用des、md5、blowfish、sha256、sha512等算法对用户口令进行加密,openEuler发布的libuser新增了对SM3算法加密支持。 + +### 前置条件 + +libuser大于或等于0.63-3版本: + +```sh +$ rpm -qa libuser +libuser-0.63-3.oe2209.x86_64 +``` + +### 如何使用 + +1. 编辑/etc/libuser.conf,修改[defaults]域crypt_style=sm3: + + ```sh + $ cat /etc/libuser.conf + ...... + [defaults] + crypt_style = sm3 + ...... + ``` + +2. 通过lusermod、lpasswd、luseradd等命令设置用户口令时,口令加密算法默认为sm3。加密结果以sm3开头存储在/etc/shadow中: + + ```sh + # luseradd testuser -P Test@123 + # cat /etc/shadow | grep testuser + testuser:$sm3$1IJtoN6zlBDCiPKC$5oxscBTgiquPAEmZWGNDVqTPrboHJw3fFSohjF6sONB:18862:0:90:7:35:: + ``` diff --git a/docs/zh/server/security/trusted_computing/_toc.yaml b/docs/zh/server/security/trusted_computing/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..88bc7cebdc24e829f065c88f2dc35f9a8aa76444 --- /dev/null +++ b/docs/zh/server/security/trusted_computing/_toc.yaml @@ -0,0 +1,18 @@ +label: 可信计算 +isManual: true +description: 介绍可信计算的定义和相关概念 +sections: + - label: 可信计算定义 + href: ./trusted_computing.md + - label: 内核完整性度量(IMA) + href: ./ima.md + - label: 动态完整性度量(DIM) + href: ./dim.md + - label: 远程证明(鲲鹏安全库) + href: ./remote_attestation_kunpeng_security_library.md + - label: 可信平台控制模块(TPCM) + href: ./tpcm.md + - label: 内核可信根框架用户文档 + href: ./kernel_root_of_trust_framework.md + - label: 解释器类应用程序完整性保护用户文档 + href: ./protection_for_interpreted_applications.md diff --git a/docs/zh/server/security/trusted_computing/dim.md b/docs/zh/server/security/trusted_computing/dim.md new file mode 100644 index 0000000000000000000000000000000000000000..ba5c5cc118d212e69b138c557d8295f0bd888704 --- /dev/null +++ b/docs/zh/server/security/trusted_computing/dim.md @@ -0,0 +1,732 @@ +# 动态完整性度量(DIM) + +本章节为DIM(Dynamic Integrity Measurement)动态完整性度量的特性介绍以及使用说明。 + +## 背景 + +随着信息产业的不断发展,信息系统所面临的安全风险也日益增长。信息系统中可能运行大量软件,部分软件不可避免地存在漏洞,这些漏洞一旦被攻击者利用,可能会对系统业务造成严重的影响,如数据泄露、服务不可用等。 + +绝大部分的软件攻击,都会伴随着完整性破坏,如恶意进程运行、配置文件篡改、后门植入等。因此业界提出了完整性保护技术,指的是从系统启动开始,对关键数据进行度量和校验,从而保证系统运行达到预期效果。当前业界已广泛使用的完整性保护技术(如安全启动、文件完整性度量等)都无法对进程运行时的内存数据进行保护。如果攻击者利用一些手段修改了进程的代码指令,可能导致进程被劫持或被植入后门,具有攻击性强,隐蔽性高的特点。对于这种攻击手段,业界提出了动态完整性度量技术,即对进程的运行时内存中的关键数据进行度量和保护。 + +## 术语说明 + +静态基线:针对度量目标的二进制文件进行解析所生成的度量基准数据; + +动态基线:针对度量目标执行首次度量的结果; + +度量策略:指定度量目标的配置信息; + +度量日志:存储度量结果的列表,包含度量对象、度量结果等信息。 + +## 特性简介 + +DIM特性通过在程序运行时对内存中的关键数据(如代码段、数据段)进行度量,并将度量结果和基准值进行对比,确定内存数据是否被篡改,从而检测攻击行为,并采取应对措施。 + +### 功能范围 + +- 当前DIM特性支持在ARM64/X86架构系统中运行; +- 当前DIM特性支持对以下关键内存数据执行度量: + - 用户态进程的代码段:对应ELF文件中属性为PT_LOAD、权限为RX的段,对应进程加载后权限为RX的vma区域; + - 内核模块代码段:起始地址为内核模块对应struct module结构体中的core_layout.base,长度为core_layout.text_size; + - 内核代码段:对应\_stext符号至\_etext,跳过可能由于内核static key机制发生变化的地址。 +- 当前DIM特性支持对接以下硬件平台: + - 支持将度量结果扩展至TPM 2.0芯片的PCR寄存器,以实现远程证明服务对接。 + +### 技术限制 + +- 对于用户态进程,仅支持度量文件映射代码段,不支持度量匿名代码段; +- 不支持度量内核热补丁; +- 仅支持主动触发机制,如果两次触发过程中发生了篡改-恢复的行为,会导致无法识别攻击; +- 对于主动修改代码段的场景(如代码段重定位、自修改或热补丁),会被识别为攻击; +- 对于内核、内核模块的度量,以触发动态基线时的度量结果作为度量基准值,静态基线值仅作为一个固定标识; +- 度量目标必须在触发动态基线的时刻就已在内存中加载(如进程运行或内核模块加载),否则后续无法度量; +- 在需要使用TPM芯片的PCR寄存器验证度量日志的场景下,DIM模块不允许卸载,否则会导致度量日志清空,而无法和PCR寄存器匹配; +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>特性启用后,会对系统性能存在一定影响,主要包括以下方面: +> - DIM特性自身加载以及基线数据、度量日志管理会对系统内存造成消耗,具体影响与保护策略配置相关; +> - DIM特性执行度量期间需要进行哈希运算,造成CPU消耗,具体影响与需要度量的数据大小有关; +> - DIM特性执行度量期间需要对部分资源执行上锁或获取信号量操作,可能导致其他并发进程等待。 + +### 规格约束 + +| 规格项 | 值 | +| ------------------------------------------------------------ | ---- | +| 文件大小上限(策略文件、静态基线文件、签名文件、证书文件) | 10MB | +| 同一个度量目标在一次动态基线后多次度量期间最多记录的篡改度量日志条数 | 10条 | +| /etc/dim/policy中度量策略最大可记录数|10000条| + +### 架构说明 + +DIM包含两个软件包dim_tools和dim,分别提供如下组件: + +| 软件包 | 组件 | 说明 | +| --------- | ---------------- | ------------------------------------------------------------ | +| dim_tools | dim_gen_baseline | 用户态组件,静态基线生成工具,用于生成动态度量所需要的基线数据,该基线数据在DIM特性运行时会被导入并作为度量基准值 | +| dim | dim_core | 内核模块,执行核心的动态度量逻辑,包括策略解析、静态基线解析、动态基线建立、度量执行、度量日志记录、TPM芯片扩展操作等,实现对内存关键数据的度量功能 | +| dim | dim_monitor | 内核模块,执行对dim_core的代码段和关键数据的度量保护,一定程度防止由于dim_core遭受攻击导致的DIM功能失效。 | + +整体架构如下图所示: + +![](./figures/dim_architecture.jpg) + +### 关键流程说明 + +dim_core和dim_monitor模块均提供了对内存数据的度量功能,包含两个核心流程: + +- 动态基线流程:dim_core模块读取并解析策略和静态基线文件,然后对目标进程执行代码段度量,度量结果在内存中以动态基线形式存放,最后将动态基线数据和静态基线数据进行对比,并将对比结果记录度量日志;dim_monitor模块对dim_core模块的代码段和关键数据进行度量,作为动态基线并记录度量日志; +- 动态度量流程:dim_core和dim_monitor模块对目标执行度量,并将度量结果与动态基线值进行对比,如果对比不一致,则将结果记录度量日志。 + +### 接口说明 + +#### 文件路径说明 + +| 路径 | 说明 | +| ------------------------------- | ------------------------------------------------------------ | +| /etc/dim/policy | 度量策略文件 | +| /etc/dim/policy.sig | 度量策略签名文件,用于存放策略文件的签名信息,在签名校验功能开启的情况下使用 | +| /etc/dim/digest_list/*.hash | 静态基线文件,用于存放度量的基准值信息 | +| /etc/dim/digest_list/*.hash.sig | 静态基线签名文件,用于存放静态基线文件的签名信息,在签名校验功能开启的情况下使用 | +| /etc/keys/x509_dim.der | 证书文件,用于校验策略文件和静态基线文件的签名信息,在签名校验功能开启的情况下使用 | +| /sys/kernel/security/dim | DIM文件系统目录,DIM内核模块加载后生成,目录下提供对DIM功能进行操作的内核接口 | + +#### 文件格式说明 + +1. 度量策略文件格式说明 + + 文本文件,以UNIX换行符进行分隔,每行代表一条度量策略,当前支持以下几种配置格式: + + 1. 用户态进程代码段度量配置: + + ``` + measure obj=BPRM_TEXT path=<度量目标进程可执行文件或动态库对应二进制文件的绝对路径> + ``` + + 2. 内核模块代码段度量配置: + + ``` + measure obj=MODULE_TEXT name=<内核模块名> + ``` + + 3. 内核度量配置: + + ``` + measure obj=KERNEL_TEXT + ``` + +**参考示例:** + +``` +# cat /etc/dim/policy +measure obj=BPRM_TEXT path=/usr/bin/bash +measure obj=BPRM_TEXT path=/usr/lib64/libc.so.6 +measure obj=MODULE_TEXT name=ext4 +measure obj=KERNEL_TEXT +``` + +2. 静态基线文件格式说明 + + 文本文件,以UNIX换行符进行分隔,每行代表一条静态基线,当前支持以下几种配置格式: + + 1. 用户态进程基线: + + ``` + dim USER sha256:6ae347be2d1ba03bf71d33c888a5c1b95262597fbc8d00ae484040408a605d2b <度量目标进程可执行文件或动态库对应二进制文件的绝对路径> + ``` + + 2. 内核模块基线: + + ``` + dim KERNEL sha256:a18bb578ff0b6043ec5c2b9b4f1c5fa6a70d05f8310a663ba40bb6e898007ac5 <内核release号>/<内核模块名> + ``` + + 3. 内核基线: + + ``` + dim KERNEL sha256:2ce2bc5d65e112ba691c6ab46d622fac1b7dbe45b77106631120dcc5441a3b9a <内核release号> + ``` + +**参考示例:** + +``` +dim USER sha256:6ae347be2d1ba03bf71d33c888a5c1b95262597fbc8d00ae484040408a605d2b /usr/bin/bash +dim USER sha256:bc937f83dee4018f56cc823f5dafd0dfedc7b9872aa4568dc6fbe404594dc4d0 /usr/lib64/libc.so.6 +dim KERNEL sha256:a18bb578ff0b6043ec5c2b9b4f1c5fa6a70d05f8310a663ba40bb6e898007ac5 6.4.0-1.0.1.4.oe2309.x86_64/dim_monitor +dim KERNEL sha256:2ce2bc5d65e112ba691c6ab46d622fac1b7dbe45b77106631120dcc5441a3b9a 6.4.0-1.0.1.4.oe2309.x86_64 +``` + +3. 度量日志格式说明 + + 文本内容,以UNIX换行符进行分隔,每行代表一条度量日志,格式为: + +``` + <度量日志哈希值> <度量算法>:<度量哈希值> <度量对象> <度量日志类型> +``` + +**参考示例:** + + 1. 对bash进程代码段执行度量,度量结果与静态基线一致: + + ``` + 12 0f384a6d24e121daf06532f808df624d5ffc061e20166976e89a7bb24158eb87 sha256:db032449f9e20ba37e0ec4a506d664f24f496bce95f2ed972419397951a3792e /usr/bin.bash [static baseline] + ``` + + 2. 对bash进程代码段执行度量,度量结果与静态基线不一致: + + ``` + 12 0f384a6d24e121daf06532f808df624d5ffc061e20166976e89a7bb24158eb87 sha256:db032449f9e20ba37e0ec4a506d664f24f496bce95f2ed972419397951a3792e /usr/bin.bash [tampered] + ``` + + 3. 对ext4内核模块代码段执行度量,未找到静态基线: + + ``` + 12 0f384a6d24e121daf06532f808df624d5ffc061e20166976e89a7bb24158eb87 sha256:db032449f9e20ba37e0ec4a506d664f24f496bce95f2ed972419397951a3792e ext4 [no static baseline] + ``` + + 4. dim_monitor对dim_core执行度量,记录基线时的度量结果: + + ``` + 12 660d594ba050c3ec9a7cdc8cf226c5213c1e6eec50ba3ff51ff76e4273b3335a sha256:bdab94a05cc9f3ad36d29ebbd14aba8f6fd87c22ae580670d18154b684de366c dim_core.text [dynamic baseline] + 12 28a3cefc364c46caffca71e7c88d42cf3735516dec32796e4883edcf1241a7ea sha256:0dfd9656d6ecdadc8ec054a66e9ff0c746d946d67d932cd1cdb69780ccad6fb2 dim_core.data [dynamic baseline] + ``` + +4. 证书/签名文件格式说明 + +为通用格式,详见[开启签名校验](#开启签名校验)章节。 + +#### 内核模块参数说明 + +1. dim_core模块参数 + +| 参数名 | 参数内容 | 取值范围 | 默认值 | +| -------------------- | ------------------------------------------------------------ | ------------------------ | ------ | +| measure_log_capacity | 度量日志最大条数,当dim_core记录的度量日志数量达到参数设置时,停止记录度量日志 | 100-UINT_MAX(64位系统) | 100000 | +| measure_schedule | 度量完一个进程/模块后调度的时间,单位毫秒,设置为0代表不调度 | 0-1000 | 0 | +| measure_interval | 自动度量周期,单位分钟,设置为0代表不设置自动度量 | 0-525600 | 0 | +| measure_hash | 度量哈希算法 | sha256, sm3 | sha256 | +| measure_pcr | 将度量结果扩展至TPM芯片的PCR寄存器,设置为0代表不扩展(注意需要与芯片实际的PCR编号保持一致) | 0-128 | 0 | +| signature | 是否启用策略文件和签名机制,设置为0代表不启用,设置为1代表启用 | 0, 1 | 0 | + +**使用示例**: + +``` +insmod /path/to/dim_core.ko measure_log_capacity=10000 measure_schedule=10 measure_pcr=12 +modprobe dim_core measure_log_capacity=10000 measure_schedule=10 measure_pcr=12 +``` + +2. dim_monitor模块参数 + +| 参数名 | 参数内容 | 取值范围 | 默认值 | +| -------------------- | ------------------------------------------------------------ | ------------------------ | ------ | +| measure_log_capacity | 度量日志最大条数,当dim_monitor记录的度量日志数量达到参数设置时,停止记录度量日志 | 100-UINT_MAX(64位系统) | 100000 | +| measure_hash | 度量哈希算法 | sha256, sm3 | sha256 | +| measure_pcr | 将度量结果扩展至TPM芯片的PCR寄存器,设置为0代表不扩展 | 0-128 | 0 | + +**使用示例**: + +``` +insmod /path/to/dim_monitor.ko measure_log_capacity=10000 measure_hash=sm3 +modprobe dim_monitor measure_log_capacity=10000 measure_hash=sm3 +``` + +#### 内核接口说明 + +1. dim_core模块接口 + +| 接口名 | 属性 | 功能 | 示例 | +| -------------------------- | ---- | ------------------------------------------------------------ | --------------------------------------------------------- | +| measure | 只写 | 写入字符串1触发动态度量,成功返回0,失败返回错误码 | echo 1 > /sys/kernel/security/dim/measure | +| baseline_init | 只写 | 写入字符串1触发动态基线,成功返回0,失败返回错误码 | echo 1 > /sys/kernel/security/dim/baseline_init | +| ascii_runtime_measurements | 只读 | 读取接口查询度量日志 | cat /sys/kernel/security/dim/ascii_runtime_measurements | +| runtime_status | 只读 | 读取接口返回状态类型信息,失败返回错误码 | cat /sys/kernel/security/dim/runtime_status | +| interval | 读写 | 写入数字字符串设置自动度量周期(范围同measure_interval参数);读取接口查询当前自动度量周期,失败返回错误码 | echo 10 > /sys/kernel/security/dim/interval
cat /sys/kernel/security/dim/interval | + +**dim_core状态类型信息说明:** + +状态信息以如下字段取值: + +- DIM_NO_BASELINE:表示dim_core已加载,但未进行任何操作; +- DIM_BASELINE_RUNNING:表示正在进行动态基线建立; +- DIM_MEASURE_RUNNING:表示正在进行动态度量度量; +- DIM_PROTECTED:表示已完成动态基线建立,处于受保护状态; +- DIM_ERROR:执行动态基线建立或动态度量时发生错误,需要用户解决错误后重新触发动态基线建立或动态度量。 + +2. dim_monitor模块接口 + +| 接口名 | 属性 | 说明 | 示例 | +| ---------------------------------- | ---- | ---------------------------------------------- | ------------------------------------------------------------ | +| monitor_run | 只写 | 写入字符串1触发度量,成功返回0,失败返回错误码 | echo 1 > /sys/kernel/security/dim/monitor_run | +| monitor_baseline | 只写 | 写入字符串1触发基线,成功返回0,失败返回错误码 | echo 1 > /sys/kernel/security/dim/monitor_baseline | +| monitor_ascii_runtime_measurements | 只读 | 读取接口查询度量日志 | cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements | +| monitor_status | 只读 | 读取接口返回状态类型信息,失败返回错误码 | cat /sys/kernel/security/dim/monitor_status | + +**dim_monitor状态类型信息说明:** + +- ready:表示dim_monitior已加载,但未进行任何操作; +- running:表示正在进行动态基线建立或动态度量; +- error:执行动态基线建立或动态度量时发生错误,需要用户解决错误后重新触发动态基线建立或动态度量; +- protected:表示已完成动态基线建立,处于受保护状态。 + +#### 用户态工具接口说明 + +dim_gen_baseline命令行接口,详见: 。 + +## 如何使用 + +### 安装/卸载 + +**前置条件**: + +- OS版本:支持openEuler 23.09及以上版本; +- 内核版本:支持openEuler kernel 5.10/6.4版本。 + +安装dim_tools和dim软件包,以openEuler 23.09版本为例: + +``` +# yum install -y dim_tools dim +``` + +软件包安装完成后,DIM内核组件不会默认加载,可通过如下命令进行加载和卸载: + +``` +# modprobe dim_core 或 insmod /path/to/dim_core.ko +# modprobe dim_monitor 或 insmod /path/to/dim_monitor.ko +# rmmod dim_monitor +# rmmod dim_core +``` + +加载成功后,可以通过如下命令查询: + +``` +# lsmod | grep dim_core +dim_core 77824 1 dim_monitor +# lsmod | grep dim_monitor +dim_monitor 36864 0 +``` + +卸载前需要先卸载ko,再卸载rpm包 + +``` +# rmmod dim_monitor +# rmmod dim_core +# rpm -e dim +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> dim_monitor必须后于dim_core加载,先于dim_core卸载; +> 也可使用源码编译安装,详见 。 + +### 度量用户态进程代码段 + +**前置条件**: + +- dim_core模块加载成功; + +- 用户需要准备一个常驻的度量目标用户态程序,本小节以程序路径/opt/dim/demo/dim_test_demo为例: + + ``` + # /opt/dim/demo/dim_test_demo & + ``` + +**步骤1**:为度量目标进程对应的二进制文件生成静态基线 + +``` +# mkdir -p /etc/dim/digest_list +# dim_gen_baseline /opt/dim/demo/dim_test_demo -o /etc/dim/digest_list/test.hash +``` + +**步骤2**:配置度量策略 + +``` +# echo "measure obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo" > /etc/dim/policy +``` + +**步骤3**:触发动态基线建立 + +``` +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**步骤4**:查询度量日志 + +``` +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 e9a79e25f091e03a8b3972b1a0e4ae2ccaed1f5652857fe3b4dc947801a6913e sha256:02e28dff9997e1d81fb806ee5b784fd853eac8812059c4dba7c119c5e5076989 /opt/dim/demo/dim_test_demo [static baseline] +``` + +如上度量日志说明目标进程被成功度量,且度量结果与静态基线一致。 + +**步骤5**:触发动态度量 + +``` +# echo 1 > /sys/kernel/security/dim/measure +``` + +度量完成后可通过**步骤4**查询度量日志,如果度量结果和动态基线阶段的度量结果一致,则度量日志不会更新,否则会新增异常度量日志。如果攻击者尝试篡改目标程序(如采用修改代码重新编译的方式,过程略)并重新启动目标程序: + +``` +# pkill dim_test_demo +# /opt/dim/demo/dim_test_demo & +``` + +再次触发度量并查询度量日志,可以发现有标识为“tampered”的度量日志: + +``` +# echo 1 > /sys/kernel/security/dim/measure +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 e9a79e25f091e03a8b3972b1a0e4ae2ccaed1f5652857fe3b4dc947801a6913e sha256:02e28dff9997e1d81fb806ee5b784fd853eac8812059c4dba7c119c5e5076989 /opt/dim/demo/dim_test_demo [static baseline] +0 08a2f6f2922ad3d1cf376ae05cf0cc507c2f5a1c605adf445506bc84826531d6 sha256:855ec9a890ff22034f7e13b78c2089e28e8d217491665b39203b50ab47b111c8 /opt/dim/demo/dim_test_demo [tampered] +``` + +### 度量内核模块代码段 + +**前置条件**: + +- dim_core模块加载成功; + +- 用户需要准备一个度量目标内核模块,本小节假设内核模块路径为/opt/dim/demo/dim_test_module.ko,模块名为dim_test_module: + + ``` + # insmod /opt/dim/demo/dim_test_module.ko + ``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>需要保证内核模块的内核编译环境版本号和当前系统内核版本号一致,可以使用如下方法确认: +> +>``` +># modinfo dim_monitor.ko | grep vermagic | grep "$(uname -r)" +>vermagic: 6.4.0-1.0.1.4.oe2309.x86_64 SMP preempt mod_unload modversions +>``` + +即内核模块vermagic信息的第一个字段需要和当前内核版本号完全一致。 + +**步骤1**:为度量目标内核模块生成静态基线 + +``` +# mkdir -p /etc/dim/digest_list +# dim_gen_baseline /opt/dim/demo/dim_test_module.ko -o /etc/dim/digest_list/test.hash +``` + +**步骤2**:配置度量策略 + +``` +# echo "measure obj=MODULE_TEXT name=dim_test_module" > /etc/dim/policy +``` + +**步骤3**:触发动态基线建立 + +``` +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**步骤4**:查询度量日志 + +``` +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 9603a9d5f87851c8eb7d2619f7abbe28cb8a91f9c83f5ea59f036794e23d1558 sha256:9da4bccc7ae1b709deab8f583b244822d52f3552c93f70534932ae21fac931c6 dim_test_module [static baseline] +``` + +如上度量日志说明dim_test_module模块被成功度量,并以当前的度量结果作为后续度量的基准值(此时度量日志中的哈希值不代表实际度量值)。 + +**步骤5**:触发动态度量 + +``` +echo 1 > /sys/kernel/security/dim/measure +``` + +度量完成后可通过**步骤4**查询度量日志,如果度量结果和动态基线阶段的度量结果一致,则度量日志不会更新,否则会新增异常度量日志。如果攻击者尝试篡改内核模块(如采用修改代码重新编译的方式,过程略)并重新加载: + +``` +rmmod dim_test_module +insmod /opt/dim/demo/dim_test_module.ko +``` + +再次触发度量并查询度量日志,可以发现有标识为“tampered”的度量日志: + +``` +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 9603a9d5f87851c8eb7d2619f7abbe28cb8a91f9c83f5ea59f036794e23d1558 sha256:9da4bccc7ae1b709deab8f583b244822d52f3552c93f70534932ae21fac931c6 dim_test_module [static baseline] +0 6205915fe63a7042788c919d4f0ff04cc5170647d7053a1fe67f6c0943cd1f40 sha256:4cb77370787323140cb572a789703be1a4168359716a01bf745aa05de68a14e3 dim_test_module [tampered] +``` + +### 度量内核代码段 + +**前置条件**: + +- dim_core模块加载成功。 + +**步骤1**:为内核生成静态基线 + +``` +# mkdir -p /etc/dim/digest_list +# dim_gen_baseline -k "$(uname -r)" -o /etc/dim/digest_list/test.hash /boot/vmlinuz-6.4.0-1.0.1.4.oe2309.x86_64 +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>/boot/vmlinuz-6.4.0-1.0.1.4.oe2309.x86_64文件名不固定。 + +**步骤2**:配置DIM策略 + +``` +# echo "measure obj=KERNEL_TEXT" > /etc/dim/policy +``` + +**步骤3**:触发动态基线建立 + +``` +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**步骤4**:查询度量日志 + +``` +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 ef82c39d767dece1f5c52b31d1e8c7d55541bae68a97542dda61b0c0c01af4d2 sha256:5f1586e95b102cd9b9f7df3585fe13a1306cbd464f2ebe47a51ad34128f5d0af 6.4.0-1.0.1.4.oe2309.x86_64 [static baseline] +``` + +如上度量日志说明内核被成功度量,并以当前的基线结果作为后续度量的基准值(此时度量日志中的哈希值不代表实际度量值)。 + +**步骤5**:触发动态度量 + +``` +# echo 1 > /sys/kernel/security/dim/measure +``` + +度量完成后可通过**步骤4**查询度量日志,如果度量结果和动态基线阶段的度量结果一致,则度量日志不会更新,否则会新增异常度量日志。 + +### 度量dim_core模块 + +**前置条件**: + +- dim_core和dim_monitor模块加载成功; +- 度量策略配置完成。 + +**步骤1**:触发dim_core动态基线 + +``` +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +**步骤2**:触发dim_monitor动态基线 + +``` +# echo 1 > /sys/kernel/security/dim/monitor_baseline +``` + +**步骤3**:查询dim_monitor度量日志 + +``` +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +0 c1b0d9909ddb00633fc6bbe7e457b46b57e165166b8422e81014bdd3e6862899 sha256:35494ed41109ebc9bf9bf7b1c190b7e890e2f7ce62ca1920397cd2c02a057796 dim_core.text [dynamic baseline] +0 9be7121cd2c215d454db2a8aead36b03d2ed94fad0fbaacfbca83d57a410674f sha256:f35d20aae19ada5e633d2fde6e93133c3b6ae9f494ef354ebe5b162398e4d7fa dim_core.data [dynamic baseline] +``` + +如上度量日志说明dim_core模块被成功度量,并以当前的基线结果作为后续度量的基准值。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>若跳过动态基线创建,直接进行度量,日志中会显示tampered。 + +**步骤4**:触发dim_monitor动态度量 + +``` +# echo 1 > /sys/kernel/security/dim/monitor_run +``` + +如果度量结果和动态基线阶段的度量结果一致,则度量日志不会更新,否则会新增异常度量日志。尝试修改策略后重新执触发dim_core动态基线,此时由于度量目标发生变化,dim_core管理的基线数据也会发生变更,从而dim_monitor的度量结果也会发生变化: + +``` +# echo "measure obj=BPRM_TEXT path=/usr/bin/bash" > /etc/dim/policy +# echo 1 > /sys/kernel/security/dim/baseline_init +``` + +再次触发dim_monitor度量并查询度量日志,可以发现有标识为“tampered”的度量日志: + +``` +# echo 1 > /sys/kernel/security/dim/monitor_run +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +0 c1b0d9909ddb00633fc6bbe7e457b46b57e165166b8422e81014bdd3e6862899 sha256:35494ed41109ebc9bf9bf7b1c190b7e890e2f7ce62ca1920397cd2c02a057796 dim_core.text [dynamic baseline] +0 9be7121cd2c215d454db2a8aead36b03d2ed94fad0fbaacfbca83d57a410674f sha256:f35d20aae19ada5e633d2fde6e93133c3b6ae9f494ef354ebe5b162398e4d7fa dim_core.data [dynamic baseline] +0 6a60d78230954aba2e6ea6a6b20a7b803d7adb405acbb49b297c003366cfec0d sha256:449ba11b0bfc6146d4479edea2b691aa37c0c025a733e167fd97e77bbb4b9dab dim_core.data [tampered] +``` + +### 扩展TPM PCR寄存器 + +**前置条件**: + +- 系统已安装TPM 2.0芯片,执行如下命令返回不为空: + + ``` + # ls /dev/tpm* + /dev/tpm0 /dev/tpmrm0 + ``` + +- 系统已安装tpm2-tools软件包,执行如下命令返回不为空: + + ``` + # rpm -qa tpm2-tools + ``` + +- 度量策略和静态基线配置完成。 + +**步骤1**:加载dim_core和dim_monitor模块,并配置扩展度量结果的PCR寄存器编号,这里为dim_core度量结果指定PCR 12,为dim_monitor指定PCR 13 + +``` +# modprobe dim_core measure_pcr=12 +# modprobe dim_monitor measure_pcr=13 +``` + +**步骤2**:触发dim_core和dim_monitor基线 + +``` +# echo 1 > /sys/kernel/security/dim/baseline_init +# echo 1 > /sys/kernel/security/dim/monitor_baseline +``` + +**步骤3**:查看度量日志,每条日志都显示了对应的TPM PCR寄存器编号 + +``` +# cat /sys/kernel/security/dim/ascii_runtime_measurements +12 2649c414d1f9fcac1c8d0df8ae7b1c18b5ea10a162b957839bdb8f8415ec6146 sha256:83110ce600e744982d3676202576d8b94cea016a088f99617767ddbd66da1164 /usr/lib/systemd/systemd [static baseline] +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +13 72ee3061d5a80eb8547cd80c73a80c3a8dc3b3e9f7e5baa10f709350b3058063 sha256:5562ed25fcdf557efe8077e231399bcfbcf0160d726201ac8edf7a2ca7c55ad0 dim_core.text [dynamic baseline] +13 8ba44d557a9855c03bc243a8ba2d553347a52c1a322ea9cf8d3d1e0c8f0e2656 sha256:5279eadc235d80bf66ba652b5d0a2c7afd253ebaf1d03e6e24b87b7f7e94fa02 dim_core.data [dynamic baseline] +``` + +**步骤4**:检查TPM芯片的PCR寄存器,对应的寄存器均已被写入了扩展值 + +``` +# tpm2_pcrread sha256 | grep "12:" + 12: 0xF358AC6F815BB29D53356DA2B4578B4EE26EB9274E553689094208E444D5D9A2 +# tpm2_pcrread sha256 | grep "13:" + 13: 0xBFB9FF69493DEF9C50E52E38B332BDA8DE9C53E90FB96D14CD299E756205F8EA +``` + +### 开启签名校验 + +**前置条件**: + +- 用户准备公钥证书和签名私钥,签名算法需要为RSA,哈希算法为sha256,证书格式需要为DER。也可以采用如下方式生成: + + ``` + # openssl genrsa -out dim.key 4096 + # openssl req -new -sha256 -key dim.key -out dim.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=DIM Test" + # openssl x509 -req -days 3650 -signkey dim.key -in dim.csr -out dim.crt + # openssl x509 -in dim.crt -out dim.der -outform DER + ``` + +- 度量策略配置完成。 + +**步骤1**:将DER格式的证书放置在/etc/keys/x509_dim.der路径 + +``` +# mkdir -p /etc/keys +# cp dim.der /etc/keys/x509_dim.der +``` + +**步骤2**:对策略文件和静态基线文件进行签名,签名文件必须为原文件名直接添加.sig后缀 + +``` +# openssl dgst -sha256 -out /etc/dim/policy.sig -sign dim.key /etc/dim/policy +# openssl dgst -sha256 -out /etc/dim/digest_list/test.hash.sig -sign dim.key /etc/dim/digest_list/test.hash +``` + +**步骤3**:加载dim_core模块,开启签名校验功能 + +``` +modprobe dim_core signature=1 +``` + +此时,策略文件和静态基线文件均需要通过签名校验后才能加载。 +修改策略文件触发基线,会导致基线失败: + +``` +# echo "" >> /etc/dim/policy +# echo 1 > /sys/kernel/security/dim/baseline_init +-bash: echo: write error: Key was rejected by service +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>如果某个静态基线文件签名校验失败,dim_core会跳过该文件的解析,而不会导致基线失败。 + +### 配置度量算法 + +**前置条件**: + +- 度量策略配置完成。 + +**步骤1**:加载dim_core和dim_monitor模块,并配置度量算法,这里以sm3算法为例 + +``` +# modprobe dim_core measure_hash=sm3 +# modprobe dim_monitor measure_hash=sm3 +``` + +**步骤2**:配置策略并为度量目标程序生成sm3算法的静态基线 + +``` +# echo "measure obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo" > /etc/dim/policy +# dim_gen_baseline -a sm3 /opt/dim/demo/dim_test_demo -o /etc/dim/digest_list/test.hash +``` + +**步骤3**:触发基线 + +``` +# echo 1 > /sys/kernel/security/dim/baseline_init +# echo 1 > /sys/kernel/security/dim/monitor_baseline +``` + +**步骤4**:查看度量日志,每条日志都显示了对应的哈希算法 + +``` +# cat /sys/kernel/security/dim/ascii_runtime_measurements +0 585a64feea8dd1ec415d4e67c33633b97abb9f88e6732c8a039064351d24eed6 sm3:ca84504c02bef360ec77f3280552c006ce387ebb09b49b316d1a0b7f43039142 /opt/dim/demo/dim_test_demo [static baseline] +# cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements +0 e6a40553499d4cbf0501f32cabcad8d872416ca12855a389215b2509af76e60b sm3:47a1dae98182e9d7fa489671f20c3542e0e154d3ce941440cdd4a1e4eee8f39f dim_core.text [dynamic baseline] +0 2c862bb477b342e9ac7d4dd03b6e6705c19e0835efc15da38aafba110b41b3d1 sm3:a4d31d5f4d5f08458717b520941c2aefa0b72dc8640a33ee30c26a9dab74eae9 dim_core.data [dynamic baseline] +``` + +### 配置自动周期度量 + +**前置条件**: + +- 度量策略配置完成; + +**方式1**:加载dim_core模块,配置定时度量间隔,此处配置为1分钟 + +``` +modprobe dim_core measure_interval=1 +``` + +在模块加载完成后,自动触发动态基线流程,后续每隔1分钟触发一次动态度量。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>此时不能配置dim_core度量自身代码段的度量策略,否则会产生误报。 +>同时需要提前配置/etc/dim/policy,否则指定measure_interval=1加载模块会失败 + +**方式2**:加载dim_core模块后,也可通过内核模块接口配置定时度量间隔,此处配置为1分钟 + +``` +modprobe dim_core +echo 1 > /sys/kernel/security/dim/interval +``` + +此时不会立刻触发度量,1分钟后会触发动态基线或动态度量,后续每隔1分钟触发一次动态度量。 + +### 配置度量调度时间 + +**前置条件**: + +- 度量策略配置完成; + +加载dim_core模块,配置定时度量调度时间,此处配置为10毫秒: + +``` +modprobe dim_core measure_schedule=10 +``` + +触发动态基线或动态度量时,dim_core每度量一个进程,就会调度让出CPU 10毫秒时间。 diff --git a/docs/zh/server/security/trusted_computing/figures/1665628542704.png b/docs/zh/server/security/trusted_computing/figures/1665628542704.png new file mode 100644 index 0000000000000000000000000000000000000000..58907e0ed31c79b260be80480d4fd4c27e4e2e24 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/1665628542704.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/AT_CHECK_Process.png b/docs/zh/server/security/trusted_computing/figures/AT_CHECK_Process.png new file mode 100644 index 0000000000000000000000000000000000000000..f32d5af3a31c740febf1a4783a1dd0daafacb0df Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/AT_CHECK_Process.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/zh/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/zh/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/PostgreSql_architecture.png b/docs/zh/server/security/trusted_computing/figures/PostgreSql_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..f780ad9cb56378e7baa3497da68ca1610a6dfadb Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/PostgreSql_architecture.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/zh/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png new file mode 100644 index 0000000000000000000000000000000000000000..c8f54fe96648f0c012462073a8cd118fd552483c Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/RA-arch-1.png b/docs/zh/server/security/trusted_computing/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..bc55e411637b825b0ce44a7efca08f7e52e0fa70 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/RA-arch-1.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/RA-arch-2.png b/docs/zh/server/security/trusted_computing/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7effbaf881ffe42823142561b9135237989d7153 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/RA-arch-2.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/TPCM.png b/docs/zh/server/security/trusted_computing/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..290bdb3471b46dca3e9f0c0907c3855367bd5b65 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/TPCM.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/creat_datadisk.png b/docs/zh/server/security/trusted_computing/figures/creat_datadisk.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/creat_datadisk.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/creat_datadisk1.png b/docs/zh/server/security/trusted_computing/figures/creat_datadisk1.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/creat_datadisk1.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/dim_architecture.jpg b/docs/zh/server/security/trusted_computing/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a1e672d01dd7174c6f631bc0443cea5717a27bfb Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/dim_architecture.jpg differ diff --git a/docs/zh/server/security/trusted_computing/figures/etmem-system-architecture.png b/docs/zh/server/security/trusted_computing/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/etmem-system-architecture.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima-modsig.png b/docs/zh/server/security/trusted_computing/figures/ima-modsig.png new file mode 100644 index 0000000000000000000000000000000000000000..c3e54e27b6ce30bd21e97908b6168a73f318c117 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima-modsig.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_digest_list_flow.png b/docs/zh/server/security/trusted_computing/figures/ima_digest_list_flow.png new file mode 100644 index 0000000000000000000000000000000000000000..2f5c18f97c644069d5d3e6cad82d01ca519418a4 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_digest_list_flow.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_digest_list_pkg.png b/docs/zh/server/security/trusted_computing/figures/ima_digest_list_pkg.png new file mode 100644 index 0000000000000000000000000000000000000000..a93ff611da5cbeec856b5971126e710d91e63567 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_digest_list_pkg.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_digest_list_update.png b/docs/zh/server/security/trusted_computing/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_digest_list_update.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_performance.gif b/docs/zh/server/security/trusted_computing/figures/ima_performance.gif new file mode 100644 index 0000000000000000000000000000000000000000..72fad8a8333f7357c64a160c1d1c174c31201eaa Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_performance.gif differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_priv_key.png b/docs/zh/server/security/trusted_computing/figures/ima_priv_key.png new file mode 100644 index 0000000000000000000000000000000000000000..1fe6ac6bb01b224e0248603df39aa743ae62966d Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_priv_key.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_rpm.png b/docs/zh/server/security/trusted_computing/figures/ima_rpm.png new file mode 100644 index 0000000000000000000000000000000000000000..484e59535b8b0957dfa0618b83764c13d59e3612 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_rpm.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_secure_boot.png b/docs/zh/server/security/trusted_computing/figures/ima_secure_boot.png new file mode 100644 index 0000000000000000000000000000000000000000..656e4cadb8798be2fe634a074e64f15b0f6a6004 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_secure_boot.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_sig_verify.png b/docs/zh/server/security/trusted_computing/figures/ima_sig_verify.png new file mode 100644 index 0000000000000000000000000000000000000000..c2b43abf07ae9bf59f0e913585cf89b1f079ed00 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_sig_verify.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_tpm.png b/docs/zh/server/security/trusted_computing/figures/ima_tpm.png new file mode 100644 index 0000000000000000000000000000000000000000..56fc12820d4dd98c4d6a4db01419d1a72382b0af Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_tpm.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_trusted_measurement.png b/docs/zh/server/security/trusted_computing/figures/ima_trusted_measurement.png new file mode 100644 index 0000000000000000000000000000000000000000..79ebc8f8952bc766741482ea023c507b3a2e15a3 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_trusted_measurement.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/ima_verification.png b/docs/zh/server/security/trusted_computing/figures/ima_verification.png new file mode 100644 index 0000000000000000000000000000000000000000..d022b9d4ea08d4af386c7b76ca28115ad90e5451 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/ima_verification.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/logical_architectureofMariaDB.png b/docs/zh/server/security/trusted_computing/figures/logical_architectureofMariaDB.png new file mode 100644 index 0000000000000000000000000000000000000000..8caa189a6fbf37bf4e9fd863c2ebb24e25547789 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/logical_architectureofMariaDB.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/login.png b/docs/zh/server/security/trusted_computing/figures/login.png new file mode 100644 index 0000000000000000000000000000000000000000..d15c2cad98fba16320d587f3c7b0c80f435c5d3a Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/login.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/nginx_deployed_success.png b/docs/zh/server/security/trusted_computing/figures/nginx_deployed_success.png new file mode 100644 index 0000000000000000000000000000000000000000..9ffb2c142defbd690e5407659116bf8e5582ba73 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/nginx_deployed_success.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/nginx_start_failed.png b/docs/zh/server/security/trusted_computing/figures/nginx_start_failed.png new file mode 100644 index 0000000000000000000000000000000000000000..c8b855453433796265de42d7ffd0189c7ff9be2b Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/nginx_start_failed.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/nginx_start_success.png b/docs/zh/server/security/trusted_computing/figures/nginx_start_success.png new file mode 100644 index 0000000000000000000000000000000000000000..bc6929772fd98fac3494b4436f26910b09818cb7 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/nginx_start_success.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/postgres.png b/docs/zh/server/security/trusted_computing/figures/postgres.png new file mode 100644 index 0000000000000000000000000000000000000000..e7fc36882718587ec949133fe9892185cb4c2158 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/postgres.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/root_of_trust_framework.png b/docs/zh/server/security/trusted_computing/figures/root_of_trust_framework.png new file mode 100644 index 0000000000000000000000000000000000000000..354b40fa4c4f0ed6f7312e0ce3848ed42155732e Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/root_of_trust_framework.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/top_display.png b/docs/zh/server/security/trusted_computing/figures/top_display.png new file mode 100644 index 0000000000000000000000000000000000000000..2d77d3dc2934763b5da896a827b9805da34d1c09 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/top_display.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/trusted_chain.png b/docs/zh/server/security/trusted_computing/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/trusted_chain.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0229622729.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0229622729.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0229622729.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0229622789.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0229622789.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0229622789.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0230050789.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0230050789.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143176.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143176.png new file mode 100644 index 0000000000000000000000000000000000000000..300165189e6d3e8fa356f3d463cfc627c2ece0e2 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143176.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143177.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143177.png new file mode 100644 index 0000000000000000000000000000000000000000..ccafce4b0c58a4da0a9f7aece335ede24e5030c0 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143177.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143178.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143178.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143178.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143180.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143180.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143180.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143181.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143181.png new file mode 100644 index 0000000000000000000000000000000000000000..d3698e6c0e021a56be46b9f4944c858a425eb66c Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143181.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143183.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143183.png new file mode 100644 index 0000000000000000000000000000000000000000..55ffdfa2616ee259543c1539e46c3e05f9335354 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143183.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143185.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143185.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143185.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143187.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143187.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143187.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143189.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143189.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143191.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143191.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143193.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143193.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143195.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143195.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143196.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143196.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143197.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143197.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143198.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231143198.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563132.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563132.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563134.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563134.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563135.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563135.png differ diff --git a/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563136.png b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/zh/server/security/trusted_computing/figures/zh-cn_image_0231563136.png differ diff --git a/docs/zh/server/security/trusted_computing/ima.md b/docs/zh/server/security/trusted_computing/ima.md new file mode 100644 index 0000000000000000000000000000000000000000..4d4b35c21f42399e202e446072064b461f93e678 --- /dev/null +++ b/docs/zh/server/security/trusted_computing/ima.md @@ -0,0 +1,1360 @@ +# 内核完整性度量(IMA) + +## 概述 + +### IMA介绍 + +IMA,全称 Integrity Measurement Architecture(完整性度量架构),是内核中的一个子系统,能够基于自定义策略对通过`execve()`、`mmap()`和`open()`等系统调用访问的文件进行度量,度量结果可被用于**本地/远程证明**,或者和已有的参考值比较以**控制对文件的访问**。 + +IMA的运行模式主要包含以下两种: + +- 度量(measure):提供了对文件的完整性状态观测功能,访问受保护文件时,会往度量日志(位于内核内存中)增加度量记录。如果系统包含TPM芯片,还可以往TPM芯片PCR寄存器中扩展度量摘要值,以保证度量信息不被篡改。度量场景并不提供对文件访问的控制,它记录的文件信息可传递给上层应用软件,进一步用于远程证明。 +- 评估(appraise):提供了对文件的完整性校验功能,从根本上杜绝了未知的/被篡改的文件的访问。通过哈希、签名、HMAC等密码学技术对文件的内容进行完整性验证,如果验证失败,则不允许任何进程对该文件进行访问。该特性为系统提供了底层韧性设计,在系统被破坏时牺牲一部分功能(被篡改的部分文件),避免攻击造成的影响进一步升级。 + +可以看到,IMA度量模式相当于一个“只记录不干涉”的观察员,IMA评估模式相当于一位严格的保安人员,它的职责是拒绝对所有“人证不一”的文件访问。 + +### EVM介绍 + +EVM,全称 Extended Verification Module(扩展验证模块),是对IMA功能的扩展,在通过IMA实现对于文件内容的完整性保护的基础上,使用EVM可以更进一步地实现对于文件扩展属性(如UID、security.ima 、security.selinux等属性)的保护。 + +### IMA摘要列表介绍 + +IMA Digest Lists(IMA摘要列表)是openEuler对内核原生完整性保护机制的增强,旨在对原生的IMA/EVM机制的以下痛点进行优化: + +**TPM扩展导致文件访问性能下降:** + +IMA度量模式下,每次触发度量都需要访问TPM芯片,TPM属于低速芯片,通常采用几十MHz时钟频率的SPI协议与CPU通信,导致系统调用性能下降: + +![](./figures/ima_tpm.png) + +**非对称运算导致文件访问性能下降:** + +IMA评估模式下,需要使用签名机制保护不可变文件,每次触发文件校验都需要进行签名验证,而非对称运算相对复杂 ,同样导致系统调用性能下降: + +![](./figures/ima_sig_verify.png) + +**复杂的部署方式导致效率和安全性下降:** + +IMA评估模式下,需要通过fix模式进行部署,即系统首先需要进入fix模式进行IMA/EVM扩展属性标记,然后再切换为校验模式启动。同时在受保护的文件升级时,需要重启进入fix模式,完成文件和扩展属性更新。一方面降低了部署效率,另一方面需要在运行环境中访问密钥,降低了安全性: + +![](./figures/ima_priv_key.png) + +IMA摘要列表旨在通过一个哈希列表文件管理一系列文件的基准摘要值,即将若干文件(如一个软件包中的所有可执行文件)的基准摘要值汇总到单个文件中进行管理。基准摘要值可包含文件内容摘要(对应IMA模式)和文件扩展属性摘要(对应EVM模式),这个文件就是IMA摘要列表文件。 + +![](./figures/ima_digest_list_pkg.png) + +开启IMA摘要列表功能后,内核维护一个哈希白名单池,用于存放导入的IMA摘要列表文件中的摘要值,并通过securityfs对外提供IMA摘要列表文件的导入/删除/查询等接口。 + +在度量模式下,导入内核的摘要列表文件需要进行度量和TPM扩展才可添加至白名单池,后续如果度量的目标文件的摘要值和白名单池匹配,则不进行额外的度量日志记录以及TPM扩展;在评估模式下,导入内核的摘要列表文件需要通过签名验证才可添加至白名单池,后续将访问的目标文件的摘要值和白名单池中的摘要值进行匹配即可判断评估结果。 + +![](./figures/ima_digest_list_flow.png) + +相比Linux原生IMA/EVM机制,IMA摘要列表扩展从安全性、性能、易用性三个方面进行了改良,以实现更好的落地效果: + +- 安全性:IMA摘要列表可以随软件包一起发布,软件包安装时同步导入摘要列表,确保了基准值来自于软件发行商(如openEuler社区),避免在运行环境生成基准值的流程,实现了完整的信任链。 +- 性能:IMA摘要列表机制以摘要列表为单位进行度量/校验,降低TPM访问和非对称运算频率为1/n(n为平均单个摘要列表管理的文件哈希数量),可一定程度提升系统调用性能和系统启动性能。 +- 易用性:IMA摘要列表机制可以实现“开箱即用”,即完成系统安装后直接进入评估模式,且允许在评估模式下直接安装/升级软件包,而无需进入fix模式进行文件标记,从而实现快速部署和平滑升级。 + +需要注意的是,IMA摘要列表相比原生IMA/EVM,将度量/评估的基准值在内核内存中进行维护,也引入了一个假设,即内核内存不可被未授权篡改,这就使得IMA摘要列表也依赖于其他安全机制(如内核模块安全启动和内存动态度量等)以保护内核内存的完整性。 + +但无论社区原生IMA机制还是IMA摘要列表扩展,都只是系统安全链中的一环,无法孤立地保证系统的安全性,安全自始至终都是一个构建纵深防御的系统工程。 + +## 接口说明 + +### 内核启动参数说明 + +openEuler IMA/EVM机制提供的内核启动参数及说明如下: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
参数名称取值功能
ima_appraiseenforce-evmIMA评估强制校验模式(EVM开启)
log-evmIMA评估日志模式(EVM开启)
enforceIMA评估强制校验模式
logIMA评估日志模式
off关闭IMA评估
ima_appraise_digest_listdigest基于摘要列表进行IMA+EVM评估(比较文件内容和扩展属性)
digest-nometadata基于摘要列表进行IMA评估(只比较文件内容)
evmx509直接开启基于可移植签名的EVM(无论EVM证书是否加载)
complete启动后不允许通过securityfs接口修改EVM模式
allow_metadata_writes允许修改文件元数据,EVM不做拦截
ima_hashsha256/sha1/...声明IMA度量哈希算法
ima_templateima声明IMA度量模板(d|n)
ima-ng声明IMA度量模板(d-ng|n-ng),默认使用该模板
ima-sig声明IMA度量模板(d-ng|n-ng|sig)
ima_policyexec_tcb度量所有执行、映射方式访问的文件,以及加载的内核模块、固件、内核等文件
tcb在exec_tcb策略的基础上,额外度量以uid=0或euid=0身份访问的文件
secure_boot评估所有加载的内核模块、固件、内核等文件,并指定使用IMA签名模式
appraise_exec_tcb在secure_boot策略的基础上,额外评估所有执行、映射方式访问的文件
appraise_tcb评估访问的所有属主为0的文件
appraise_exec_immutable与appraise_exec_tcb策略配合使用,可执行文件的扩展属性不可变
ima_digest_list_pcr10在PCR 10中扩展基于摘要列表的IMA度量结果,禁用原生IMA度量
11在PCR 11中扩展基于摘要列表的IMA度量结果,禁用原生IMA度量
+11在PCR 11中扩展基于摘要列表的IMA度量结果,在PCR 10中扩展原生IMA度量结果
ima_digest_db_sizenn[M]设置内核摘要列表上限(0M~64M),不做配置的情况下默认为16MB(不做配置指的是不写该参数,但注意不能将值留空,如ima_digest_db_size=)
ima_capacity-1~2147483647设置内核度量日志条数上限,不做配置的情况下默认为100000条,配置-1表示无上限
initramtmpfs在initrd中支持tmpfs,以携带文件扩展属性
+ +根据用户实际场景诉求,建议采取如下参数组合: + +**1) 原生IMA度量:** + +``` +# 原生IMA度量+自定义策略 +无需配置,默认开启 +# 原生IMA度量+TCB默认策略 +ima_policy="tcb" +``` + +**2) 基于摘要列表的IMA度量:** + +``` +# 摘要列表IMA度量+自定义策略 +ima_digest_list_pcr=11 ima_template=ima-ng initramtmpfs +# 摘要列表IMA度量+默认策略 +ima_digest_list_pcr=11 ima_template=ima-ng ima_policy="exec_tcb" initramtmpfs +``` + +**3) 基于摘要列表的IMA评估,只保护文件内容:** + +``` +# IMA评估+日志模式 +ima_appraise=log ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs +# IMA评估+强制校验模式 +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs +``` + +**4) 基于摘要列表的IMA评估,保护文件内容和扩展属性:** + +``` +# IMA评估+日志模式 +ima_appraise=log-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete +# IMA评估+强制校验模式 +ima_appraise=enforce-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete +``` + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 以上四种参数都可以单独配置使用,但只有基于摘要列表的度量和评估模式可以组合使用,即2)和3)搭配或2)和4)搭配。 + +### securityfs接口说明 + +openEuler IMA提供的securityfs接口位于`/sys/kernel/security`目录下,接口名及说明如下: + +| 路径 | 权限 | 说明 | +| :----------------------------- | :--- | :-------------------------------------- | +| ima/policy | 600 | IMA策略查询/导入接口 | +| ima/ascii_runtime_measurement | 440 | 查询IMA度量日志,以字符串形式输出 | +| ima/binary_runtime_measurement | 440 | 查询IMA度量日志,以二进制形式输出 | +| ima/runtime_measurement_count | 440 | 查询IMA度量日志条数 | +| ima/violations | 440 | 查询异常IMA度量日志数量 | +| ima/digests_count | 440 | 显示系统哈希表中的总摘要数量(IMA+EVM) | +| ima/digest_list_data | 200 | 摘要列表新增接口 | +| ima/digest_list_data_del | 200 | 摘要列表删除接口 | +| evm | 660 | 查询/设置EVM模式 | + +其中,`/sys/kernel/security/evm` 的接口的取值有以下三种: + +- 0:EVM 未初始化; +- 1:使用 HMAC(对称加密)方式校验扩展属性完整性; +- 2:使用公钥验签(非对称加密)方式校验扩展属性完整性; +- 6:关闭扩展属性完整性校验。 + +### 摘要列表管理工具说明 + +digest-list-tools软件包提供IMA摘要列表文件生成和管理的工具,主要包含如下几个命令行工具: + +#### gen_digest_lists工具 + +用户可通过调用gen_digest_lists命令行工具生成摘要列表。命令参数定义如下: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
参数名称取值功能
-d<path>指定生成摘要列表文件存放的位置,需为有效目录。
-fcompact指定生成摘要列表文件的格式,当前仅支持compact格式。
-i<option arg>:<option value>指定生成摘要列表的目标文件范围,具体参数定义如下。
I:<path>指定需要生成摘要列表的文件绝对路径,如指定目录,则会执行递归生成。
E:<path>指定需要排除的路径或目录。
F:<path>指定路径或目录,为该路径或目录下所有文件生成摘要列表(同时指定e:参数时,忽略e:选项的筛选效果)。
e:仅对可执行文件生成摘要列表。
l:policy从系统SELinux策略匹配文件安全上下文,而不是直接从文件扩展属性中读取安全上下文。
i:当生成metadata类型的摘要列表时,被计算的扩展属性信息包含文件的摘要值(必须指定)。
M:允许显式指定文件的扩展属性信息(需要结合rpmbuild命令使用)。
u:将“L:”参数所指定的列表文件名作为生成摘要列表的文件名(需要结合rpmbuild命令使用)。
L:<path>指定列表文件的路径,列表文件中包含需要生成摘要列表的信息数据(需要结合rpmbuild命令使用)。
-oadd指定生成摘要列表的的操作,当前仅支持add操作,即将摘要列表添加到文件中。
-p-1指定将摘要列表写入文件中的位置,当前仅支持指定-1。
-tfile只针对文件内容生成摘要列表。
metadata针对对文件的内容和扩展属性分别生成摘要列表。
-TNA不添加该参数,则生成摘要列表文件,添加该参数则生成TLV摘要列表文件。
-A<path>指定相对根目录,将文件路径截去指定的前缀进行路径匹配和SELinux标签匹配。
-mimmutable指定生成摘要列表文件的modifiers属性,当前仅支持指定immutable。摘要列表在enforce/enforece-evm模式下,摘要列表只能以只读模式打开。
-hNA打印帮助信息。
+ +**参考使用示例:** + +- 场景1:为单个文件生成摘要列表/TLV摘要列表。 + + ``` + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -d ./ -i i: gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -d ./ -i i: -T + ``` + +- 场景2: 为单个文件生成摘要列表/TLV摘要列表,并指定相对根目录。 + + ``` + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -A /usr/ -d ./ -i i: gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ls -A /usr/ -d ./ -i i: -T + ``` + +- 场景3:为目录下的文件递归生成摘要列表/TLV摘要列表。 + + ``` + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: -T + ``` + +- 场景4:为目录下的可执行文件递归生成摘要列表/TLV摘要列表。 + + ``` + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: -i e:gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/bin/ -d ./ -i i: -i e: -T + ``` + +- 场景5:为目录下的文件递归生成摘要列表/TLV摘要列表,排除部分子目录。 + + ``` + gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/ -d ./ -i i: -i E:/usr/bin/gen_digest_lists -t metadata -f compact -i l:policy -o add -p -1 -m immutable -i I:/usr/ -d ./ -i i: -i E:/usr/bin/ -T + ``` + +- 场景6:rpmbuild回调脚本中,通过读取rpmbuild传入的列表文件生成摘要列表。 + + ``` + gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \ + -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \ + -A $RPM_BUILD_ROOT -i e: \ + -i E:/usr/src \ + -i E:/boot/efi \ + -i F:/lib \ + -i F:/usr/lib \ + -i F:/lib64 \ + -i F:/usr/lib64 \ + -i F:/lib/modules \ + -i F:/usr/lib/modules \ + -i F:/lib/firmware \ + -i F:/usr/lib/firmware + + gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR.tlv \ + -i l:policy -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \ + -T -A $RPM_BUILD_ROOT -i e: \ + -i E:/usr/src \ + -i E:/boot/efi \ + -i F:/lib \ + -i F:/usr/lib \ + -i F:/lib64 \ + -i F:/usr/lib64 \ + -i F:/lib/modules \ + -i F:/usr/lib/modules \ + -i F:/lib/firmware \ + -i F:/usr/lib/firmware + ``` + +#### manage_digest_lists工具 + +manage_digest_lists命令行工具主要用于将二进制格式的TLV摘要列表文件解析转换为可读的文本形式。命令参数定义如下: + +| 参数名称 | 取值 | 功能 | +| -------- | ---------- | ----------------------------------------------------------- | +| -d | \ | 指定TLV摘要列表文件存放的目录。 | +| -f | \ | 指定TLV摘要列表文件名。 | +| -p | dump | 指定操作类型,当前仅支持dump,表示解析打印TLV摘要列表操作。 | +| -v | NA | 打印详细信息。 | +| -h | NA | 打印帮助信息。 | + +**参考使用示例:** + +查看TLV摘要列表信息: + +``` +manage_digest_lists -p dump -d /etc/ima/digest_lists.tlv/ +``` + +## 文件格式说明 + +### IMA策略文件语法说明 + +IMA策略文件为文本文件,一个文件中可包含若干条按照换行符`\n`分隔的规则语句,每条规则语句都必须以 action 关键字代表的**动作**开头,后接**筛选条件**: + +``` + <筛选条件1> [筛选条件2] [筛选条件3]... +``` + +action表示该条策略具体的动作,一条策略只能选一个 action,具体的action见后表(实际书写时**可忽略 action 字样**,例如直接书写 dont_measure,不需要写成 action=dont_measure): + +筛选条件支持如下几种类型: + +- func:表示被度量或评估的文件类型,常和 mask 匹配使用,一条策略只能选一个 func。 + + - FILE_CHECK 只能同 MAY_EXEC、MAY_WRITE、MAY_READ 匹配使用。 + - MODULE_CHECK、MMAP_CHECK、BPRM_CHECK 只能同 MAY_EXEC 匹配使用。 + - 匹配关系以外的组合不会产生效果。 + +- mask:表示文件在做什么操作时将被度量或评估,一条策略只能选一个 mask。 + +- fsmagic:表示文件系统类型的十六进制魔数,定义在 `/usr/include/linux/magic.h` 文件中(默认情况下度量所有文件系统,除非使用 dont_measure/dont_appraise 标记不度量某文件系统)。 + +- fsuuid:表示系统设备 uuid 的 16 位的十六进制字符串。 + +- objtype:表示文件安全类型,一条策略只能选一个文件类型,objtype 相比 func 而言,划分的粒度更细,比如 obj_type=nova_log_t 表示SELinux类型为 nova_log_t 的文件。 + +- uid:表示哪个用户(用用户 id 表示)对文件进行操作,一条策略只能选一个 uid。 + +- fowner:表示文件的属主(用用户 id 表示)是谁,一条策略只能选一个 fowner。 + +关键字的具体取值及说明如下: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
关键字说明
actionmeasure开启IMA度量
dont_measure禁用IMA度量
appraise开启IMA评估
dont_appraise禁用IMA评估
audit开启审计
funcFILE_CHECK将要被打开的文件
MODULE_CHECK将要被装载的内核模块文件
MMAP_CHECK将要被映射到进程内存空间的动态库文件
BRPM_CHECK将要被执行的文件(不含通过 /bin/hash 等程序打开的脚本文件)
POLICY_CHECK将要被导入的IMA策略文件
FIRMWARE_CHECK将要被加载到内存中的固件
DIGEST_LIST_CHECK将要被加载到内核中的摘要列表文件
KEXEC_KERNEL_CHECK将要切换的 kexec 内核
maskMAY_EXEC执行文件
MAY_WRITE写文件
MAY_READ读文件
MAY_APPEND扩展文件属性
fsmagicfsmagic=xxx表示文件系统类型的十六进制魔数
fsuuidfsuuid=xxx表示系统设备 uuid 的 16 位的十六进制字符串
fownerfowner=xxx文件属主的用户 id
uiduid=xxx操作文件的用户 id
obj_typeobj_type=xxx_t表示文件的类型(基于 SELinux 标签)
pcrpcr=<num>选择 TPM 中用于扩展度量值的 PCR(默认为 10)
appraise_typeimasig基于签名进行IMA评估
meta_immutable基于签名进行文件扩展属性的评估(支持摘要列表)
+ +## 使用说明 + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 原生IMA/EVM为Linux开源特性,本章节仅简单介绍基本使用方式,其他资料可参考开源WIKI: +> +> + +### 原生IMA使用说明 + +#### IMA度量模式 + +用户需要配置度量策略,开启IMA度量功能,具体步骤如下: + +**步骤1:** 用户可通过配置启动参数或手动配置的方式,指定度量策略。通过启动参数配置IMA策略的示例如下: + +``` +ima_policy="tcb" +``` + +手动配置IMA策略的示例如下: + +``` +echo "measure func=BPRM_CHECK" > /sys/kernel/security/ima/policy +``` + +**步骤2:** 重启系统,用户可实时检查度量日志获取当前的度量情况: + +``` +cat /sys/kernel/security/ima/ascii_runtime_measurements +``` + +#### IMA评估模式 + +用户需要首先进入fix模式,完成文件的IMA标记后,再开启log或enforce模式。具体步骤如下: + +**步骤1:** 配置启动参数,重启后进入fix模式: + +``` +ima_appraise=fix ima_policy=appraise_tcb +``` + +**步骤2:** 为所有需要评估的文件生成IMA扩展属性: + +对于不可变文件(如二进制程序文件)可以使用签名模式,将文件摘要值的签名写入IMA扩展属性中。举例如下(其中`/path/to/ima.key`指的是和IMA证书匹配的签名私钥): + +``` +find /usr/bin -fstype ext4 -type f -executable -uid 0 -exec evmctl -a sha256 ima_sign --key /path/to/ima.key '{}' \; +``` + +对于可变文件(如数据文件)可以使用哈希模式,将文件的摘要值写入IMA扩展属性中。IMA支持自动标记机制,即在fix模式下仅需触发文件访问,即可自动生成IMA扩展属性: + +``` +find / -fstype ext4 -type f -uid 0 -exec dd if='{}' of=/dev/null count=0 status=none \; +``` + +可通过如下命令检查文件是否被成功标记了IMA扩展属性(security.ima): + +``` +getfattr -m - -d /sbin/init +``` + +**步骤3:** 配置启动参数,修改IMA评估为log或enforce模式后,重启系统: + +``` +ima_appraise=enforce ima_policy=appraise_tcb +``` + +### IMA摘要列表使用说明 + +#### 前置条件 + +IMA摘要列表特性使用前,用户需安装`ima-evm-utils`和`digest-list-tools`软件包: + +``` +yum install ima-evm-utils digest-list-tools +``` + +#### 机制介绍 + +##### 摘要列表文件 + +在安装openEuler发布的RPM包后,默认会在`/etc/ima`目录下生成摘要列表文件。根据文件名的不同,存在如下几种文件: + +**/etc/ima/digest_lists/0-metadata_list-compact-\** + +为IMA摘要列表文件,通过`gen_digest_lists`命令生成(生成方法详见[gen_digest_lists工具](#gen_digest_list工具)),该文件为二进制格式,包含header信息以及一连串SHA256哈希值,分别代表合法的文件内容摘要值和文件扩展属性摘要值。该文件被度量或评估后,最终被导入内核,并以该文件中的白名单摘要值为基准进行IMA摘要列表度量或评估。 + +**/etc/ima/digest_lists/0-metadata_list-rpm-\** + +为RPM摘要列表文件,**实际为RPM包的头信息**。RPM包安装后,如果IMA摘要列表文件不包含签名,则会把RPM头信息写入该文件中,并将头信息的签名写入`security.ima`扩展属性中。这样通过签名可验证RPM头信息的真实性,由于RPM头信息又包含了摘要列表文件的摘要值,则可实现摘要列表的间接验证。 + +**/etc/ima/digest_lists/0-parser_list-compact-libexec** + +为IMA PARSER摘要列表文件,存放`/usr/libexec/rpm_parser`文件的摘要值。该文件用于实现RPM摘要列表->IMA摘要列表的信任链,内核IMA摘要列表机制会对该文件执行后产生的进程进行特殊校验,如果确定是`rpm_parser`程序,则会信任其导入的所有摘要列表而无需校验签名。 + +**/etc/ima/digest_lists.sig/0-metadata_list-compact-\.sig** + +为IMA摘要列表的签名文件,若RPM包中包含此文件,则在RPM包安装阶段,会将该文件的内容写入对应的RPM摘要列表文件的`security.ima`扩展属性,从而在IMA摘要列表导入内核阶段进行签名验证。 + +**/etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-\** + +为TLV摘要列表文件,通常在对目标文件生成IMA摘要列表文件时一并生成,存放目标文件的完整性信息(文件内容摘要值、文件扩展属性等)。该文件的功能是协助用户查询/恢复目标文件的完整性信息。 + +##### 摘要列表文件签名方式 + +在IMA摘要列表评估模式下,IMA摘要列表文件需要经过签名验证才可导入内核,并用于后续的文件白名单匹配。IMA摘要列表文件支持如下几种签名方式: + +**1) IMA扩展属性签名** + +即原生的IMA签名机制,将签名信息按照一定格式,存放在`security.ima`扩展属性中。可通过`evmctl`命令生成并添加: + +``` +evmctl ima_sign --key /path/to/ima.key -a sha256 +``` + +也可添加`-f`参数,将签名信息和头信息存入独立的文件中: + +``` +evmctl ima_sign -f --key /path/to/ima.key -a sha256 +``` + +在开启IMA摘要列表评估模式下,可直接将摘要列表文件路径写入内核接口,实现摘要列表的导入/删除。该过程会自动触发评估,基于`security.ima`扩展属性完成对摘要列表文件内容的签名验证: + +``` +# 导入IMA摘要列表文件 +echo > /sys/kernel/security/ima/digest_list_data +# 删除IMA摘要列表文件 +echo > /sys/kernel/security/ima/digest_list_data_del +``` + +**2) IMA摘要列表追加签名(openEuler 24.03 LTS版本默认)** + +openEuler 24.03 LTS版本开始支持IMA专用签名密钥,并采用CMS签名。由于签名信息包含证书链,可能由于长度超出限制而无法写入文件的`security.ima`扩展属性中,因此采用类似内核模块的追加签名的方式: + + + +其签名机制为: + +1) 将CMS签名信息追加到IMA摘要列表文件末尾; + +2) 填充结构体并添加到签名信息末尾,结构体定义如下: + +``` +struct module_signature { + u8 algo; /* Public-key crypto algorithm [0] */ + u8 hash; /* Digest algorithm [0] */ + u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ + u8 signer_len; /* Length of signer's name [0] */ + u8 key_id_len; /* Length of key identifier [0] */ + u8 __pad[3]; + __be32 sig_len; /* Length of signature data */ +}; +``` + +3) 添加魔鬼字符串`"~Module signature appended~\n"` + +此步骤的参考脚本如下: + +``` +#!/bin/bash +DIGEST_FILE=$1 # IMA摘要列表文件路径 +SIG_FILE=$2 # IMA摘要列表签名信息保存路径 +OUT=$3 #完成签名信息添加后的摘要列表文件输出路径 + +cat $DIGEST_FILE $SIG_FILE > $OUT +echo -n -e "\x00\x00\x02\x00\x00\x00\x00\x00" >> $OUT +echo -n -e $(printf "%08x" "$(ls -l $SIG_FILE | awk '{print $5}')") | xxd -r -ps >> $OUT +echo -n "~Module signature appended~" >> $OUT +echo -n -e "\x0a" >> $OUT +``` + +**3) 复用RPM签名(openEuler 22.03 LTS版本默认)** + +openEuler 22.03 LTS版本支持复用RPM签名机制实现IMA摘要列表文件的签名。旨在解决版本无专用IMA签名密钥的问题。用户无需感知该签名流程,当RPM包中含有IMA摘要列表文件,而不包含IMA摘要列表的签名文件时,会自动使用该签名机制。其核心原理是通过RPM包的头信息实现对IMA摘要列表的验证。 + +对于openEuler发布的RPM包,每一个包文件可以包含两部分: + +- **RPM头信息:** 存放RPM包属性字段,如包名、文件摘要值列表等,通过RPM头签名保证其完整性; +- **RPM文件:** 实际安装至系统中的文件,也包括构建阶段生成的IMA摘要列表文件。 + + + +在RPM包安装阶段,如果RPM进程检测到包中的摘要列表文件不包含签名,则在`/etc/ima`目录下创建一个RPM摘要列表文件,将RPM头信息写入文件内容,将RPM头签名写入文件的`security.ima`扩展属性中。后续可通过RPM摘要列表间接实现IMA摘要列表的验证和导入。 + +##### IMA摘要列表导入 + +在开启IMA度量模式下,导入IMA摘要列表文件无需经过签名验证,可直接将路径写入内核接口,实现摘要列表的导入/删除: + +``` +# 导入IMA摘要列表文件 +echo > /sys/kernel/security/ima/digest_list_data +# 删除IMA摘要列表文件 +echo > /sys/kernel/security/ima/digest_list_data_del +``` + +在开启IMA评估模式下,导入摘要列表必须通过签名验证。根据签名方式不同,可分为两种导入方式。 + +**直接导入方式** + +对于已包含签名信息的IMA摘要列表文件(IMA扩展属性签名或IMA摘要列表追加签名),可直接将路径写入内核接口,实现摘要列表的导入/删除。该过程会自动触发评估,基于`security.ima`扩展属性完成对摘要列表文件内容的签名验证: + +``` +# 导入IMA摘要列表文件 +echo > /sys/kernel/security/ima/digest_list_data +# 删除IMA摘要列表文件 +echo > /sys/kernel/security/ima/digest_list_data_del +``` + +**调用`upload_digest_lists`导入方式** + +对于复用RPM签名的IMA摘要列表文件,需要调用`upload_digest_lists`命令实现导入。具体命令如下(注意指定的路径为对应的RPM摘要列表): + +``` +# 导入IMA摘要列表文件 +upload_digest_lists add +# 删除IMA摘要列表文件 +upload_digest_lists del +``` + +该流程相对复杂,需要满足以下前置条件: + +1) 系统已导入openEuler发布的`digest_list_tools`软件包中的摘要列表(包含IMA摘要列表和IMA PARSER摘要列表); + +2) 已配置对应用程序执行的IMA评估策略(BPRM_CHECK策略)。 + +#### 操作指导 + +##### RPM构建自动生成摘要列表 + +openEuler RPM工具链支持`%__brp_digest_list`宏定义,配置格式如下: + +``` +%__brp_digest_list /usr/lib/rpm/brp-digest-list %{buildroot} +``` + +当配置了该宏定义后,当用户调用`rpmbuild`命令进行软件包构建时,在RPM打包阶段会调用`/usr/lib/rpm/brp-digest-list`脚本进行摘要列表的生成和签名等流程。openEuler默认针对可执行程序、动态库、内核模块等关键文件生成摘要列表。用户也可以通过修改脚本,自行配置生成摘要列表的范围和指定签名密钥。如下示例使用用户自定义的签名密钥`/path/to/ima.key`进行摘要列表签名。 + +``` +...... (line 66) +DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basename $BIN_PKG_FILES)" +[ -f $DIGEST_LIST_TLV_PATH ] || exit 0 + +chmod 644 $DIGEST_LIST_TLV_PATH +echo $DIGEST_LIST_TLV_PATH + +evmctl ima_sign -f --key /path/to/ima.key -a sha256 $DIGEST_LIST_PATH &> /dev/null +chmod 400 $DIGEST_LIST_PATH.sig +mkdir -p $DIGEST_LIST_DIR.sig +mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_DIR.sig +echo $DIGEST_LIST_DIR.sig/0-metadata_list-compact-$(basename $BIN_PKG_FILES).sig +``` + +##### IMA摘要列表度量 + +用户可通过如下功能开启IMA摘要列表度量: + +**步骤1:** 用户需要配置启动参数度量策略,开启IMA度量功能,具体步骤同**原生IMA度量**,不同的是需要单独配置度量所使用的TPM PCR寄存器,启动参数示例如下: + +``` +ima_policy=exec_tcb ima_digest_list_pcr=11 +``` + +**步骤2:** 用户导入IMA摘要列表,以`bash`软件包的摘要列表为例: + +``` +echo /etc/ima/digest_lists/0-metadata_list-compact-bash-5.1.8-6.oe2203sp1.x86_64 > /sys/kernel/security/ima/digest_list_data +``` + +可查询到IMA摘要列表的度量日志: + +``` +cat /sys/kernel/security/ima/ascii_runtime_measurements +``` + +导入IMA摘要列表后,如果后续度量的文件摘要值包含在IMA摘要列表中,则不会额外记录度量日志。 + +##### IMA摘要列表评估 + +###### 默认策略启动场景 + +用户可在启动参数中配置`ima_policy`参数指定IMA默认策略,则在内核启动阶段,IMA初始化完成后立即启用默认策略进行评估。用户可通过如下功能开启IMA摘要列表评估: + +**步骤1:** 执行`dracut`命令将摘要列表文件写入initrd: + +``` +dracut -f -e xattr +``` + +**步骤2:** 配置启动参数和IMA策略,典型的配置如下: + +``` +# 基于摘要列表的IMA评估log/enforce模式,只保护文件内容,配置默认策略为appraise_exec_tcb +ima_appraise=log ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs module.sig_enforce +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs module.sig_enforce +# 基于摘要列表的IMA评估log/enforce模式,保护文件内容和扩展属性,配置默认策略为appraise_exec_tcb+appraise_exec_immutable +ima_appraise=log-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete module.sig_enforce +ima_appraise=enforce-evm ima_appraise_digest_list=digest ima_policy="appraise_exec_tcb|appraise_exec_immutable" initramtmpfs evm=x509 evm=complete module.sig_enforce +``` + +重启系统即可开启IMA摘要列表评估功能,启动过程中自动完成IMA策略生效和IMA摘要列表文件导入。 + +###### 无默认策略启动场景 + +用户可在启动参数中不配置`ima_policy`参数,代表系统启动阶段无默认策略,IMA评估机制等待用户导入策略后生效启用。 + +**步骤1:** 配置启动参数,典型的配置如下: + +``` +# 基于摘要列表的IMA评估log/enforce模式,只保护文件内容,无默认策略 +ima_appraise=log ima_appraise_digest_list=digest-nometadata initramtmpfs +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata initramtmpfs +# 基于摘要列表的IMA评估log/enforce模式,保护文件内容和扩展属性,无默认策略 +ima_appraise=log-evm ima_appraise_digest_list=digest initramtmpfs evm=x509 evm=complete +ima_appraise=enforce-evm ima_appraise_digest_list=digest initramtmpfs evm=x509 evm=complete +``` + +重启系统,此时由于系统无策略,IMA评估并不生效。 + +**步骤2:** 导入IMA策略,将策略文件的全路径写入内核接口: + +``` +echo /path/to/policy > /sys/kernel/security/ima/policy +``` + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 策略中需要包含一些固定规则,用户可参考如下策略模板: +> +> openEuler 22.03 LTS版本的策略模板如下(复用RPM签名场景): +> +``` +# 不评估securityfs文件系统的访问行为 +dont_appraise fsmagic=0x73636673 +# 其他用户自定义的dont_appraise规则 +...... +# 评估导入的IMA摘要列表文件 +appraise func=DIGEST_LIST_CHECK appraise_type=imasig +# 评估/usr/libexec/rpm_parser进程打开的所有文件 +appraise parser appraise_type=imasig +# 评估执行的应用程序(触发对/usr/libexec/rpm_parser执行的评估,也可以新增其他限制条件,如SELinux标签等) +appraise func=BPRM_CHECK appraise_type=imasig +# 其他用户自定义的appraise规则 +...... +``` +> +> openEuler 24.03 LTS版本的策略模板如下(IMA扩展属性签名或追加签名场景): +> +``` +# 用户自定义的dont_appraise规则 +...... +# 评估导入的IMA摘要列表文件 +appraise func=DIGEST_LIST_CHECK appraise_type=imasig|modsig +# 其他用户自定义的appraise规则 +...... +``` + +**步骤3:** 导入IMA摘要列表文件,对于不同签名方式的摘要列表,需要使用不同的导入方式。 + +openEuler 22.03 LTS的摘要列表导入方式如下(复用RPM签名的IMA摘要列表): + +``` +# 导入digest_list_tools软件包的摘要列表 +echo /etc/ima/digest_lists/0-metadata_list-compact-digest-list-tools-0.3.95-13.x86_64 > /sys/kernel/security/ima/digest_list_data +echo /etc/ima/digest_lists/0-parser_list-compact-libexec > /sys/kernel/security/ima/digest_list_data +# 导入其他的RPM摘要列表 +upload_digest_lists add /etc/ima/digest_lists +# 检查导入的摘要列表条数 +cat /sys/kernel/security/ima/digests_count +``` + +openEuler 24.03 LTS的摘要列表导入方式如下(追加签名的IMA摘要列表): + +``` +find /etc/ima/digest_lists -name "0-metadata_list-compact-*" -exec echo {} > /sys/kernel/security/ima/digest_list_data \; +``` + +##### 软件升级场景 + +开启IMA摘要列表功能后,对于覆盖在IMA保护范围内的文件,在升级更新场景需要同步更新摘要列表。对于openEuler发布的RPM包,在包安装、升级、卸载的同时,将自动完成RPM包中的摘要列表的添加、更新和删除,不需要用户手动操作。对于用户维护的非RPM格式的软件包,则需要手动完成摘要列表的导入。 + +##### 用户证书导入 + +用户可以通过导入自定义证书,从而针对非openEuler发布的软件进行度量或评估。openEuler IMA评估模式支持从如下两种密钥环中获取证书进行签名校验: + +- builtin_trusted_keys密钥环:内核编译时预置的根证书; +- ima密钥环:通过initrd中的/etc/keys/x509_ima.der导入,需要为builtin_trusted_keys密钥环中任意一本证书的子证书。 + +**将根证书导入builtin_trusted_keys密钥环的步骤如下:** + +**步骤1:** 生成根证书,以openssl命令为例: + +``` +echo 'subjectKeyIdentifier=hash' > root.cfg +openssl genrsa -out root.key 4096 +openssl req -new -sha256 -key root.key -out root.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=openeuler test ca" +openssl x509 -req -days 3650 -extfile root.cfg -signkey root.key -in root.csr -out root.crt +openssl x509 -in root.crt -out root.der -outform DER +``` + +**步骤2:** 获取openEuler kernel源码,以最新的OLK-5.10分支为例: + +``` +git clone https://gitee.com/openeuler/kernel.git -b OLK-5.10 +``` + +**步骤3:** 进入源码目录,并将根证书拷贝至目录下: + +``` +cd kernel +cp /path/to/root.der . +``` + +修改config文件的CONFIG_SYSTEM_TRUSTED_KEYS选项: + +``` +CONFIG_SYSTEM_TRUSTED_KEYS="./root.crt" +``` + +**步骤4:** 编译安装内核(步骤略,注意需要为内核模块生成摘要列表)。 + +**步骤5:** 重启后检查证书导入成功: + +``` +keyctl show %:.builtin_trusted_keys +``` + +**将子证书导入ima密钥环的步骤如下,注意需要提前将根证书导入builtin_trusted_keys密钥环:** + +**步骤1:** 基于根证书生成子证书,以openssl命令为例: + +``` +echo 'subjectKeyIdentifier=hash' > ima.cfg +echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg +echo 'keyUsage=digitalSignature' >> ima.cfg +openssl genrsa -out ima.key 4096 +openssl req -new -sha256 -key ima.key -out ima.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=openeuler test ima" +openssl x509 -req -sha256 -CAcreateserial -CA root.crt -CAkey root.key -extfile ima.cfg -in ima.csr -out ima.crt +openssl x509 -outform DER -in ima.crt -out x509_ima.der +``` + +**步骤2:** 将IMA证书拷贝到/etc/keys目录下: + +``` +mkdir -p /etc/keys/ +cp x509_ima.der /etc/keys/ +``` + +**步骤3:** 打包initrd,将IMA证书和摘要列表置入initrd镜像中: + +``` +echo 'install_items+=" /etc/keys/x509_ima.der "' >> /etc/dracut.conf +dracut -f -e xattr +``` + +**步骤4:** 重启后检查证书导入成功: + +``` +keyctl show %:.ima +``` + +#### 典型使用场景 + +根据运行模式的不同,IMA摘要列表可应用于可信度量场景和用户态安全启动场景。 + +##### 可信度量场景 + +可信度量场景主要基于IMA摘要列表度量模式,由内核+硬件可信根(如TPM)共同完成对关键文件的度量,再结合远程证明工具链完成对当前系统的文件可信状态的证明: + +![](./figures/ima_trusted_measurement.png) + +**运行阶段** + +- 软件包部署时同步导入摘要列表,IMA对摘要列表进行度量并记录度量日志(同步扩展TPM); + +- 应用程序执行时触发IMA度量,若文件摘要值匹配白名单则忽略,否则记录度量日志(同步扩展TPM) 。 + +**证明阶段(业界通用流程)** + +- 远程证明服务器下发证明请求,客户端回传IMA度量日志以及经过签名的TPM PCR值; + +- 远程证明服务器依次校验PCR(校验签名)、度量日志(PCR回放)、文件度量信息(比对本地基准值)的正确性,上报结果至安全中心; + +- 安全管理中心采取对应操作,如事件通知、节点隔离等。 + +##### 用户态安全启动场景 + +用户态安全启动场景主要基于IMA摘要列表评估模式,与安全启动类似,旨在对执行的应用程序或访问的关键文件执行完整性校验,如果校验失败,则拒绝访问: + +![](./figures/ima_secure_boot.png) + +**运行阶段** + +- 应用部署时导入摘要列表,内核验签通过后,加载摘要值到内核哈希表中作为白名单; +- 应用程序执行时触发IMA校验,计算文件hash值,若与基线值一致,则允许访问,否则记录日志或拒绝访问 。 + +## 附录 + +### 内核编译选项说明 + +原生IMA/EVM提供的编译选项及说明如下: + +| 编译选项 | 功能 | +| :------------------------------- | :------------------------ | +| CONFIG_INTEGRITY | IMA/EVM 总编译开关 | +| CONFIG_INTEGRITY_SIGNATURE | 使能IMA签名校验 | +| CONFIG_INTEGRITY_ASYMMETRIC_KEYS | 使能IMA非对称签名校验 | +| CONFIG_INTEGRITY_TRUSTED_KEYRING | 使能 IMA/EVM 密钥环 | +| CONFIG_INTEGRITY_AUDIT | 编译 IMA audit 审计模块 | +| CONFIG_IMA | IMA 总编译开关 | +| CONFIG_IMA_WRITE_POLICY | 允许在运行阶段更新IMA策略 | +| CONFIG_IMA_MEASURE_PCR_IDX | 允许指定IMA度量 PCR 序号 | +| CONFIG_IMA_LSM_RULES | 允许配置 LSM 规则 | +| CONFIG_IMA_APPRAISE | IMA 评估总编译开关 | +| IMA_APPRAISE_BOOTPARAM | 启用IMA评估启动参数 | +| CONFIG_EVM | EVM 总编译开关 | + +openEuler IMA摘要列表特性提供的编译选项及说明如下(openEuler内核编译默认开启): + +| 编译选项 | 功能 | +| :----------------- | :---------------------- | +| CONFIG_DIGEST_LIST | 开启IMA摘要列表特性开关 | + +### IMA摘要列表根证书说明 + +openEuler 22.03版本使用RPM密钥对IMA摘要列表进行签名,为保证IMA功能开箱可用,openEuler内核编译时默认将RPM根证书(PGP证书)导入内核。当前包含旧版本使用的OBS证书和openEuler 22.03 LTS SP1版本切换的openEuler证书: + +```shell +# cat /proc/keys | grep PGP +1909b4ad I------ 1 perm 1f030000 0 0 asymmetri private OBS b25e7f66: PGP.rsa b25e7f66 [] +2f10cd36 I------ 1 perm 1f030000 0 0 asymmetri openeuler fb37bc6f: PGP.rsa fb37bc6f [] +``` + +由于当前内核不支持导入PGP子公钥,而切换后的openEuler证书采用子密钥签名,因此openEuler内核编译前对证书进行了预处理,抽取子公钥并导入内核,具体处理流程可见内核软件包代码仓内的process_pgp_certs.sh脚本文件: + +openEuler 24.03及之后的版本支持IMA专用证书,详见[证书签名](../cert_signature/introduction_to_signature_certificates.md)文档相关章节。 + +如果用户不使用IMA摘要列表功能或使用其他密钥实现签名/验签,则可将相关代码移除,自行实现内核根证书配置。 + +### FAQ + +#### FAQ1:开启IMA评估enforce模式并配置默认策略后,系统启动失败 + +IMA默认策略可能包含对应用程序执行、内核模块加载等关键文件访问流程的校验,如果关键文件访问失败,可能导致系统无法启动。通常原因有: + +1) IMA校验证书未导入内核,导致摘要列表无法被正确校验; +2) 摘要列表文件未正确签名,导致摘要列表校验失败; +3) 摘要列表文件未导入initrd中,导致启动过程无法导入摘要列表; +4) 摘要列表文件和应用程序不匹配,导致应用程序匹配已导入的摘要列表失败。 + +用户需要通过log模式进入系统进行问题定位和修复。重启系统,进入grub界面修改启动参数,采用log模式启动: + +``` +ima_appraise=log +``` + +系统启动后,可参考如下流程进行问题排查: + +**步骤1:** 检查keyring中的IMA证书: + +``` +keyctl show %:.builtin_trusted_keys +``` + +对于openEuler LTS版本,至少应存在以下几本内核证书(其他未列出版本可根据发布时间前推参考): + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
版本证书
openEuler 22.03 LTSprivate OBS b25e7f66
openEuler 22.03 LTS SP1/2/3private OBS b25e7f66
openeuler <openeuler@compass-ci.com> b675600b
openEuler 22.03 LTS SP4private OBS b25e7f66
openeuler <openeuler@compass-ci.com> b675600b
openeuler <openeuler@compass-ci.com> fb37bc6f
openEuler 24.03openEuler kernel ICA 1: 90bb67eb4b57eb62bf6f867e4f56bd4e19e7d041
+ +如果用户导入了其他内核根证书,也同样需要通过`keyctl`命令查询确认证书是否被成功导入。openEuler默认不使用IMA密钥环,如果用户存在使用的情况,则需要通过如下命令查询IMA密钥环中是否存在用户证书: + +``` +keyctl show %:.ima +``` + +如果排查结果为证书未正确导入,则用户需要根据*用户证书导入场景*章节进行流程排查。 + +**步骤2:** 检查摘要列表携带签名信息: + +用户可通过如下命令查询当前系统中的摘要列表文件: + +``` +ls /etc/ima/digest_lists | grep '_list-compact-' +``` + +对于每个摘要列表文件,需要检查存在**以下三种之一**的签名信息: + +1) 检查该摘要列表文件存在对应的**RPM摘要列表文件**,且**RPM摘要列表文件**的ima扩展属性中包含签名值。以bash软件包的摘要列表为例,摘要列表文件路径为: + +``` +/etc/ima/digest_lists/0-metadata_list-compact-bash-5.1.8-6.oe2203sp1.x86_64 +``` + +RPM摘要列表路径为: + +``` +/etc/ima/digest_lists/0-metadata_list-rpm-bash-5.1.8-6.oe2203sp1.x86_64 +``` + +检查RPM摘要列表签名,即文件的`security.ima`扩展属性不为空: + +``` +getfattr -n security.ima /etc/ima/digest_lists/0-metadata_list-rpm-bash-5.1.8-6.oe2203sp1.x86_64 +``` + +2) 检查摘要列表文件的`security.ima`扩展属性不为空: + +``` +getfattr -n security.ima /etc/ima/digest_lists/0-metadata_list-compact-bash-5.1.8-6.oe2203sp1.x86_64 +``` + +3) 检查摘要列表文件的末尾包含了签名信息,可通过检查文件内容末尾是否包含`~Module signature appended~`魔鬼字符串进行判断(仅openEuler 24.03 LTS及之后版本支持的签名方式): + +``` +tail -c 28 /etc/ima/digest_lists/0-metadata_list-compact-kernel-6.6.0-28.0.0.34.oe2403.x86_64 +``` + +如果排查结果为摘要列表未包含签名信息,则用户需要根据*摘要列表签名机制说明*章节进行流程排查。 + +**步骤3:** 检查摘要列表的签名信息正确: + +在确保摘要列表已携带签名信息的情况下,用户还需要确保摘要列表采用正确的私钥签名,即签名私钥和内核中的证书匹配。除用户自行进行私钥检查外,还可通过dmesg日志或audit日志(默认路径为`/var/log/audit/audit.log`)判断是否有签名校验失败的情况发生。典型的日志输出如下: + +``` +type=INTEGRITY_DATA msg=audit(1722578008.756:154): pid=3358 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:haikang_t:s0-s0:c0.c1023 op=appraise_data cause=invalid-signature comm="bash" name="/root/0-metadata_list-compact-bash-5.1.8-6.oe2203sp1.x86_64" dev="dm-0" ino=785161 res=0 errno=0UID="root" AUID="root" +``` + +如果检查结果为签名信息错误,则用户需要根据*摘要列表签名机制说明*章节进行流程排查。 + +**步骤4:** 检查initrd中是否导入摘要列表文件: + +用户需要通过如下命令查询当前initrd中是否存在摘要列表文件: + +``` +lsinitrd | grep 'etc/ima/digest_lists' +``` + +如果未查询到摘要列表文件,则用户需要重新制作initrd,并再次检查摘要列表导入成功: + +``` +dracut -f -e xattr +``` + +**步骤5:** 检查IMA摘要列表和应用程序是否匹配: + +参考FAQ2章节。 + +#### FAQ2:开启IMA评估enforce模式后,部分文件执行失败 + +开启IMA评估enforce模式后,对于配置IMA策略的文件访问,如果文件的内容或扩展属性设置有误(和导入的摘要列表不匹配),则可能会导致文件访问被拒绝。通常原因有: + +1) 摘要列表未成功导入(可参考FAQ1); + +2) 文件内容或属性被篡改。 + + 对于出现文件执行失败的场景,首先需要确定摘要列表文件已经成功导入内核,用户可以检查摘要列表数量判断导入情况: + +``` +cat /sys/kernel/security/ima/digests_count +``` + +然后用户可通过audit日志(默认路径为`/var/log/audit/audit.log`)判断具体哪个文件校验失败以及原因。典型的日志输出如下: + +``` +type=INTEGRITY_DATA msg=audit(1722811960.997:2967): pid=7613 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:haikang_t:s0-s0:c0.c1023 op=appraise_data cause=IMA-signature-required comm="bash" name="/root/test" dev="dm-0" ino=814424 res=0 errno=0UID="root" AUID="root" +``` + +在确定校验失败的文件后,可对比TLV摘要列表确定文件被篡改的原因。对于未开启扩展属性校验的场景,仅对比文件SHA256哈希值和TLV摘要列表中的`IMA digest`项即可,对于开启扩展属性校验的场景,则还需要对比文件当前的属性和TLV摘要列表中显示扩展属性的区别。 + +在确定问题原因后,可通过还原文件的内容及属性,或对当前文件再次生成摘要列表,签名并导入内核的方式解决问题。 + +#### FAQ3:开启IMA评估模式后,跨openEuler 22.03 LTS SP版本安装软件包时出现报错信息 + +开启IMA评估模式后,当安装不同版本的openEuler 22.03 LTS的软件包时,会自动触发IMA摘要列表的导入。其中包含对摘要列表的签名验证流程,即使用内核中的证书验证摘要列表的签名。由于openEuler在演进过程中,签名证书发生变化,因此部分跨版本安装场景存在后向兼容问题(无前向兼容问题,即新版本的内核可正常校验旧版本的IMA摘要列表文件)。 + +建议用户确认当前内核中包含以下几本签名证书: + +``` +# keyctl show %:.builtin_trusted_keys +Keyring + 566488577 ---lswrv 0 0 keyring: .builtin_trusted_keys + 383580336 ---lswrv 0 0 \_ asymmetric: openeuler b675600b + 453794670 ---lswrv 0 0 \_ asymmetric: private OBS b25e7f66 + 938520011 ---lswrv 0 0 \_ asymmetric: openeuler fb37bc6f +``` + +如缺少证书,建议将内核升级至最新版本。 + +``` +yum update kernel +``` + +openEuler 24.03 LTS及之后版本已具备IMA专用证书,且支持证书链校验,证书生命周期可覆盖整个LTS版本。 + +#### FAQ4:开启IMA摘要列表评估模式后,IMA摘要列表文件签名正确,但是导入失败 + +IMA摘要列表导入存在检查机制,如果某次导入过程中,摘要列表的签名校验失败,则会关闭摘要列表导入功能,从而导致后续即使正确签名的摘要列表文件也无法被导入。用户可检查dmesg日志中是否存在如下打印确认是否为该原因导致: + +``` +# dmesg +ima: 0-metadata_list-compact-bash-5.1.8-6.oe2203sp1.x86_64 not appraised, disabling digest lists lookup for appraisal +``` + +如上述日志,则说明在开启IMA摘要列表评估模式的情况下,已经导入了一个签名错误的摘要列表文件,从而导致功能关闭。此时用户需要重启系统,并修复错误的摘要列表签名信息。 + +#### FAQ5:openEuler 24.03 LTS及之后版本导入用户自定义的IMA证书失败 + +Linux 6.6内核新增了对导入证书的字段校验限制,对于导入IMA密钥环的证书,需要满足如下约束(遵循X.509标准格式): + +- 为数字签名证书,即设置`keyUsage=digitalSignature`字段; +- 非CA证书,即不可设置`basicConstraints=CA:TRUE`字段; +- 非中间证书,即不可设置`keyUsage=keyCertSign`字段。 + +#### FAQ6:开启IMA评估模式后kdump服务启动失败 + +开启IMA评估enforce模式后,如果IMA策略中配置了如下KEXEC_KERNEL_CHECK规则,可能导致kdump服务启动失败。 + +```shell +appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig +``` + +原因是在该场景下,所有通过KEXEC加载的文件都需要经过完整性校验,因此内核限制kdump加载内核映像文件时必须使用kexec_file_load系统调用。可通过修改/etc/sysconfig/kdump配置文件的KDUMP_FILE_LOAD开启kexec_file_load系统调用。 + +```shell +KDUMP_FILE_LOAD="on" +``` + +同时,kexec_file_load系统调用自身也会执行文件的签名校验,因此要求被加载的内核映像文件必须包含正确的安全启动签名,而且当前内核中必须包含对应的验签证书。 diff --git a/docs/zh/server/security/trusted_computing/kernel_root_of_trust_framework.md b/docs/zh/server/security/trusted_computing/kernel_root_of_trust_framework.md new file mode 100644 index 0000000000000000000000000000000000000000..2556baf260fd3e52447ed375293da47e9f83286f --- /dev/null +++ b/docs/zh/server/security/trusted_computing/kernel_root_of_trust_framework.md @@ -0,0 +1,91 @@ +# 内核可信根框架 + +## 概述 + +典型的攻击手段往往伴随着信息系统真实性、完整性的破坏,目前业界的共识是通过硬件可信根对系统关键组件进行度量/验证,一旦检测到篡改或仿冒行为,就执行告警或拦截。 + +当前业界主流是采用TPM作为信任根,结合完整性保护软件栈逐级构筑系统信任链,从而保证系统各组件的真实性和完整性。openEuler支持的完整性保护特性如下: + +- 可信启动:系统启动阶段,度量启动组件的摘要值并记录到PCR寄存器; +- IMA度量:文件访问阶段,度量文件的摘要值,并扩展到PCR寄存器; +- DIM度量:进程运行阶段,度量内存代码段的摘要值,并扩展到PCR寄存器。 + +近年来,随着可信计算、机密计算等安全技术的发展,业界出现了各种形态不一的硬件可信根,及其配套的证明体系,例如: + +- TCG Trusted Platform Module (TPM) +- Trusted Cryptography Module (TCM) +- Trusted Platform Control Module (TPCM) +- Intel Trust Domain Extensions (TDX) +- Arm Confidential Compute Architecture (CCA) +- Virtualized Arm Confidential Compute Architecture (virtCCA) + +因此,本特性旨在支持一套内核态的可信根框架,南向支持多种可信根驱动,北向提供统一度量接口,对接上层完整性保护软件栈,将openEuler E2E完整性保护技术的硬件支持范围从单TPM扩展为多元异构可信根。 + +root_of_trust_framework + +## 特性介绍 + +本特性目前支持哈希扩展类型的度量可信根,即采用若干个度量寄存器(对应一种或多种哈希算法)采用如下形式记录多个度量结果: + +``` +value_new = hash(value_old | measure_result) +``` + +上式中value_new/value_old代表可信根内的度量寄存器的新/旧值;measure_result代表本次的度量结果;hash代表该度量寄存器所使用的哈希算法。 + +对于每一个可信根,开发者可通过本特性提供的框架层完成该可信根实例的定义和注册。注册成功后,完整性度量特性会自动将度量结果传入可信根实例中,完成哈希扩展和寄存器更新。 + +## 特性范围 + +本特性于openEuler 24.03 LTS SP1(6.6内核)版本支持,当前南向支持TPM和virtCCA两种可信根,北向支持内核完整性度量(IMA)特性。后续将持续完善对于其他可信根和度量特性的支持工作。 + +## 接口说明 + +### 结构体接口说明 + +对于每个可信根实例,需要定义如下结构体: + +``` +struct ima_rot { + const char *name; + int nr_allocated_banks; + struct tpm_bank_info *allocated_banks; + + int (*init)(struct ima_rot *rot); + int (*extend)(struct tpm_digest *digests_arg, const void *args); + int (*calc_boot_aggregate)(struct ima_digest_data *hash); +}; +``` + +成员变量描述如下: + +| **成员** | **说明** | +| ------------------- | ------------------------------------- | +| name | 可信根设备的名称 | +| nr_allocated_banks | 可信根支持的度量寄存器数量 | +| allocated_banks | 可信根度量寄存器算法定义 | +| init | 可信根初始化函数实现 | +| extend | 可信根扩展函数实现 | +| calc_boot_aggregate | IMA特性的boot aggregate值计算函数实现 | + +接口体数组定义在内核代码的security/integrity/ima/ima_rot.c文件中的ima_rots变量,在该数组变量定义中追加可信根实例,即可实现IMA特性对不同可信根的功能扩展。 + +### 启动参数接口说明 + +本特性涉及新增如下启动参数: + +| **参数** | **取值** | **说明** | +| -------- | -------- | ------------------------------------------------------------ | +| ima_rot= | 字符串 | 指定IMA优先使用的可信根设备的名称。若指定设备不存在,则尝试使用默认设备(TPM);如指定设备或默认设备初始化失败,则无可信根。 | + +## 使用说明 + +以用户在机密虚机中配置IMA度量使用virtCCA可信根为例,用户可在启动参数中添加如下参数: + +``` +ima_rot=virtcca +``` + +**注意:** 如果环境中仅virtcca可信根可用,无其他可信根(如vTPM)可用,也可不配置该参数。 + +配置完成后,首条IMA度量日志(boot aggregate日志)即为virtCCA的RIM的中存储的度量值;每条IMA度量日志的哈希值将在virtCCA的REM[0]中进行哈希扩展。用户可以基于virtCCA提供的远程证明软件栈实现机密虚机中的应用度量结果校验。 diff --git a/docs/zh/server/security/trusted_computing/protection_for_interpreted_applications.md b/docs/zh/server/security/trusted_computing/protection_for_interpreted_applications.md new file mode 100644 index 0000000000000000000000000000000000000000..25f10695397d7387aebd856061f1cdeaeb0b83cd --- /dev/null +++ b/docs/zh/server/security/trusted_computing/protection_for_interpreted_applications.md @@ -0,0 +1,264 @@ +# 解释器类应用程序安全防护 + +## 背景介绍 + +业界主要使用Linux IMA机制对系统运行的程序发起完整性检查,一方面可以检测文件是否被篡改,另一方面通过IMA的白名单机制可以保证只有经过认证(如签名或HMAC)的文件才可以被运行。 + +Linux IMA机制支持对通过read()、exec()、mmap()等系统调用访问的文件进行完整性度量/评估。尽管从功能上而言,IMA能够配置对解释器运行脚本所采用的read()系统调用的完整性保护功能,但是在实际场景中,IMA摘要列表主要配置为针对exec()、mmap()进行拦截,而无法有效拦截未授权的恶意脚本执行。原因IMA无法将脚本文件和其他可变的数据文件进行区分。一旦针对read()系统调用配置完整性保护,则会将其他可变的配置文件、临时文件、数据文件等纳入保护范围,而这些文件无法预先生成基线或认证凭据,从而导致完整性检查失败。因此实际场景无法配置基于read()的度量/评估策略,无法针对性地实现拦截和保护: + +| **执行方式** | 实际应用场景下能否通过IMA保护 | +| ------------ | ----------------------------- | +| ./test.sh | 是 | +| bash test.sh | 否 | + +## 特性介绍 + +本特性旨在通过内核系统调用保证通过执行方式运行脚本文件(如./test.sh)和通过解释器运行脚本文件(bash ./test.sh)具备相同的权限检查流程,具体说明如下: + +### execveat()支持AT_CHECK检查参数 + +execveat()是于Linux 3.19/glibc 2.34版本开始支持的系统调用函数,该函数允许传入一个已打开的文件描述符并执行该文件。本特性针对execveat()系统调用扩展AT_CHECK检查机制,实现对某个文件是否可执行进行检查操作,而不真正地执行该文件。 + +当调用者通过execveat()系统调用函数,传入目标文件描述符并指定AT_CHECK参数时,在内核的系统调用执行逻辑中,首先针对传入的文件描述符进行权限检查,该流程与普通的文件执行流程一致,包含文件的DAC权限位、LSM访问控制规则、IMA等检查,如果检查不通过则退出并返回错误码-EACCSS。直到所有权限检查流程完成后,execveat()系统调用判断参数是否包含AT_CHECK,如果包含,则不执行后续的执行流程,退出并返回0,表示该文件的可执行权限检查通过。 +![](./figures/Process_Of_EXECVAT_ATCHECK.png) + +### 解释器支持调用execveat对程序进行权限检查 + +在支持基于execveat()的AT_CHECK检查机制的基础上,当解释器打开待运行的脚本后,可主动调用execveat()系统调用函数发起对文件进行可执行权限检查,只有当权限检查成功后,才可继续运行脚本文件。 +![](./figures/AT_CHECK_Process.png) + +## 接口介绍 + +### 系统调用接口说明 + +execveat()系统调用的函数类型为: + +``` +int execveat(int dirfd, const char *pathname, + char *const _Nullable argv[], + char *const _Nullable envp[], + int flags); +``` + +本特性涉及新增flags参数AT_CHECK,说明如下: + +| **参数** | **取值** | **说明** | +| -------- | -------- | -------------------------------------------------- | +| AT_CHECK | 0x10000 | 对目标文件进行可执行权限检查,而不真正地执行该文件 | + +### 内核启动参数说明 + +本特性支持如下内核启动参数: + +| **参数** | **取值** | **说明** | +| ------------------- | -------- | ------------------------------------------------------------ | +| exec_check.bash= | 0/1 | 默认为0,设置为1时,bash解释器进程运行脚本时前调用execveat进行脚本文件的可执行权限检查 | +| exec_check.java= | 0/1 | 默认为0,设置为1时,jdk运行脚本时class和jar文件时,需要调用execveat进行脚本文件的执行权限检查 | +| exec_check.\= | 0/1 | 后续可扩展其他解释器 | + +**注意:上述启动参数实际由各个解释器进程进行读取解析,内核并不实际使用这些参数。** + +## 特性范围 + +本特性于openEuler 24.03 LTS SP1(6.6内核)版本支持,需要内核版本。特性支持的解释器类型如下: + +| **解释器** | **目标文件** | **说明** | +| ---------- | ----------------- | ---------------------------------------------------- | +| bash | shell脚本文件 | bash进程对打开的shell文件进行可执行权限检查 | +| jdk | class文件/jar文件 | java虚拟机对加载的class文件和jar包进行可执行权限检查 | + +社区开发人员或用户可基于该机制,自行扩展其他解释器或类似机制的支持。 + +## 使用说明 + +### AT_CHECK参数使用示例 + +#### 前置条件 + +内核版本大于6.6.0-54.0.0.58,glibc版本大于等于2.38-41。 + +``` +glibc-2.38-41.oe2403sp1.x86_64 +kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 +``` + +#### 操作指导 + +可编写如下测试程序(test.c)进行参数功能测试: + +``` +#define _GNU_SOURCE + +#include +#include +#include +#include + +#define AT_CHECK 0x10000 + +int main(void) +{ + int fd; + int access_ret; + + fd = open("./", O_RDONLY); + access_ret = execveat(fd, "test.sh", NULL, NULL, AT_CHECK); + perror("execveat"); + printf("access_ret = %d\n", access_ret); + close(fd); + return 0; +} +``` + +**步骤1:** 编译测试代码: + +``` +gcc test.c -o test +``` + +**步骤2:** 创建测试脚本test.sh: + +``` +echo "sleep 10" > test.sh +``` + +**步骤3:** 如果测试脚本具备合法的可执行权限,则execveat返回0: + +``` +# chmod +x test.sh +# ./test +execveat: Success +access_ret = 0 +``` + +**步骤4:** 如果测试脚本不具备合法的权限,则execveat返回-1,错误码为Permission denied: + +``` +# chmod -x test.sh +# ./test +execveat: Permission denied +access_ret = -1 +``` + +### bash解释器支持脚本可执行权限检查 + +#### 前置条件 + +内核版本大于6.6.0-54,glibc版本大于等于2.38-41,bash版本大于等于5.2.15-13 + +```bash +bash-5.2.15-13.oe2403sp1.x86_64 +glibc-2.38-41.oe2403sp1.x86_64 +kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 +``` + +#### 操作指导 + +**步骤1:** 设置系统中所有脚本文件的权限为可执行 + +```bash +find / -name "*.sh" --exec chmod +x {} \; +``` + +**步骤2:** 设置启动参数并重启系统,添加的启动参数为: + +``` +exec_check.bash=1 +``` + +**步骤3:** 验证只有具备可执行权限的脚本才可被bash解释器运行: + +```bash +# echo "echo hello world" > test.sh +# bash test.sh +bash: line 0: [1402] denied sourcing non-executable test.sh +# chmod +x test.sh +# bash test.sh +hello world +``` + +### jdk支持脚本可执行权限检查 + +#### 前置条件 + +获取支持该特性的jdk代码: + +``` +https://gitee.com/openeuler/bishengjdk-8/tree/IMA_Glibc2_34 +``` + +按照如下流程编译: + +``` +https://gitee.com/openeuler/bishengjdk-8/wikis/%E4%B8%AD%E6%96%87%E6%96%87%E6%A1%A3/%E6%AF%95%E6%98%87JDK%208%20%E6%BA%90%E7%A0%81%E6%9E%84%E5%BB%BA%E8%AF%B4%E6%98%8E +``` + +#### 操作指导 + +**步骤1:** 确保系统中所有.class文件和.jar文件的可执行权限 + +``` +find / -name "*.class" chmod +x {} \; +find / -name "*.jar" chmod +x {} \; +``` + +**步骤2:** 设置启动参数并重启系统,添加的启动参数为: + +``` +exec_check.java=1 +``` + +**步骤3:** 验证只有具备可执行权限的class文件或jar文件才可被jvm运行: + +可编写如下测试程序(HelloWorld.java)进行参数功能测试: + +``` +public class HelloWorld { + public static void main(String[] args) { + System.out.println("Hello, World!"); + } +} +``` + +```bash +# javac HelloWorld.java +Access denied to /home/bishengjdk/bishengjdk-8/install/jvm/openjdk-1.8.0_432-internal/lib/tools.jar +# chmod +x /home/bishengjdk/bishengjdk-8/install/jvm/openjdk-1.8.0_432-internal/lib/tools.jar +# javac HelloWorld.java +# java HelloWorld +Access denied to HelloWorld.class + +# chmod +x HelloWorld.class +# java HelloWorld +Hello, World! +``` + +### 结合IMA摘要列表实现解释器类应用完整性保护 + +#### 前置条件 + +开启IMA摘要列表功能,详见[**内核完整性度量(IMA)**](ima.md)文档章节。 + +#### 操作指导 + +**步骤1:** 为目标应用程序生成IMA摘要列表(过程略,摘要列表生成方式详见[**内核完整性度量(IMA)**](ima.md)文档章节)。 + +**步骤2:** 开启IMA摘要列表功能(过程略,摘要列表生成方式详见[**内核完整性度量(IMA)**](ima.md)文档章节),以开启摘要列表+shell脚本校验为例,配置的内核启动参数如下: + +```bash +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs module.sig_enforce exec_check.bash=1 +``` + +**步骤3:** 验证IMA对bash脚本完整性保护 + +```bash +# echo "echo hello world" > test.sh +# chmod +x test.sh +# bash test.sh +bash: line 0: [2520] denied sourcing non-executable test.sh + +# 生成摘要列表后签名并导入(略) +# echo /etc/ima/digest_lists/0-metadata_list-compact-test.sh > /sys/kernel/security/ima/digest_list_data +# bash test.sh +hello world +``` diff --git a/docs/zh/server/security/trusted_computing/public_sys-resources/icon-caution.gif b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/server/security/trusted_computing/public_sys-resources/icon-danger.gif b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/server/security/trusted_computing/public_sys-resources/icon-note.gif b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/server/security/trusted_computing/public_sys-resources/icon-notice.gif b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/server/security/trusted_computing/public_sys-resources/icon-tip.gif b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/server/security/trusted_computing/public_sys-resources/icon-warning.gif b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/server/security/trusted_computing/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/server/security/trusted_computing/remote_attestation_kunpeng_security_library.md b/docs/zh/server/security/trusted_computing/remote_attestation_kunpeng_security_library.md new file mode 100644 index 0000000000000000000000000000000000000000..c984517b1f9d37cd487eec17f5bad3b9aad41f0a --- /dev/null +++ b/docs/zh/server/security/trusted_computing/remote_attestation_kunpeng_security_library.md @@ -0,0 +1,412 @@ +# 远程证明(鲲鹏安全库) + +## 介绍 + +本项目开发运行在鲲鹏处理器上的基础安全软件组件,前期主要聚焦在远程证明等可信计算相关领域,使能社区安全开发者。 + +## 软件架构 + +在未使能TEE的平台上,本项目可提供平台远程证明特性,其软件架构如下图所示: + +![img](./figures/RA-arch-1.png) + +在已使能TEE的平台上,本项目可提供TEE远程证明特性,其软件架构如下图所示: + +![img](./figures/RA-arch-2.png) + +## 安装配置 + +1. 使用yum安装程序的rpm包,命令如下: + + ```shell + # yum install kunpengsecl-ras kunpengsecl-rac kunpengsecl-rahub kunpengsecl-qcaserver kunpengsecl-attester kunpengsecl-tas kunpengsecl-devel + ``` + +2. 准备数据库环境:进入 `/usr/share/attestation/ras` 目录,执行 `prepare-database-env.sh` 脚本进行自动化的数据库环境配置。 + +3. 程序运行时依赖的配置文件有三个路径,分别为:当前路径 `./config.yaml` ,家路径 `${HOME}/.config/attestation/ras(rac)(rahub)(qcaserver)(attester)(tas)/config.yaml` ,以及系统路径 `/etc/attestation/ras(rac)(rahub)(qcaserver)(attester)(tas)/config.yaml` 。 + +4. (可选)如果需要创建家目录配置文件,可在安装好rpm包后,执行位于 `/usr/share/attestation/ras(rac)(rahub)(qcaserver)(attester)(tas)` 下的脚本 `prepare-ras(rac)(hub)(qca)(attester)(tas)conf-env.sh` 从而完成家目录配置文件的部署。 + +## 相关参数 + +### RAS启动参数 + +命令行输入 `ras` 即可启动RAS程序。请注意,在当前目录下需要提供**ECDSA**公钥并命名为 `ecdsakey.pub` 。相关参数如下: + +```shell + -H --https http/https模式开关,默认为https(true),false=http + -h --hport https模式下RAS监听的restful api端口 + -p, --port string RAS监听的client api端口 + -r, --rest string http模式下RAS监听的restful api端口 + -T, --token 生成一个测试用的验证码并退出 + -v, --verbose 打印更详细的RAS运行时日志信息 + -V, --version 打印RAS版本并退出 +``` + +### RAC启动参数 + +命令行输入 `sudo raagent` 即可启动RAC程序,请注意,物理TPM模块的开启需要sudo权限。相关参数如下: + +```shell + -s, --server string 指定待连接的RAS服务端口 + -t, --test 以测试模式启动 + -v, --verbose 打印更详细的RAC运行时日志信息 + -V, --version 打印RAC版本并退出 + -i, --imalog 指定ima文件路径 + -b, --bioslog 指定bios文件路径 + -T, --tatest 以TA测试模式启动 +``` + +**注意:** +>1.若要使用TEE远程证明特性,需要以非TA测试模式启动RAC,并将待证明TA的uuid、是否使用TCB、mem_hash和img_hash按序放入RAC执行路径下的**talist**文件内。同时预装由TEE团队提供的**libqca.so**库和**libteec.so**库。**talist**文件格式如下: +> +>```text +>e08f7eca-e875-440e-9ab0-5f381136c600 false ccd5160c6461e19214c0d8787281a1e3c4048850352abe45ce86e12dd3df9fde 46d5019b0a7ffbb87ad71ea629ebd6f568140c95d7b452011acfa2f9daf61c7a +>``` +> +>2.若不使用TEE远程证明特性,则需要将 `${DESTDIR}/usr/share/attestation/qcaserver` 目录下的libqca.so库和libteec.so库复制到 `/usr/lib` 或 `/usr/lib64` 目录,并以TA测试模式启动RAC。 + +### QCA启动参数 + +命令行输入 `${DESTDIR}/usr/bin/qcaserver` 即可启动QCA程序,请注意,这里必须要使用qcaserver的完整路径以正常启动QTA,同时需要使QTA中的CA路径参数与该路径保持相同。相关参数如下: + +```shell + -C, --scenario int 设置程序的应用场景,默认为no_as场景(0),1=as_no_daa场景,2=as_with_daa场景 + -S, --server string 指定开放的服务器地址/端口 +``` + +### ATTESTER启动参数 + +命令行输入 `attester` 即可启动ATTESTER程序。相关参数如下: + +```shell + -B, --basevalue string 设置基准值文件读取路径 + -M, --mspolicy int 设置度量策略,默认为-1,需要手动指定。1=仅比对img-hash值,2=仅比对hash值,3=同时比对img-hash和hash两个值 + -S, --server string 指定待连接的服务器地址 + -U, --uuid int 指定待验证的可信应用 + -V, --version 打印程序版本并退出 + -T, --test 读取固定的nonce值以匹配目前硬编码的可信报告 +``` + +### TAS启动参数 + +命令行输入 `tas` 即可启动TAS程序。相关参数如下: + +```shell + -T, --token 生成一个测试用的验证码并退出 +``` + +**注意:** +>1.若要启用TAS服务,需要先为TAS配置好私钥。可以按如下命令修改家目录下的配置文件: +> +>```shell +># cd ${HOME}/.config/attestation/tas +># vim config.yaml +> # 如下DAA_GRP_KEY_SK_X和DAA_GRP_KEY_SK_Y的值仅用于测试,正常使用前请务必更新其内容以保证安全。 +>tasconfig: +> port: 127.0.0.1:40008 +> rest: 127.0.0.1:40009 +> akskeycertfile: ./ascert.crt +> aksprivkeyfile: ./aspriv.key +> huaweiitcafile: ./Huawei IT Product CA.pem +> DAA_GRP_KEY_SK_X: 65a9bf91ac8832379ff04dd2c6def16d48a56be244f6e19274e97881a776543c65a9bf91ac8832379ff04dd2c6def16d48a56be244f6e19274e97881a776543c +> DAA_GRP_KEY_SK_Y: 126f74258bb0ceca2ae7522c51825f980549ec1ef24f81d189d17e38f1773b56126f74258bb0ceca2ae7522c51825f980549ec1ef24f81d189d17e38f1773b56 +>``` +> +>之后再输入`tas`启动TAS程序。 +> +>2.在有TAS环境中,为提高QCA配置证书的效率,并非每一次启动都需要访问TAS以生成相应证书,而是通过证书的本地化存储,即读取QCA侧 `config.yaml` 中配置的证书路径,通过 `func hasAKCert(s int) bool` 函数检查是否已有TAS签发的证书保存于本地,若成功读取证书,则无需访问TAS,若读取证书失败,则需要访问TAS,并将TAS返回的证书保存于本地。 + +## 接口定义 + +### RAS接口 + +为了便于管理员对目标服务器、RAS以及目标服务器上部署的TEE中的用户 TA 进行管理,本程序设计了以下接口可供调用: + +| 接口 | 方法 | +| --------------------------------- | --------------------------- | +| / | GET | +| /{id} | GET、POST、DELETE | +| /{from}/{to} | GET | +| /{id}/reports | GET | +| /{id}/reports/{reportid} | GET、DELETE | +| /{id}/basevalues | GET | +| /{id}/newbasevalue | POST | +| /{id}/basevalues/{basevalueid} | GET、POST、DELETE | +| /{id}/ta/{tauuid}/status | GET | +| /{id}/ta/{tauuid}/tabasevalues | GET | +| /{id}/ta/{tauuid}/tabasevalues/{tabasevalueid} | GET、POST、DELETE | +| /{id}/ta/{tauuid}/newtabasevalue | POST | +| /{id}/ta/{tauuid}/tareports | GET | +| /{id}/ta/{tauuid}/tareports/{tareportid} | GET、POST、DELETE | +| /{id}/basevalues/{basevalueid} | GET、DELETE | +| /version | GET | +| /config | GET、POST | +| /{id}/container/status | GET | +| /{id}/device/status | GET | + +上述接口的具体用法分别介绍如下。 + +若需要查询所有服务器的信息,可以使用`"/"`接口。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/ +``` + +*** +若需要查询目标服务器的详细信息,可以使用`"/{id}"`接口的`GET`方法,其中{id}是RAS为目标服务器分配的唯一标识号。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/1 +``` + +*** +若需要修改目标服务器的信息,可以使用`"/{id}"`接口的`POST`方法,其中$AUTHTOKEN是事先使用`ras -T`自动生成的身份验证码。 + +```go +type clientInfo struct { + Registered *bool `json:"registered"` // 目标服务器注册状态 + IsAutoUpdate *bool `json:"isautoupdate"`// 目标服务器基准值更新策略 +} +``` + +```shell +# curl -X POST -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1 -d '{"registered":false, "isautoupdate":false}' +``` + +*** +若需要删除目标服务器,可以使用`"/{id}"`接口的`DELETE`方法。 +**注意:** +>使用该方法并非删除目标服务器的所有信息,而是把目标服务器的注册状态置为`false`! + +```shell +# curl -X DELETE -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1 +``` + +*** +若需要查询指定范围内的所有服务器信息,可以使用`"/{from}/{to}"`接口的`GET`方法。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/9 +``` + +*** +若需要查询目标服务器的所有可信报告,可以使用`"/{id}/reports"`接口的`GET`方法。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/reports +``` + +*** +若需要查询目标服务器指定可信报告的详细信息,可以使用`"/{id}/reports/{reportid}"`接口的`GET`方法,其中{reportid}是RAS为目标服务器指定可信报告分配的唯一标识号。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/reports/1 +``` + +*** +若需要删除目标服务器指定可信报告,可以使用`"/{id}/reports/{reportid}"`接口的`DELETE`方法。 +**注意:** +>使用该方法将删除指定可信报告的所有信息,将无法再通过接口对该报告进行查询! + +```shell +# curl -X DELETE -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1/reports/1 +``` + +*** +若需要查询目标服务器的所有基准值,可以使用`"/{id}/basevalues"`接口的`GET`方法。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/basevalues +``` + +*** +若需要给目标服务器新增一条基准值信息,可以使用`"/{id}/newbasevalue"`接口的`POST`方法。 + +```go +type baseValueJson struct { + BaseType string `json:"basetype"` // 基准值类型 + Uuid string `json:"uuid"` // 容器或设备的标识号 + Name string `json:"name"` // 基准值名称 + Enabled bool `json:"enabled"` // 基准值是否可用 + Pcr string `json:"pcr"` // PCR值 + Bios string `json:"bios"` // BIOS值 + Ima string `json:"ima"` // IMA值 + IsNewGroup bool `json:"isnewgroup"` // 是否为一组新的基准值 +} +``` + +```shell +# curl -X POST -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1/newbasevalue -d '{"name":"test", "basetype":"host", "enabled":true, "pcr":"testpcr", "bios":"testbios", "ima":"testima", "isnewgroup":true}' +``` + +*** +若需要查询目标服务器指定基准值的详细信息,可以使用`"/{id}/basevalues/{basevalueid}"`接口的`GET`方法,其中{basevalueid}是RAS为目标服务器指定基准值分配的唯一标识号。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/1/basevalues/1 +``` + +*** +若需要修改目标服务器指定基准值的可用状态,可以使用`"/{id}/basevalues/{basevalueid}"`接口的`POST`方法。 + +```shell +# curl -X POST -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40002/1/basevalues/1 -d '{"enabled":true}' +``` + +*** +若需要删除目标服务器指定基准值,可以使用`"/{id}/basevalues/{basevalueid}"`接口的`DELETE`方法。 +**注意:** +>使用该方法将删除指定基准值的所有信息,将无法再通过接口对该基准值进行查询! + +```shell +# curl -X DELETE -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/1/basevalues/1 +``` + +*** +若需要查询目标服务器上特定用户 TA 的可信状态,可以使用`"/{id}/ta/{tauuid}/status"`接口的GET方法。其中{id}是RAS为目标服务器分配的唯一标识号,{tauuid}是特定用户 TA 的身份标识号。 + +```shell +# curl -X GET -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40002/1/ta/test/status +``` + +*** +若需要查询目标服务器上特定用户 TA 的所有基准值信息,可以使用`"/{id}/ta/{tauuid}/tabasevalues"`接口的GET方法。 + +```shell +# curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tabasevalues +``` + +*** +若需要查询目标服务器上特定用户 TA 的指定基准值的详细信息,可以使用`"/{id}/ta/{tauuid}/tabasevalues/{tabasevalueid}"`接口的GET方法。其中{tabasevalueid}是RAS为目标服务器上特定用户 TA 的指定基准值分配的唯一标识号。 + +```shell +# curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tabasevalues/1 +``` + +*** +若需要修改目标服务器上特定用户 TA 的指定基准值的可用状态,可以使用`"/{id}/ta/{tauuid}/tabasevalues/{tabasevalueid}"`接口的`POST`方法。 + +```shell +# curl -X POST -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40002/1/ta/test/tabasevalues/1 --data '{"enabled":true}' +``` + +*** +若需要删除目标服务器上特定用户 TA 的指定基准值,可以使用`"/{id}/ta/{tauuid}/tabasevalues/{tabasevalueid}"`接口的`DELETE`方法。 +**注意:** +>使用该方法将删除指定基准值的所有信息,将无法再通过接口对该基准值进行查询! + +```shell +# curl -X DELETE -H "Content-type: application/json" -H "Authorization: $AUTHTOKEN" -k http://localhost:40002/1/ta/test/tabasevalues/1 +``` + +*** +若需要给目标服务器上特定用户 TA 新增一条基准值信息,可以使用`"/{id}/ta/{tauuid}/newtabasevalue"`接口的`POST`方法。 + +```go +type tabaseValueJson struct { + Uuid string `json:"uuid"` // 用户 TA 的标识号 + Name string `json:"name"` // 基准值名称 + Enabled bool `json:"enabled"` // 基准值是否可用 + Valueinfo string `json:"valueinfo"` // 镜像哈希值和内存哈希值 +} +``` + +```shell +# curl -X POST -H "Content-Type: application/json" -H "Authorization: $AUTHTOKEN" -k http://localhost:40002/1/ta/test/newtabasevalue -d '{"uuid":"test", "name":"testname", "enabled":true, "valueinfo":"test info"}' +``` + +*** +若需要查询目标服务器上特定用户 TA 的所有可信报告,可以使用`"/{id}/ta/{tauuid}/tareports"`接口的`GET`方法。 + +```shell +# curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tareports +``` + +*** +若需要查询目标服务器上特定用户 TA 的指定可信报告的详细信息,可以使用`"/{id}/ta/{tauuid}/tareports/{tareportid}"`接口的`GET`方法,其中{tareportid}是RAS为目标服务器上特定用户 TA 的指定可信报告分配的唯一标识号。 + +```shell +# curl -X GET -H "Content-type: application/json" http://localhost:40002/1/ta/test/tareports/2 +``` + +*** +若需要删除目标服务器上特定用户 TA 的指定可信报告,可以使用`"/{id}/ta/{tauuid}/tareports/{tareportid}"`接口的`DELETE`方法。 +**注意:** +>使用该方法将删除指定可信报告的所有信息,将无法再通过接口对该报告进行查询! + +```shell +# curl -X DELETE -H "Content-type: application/json" http://localhost:40002/1/ta/test/tareports/2 +``` + +*** +若需要获取本程序的版本信息,可以使用`"/version"`接口的`GET`方法。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/version +``` + +*** +若需要查询目标服务器/RAS/数据库的配置信息,可以使用`"/config"`接口的`GET`方法。 + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40002/config +``` + +*** +若需要修改目标服务器/RAS/数据库的配置信息,可以使用`"/config"`接口的`POST`方法。 + +```go +type cfgRecord struct { + // 目标服务器配置 + HBDuration string `json:"hbduration" form:"hbduration"` + TrustDuration string `json:"trustduration" form:"trustduration"` + DigestAlgorithm string `json:"digestalgorithm" form:"digestalgorithm"` + // RAS配置 + MgrStrategy string `json:"mgrstrategy" form:"mgrstrategy"` + ExtractRules string `json:"extractrules" form:"extractrules"` + IsAllupdate *bool `json:"isallupdate" form:"isallupdate"` + LogTestMode *bool `json:"logtestmode" form:"logtestmode"` +} +``` + +```shell +# curl -X POST -H "Authorization: $AUTHTOKEN" -H "Content-Type: application/json" http://localhost:40002/config -d '{"hbduration":"5s","trustduration":"20s","DigestAlgorithm":"sha256"}' +``` + +### TAS接口 + +为了便于管理员对TAS服务的远程控制,本程序设计了以下接口可供调用: + +| 接口 | 方法 | +| --------------------| ------------------| +| /config | GET、POST | + +若需要查询TAS的配置信息,可使用`"/config"`接口的`GET`方法: + +```shell +# curl -X GET -H "Content-Type: application/json" http://localhost:40009/config +``` + +*** +若需要修改TAS的配置信息,可使用`"/config"`接口的`POST`方法: + +```shell +curl -X POST -H "Content-Type: application/json" -H "Authorization: $AUTHTOKEN" http://localhost:40009/config -d '{"basevalue":"testvalue"}' +``` + +**注意:** +>TAS的配置信息读取与修改目前仅支持基准值 + +## FAQ + +1. RAS安装后,为什么无法启动? + + >因为在当前RAS的设计逻辑中,程序启动后需要从当前目录查找一份名为 `ecdsakey.pub` 的文件进行读取并作为之后访问该程序的身份验证码,若当前目录没有该文件,则RAS启动会报错。 + >>解决方法一:运行 `ras -T` 生成测试用token后会生成 `ecdsakey.pub` 。 + >>解决方法二:自行部署oauth2认证服务后,将对应JWT token生成方对应的验证公钥保存为 `ecdsakey.pub` 。 + +2. 为什么RAS启动后,通过restapi无法访问? + + >因为RAS默认以https模式启动,您需要向RAS提供合法的证书才能正常访问,而http模式下启动的RAS则不需要提供证书。 diff --git a/docs/zh/server/security/trusted_computing/tpcm.md b/docs/zh/server/security/trusted_computing/tpcm.md new file mode 100644 index 0000000000000000000000000000000000000000..5abf5595d6fd8066e0642864415965d59518bcda --- /dev/null +++ b/docs/zh/server/security/trusted_computing/tpcm.md @@ -0,0 +1,37 @@ +# 可信平台控制模块(TPCM) + +## 背景 + +可信计算在近40年的研究过程中,经历了不断的发展和完善,已经成为信息安全的一个重要分支。中国的可信计算技术近年发展迅猛,在可信计算2.0的基础上解决了可信体系与现有体系的融合问题、可信管理问题以及可信开发的简化问题,形成了基于主动免疫体系的可信计算技术--可信计算3.0。相对于可信计算2.0被动调用的外挂式体系结构,可信计算3.0提出了以自主密码为基础、控制芯片为支柱、双融主板为平台、可信软件为核心、可信连接为纽带、策略管控成体系、安全可信保应用的全新的可信体系框架,在网络层面解决可信问题。 + +可信平台控制模块(Trusted Platform Control Module,TPCM)是一种可集成在可信计算平台中,用于建立和保障信任源点的基础核心模块。它作为中国可信计算3.0中的创新点之一和主动免疫机制的核心,实现了对整个平台的主动可控。 + +TPCM可信计算3.0架构为双体系架构,分为防护部件和计算部件,以可信密码模块为基础,通过可信平台控制模块对防护部件和计算部件及组件的固件进行可信度量,可信软件基(Trusted Software Base,TSB)对系统软件及应用软件进行可信度量,同时TPCM管理平台实现对可信度量的验证及可信策略同步和管理。 + +## 功能描述 + +如下图所示,整体系统方案由防护部件、计算部件和可信管理中心三部分组成。 + +![](./figures/TPCM.png) + +- 可信管理中心:对可信计算节点的防护策略和基准值进行制定、下发、维护、存储等操作的集中管理平台,可信管理中心由第三方厂商提供。 +- 防护部件:独立于计算部件执行,为可信计算平台提供具有主动度量和主动控制特征的可信计算防护功能,实现运算的同时进行安全防护。防护部件包括可信平台控制模块、可信软件基,以及可信密码模块(Trusted Cryptography Module,TCM)。TPCM是可信计算节点中实现可信防护功能的关键部件,可以采用多种技术途径实现,如板卡、芯片、IP核等,其内部包含中央处理器、存储器等硬件,固件,以及操作系统与可信功能组件等软件,支撑其作为一个独立于计算部件的防护部件组件,并行于计算部件按内置防护策略工作,对计算部件的硬件、固件及软件等需防护的资源进行可信监控,是可信计算节点中的可信根。 + +- 计算部件:主要包括硬件、操作系统和应用层软件。其中操作系统分为引导阶段和运行阶段,在引导阶段openEuler的shim和grub2支持可信度量能力,可实现对shim、grub2以及操作系统内核、initramfs等启动文件的可信度量防护;在运行阶段,openEuler操作系统支持部署可信验证要素代理(由第三方厂商可信华泰提供),它负责将数据发送给TPCM模块,用以实现运行阶段的可信度量防护。 + +其中,TPCM作为可信计算节点中实现可信防护功能的关键部件,需要与TSB、TCM、可信管理中心和可信计算节点的计算部件交互,交互方式如下: + +1. TPCM的硬件、固件与软件为TSB提供运行环境,设置的可信功能组件为TSB按策略库解释要求实现度量、控制、支撑与决策等功能提供支持。 +2. TPCM通过访问TCM获取可信密码功能,完成对防护对象可信验证、度量和保密存储等计算任务,并提供TCM服务部件以支持对TCM的访问。 +3. TPCM通过管理接口连接可信管理中心,实现防护策略管理、可信报告处理等功能。 +4. TPCM通过内置的控制器和I/O端口,经由总线与计算部件的控制器交互,实现对计算部件的主动监控。 +5. 计算部件操作系统中内置的防护代理获取预设的防护对象有关代码和数据提供给TPCM,TPCM将监控信息转发给TSB,由TSB依据策略库进行分析处理。 + +## 约束限制 + +适配服务器:TaiShan 200(型号2280)VF
+适配BMC插卡型号:BC83SMMC + +## 应用场景 + +通过TPCM特性构成一个完整的信任链,保障系统启动以后进入一个可信的计算环境。 diff --git a/docs/zh/server/security/trusted_computing/trusted_computing.md b/docs/zh/server/security/trusted_computing/trusted_computing.md new file mode 100644 index 0000000000000000000000000000000000000000..12f92cfa3939d6d1118f7a2a8e851fabd4fa47c5 --- /dev/null +++ b/docs/zh/server/security/trusted_computing/trusted_computing.md @@ -0,0 +1,23 @@ +# 可信计算 + +## 可信计算基础 + +不同国际组织对可信(Trusted)做了不同的定义。 + +1. 可信计算组织(TCG)的定义: + + 一个实体是可信的,它的行为总是以预期的方式达到预期的目标。 + +2. 国际标准化组织与国际电子技术委员会定义(1999): + + 参与计算的组件、操作或过程在任意的条件下是可预测的,并能够抵御病毒和一定程度的物理干扰。 + +3. IEEE Computer Society Technical Committee on Dependable Computing 定义: + + 所谓可信,是指计算机系统所提供的服务是可被论证其是可信赖的,可信赖主要是指系统的可靠性和可用性。 + +简而言之,可信就是系统按照预定的设计和策略运行,不做其他事情。 + +一个可信计算系统由信任根、可信硬件平台、可信操作系统和可信应用组成,它的基本思想是首先创建一个安全信任根(TCB),然后建立从硬件平台、操作系统到应用的信任链,在这条信任链上从根开始,前一级认证后一级,实现信任的逐级扩展,从而实现一个安全可信的计算环境。 + +![](./figures/trusted_chain.png) diff --git a/docs/zh/tools/_toc.yaml b/docs/zh/tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7e14457551a76f1a6c288a9cb96fe75c7145dab5 --- /dev/null +++ b/docs/zh/tools/_toc.yaml @@ -0,0 +1,9 @@ +label: 工具 +sections: + - href: ./community_tools/_toc.yaml + - href: ./devops/_toc.yaml + - href: ./ai/_toc.yaml + - href: ./desktop/_toc.yaml + - href: ./cloud/_toc.yaml + - href: ./maintenance/_toc.yaml + - href: ./security/_toc.yaml diff --git a/docs/zh/tools/ai/_toc.yaml b/docs/zh/tools/ai/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6dc6628734a00c2ea1426092ccbc30ff944aef94 --- /dev/null +++ b/docs/zh/tools/ai/_toc.yaml @@ -0,0 +1,20 @@ +label: AI +sections: + - label: openEuler Intelligence + sections: + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/openEuler_intelligence/intelligent_assistant/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/openEuler_intelligence/intelligent_vulnerability_patching/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/openEuler_intelligence/mcp_agent/_toc.yaml + - label: 智能底座 + sections: + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/intelligent_foundation/sysHAX/deploy_guide/_toc.yaml + - label: AI全栈 + sections: + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/ai_full_stack/ai_container_image_userguide/_toc.yaml + - href: + upstream: https://gitee.com/openeuler/euler-copilot-framework/blob/master/docs/zh/ai_full_stack/ai_large_model_service_images_userguide/_toc.yaml diff --git a/docs/zh/tools/cloud/_toc.yaml b/docs/zh/tools/cloud/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..82d31c5794fbe79f059f1f03680e31bd53585603 --- /dev/null +++ b/docs/zh/tools/cloud/_toc.yaml @@ -0,0 +1,5 @@ +label: 云原生 +sections: + - href: ./ctinspector/_toc.yaml + - href: ./cpds/_toc.yaml + - href: ./pilotgo/_toc.yaml diff --git a/docs/zh/tools/cloud/cpds/_toc.yaml b/docs/zh/tools/cloud/cpds/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4801d63f15109dafb6f4baa2bd3e460a93f9f73c --- /dev/null +++ b/docs/zh/tools/cloud/cpds/_toc.yaml @@ -0,0 +1,10 @@ +label: CPDS用户指南 +isManual: true +description: 使用 CPDS 监测容器故障及亚健康状态 +sections: + - label: CPDS介绍 + href: ./cpds_introduction.md + - label: 安装与部署 + href: ./installation_and_deployment.md + - label: 使用方法 + href: ./usage_instructions.md diff --git a/docs/zh/tools/cloud/cpds/cpds_introduction.md b/docs/zh/tools/cloud/cpds/cpds_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..205a2543200d434832813fe6c33082e2edb50124 --- /dev/null +++ b/docs/zh/tools/cloud/cpds/cpds_introduction.md @@ -0,0 +1,57 @@ +# CPDS介绍 + +## 概述 + +CPDS (Container Problem Detect System) 容器故障检测系统,是由北京凝思软件股份有限公司设计并开发的容器集群故障检测系统,该软件系统实现了对容器TOP故障、亚健康检测的监测与识别。 + +## 软件功能 + + **1. 采集集群信息** + +在宿主机上实现节点代理,采用systemd、initv、ebpf等技术,对容器关键服务进行监控;对节点网络、内核、磁盘LVM等相关信息进行采集;对容器内的应用状态、资源消耗情况、关键系统函数执行情况、io执行状态等执行异常进行监控。 + +**2. 集群异常检测** + +采集各节点原始数据,基于异常规则对采集的原始数据进行异常检测,提取关键信息。同时基于异常规则对采集数据进行异常检测,后将检测结果数据和原始数据进行在线上传,并同步进行持久化操作。 + +**3. 节点、业务容器故障/亚健康诊断** + +基于异常检测数据,对节点、业务容器进行故障/亚健康诊断,将分析检测结果进行持久化存储,并提供UI层进行实时、历史的诊断数据查看。 + +## 软件架构 + +CPDS (Container Problem Detect System) 容器故障检测系统由4个组件组成,如下图所示,整体采用微服务架构,组件之间通过API进行通信。 + +![Architecture](images/architecture.png) + +* [cpds-agent](https://gitee.com/openeuler/cpds-agent):信息采集组件,负责采集集群各节点的容器和系统原始数据。 + +* [cpds-detector](https://gitee.com/openeuler/cpds-detector):异常检测组件,根据配置的异常规则对各节点原始数据进行分析,检测节点是否存在异常。 + +* [cpds-analyzer](https://gitee.com/openeuler/cpds-analyzer):故障/亚健康诊断组件,根据配置的诊断规则,对异常节点进行健康分析,计算出节点当前健康状态。 + +* [cpds-dashboard](https://gitee.com/openeuler/cpds-dashboard):用户交互组件,提供web页面,对集群内节点健康情况进行展示,支持诊断规则配置下发。 + +## 特性 + +CPDS支持对以下故障项进行检测。 + +| 序号 | 故障检测项 | +| ---- | ---------- | +| 1 | 容器服务是否正常 | +| 2 | 容器节点代理是否正常 | +| 3 | 容器组是否正常 | +| 4 | 节点健康检测是否正常 | +| 5 | 日志采集是否正常 | +| 6 | 磁盘用量占容量85% | +| 7 | 网络故障 | +| 8 | 内核Crash故障 | +| 9 | 残留LVM盘故障 | +| 10 | CPU使用率超过85% | +| 11 | 节点监控是否正常 | +| 12 | 容器内存申请失败 | +| 13 | 容器内存申请超时 | +| 14 | 容器网络响应超时 | +| 15 | 容器磁盘读写缓慢 | +| 16 | 容器应用僵尸子进程监测 | +| 17 | 容器应用占用子进程、线程创建失败监测 | diff --git a/docs/zh/tools/cloud/cpds/cpds_userguide.md b/docs/zh/tools/cloud/cpds/cpds_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..5c1ec297bdf1dd45ffc63a0a79303ce7667d42ef --- /dev/null +++ b/docs/zh/tools/cloud/cpds/cpds_userguide.md @@ -0,0 +1,3 @@ +# 概述 + +本文档介绍CPDS的安装部署和使用方法,以指导用户快速了解并使用CPDS。 \ No newline at end of file diff --git a/docs/zh/tools/cloud/cpds/images/architecture.png b/docs/zh/tools/cloud/cpds/images/architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..c92664dc42d195e60c46946d0ce224db3fc22dd9 Binary files /dev/null and b/docs/zh/tools/cloud/cpds/images/architecture.png differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\345\233\276\350\241\250.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\345\233\276\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..3f3929f2cb29a8a211852af1d468322d52b6e1af Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\345\233\276\350\241\250.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\346\243\200\347\264\242.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\346\243\200\347\264\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..da9ab5d92c314be3e97560c449b8e55ff6cc44aa Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\345\216\237\345\247\213\346\225\260\346\215\256\346\243\200\347\264\242.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\345\270\203\345\261\200.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\345\270\203\345\261\200.png" new file mode 100644 index 0000000000000000000000000000000000000000..be9a66c364e92b3376766c59f3cebeebe123daec Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\345\270\203\345\261\200.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\346\227\266\351\227\264\350\214\203\345\233\264\351\200\211\346\213\251.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\227\266\351\227\264\350\214\203\345\233\264\351\200\211\346\213\251.png" new file mode 100644 index 0000000000000000000000000000000000000000..f4abd49e0bf2f62b6bea4968bf13a131f859918a Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\227\266\351\227\264\350\214\203\345\233\264\351\200\211\346\213\251.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\345\216\237\345\247\213\346\225\260\346\215\256.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\345\216\237\345\247\213\346\225\260\346\215\256.png" new file mode 100644 index 0000000000000000000000000000000000000000..a6d27210ed11f2c2ae66068d0ebd74121fa62437 Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\345\216\237\345\247\213\346\225\260\346\215\256.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\350\247\204\345\210\231.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\350\247\204\345\210\231.png" new file mode 100644 index 0000000000000000000000000000000000000000..f896cdb44a15c527fec3a8df8e6149673f194aeb Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\237\245\347\234\213\350\247\204\345\210\231.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\346\267\273\345\212\240\350\247\204\345\210\231.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\267\273\345\212\240\350\247\204\345\210\231.png" new file mode 100644 index 0000000000000000000000000000000000000000..599665e676bc623604bee376e883524838dd663a Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\346\267\273\345\212\240\350\247\204\345\210\231.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\201\245\345\272\267.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\201\245\345\272\267.png" new file mode 100644 index 0000000000000000000000000000000000000000..75adbc5d24a46edfe914b2c7e1297882388058fd Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\201\245\345\272\267.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..9ba876561699f46b49f6bc0cc8815d0b5806087b Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247\346\216\222\345\272\217.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247\346\216\222\345\272\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..a88de9fd4d87411ed5348a3cf43d4bfcd3ea4395 Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247\346\216\222\345\272\217.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210-\346\214\211\351\222\256.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210-\346\214\211\351\222\256.png" new file mode 100644 index 0000000000000000000000000000000000000000..e0ceb89269e6f8a161a2613ae9c542199161e1c8 Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210-\346\214\211\351\222\256.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..6f5fd9a5728bb416638feba8174cfb499e5e8f7a Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\346\246\202\350\247\210.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..c0253de34176db4b23e1491a86bb7892966a7c96 Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\212\202\347\202\271\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\350\257\212\346\226\255\347\273\223\346\236\234.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\257\212\346\226\255\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..ffec25e8ff163efc47c38b23fc180ce8188d38dc Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\350\257\212\346\226\255\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244-\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244-\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..5924d73d2b659d92387a19521fd0692d07601046 Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244-\345\256\271\345\231\250\345\201\245\345\272\267\347\233\221\346\216\247.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\346\246\202\350\247\210.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..351614ce5254748c4d233a2189f3f4a71d2f546a Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\346\246\202\350\247\210.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" new file mode 100644 index 0000000000000000000000000000000000000000..5256783e5f907232f3cbd3655b8ee81c03c0ffdd Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\211\251\347\220\206\350\265\204\346\272\220\347\233\221\346\216\247.png" differ diff --git "a/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\212\266\346\200\201-\346\246\202\350\247\210.png" "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\212\266\346\200\201-\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..751887e223d0a323feee7baef3202ed23e6ce5de Binary files /dev/null and "b/docs/zh/tools/cloud/cpds/images/cpds-page/\351\233\206\347\276\244\347\212\266\346\200\201-\346\246\202\350\247\210.png" differ diff --git a/docs/zh/tools/cloud/cpds/installation_and_deployment.md b/docs/zh/tools/cloud/cpds/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..f088ff39fd1f57aacb19c43622a9160f55e5e465 --- /dev/null +++ b/docs/zh/tools/cloud/cpds/installation_and_deployment.md @@ -0,0 +1,258 @@ +# 安装与部署 + +本章介绍如何安装和部署CPDS。 + +## 安装CPDS + +本节介绍CPDS的安装方法。 + +安装cpds-agent。 + +> cpds-agent采集节点原始数据,可在多个节点上单独安装部署。 + +```shell +yum install cpds-agent +``` + +安装cpds-detector + +```shell +yum install cpds-detector +``` + +安装cpds-analyzer + +```shell +yum install cpds-analyzer +``` + +安装cpds-dashboard + +```shell +yum install cpds-dashboard +``` + +安装Cpds + +```shell +yum install Cpds +``` + +## 部署CPDS + +本节介绍CPDS的配置部署。 + +### 配置介绍 + +#### cpds-agent配置 + +cpds-agent采集节点网络信息是采用向指定ip发送icmp包的方式,即"net_diagnostic_dest"需要指定可连接的ip地址,不可指定本节点ip。建议节点指定master的ip,master指定任意一节点ip。 + +```bash +vim /etc/cpds/agent/config.json +``` + +```json +{ + "expose_port":"20001", # 需要监听的端口 + "log_cfg_file": "/etc/cpds/agent/log.conf", + "net_diagnostic_dest": "192.30.25.18" # 发送icmp包的目的ip +} +``` + +#### prometheus配置 + +CPDS 使用prometheus采集cpds-agent产生的原始数据。cpds-agent默认开放20001端口,需编辑prometheus配置文件,连接至cpds-agent以采集数据。 + +```bash +vim /etc/prometheus/prometheus.yml +``` + +```yaml +global: + scrape_interval: 2s + evaluation_interval: 3s +scrape_configs: + - job_name: "cpds" + static_configs: + - targets: ["cpds-agent1:port","cpds-agent2:port","..."] # 填入已部署cpds-agent的ip和端口号 +``` + +#### cpds-detector配置 + +```bash +vim /etc/cpds/detector/config.yml +``` + +```yaml +generic: + bindAddress: "127.0.0.1" # 需要监听的地址 + port: 19091 # 需要监听的端口 + +database: + host: "127.0.0.1" # 数据库 ip 地址 + port: 3306 # 数据库端口号 + username: root # 数据库用户名 + password: root # 数据库密码 + maxOpenConnections: 123 # 最大连接数 + +prometheus: + host: "127.0.0.1" #detector ip 地址 + port: 9090 #prometheus 端口号 + +log: + fileName: "/var/log/cpds/cpds-detector/cpds-detector.log" + level: "warn" + maxAge: 15 + maxBackups: 100 + maxSize: 100 + localTime: true + compress: true +``` + +#### cpds-analyzer配置 + +```bash +vim /etc/cpds/analyzer/config.yml +``` + +```yaml +generic: + bindAddress: "127.0.0.1" # 需要监听的地址 + port: 19091 # 需要监听的端口 + +database: + host: "127.0.0.1" # 数据库 ip 地址 + port: 3306 # 数据库端口号 + username: root # 数据库用户名 + password: root # 数据库密码 + maxOpenConnections: 123 # 最大连接数 + +detector: + host: "127.0.0.1" #detector ip 地址 + port: 19092 #detector 端口号 + +log: + fileName: "/var/log/cpds/cpds-analyzer/cpds-analyzer.log" + level: "warn" + maxAge: 15 + maxBackups: 100 + maxSize: 100 + localTime: true +``` + +#### cpds-dashboard配置 + +```bash +vim /etc/nginx/conf.d/cpds-ui.conf +``` + +```conf +server { + listen 10119; + + location / { + root /etc/cpds/cpds-ui/; + index index.html index.htm; + } + + location /api/ { + proxy_pass http://127.0.0.1:19091; # 后端 analyzer 的 ip 和端口 + } + + location /websocket/ { + proxy_pass http://127.0.0.1:19091; # 后端 analyzer 的 ip 和端口 + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto http; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } +} +``` + +## 启动CPDS + +本节介绍CPDS的启动方法。 + +### 关闭防火墙 + +```shell +systemctl stop firewalld +systemctl disable firewalld +``` + +修改/etc/selinux/config文件中SELINUX状态为disabled。 + +```conf +SELINUX=disabled +``` + +再重启系统。 + +### 初始化数据库 + +1. 启动数据库 + +```shell +systemctl start mariadb.service +systemctl enable mariadb.service +``` + +2. 在root权限下初始化数据库 + +```shell +/usr/bin/mysql_secure_installation +``` + +> 命令执行过程中需要输入数据库的root设置的密码,若没有密码则直接按“Enter”。然后根据提示及实际情况进行设置。 + +3. 设置数据库连接权限 + +```shell +mysql -u root -p +``` + +命令执行后提示输入密码。密码为2中设置的密码。 + +```shell +GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION; +``` + +> 其中username为数据库用户名,password为该用户的密码。 + +例如: + +```shell +mysql -u root -p +Enter password: +Welcome to the MariaDB monitor. Commands end with ; or \g. +Your MariaDB connection id is 5 +Server version: 10.5.16-MariaDB MariaDB Server + +Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT OPTION; +Query OK, 0 rows affected (0.014 sec) +``` + +### 启动服务 + +```shell +systemctl start Cpds.service +systemctl enable Cpds.service +``` + +启动各节点上的cpds-agent。 + +```shell +systemctl start cpds-agent +systemctl enable cpds-agent +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器,在浏览器导航栏中输入`http://localhost:10119`访问前端管理平台。 diff --git a/docs/zh/tools/cloud/cpds/usage_instructions.md b/docs/zh/tools/cloud/cpds/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..3868379765196d0ecb7c9864a8c355d67bea0359 --- /dev/null +++ b/docs/zh/tools/cloud/cpds/usage_instructions.md @@ -0,0 +1,236 @@ +# 使用手册 + +## 介绍 + +CPDS(Container Problem Detect System)容器故障检测系统,是由北京凝思软件股份有限公司设计并开发的容器集群故障检测系统,该软件系统实现了对容器 TOP 故障、亚健康检测的监测与识别。 + +主要分为四个子模块: + +1. 信息采集组件 cpds-agent:本组件根据cpds-detetor(异常检测组件)需要的数据进行相应采集。 +2. 异常检测组件 cpds-detector:本组件根据cpds-analyzer(容器故障/亚健康诊断组件)下发的异常规则,对集群各节点原始数据进行分析,检测节点是否存在异常。 +3. 故障/亚健康诊断组件 cpds-analyzer:本组件根据cpds-dashboard(用户交互组件)下发的诊断规则,对cpds-detector(异常检测组件)收集的异常数据进行处理,判断集群节点是否处于容器故障/亚健康状态。 +4. 用户交互组件 cpds-dashboard:本组件从 cpds-analyzer(故障/亚健康诊断)组件中获取诊断结果数据,并以实时查看、离线查看的形式进行可视化诊断结果展示,便于容器集群运维人员进行分析与策略制定下发。 + +## 页面及功能说明 + +### 页面布局 + +CPDS页面布局分为导航栏、导航菜单、操作区。 + +> 页面布局如下图 + +![页面布局](./images/cpds-page/布局.png) + +| 序号 | 名称 | 说明 | +| ---- | ---- | ---- | +| 1 | 导航菜单 | 导航菜单包含 CPDS 所有功能,选择不同菜单项后,右侧操作区将显示对应的操作页面。| +| 2 | 导航栏 | 用于指示用户当前页面位于导航树的位置。 | +| 3 | 操作区 | 显示当前操作信息,提供操作功能。 | + +### 概览 + +概览页面可查看整个集群的状态信息,包括集群容器健康状态、集群节点状态、集资源用量、节点监控状态、诊断结果。查看概览流程如下图所示: + +![集群概览](./images/cpds-page/集群概览.png) + +| 名称 | 说明 | +| ---- | ---- | +| 容器健康状态 | 显示集群中运行中的容器个数占全部容器个数的百分比,并显示全部容器、运行中的容器、停止的容器的个数。 | +| 集群节点状态 | 显示在线节点占全部节点的百分比,并显示全部节点、在线节点、离线节点的个数。 | +| 集群资源用量 | 显示集群 CPU、内存、磁盘的使用的量、总量和使用百分比。 | +| 节点监控状态 | 显示集群节点的 ip 地址、节点状态、节点运行容器数量占比。点击下方的查看更多,会跳转至“监控告警-节点健康”,可以查看更详细的节点信息。 | +| 诊断结果 | 显示触发规则的名称、当前状态、规则第一次触发的时间,以及后续触发的最新时间。点击下方的查看更多,会跳转至“健康诊断-诊断结果”,查看更详细的诊断结果。 | + +### 监控告警 + +监控告警能够对集群、节点的物理资源、容器状态进行监控。 + +#### 集群状态 + +显示集群主机在线状态,提供物理资源监控和容器健康监控。 + +##### 集群状态-概览 + +查看集群信息和节点信息,集群信息包括集群容器健康状态、集群节点状态、集资源用量。查看集群信息流程如下所示: + +1. 点击左侧导航菜单“监控告警”→“集群状态”,选择“概览”标签页,进入概览页面。如下图所示: +![集群状态-概览](./images/cpds-page/集群状态-概览.png) + +| 名称 | 说明 | +| ---- | ---- | +| 容器健康状态 | 显示集群中运行中的容器个数占全部容器个数的百分比,并显示全部容器、运行中的容器、停止的容器的个数。 | +| 集群节点状态 | 显示在线节点占全部节点的百分比,并显示全部节点、在线节点、离线节点的个数。 | +| 资源使用情况 | 显示集群 CUP、内容、磁盘的使用的量和总量。 | +| 节点监控状态 | 详见 [节点健康](#节点健康)。 | + +##### 集群状态-物理资源监控 + +点击左侧导航菜单“监控告警”→“集群状态”,选择“物理资源监控”标签页,物理资源监控页面内容如下图所示。 +![集群物理资源监控](./images/cpds-page/集群物理资源监控.png) + +> 其中点击查询时间范围按钮可选择查询数据的时间范围,如下图所示。 +![时间范围选择](./images/cpds-page/时间范围选择.png) + +下面将对物理资源监控内容进行说明。 + +| 名称 | 说明 | +| ---- | ---- | +| 集群总 CPU 使用率 | 集群 CPU 使用百分比 | +| 集群总内存使用率 | 集群内存使用百分比 | +| 集群总磁盘使用率 | 集群磁盘使用百分比 | +| 集群iowait | 集群CPU等待I/O设备完成输入输出操作而处于空闲状态的时间 | +| 网络iops | 集群网卡每秒接收和发送数据包总数 | +| 网络网速 | 集群网卡每秒接收和发送数据大小 | +| 网络丢包率 | 集群单位时间内网卡丢失数据包占总数据包的百分比 | +| 网络错误率 | 集群单位时间内网卡出现错误的数据包占总数据包的百分比 | +| 网络重传率 | 集群单位时间内重传数据包占总数据包的百分比 | +| 集群总磁盘吞吐速率 | 集群磁盘每秒完成读写操作的数据量 | +| 磁盘 iops | 集群磁盘每秒完成读写操作的次数 | + +##### 集群状态-容器健康监控 + +点击左侧导航菜单“监控告警”→“集群状态”,选择“容器健康监控”标签页,该页面显示集群容器健康监控信息如下图所示: +![集群-容器健康监控](./images/cpds-page/集群-容器健康监控.png) + +下面将对容器健康监控内容进行说明。 + +| 名称 | 说明 | +| ---- | ---- | +| 容器CPU使用率 | 容器 CPU 使用量占集群 CPU 总量的百分比 | +| 容器磁盘使用率 | 容器磁盘使用量占集群磁盘总量的百分比 | +| 容器流量 | 容器每秒网卡接收/发送的数据量 | +| 容器内存使用率 | 容器内存使用量占集群内存总量的百分比 | + +#### 节点健康 + +显示各节点主机在线状态及架构信息,提供物理资源监控和容器健康监控。 +> 节点健康主页面如下图所示: + +![节点健康](./images/cpds-page/节点健康.png) + +##### 节点健康-概览 + +点击左侧导航菜单“监控告警”→“节点健康”,点击表格中节点对应的 ip 地址进入节点概览页面。 +> 节点概览页面如下图所示: + +![节点概览](./images/cpds-page/节点概览.png) + +> 点击如下图三个组件,可刷新或切换曲线图展示的数据内容。 + +![节点概览-按钮](./images/cpds-page/节点概览-按钮.png) + +##### 节点健康-物理资源监控 + +点击左侧导航菜单“监控告警”→“节点健康”,点击表格中节点对应的 ip 地址进入节点概览页面,选择“物理资源监控”标签页,物理资源监控页面内容如下图所示: +![节点物理资源监控](./images/cpds-page/节点物理资源监控.png) + +下面将对物理资源监控内容进行说明。 + +| 名称 | 说明 | +| ---- | ---- | +| 节点 CPU 使用率 | 节点 CPU 使用百分比 | +| 节点内存使用率 | 节点内存使用百分比 | +| 节点磁盘使用率 | 节点磁盘使用百分比 | +| 节点iowait | 节点CPU等待I/O设备完成输入输出操作而处于空闲状态的时间 | +| 节点网络iops | 节点网卡每秒接收和发送数据包总数 | +| 节点网络网速 | 节点网卡每秒接收和发送数据大小 | +| 节点网络丢包率 | 节点单位时间内网卡丢失数据包占总数据包的百分比 | +| 节点网络错误率 | 节点单位时间内网卡出现错误的数据包占总数据包的百分比 | +| 节点网络重传率 | 节点单位时间内重传数据包占总数据包的百分比 | +| 节点磁盘吞吐速率 | 节点磁盘每秒完成读写操作的数据量 | +| 节点磁盘 iops | 节点磁盘每秒完成读写操作的次数 | + +##### 节点健康-容器健康监控 + +点击左侧导航菜单“监控告警”→“节点健康”,点击表格中节点对应的 ip 地址进入节点概览页面,选择“容器健康监控”标签页,容器健康监控页面如下图所示: +![节点容器健康监控](./images/cpds-page/节点容器健康监控.png) + +> 该页面可根据容器状态、容器名称进行排序。 + +节点容器健康监控数据说明如下表: + +| 名称 | 说明 | +| ---- | ---- | +| 容器名称 | 容器的完整id | +| 容器状态 | 容器的运行状态,包括:运行中、已创建、停止等待、暂停共四个状态 | +| CPU用量 | 容器CPU使用率 | +| 内存用量 | 容器内存用量 | +| 出站流量 | 容器网卡对外发送数据大小 | +| 如站流量 | 容器网卡对接收数据大小 | + +### 健康诊断 + +利用故障/亚健康检测规则,对各节点原始数据进行计算分析,得出诊断结果,提供诊断结果列表。支持诊断原始数据查看,显示诊断时所使用的原始数据,支持对时间进行过滤,显示不同时间段原始数据的值,并提供图表展示原始数据的变化规律。 + +#### 诊断结果 + +将规则列表中的规则拿来进行判断,满足判断条件的规则将被加入到诊断结果列表中。规则信息详见 [规则管理](#规则管理)。 +查看诊断结果列表流程如下: + +1. 点击左侧导航菜单“健康诊断”→“诊断结果”,进入诊断结果页面。如下图所示: +![诊断结果](./images/cpds-page/诊断结果.png) + +2. 可在左上角输入规则名称对诊断结果进行筛选。 + +3. 点击查看原始数据,可以查看最近 10 分钟内原始数据的变化规律,如下图所示: +![查看原始数据](./images/cpds-page/查看原始数据.png) + +4. 点击删除可以删除对应的诊断结果。 + +#### 原始数据检索 + +支持诊断原始数据查看,显示诊断时所使用的原始数据,支持对时间进行过滤,显示不同时间段原始数据的值,并提供图表展示原始数据的变化规律。页面布局如下图所示: +![原始数据检索](./images/cpds-page/原始数据检索.png) + +功能说明如下表所示: + +| 名称 | 说明 | +| ---- | ---- | +| 原始数据查询 | 利用表达式对原始数据进行查询,可以设置时间选择器对时间进行过滤。可以查询到一段时间内原始数据的变化规律。 | +| 容器状态 | 当利用表达式成功查询原始数据后,查询记录将被记录到表格中,如果超过 10 条不同表达式记录,最先查询的记录将被删除。如果是相同表达式,那么记录会被覆盖。 | + +##### 原始数据图表 + +原始数据图表如下图所示: +![原始数据图表](./images/cpds-page/原始数据图表.png) + +图表信息说明如下表: + +| 名称 | 说明 | +| ---- | ---- | +| 监控指标 | 显示内容为查询的表达式 | +| 原始数据曲线图 | 显示该表达式在一段时间内查询结果的变化规律 | +| 原始数据表格 | 显示当前时间,查询结果的字段以及值 | + +### 规则管理 + +#### 查看规则 + +支持故障/亚健康检测规则列表查看、创建、编辑、删除功能,列表包括规则名、表达式、告警级别和亚健康、故障比较规则值信息。查看规则流程如下: + +1. 点击左侧导航菜单“规则管理”→“查看规则”,进入规则列表页面,如下图所示: +![查看规则](./images/cpds-page/查看规则.png) + +2. 通过左上角输入规则名称,点击搜索可以对规则进行过滤。 +3. 点击删除可以删除对应规则。 + +#### 添加规则 + +击左侧导航菜单“规则管理”→“查看规则”,进入规则列表页面,点击添加规则或者编辑,如下图所示: +![添加规则](./images/cpds-page/添加规则.png) + +添加/编辑规则内容有如下几点限制: + +1. 规则名称,只能包含数字、英文字母、下划线。 +2. 表达式必须符合PromQL语法,参考[prometheus官方文档](https://prometheus.io/docs/prometheus/latest/querying/basics/)。 +3. 亚健康阈值只能输入数字类型。 +4. 故障康阈值只能输入数字类型。 + +> 1. 阈值只能在对应的比较条件选择之后才能输入。 +> 2. 当比较条件选择之后,对应的阈值必须填写入。 +> 3. 亚健康比较条件、故障比较条件二者必须选择一个,或者两个都选。 + +## 注意事项 + +1. 默认规则,规则名称为node_etcd_service、node_kube_apiserver、node_kube_controller_manager、node_kube_proxynode_kube_scheduler的规则表达式中的ip需要自行更换为实际ip。 +2. 当前版本CPDS只支持对docker容器运行时的故障检测。 diff --git a/docs/zh/tools/cloud/ctinspector/_toc.yaml b/docs/zh/tools/cloud/ctinspector/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ee244f224e6b6e2744ad7ca9e74915ff6d18af1e --- /dev/null +++ b/docs/zh/tools/cloud/ctinspector/_toc.yaml @@ -0,0 +1,10 @@ +label: CTinspector用户指南 +isManual: true +description: 使用 CTinspector 精准诊断系统运行时性能瓶颈与故障 +sections: + - label: CTinspector介绍 + href: ./ctinspector_introduction.md + - label: 安装与部署 + href: ./installation_and_deployment.md + - label: 使用方法 + href: ./usage_instructions.md diff --git a/docs/zh/tools/cloud/ctinspector/ctinspector_introduction.md b/docs/zh/tools/cloud/ctinspector/ctinspector_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..6e695dae1dabaf30ccc81e29160bb0449979b1dc --- /dev/null +++ b/docs/zh/tools/cloud/ctinspector/ctinspector_introduction.md @@ -0,0 +1,46 @@ +# 认识CTinspector + +## 简介 + +CTinspector是天翼云科技有限公司基于ebpf指令集自主创新研发的语言虚拟机运行框架。基于CTinspector运行框架可以快速拓展其应用实例用于诊断网络性能瓶颈点,诊断存储IO处理的热点和负载均衡等,提高系统运行时诊断的稳定性和时效性。 + +CTinspector未引入云上环境基础底座系统运维与问题分析之前,OVS的运维与ACL的配置效率相对较低,且存在一些功能上不支持的问题: + +* 维人员想要使用的过滤字段正好没有实现,或者与或非的条件表达式不支持; + +* 系统中有很多命令都有类似的过滤需求,比如CT流表,openflow流表,卸载流表,如果针对每种流表开发各自的命令行参数,这是一个很重的开发任务; + +* 基于命令行参数的过滤无法实现有状态过滤:比如查看报文数命中最多的流表。传统的过滤规则都是针对单条流表的,无法建立多条流表间的关联关系。 + +## 架构 + +CTinspector采用一个ebpf指令集的语言虚拟机Packet VM,它最小只有256字节,包含所有虚拟机应有的部件:寄存器,堆栈段,代码段,数据段,页表。Packet VM支持自主的migration,即packet VM内的代码可以调用migrate kernel function,以将packet VM迁移至它自己指定的节点。Packaket VM同时支持断点续执行,即packet VM迁移至下一个节点后可以沿着上一个节点中断的位置继续执行下一条指令。 +  +![](./figures/CT-package-vm.png) +  +CTinspector框架总体架构如下图所示: +  +![](./figures/CTinspector-arch.png) +  +CTinspecto框架的主要部件包括: + +* ebpf compiler/JIT: + 将C代码编译为ebpf二进制码,JIT则负责将ebpf指令及时编译为机器码。 + +* ebpf linker/loader: + 负责加载和链接库函数即kernel functions。 + +* runner: + 执行ebpf VM,这包括加载寄存器,代码段,加载堆栈,映射数据段等。 + +* scheduler: + 决定何时执行ebpf VM,这包括判断VM的状态,需要等待的数据依赖条件等。 + +* basic kernel functions: + 基本库函数,包括迁移,映射内存,fork,join_meeting等核心基本功能。 + +* extended kernel functions: + 除了ebpf VM runner提供的核心基本功能外,应用程序的各个hook点都可以提供自定义的库函数。 + +* memory mapper: + 将应用程序数据映射进ebpf VM以方便ebpf程序读写应用数据。 diff --git a/docs/zh/tools/cloud/ctinspector/figures/CT-package-vm.png b/docs/zh/tools/cloud/ctinspector/figures/CT-package-vm.png new file mode 100644 index 0000000000000000000000000000000000000000..bb1ad48a6f28f39b73776b67804332036c32bdce Binary files /dev/null and b/docs/zh/tools/cloud/ctinspector/figures/CT-package-vm.png differ diff --git a/docs/zh/tools/cloud/ctinspector/figures/CTinspector-arch.png b/docs/zh/tools/cloud/ctinspector/figures/CTinspector-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..82f647b7c0a311c8af597ce3fabb3cdf93e5afcc Binary files /dev/null and b/docs/zh/tools/cloud/ctinspector/figures/CTinspector-arch.png differ diff --git a/docs/zh/tools/cloud/ctinspector/figures/migrate_node_1.png b/docs/zh/tools/cloud/ctinspector/figures/migrate_node_1.png new file mode 100644 index 0000000000000000000000000000000000000000..3d7ddb16959cf83235703f564d002f95396f1963 Binary files /dev/null and b/docs/zh/tools/cloud/ctinspector/figures/migrate_node_1.png differ diff --git a/docs/zh/tools/cloud/ctinspector/figures/migrate_node_2.png b/docs/zh/tools/cloud/ctinspector/figures/migrate_node_2.png new file mode 100644 index 0000000000000000000000000000000000000000..99448ced22a6cd34d393ea31cff0ef67d43ec028 Binary files /dev/null and b/docs/zh/tools/cloud/ctinspector/figures/migrate_node_2.png differ diff --git a/docs/zh/tools/cloud/ctinspector/installation_and_deployment.md b/docs/zh/tools/cloud/ctinspector/installation_and_deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..e57624c1302e5c57c0ba9d5dbed1dc7b8d508868 --- /dev/null +++ b/docs/zh/tools/cloud/ctinspector/installation_and_deployment.md @@ -0,0 +1,38 @@ +# 安装与部署 + +## 硬件要求 + +* x86_64架构 + +## 环境准备 + +* 安装openEuler系统,安装方法参考 《[安装指南](../../../server/installation_upgrade/installation/installation_on_servers.md)》。 + +* 安装CTinspector需要使用root权限。 + +## 安装CTinspector + +* 安装CTinspector框架软件包,参考命令如下: + +```shell +[root@openEuler ~]# yum install ctinspector +``` + +* 查看安装是否成功,参考命令如下,若回显有对应软件包,表示安装成功: + +```shell +[root@openEuler ~]# rpm -q ctinspector +``` + +* 查看CTinpsector框架包含的核心动态库libebpf_vm_executor.so与主程序vm_test是否安装成功,文件列表如下: + +```shell +[root@openEuler ~]# rpm -ql ctinspector +/usr/bin/vm_test +/usr/include/ctinspector/ebpf_vm_functions.h +/usr/include/ctinspector/ebpf_vm_simulator.h +/usr/include/ctinspector/ebpf_vm_transport_rdma.h +/usr/include/ctinspector/list.h +/usr/include/ctinspector/ub_list.h +/usr/lib64/libebpf_vm_executor.so +``` diff --git a/docs/zh/tools/cloud/ctinspector/usage_instructions.md b/docs/zh/tools/cloud/ctinspector/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..4d38dd04fc884dffb37a32021798e45958b4a9de --- /dev/null +++ b/docs/zh/tools/cloud/ctinspector/usage_instructions.md @@ -0,0 +1,45 @@ +# 使用方法 + +## 网卡配置 + +```shell +# 修改网卡MTU +[root@openEuler ~]# ifconfig ens33 mtu 4200 + +# ens33上增加一个rxe接口,提供IB功能 +[root@openEuler ~]# rdma link add rxe_0 type rxe netdev ens33 + +``` + +## 开发应用实例 + +首先需要基于CTinspector框架,调用相应接口开发特定场景的应用。其次将该应用实例编译构建成基于ebpf指令集的二进制ELF文件。以CTinpsector自带的ebpf_example中vm_migrate为例进行说明,vm_migrate调用CTinpsector框架,可以在不同节点之间不断迁移packet VM,可以从上一个节点迁移时的运行位置在下一个节点接着运行。 + +``` +# 编写Makefile并设置ebpf指令集 + +CFLAGS=-O2 -fno-inline -emit-llvm -I/usr/include/ctinspector/ +LINKFLAGS=-march=bpf -filetype=obj + +all: vm_migrate.o + +vm_migrate.o: + clang $(CFLAGS) -c migrate.c -o - | llc $(LINKFLAGS) -o vm_migrate.o + +clean: + rm -f vm_migrate.o +``` + +```shell +# make进行编译构建 +[root@openEuler ~]# make +clang -O2 -fno-inline -emit-llvm -I/usr/include/ctinspector/ -c migrate.c -o - | llc -march=bpf -filetype=obj -o vm_migrate.o +``` + +## 运行应用实例 + +Node 1上运行vm_migrate +![](./figures/migrate_node_1.png) +  +Node 2上运行CTinpsect主程序 +![](./figures/migrate_node_2.png) diff --git a/docs/zh/tools/cloud/pilotgo/_toc.yaml b/docs/zh/tools/cloud/pilotgo/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..48b09b212901ff3347f9ee4f9b579cc23831a2c4 --- /dev/null +++ b/docs/zh/tools/cloud/pilotgo/_toc.yaml @@ -0,0 +1,8 @@ +label: PilotGo用户指南 +isManual: true +description: 使用 PilotGo 运维管理平台管理主机、权限和告警等 +sections: + - label: 概述 + href: ./pilotgo_introduction.md + - label: 使用方法 + href: ./usage_instructions.md diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2661.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..47530416ac9ec71da0d1e925e3132b0b2b785855 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2661.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26610.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26610.png" new file mode 100644 index 0000000000000000000000000000000000000000..39a57121b446cdbf5b4331d15bb6360eb5496b69 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26610.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26611.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26611.png" new file mode 100644 index 0000000000000000000000000000000000000000..60b687eb558441caec7dc875677b27c86ce65025 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26611.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26612.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26612.png" new file mode 100644 index 0000000000000000000000000000000000000000..b48b1b06a4d993e56475d93684a0f330dcfdf979 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26612.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26613.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26613.png" new file mode 100644 index 0000000000000000000000000000000000000000..c11643e7ded48861f0ed8ec6b42e0b6133345df6 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26613.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26614.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26614.png" new file mode 100644 index 0000000000000000000000000000000000000000..b6865b5086e39119276bd5b5a6ded26549cc4f84 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26614.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26615.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26615.png" new file mode 100644 index 0000000000000000000000000000000000000000..604eb1bfa61471130f26a8f7ffd1c0b3614b22d3 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26615.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26616.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26616.png" new file mode 100644 index 0000000000000000000000000000000000000000..912a5d5d99277969277b372581ca1ecc039019c4 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26616.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26617.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26617.png" new file mode 100644 index 0000000000000000000000000000000000000000..ca4ef0f0e6dff84b39f4dab70a6b84a0a40cfb04 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26617.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26618.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26618.png" new file mode 100644 index 0000000000000000000000000000000000000000..41db05c19217a7f913b902e548a85d0f818fd5fb Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26618.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26619.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26619.png" new file mode 100644 index 0000000000000000000000000000000000000000..9c973575f161d398a347960ecc0b07b4d465033a Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26619.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2662.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..84fb9ab57756bb845d87e7d485a6a10ed2da280b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2662.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26620.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26620.png" new file mode 100644 index 0000000000000000000000000000000000000000..b4df524d8de03adb72d85e20c79124fec981af5a Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\26620.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2663.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..1c14ef5949d4db979061aba87962e6236207dfcd Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2663.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2664.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..e8fcd86545f43145738da6ba02ae4e3e3f97d6b6 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2664.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2665.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2665.png" new file mode 100644 index 0000000000000000000000000000000000000000..9b1627384a188a831a1f2c629220bbbf2b102d86 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2665.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2666.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2666.png" new file mode 100644 index 0000000000000000000000000000000000000000..db62f93aaeb6c273984fb11854ee1585015131ea Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2666.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2667.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2667.png" new file mode 100644 index 0000000000000000000000000000000000000000..df8450690e4e7becd0c999fb5d2d3561a9b3d44b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2667.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2668.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2668.png" new file mode 100644 index 0000000000000000000000000000000000000000..b58d90081d2a8735bcd4af4f3a878badcab78ccd Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2668.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2669.png" "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2669.png" new file mode 100644 index 0000000000000000000000000000000000000000..daebc416e2f8700d4e57371c2f6d3a727f401e05 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/A\346\217\222\344\273\2669.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2661.png" "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..6a5398b3ede4a0939f415df176aed10d0c582506 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2661.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2662.png" "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..4c51e269d22cda516e7a7c4191aa5a398773e1be Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2662.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2663.png" "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..d120fdc034f2c588c222837e8316a33cda339e22 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2663.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2664.png" "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..1e2ed031ac525d8a69c98c9f143b3edece72be77 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2664.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2665.png" "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2665.png" new file mode 100644 index 0000000000000000000000000000000000000000..b0f366b001a09dc1d1f4096ff5aa4f5ec6429087 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/G\346\217\222\344\273\2665.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2661.png" "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..bdb7a7c95da1562829cb12a445948f1bdcc8d7e5 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2661.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2662.png" "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..d54a04a42afa0f0ae7d37fb2eef88943e4b402f5 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2662.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2663.png" "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..a85aad4547a6dc8b6d55d50524c69c92668e54a6 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2663.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2664.png" "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..c56bcc5248a53f9d5daeadaddb998d69ef154c4e Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/P\346\217\222\344\273\2664.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\345\210\233\345\273\27216.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\345\210\233\345\273\27216.png" new file mode 100644 index 0000000000000000000000000000000000000000..6170f1e4b3c72d7c5759f8604e5eb81fd4f0ba81 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\345\210\233\345\273\27216.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2661.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..f8a60fe0a2c7ab78b7cb9e27d2ee3e2bb46b855c Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2661.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26610.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26610.png" new file mode 100644 index 0000000000000000000000000000000000000000..0737ac47dd75324fd32bc04d30efebc0c82d06e6 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26610.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26611.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26611.png" new file mode 100644 index 0000000000000000000000000000000000000000..e68b2924606bdacd45780df26ea3040512f41529 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26611.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26612.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26612.png" new file mode 100644 index 0000000000000000000000000000000000000000..434f5ae6f698cffe047c8d841e33d56b9524fb57 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26612.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26613.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26613.png" new file mode 100644 index 0000000000000000000000000000000000000000..52b832b784480c487bbfe522a2c288abc7688d63 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26613.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26614.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26614.png" new file mode 100644 index 0000000000000000000000000000000000000000..9f9d37bc22605aeca505ffa02cdb1fb4f77348c2 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26614.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26615.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26615.png" new file mode 100644 index 0000000000000000000000000000000000000000..9e2ae86c1eeb97b7a5497bd9088f397f12a1f1c3 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26615.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26616.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26616.png" new file mode 100644 index 0000000000000000000000000000000000000000..e11c688d9c1bf95b54006c48d34dd986e743d875 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26616.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26617.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26617.png" new file mode 100644 index 0000000000000000000000000000000000000000..a51bf0d3c26008efdf1611c57d9edd8566b4404b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\26617.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2662.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..642736945bc173fc0ee586d3dcced92b8b095b51 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2662.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2663.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..cacef3c82a2b26d782a93855bd90b4997877ba6b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2663.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2664.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2664.png" new file mode 100644 index 0000000000000000000000000000000000000000..1b83df0d7778cac5296d2e9886a901a8292160a9 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2664.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2665.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2665.png" new file mode 100644 index 0000000000000000000000000000000000000000..7d444877c2dbc0f7ed83528f1847c45e3aa0aec5 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2665.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2666.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2666.png" new file mode 100644 index 0000000000000000000000000000000000000000..45ec5470710ecdf3430f4468b1dcb8716f8b8485 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2666.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2667.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2667.png" new file mode 100644 index 0000000000000000000000000000000000000000..8531a7cc0116c09e01b7ce0a46fd3c9b873fa254 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2667.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2668.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2668.png" new file mode 100644 index 0000000000000000000000000000000000000000..c413b2ce7881ffcba3bcb38b766ed2c0961bbad7 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2668.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2669.png" "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2669.png" new file mode 100644 index 0000000000000000000000000000000000000000..882213869392dd7e787e92f45b65386c71e8305d Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/T\346\217\222\344\273\2669.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2011.png" "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2011.png" new file mode 100644 index 0000000000000000000000000000000000000000..94b11e9d73b09a6592418fd28895f14049aa3042 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2011.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2012.png" "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2012.png" new file mode 100644 index 0000000000000000000000000000000000000000..283a407e3c2c051893528306d485b9cb0df9f4df Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2012.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2013.png" "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2013.png" new file mode 100644 index 0000000000000000000000000000000000000000..123213c25423d8eaa72f346f9531dcd7f0ff15af Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\345\257\206\347\240\2013.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2711.png" "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..6a703ed196cdc2b4658e317d5fa51330583977fa Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2711.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2712.png" "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..aedc97318d613a230f584d3cd7a39b38d30619e4 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2712.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2713.png" "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2713.png" new file mode 100644 index 0000000000000000000000000000000000000000..28d6cc49987efe174b3ff8a53db25d472c35c334 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\344\277\256\346\224\271\350\212\202\347\202\2713.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2411.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2411.png" new file mode 100644 index 0000000000000000000000000000000000000000..c68c4411fd6c1babe7b2014c1dcbd0a60854b033 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2411.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2412.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2412.png" new file mode 100644 index 0000000000000000000000000000000000000000..ef19f105e2490140151cb54ebffeebcc5aba87e1 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2412.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2413.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2413.png" new file mode 100644 index 0000000000000000000000000000000000000000..f252f90886373a0378effb7a41ca2e2c7d3f4f60 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2413.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2414.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2414.png" new file mode 100644 index 0000000000000000000000000000000000000000..0f0e95086a9082fc339e9dd930d727f652cea3d8 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\211\271\346\254\2414.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2661.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..74889505efa10bf45d699d9c8ec19c81cd63ef4f Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2661.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2662.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..0a0f563aa9efd21a789058b76dc88e5e0208a996 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2662.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2663.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..e7dfcf189d030a4bffa1ce92885e27e3fab7ecde Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\233\345\273\272\346\226\207\344\273\2663.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2411.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2411.png" new file mode 100644 index 0000000000000000000000000000000000000000..5b463d0ebb4d5ee3de034e9bfcd668ec5dd20486 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2411.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2412.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2412.png" new file mode 100644 index 0000000000000000000000000000000000000000..441278a946303bd01f93bddfcbd7b5f5c248033e Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2412.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2413.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2413.png" new file mode 100644 index 0000000000000000000000000000000000000000..4f5f66df31a36437f14e2bb82c8c95c1cecc977a Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\211\271\346\254\2413.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2501.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2501.png" new file mode 100644 index 0000000000000000000000000000000000000000..46b8df350f33a09d26250fc1394ff364c5240877 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2501.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2502.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2502.png" new file mode 100644 index 0000000000000000000000000000000000000000..987d5c751cbdcd7a931c8e790c77a8acd69761d6 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2502.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2503.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2503.png" new file mode 100644 index 0000000000000000000000000000000000000000..2690f8dd111fca999a6208ac6220fba27c8de7d8 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\346\234\272\345\231\2503.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2671.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2671.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa44c85f2249df946761c8a230edc0289ea028f2 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2671.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2672.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2672.png" new file mode 100644 index 0000000000000000000000000000000000000000..1bed708ca71b6c69229697707c54be66d96803ac Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\347\224\250\346\210\2672.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2711.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..b1fb1936d03477f1fa3f774382a30f423aae30be Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2711.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2712.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..417f2c3ab074a0e962ea08e81b9511322851700f Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2712.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2713.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2713.png" new file mode 100644 index 0000000000000000000000000000000000000000..ade96f981a8b1dcb8fa18e21a710ae5eba829024 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\212\202\347\202\2713.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2621.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2621.png" new file mode 100644 index 0000000000000000000000000000000000000000..0173d0db11dd18d0454523ead716e5dcd80fc833 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2621.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2622.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2622.png" new file mode 100644 index 0000000000000000000000000000000000000000..e3d52203ec36234581a3064ff0931cb9c9cf7afe Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2622.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2623.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2623.png" new file mode 100644 index 0000000000000000000000000000000000000000..966f04257fbd52ee6713d83350b251b8f7255567 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\210\240\351\231\244\350\247\222\350\211\2623.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\212\237\350\203\275\346\250\241\345\235\227.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\212\237\350\203\275\346\250\241\345\235\227.png" new file mode 100644 index 0000000000000000000000000000000000000000..86782bfc46f42a051b56f457cd46fad60cad3332 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\212\237\350\203\275\346\250\241\345\235\227.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2201.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2201.png" new file mode 100644 index 0000000000000000000000000000000000000000..6d46d6f496a3b43a501b6e9f806f5501069e4bb5 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2201.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2202.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2202.png" new file mode 100644 index 0000000000000000000000000000000000000000..901bed4daf0c9b7dbbe7bd6833dea6093e2b6e9a Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\346\235\203\351\231\2202.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2501.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2501.png" new file mode 100644 index 0000000000000000000000000000000000000000..708de466507f8c07f29c0b23915b99b66e5ab308 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2501.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2502.png" "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2502.png" new file mode 100644 index 0000000000000000000000000000000000000000..3c401d9c96c8c3cd4602540296143d1d3331d845 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\345\217\230\346\233\264\351\203\250\351\227\2502.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2211.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2211.png" new file mode 100644 index 0000000000000000000000000000000000000000..82518a40fd982bff95ff7af1cd94b2f6970eb4c4 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2211.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2212.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2212.png" new file mode 100644 index 0000000000000000000000000000000000000000..6dec37e1e56e9c0c56469e2dd81b350f287d25ff Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\344\270\213\345\217\2212.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2751.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2751.png" new file mode 100644 index 0000000000000000000000000000000000000000..a8f3dfd37854995e502ca77e04e794e380c8467f Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2751.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2752.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2752.png" new file mode 100644 index 0000000000000000000000000000000000000000..584a55ba3a87ff087d77de756e455c61276ed022 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\345\215\270\350\275\2752.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\346\223\215\344\275\2341.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\346\223\215\344\275\2341.png" new file mode 100644 index 0000000000000000000000000000000000000000..0b25e8e5cee2f6d4597d2d244565ff827947b4d2 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\211\271\351\207\217\346\223\215\344\275\2341.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2211.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2211.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5d54a3679b9a183dbc8eddacf881a8c30c0967b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2211.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2212.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2212.png" new file mode 100644 index 0000000000000000000000000000000000000000..d639180465474d529758cb83e98b8bd44c409e47 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2212.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2213.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2213.png" new file mode 100644 index 0000000000000000000000000000000000000000..87082b54be5d405f859bd17b558b061e08565f0c Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\344\270\213\345\217\2213.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2441.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2441.png" new file mode 100644 index 0000000000000000000000000000000000000000..e292e6abbde7b787e8c5246fe0a754e8bd3f3277 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2441.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2442.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2442.png" new file mode 100644 index 0000000000000000000000000000000000000000..eb643a896473ade847fd6091dd031eadc3444a4c Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2442.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2443.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2443.png" new file mode 100644 index 0000000000000000000000000000000000000000..a8f2dd996fb826ace2a657ae330aaf36d7c1b884 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\210\240\351\231\2443.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\216\206\345\217\262\347\211\210\346\234\254.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\216\206\345\217\262\347\211\210\346\234\254.png" new file mode 100644 index 0000000000000000000000000000000000000000..74f5e745836607702d69f97939b8629446dc0d71 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\216\206\345\217\262\347\211\210\346\234\254.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2321.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2321.png" new file mode 100644 index 0000000000000000000000000000000000000000..8a7e6dfd18608275d496de46cc157bdcfcc1ffa4 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2321.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2322.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2322.png" new file mode 100644 index 0000000000000000000000000000000000000000..0ceef0dcacc27149d2feb2eff3a7902af1c13186 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2322.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2323.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2323.png" new file mode 100644 index 0000000000000000000000000000000000000000..69b4cda58e7962c11e40bdac7555afb9428941b2 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2323.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2324.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2324.png" new file mode 100644 index 0000000000000000000000000000000000000000..79281449c580ef3059dc30329416e6fb564fb5ae Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\345\233\236\346\273\2324.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2131.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2131.png" new file mode 100644 index 0000000000000000000000000000000000000000..14e91000f62a312b9004ab2108929d90ee49f1b1 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2131.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2132.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2132.png" new file mode 100644 index 0000000000000000000000000000000000000000..517fd0fcdce1ccf35216bc0e98c4ea3127145d1b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\226\207\344\273\266\346\237\245\347\234\2132.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\346\237\245\347\234\213.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..aef655d63baec93d740d8a1bb010715ee5f46b43 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\346\237\245\347\234\213.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\350\257\246\346\203\205.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..97864d9a760b2bc0acd6e82b2d072cf3647384a2 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\227\245\345\277\227\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..2c866f8739a5757505aeb5d5ad1626a6c0e42179 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\344\277\241\346\201\257.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\344\277\241\346\201\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..e0be6aec62ea1de2de8f8a771a3b4f5f07d9ecea Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\344\277\241\346\201\257.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2701.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2701.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1c722e66168c29fbc1aea72a24f90c05d23b459 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2701.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2702.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2702.png" new file mode 100644 index 0000000000000000000000000000000000000000..cb4263a4961d75a687b0d073f6922af6e936970d Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\2702.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2711.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..ae23a49e9ef1d9c2be390a4715f83457c05dce69 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2711.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2712.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..344f95e052c876e312043099b36267e4e9544e5c Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2712.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2713.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2713.png" new file mode 100644 index 0000000000000000000000000000000000000000..1f108d6f224f30a5973b4ddbe7e8d551d8e1f9c5 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\345\206\205\346\240\270\344\277\256\346\224\2713.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\201\234\346\255\242.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\201\234\346\255\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..c482e8389f10bca2f1ad43545af169d6dd26b1a5 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\201\234\346\255\242.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\220\257\345\212\250.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\220\257\345\212\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..3d8674a65895b1138ca2826b2496f17c81e5818b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\345\220\257\345\212\250.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\346\237\245\350\257\242.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\346\237\245\350\257\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..c9f00f1467981d26f162c45fc065cba7043e88c7 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\346\237\245\350\257\242.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\351\207\215\345\220\257.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\351\207\215\345\220\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..a77c72630b6ab284232f7584d4f688e243439960 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\346\234\215\345\212\241\351\207\215\345\220\257.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\224\250\346\210\267\344\277\241\346\201\257.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\224\250\346\210\267\344\277\241\346\201\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..e96ba36aa2bcbadd7b7f9bd23e451d6faa456bb9 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\224\250\346\210\267\344\277\241\346\201\257.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\257.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\257.png" new file mode 100644 index 0000000000000000000000000000000000000000..2a7e5cbb1366030517ceeacc8a1459a764ac98eb Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\257.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\2571.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\2571.png" new file mode 100644 index 0000000000000000000000000000000000000000..d3130734e2fb884c74209411dbb647d88e575a8f Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\273\210\347\253\2571.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\275\221\347\273\234\351\205\215\347\275\256.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\275\221\347\273\234\351\205\215\347\275\256.png" new file mode 100644 index 0000000000000000000000000000000000000000..6a3017159efe20948a8c1cdbd4d98b9ef482e775 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\347\275\221\347\273\234\351\205\215\347\275\256.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\257\246\346\203\205.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..8013f25410e592c4f10486b7d6214f6eba3717fd Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\215\270\350\275\275.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\215\270\350\275\275.png" new file mode 100644 index 0000000000000000000000000000000000000000..d9299c2fa59898b7063049aa7ecb428eed4601b7 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\215\270\350\275\275.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\205.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..f9726c1b6b879f63e618a2245354c595e4b17f55 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\205.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2051.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2051.png" new file mode 100644 index 0000000000000000000000000000000000000000..1801f6adbd2b2cf1c00fd279c720192915a34d55 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2051.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2052.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2052.png" new file mode 100644 index 0000000000000000000000000000000000000000..b24a22cbafc042b7d4cb234708a161a4b6910048 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\345\256\211\350\243\2052.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\346\220\234\347\264\242.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\346\220\234\347\264\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..d6119cf60ec4dfa952fcf4f16dec97ab6daf1863 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\234\272\345\231\250\350\275\257\344\273\266\345\214\205\346\220\234\347\264\242.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\246\202\350\247\210.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\246\202\350\247\210.png" new file mode 100644 index 0000000000000000000000000000000000000000..d32d9673426c3a3beb3b7b02ae2dd7ba0cee8671 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\246\202\350\247\210.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2671.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2671.png" new file mode 100644 index 0000000000000000000000000000000000000000..04ed9a75aacb082a4c416b4d3309606b800c8d27 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2671.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2672.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2672.png" new file mode 100644 index 0000000000000000000000000000000000000000..e69cb0806e796f31a54a37ec0d9136e2ce74efab Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\347\224\250\346\210\2672.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2711.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2711.png" new file mode 100644 index 0000000000000000000000000000000000000000..f7554243b3009c7945ad1746f86a77b046573f2f Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2711.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2712.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2712.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ee25dd17e3252c21267231e4b6ad17860ceac6e Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\212\202\347\202\2712.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2621.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2621.png" new file mode 100644 index 0000000000000000000000000000000000000000..5a98fc65e9f7e3dbdb312ed5951eb3767a5001f8 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2621.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2622.png" "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2622.png" new file mode 100644 index 0000000000000000000000000000000000000000..ba014915a2fec33734e7daee451c8eaf7738d6a1 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\346\267\273\345\212\240\350\247\222\350\211\2622.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2451.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2451.png" new file mode 100644 index 0000000000000000000000000000000000000000..b538a40e8b89c49ff4ee4a26df7f390c8564dbd6 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2451.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2452.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2452.png" new file mode 100644 index 0000000000000000000000000000000000000000..c725bbe4a5e738bafebeefbe0c90b2f555275cc8 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2452.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2453.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2453.png" new file mode 100644 index 0000000000000000000000000000000000000000..c731959721be7ecacd4f7f5e2d82486deecb997f Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\205\2453.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2721.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2721.png" new file mode 100644 index 0000000000000000000000000000000000000000..fc395b3b31fe80d8d63caf644b8af92bccadb691 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2721.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2722.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2722.png" new file mode 100644 index 0000000000000000000000000000000000000000..fd44f2600b62b30ac8abb125668ecc3e4f59cf5f Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\224\250\346\210\267\345\257\274\345\207\2722.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\231\273\345\275\225.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\231\273\345\275\225.png" new file mode 100644 index 0000000000000000000000000000000000000000..6eb0106de32bd3d9da30d194035f129e3083791a Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\231\273\345\275\225.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2411.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2411.png" new file mode 100644 index 0000000000000000000000000000000000000000..ddc0b69e0101881902ed3f12cf5f56cdc20dc32b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2411.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2412.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2412.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5625966a81c44421eb1c2f3906aa7ce2746faf5 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2412.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2413.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2413.png" new file mode 100644 index 0000000000000000000000000000000000000000..27519a3d4f0becbc9b77e27897741547ae12e269 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\211\271\346\254\2413.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2661.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2661.png" new file mode 100644 index 0000000000000000000000000000000000000000..50b5f27cc9cecee17b7758683f61bf21544e8c3b Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2661.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2662.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2662.png" new file mode 100644 index 0000000000000000000000000000000000000000..1362aac595643c19f924cf92098bf43abf75c78e Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2662.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2663.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2663.png" new file mode 100644 index 0000000000000000000000000000000000000000..ffa2ed188539c7aa0f95cd6beb21d07c0ed6fc84 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\346\226\207\344\273\2663.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2671.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2671.png" new file mode 100644 index 0000000000000000000000000000000000000000..4df5e7583f4a9676c864dda18bb9d411c29862e8 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2671.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2672.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2672.png" new file mode 100644 index 0000000000000000000000000000000000000000..0a36495c86e915bc3c8c9d23f422755aeea80f46 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\347\224\250\346\210\2672.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2621.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2621.png" new file mode 100644 index 0000000000000000000000000000000000000000..4ace76039f0cfe5a21d1ec53940819ed3ca31c5a Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2621.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2622.png" "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2622.png" new file mode 100644 index 0000000000000000000000000000000000000000..65b8bb7a4def07435da61d80f9485f9637a109e3 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\347\274\226\350\276\221\350\247\222\350\211\2622.png" differ diff --git "a/docs/zh/tools/cloud/pilotgo/figures/\351\207\215\347\275\256\345\257\206\347\240\2011.png" "b/docs/zh/tools/cloud/pilotgo/figures/\351\207\215\347\275\256\345\257\206\347\240\2011.png" new file mode 100644 index 0000000000000000000000000000000000000000..bad1fce9f9742ee586ac3f8d9f61ae37b03b8779 Binary files /dev/null and "b/docs/zh/tools/cloud/pilotgo/figures/\351\207\215\347\275\256\345\257\206\347\240\2011.png" differ diff --git a/docs/zh/tools/cloud/pilotgo/pilotgo_introduction.md b/docs/zh/tools/cloud/pilotgo/pilotgo_introduction.md new file mode 100644 index 0000000000000000000000000000000000000000..6989642f899ff40cf8425e4ecd7f37de0bd4fe27 --- /dev/null +++ b/docs/zh/tools/cloud/pilotgo/pilotgo_introduction.md @@ -0,0 +1,34 @@ +# PilotGo介绍 + +PilotGo 是 openEuler 社区原生孵化的运维管理平台,采用插件式架构设计,功能模块轻量化组合、独立迭代演进,同时保证核心功能稳定;同时使用插件来增强平台功能、并打通不同运维组件之间的壁垒,实现了全局的状态感知及自动化流程。 + +## 功能描述 + +PilotGo 核心功能模块包括: + +* 用户管理:支持按照组织结构分组管理,支持导入已有平台账号,迁移方便; + +* 权限管理:支持基于RBAC的权限管理,灵活可靠; + +* 主机管理:状态前端可视化、直接执行软件包管理、服务管理、内核参数调优、简单易操作; + +* 批次管理:支持运维操作并发执行,稳定高效; + +* 日志审计:跟踪记录用户及插件的变更操作,方便问题回溯及安全审计; + +* 告警管理:平台异常实时感知; + +* 插件功能:支持扩展平台功能,插件联动,自动化能力倍增,减少人工干预。 + +![本地路径](./figures/功能模块.png) + +当前OS发布版本还集成了以下插件: + +* Prometheus:托管Prometheus监控组件,自动化下发及配置node-exporter监控数据采集,对接平台告警功能;![本地路径](./figures/P插件3.png) + +* Grafana:集成Grafana可视化平台,提供美观易用的指标监控面板功能。 +![本地路径](./figures/G插件4.png) + +## 应用场景 + +PiotGo可用于典型的服务器集群管理场景,支持大批量的服务器集群基本管理及监控;通过集成对应的业务功能插件,还可实现业务集群的统一平台管理,例如Mysql数据库集群、redis数据缓存集群、nginx网关集群等。 diff --git a/docs/zh/tools/cloud/pilotgo/usage_instructions.md b/docs/zh/tools/cloud/pilotgo/usage_instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..e6b822a3b19a6e096e6e884c1c230cd227d15493 --- /dev/null +++ b/docs/zh/tools/cloud/pilotgo/usage_instructions.md @@ -0,0 +1,395 @@ +# PilotGo平台使用手册 + +PilotGo 是一个 openEuler 社区原生的运维管理平台,采用插件式开发,增强平台的扩展性、并打通不同运维组件之间的壁垒。PilotGo 核心功能包括:集群管理、批次管理、主机管理、用户管理、权限管理、主机监控、运维审计等。 + +## 1 PilotGo安装与配置 + +PilotGo可以单机部署也可以采用集群式部署。安装之前先关闭防火墙。 + +### 1.1 PilotGo-server 安装与配置 + +安装mysql; +安装redis,设置redis密码(修改),运行命令: + +`dnf install redis6` + +`vim /etc/redis/redis.conf` + +`#requirepass foobared去掉注释,foobared改为自己的密码` + +`bind 0.0.0.0` + +启动MySQL和redis服务,然后执行: + +`dnf install PilotGo-server` + +修改/opt/PilotGo/server/config_server.yaml里面mysql和redis的配置信息,启动服务: + +`systemctl start PilotGo-server` + +访问页面: + +### 1.2 PilotGo-agent安装与配置 + +执行以下命令进行安装: + +`dnf install PilotGo-agent` + +修改/opt/PilotGo/agent/config_agent.yaml里面的ip信息,启动服务: + +`systemctl start PilotGo-agent` + +### 1.3 PilotGo插件安装与配置 + +详情见3 插件使用手册 + +## 2 PilotGo平台使用说明 + +### 2.1 首次登录 + +#### 2.1.1 用户登录页面 + +用户登录页面如图所示,输入正确的用户名和密码登录系统。默认用户名为admin,默认密码为admin,首次登录之后建议先修改密码。![本地路径](./figures/登录.png) +登录成功显示概览页面。![本地路径](./figures/概览.png) + +### 2.2 用户模块 + +#### 2.2.1 创建用户 + +创建用户的方式又两种,一种是手动创建单个用户,另外一种是批量导入多个用户。 + +##### 2.2.1.1 创建单个用户 + +1. 具有创建用户权限的用户成功登录之后点击左侧导航栏中的用户管理; +2. 点击页面右上角的添加按钮; +3. 在页面中输入用户名、密码、邮箱,选择部门和角色类型,并点击确定按钮;![本地路径](./figures/添加用户1.png) +4. 页面弹框提示“添加用户成功”,并显示新创建的用户信息,表示创建用户成功。![本地路径](./figures/添加用户2.png) + +##### 2.2.1.2 批量导入多个用户 + +1. 具有创建用户权限的用户成功登录之后点击左侧导航栏中的用户管理; +2. 击页面的批量导入按钮,选择文件点击打开按钮;![本地路径](./figures/用户导入1.png) +3. 显示用户信息则完成用户导入。![本地路径](./figures/用户导入2.png)![本地路径](./figures/用户导入3.png) + +#### 2.2.2 修改用户信息及密码 + +##### 2.2.2.1 修改用户信息 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的用户管理; +2. 找到用户信息,点击操作栏中的编辑按钮; +3. 在页面中输入要修改的用户信息,并点击确定按钮;![本地路径](./figures/编辑用户1.png) +4. 页面弹框提示“用户信息修改成功”,并显示修改后的用户信息。![本地路径](./figures/编辑用户2.png) + +##### 2.2.2.2 修改密码 + +修改密码有两种方式,第一是用户知道密码登录系统后自己修改,第二是用户忘记密码,由管理员登录系统后重置此用户密码,重置默认密码为邮箱@符号的前半部分。 + +###### 2.2.2.2.1 手动修改密码 + +1. 用户登录系统后点击右上角的人像图标和修改密码;![本地路径](./figures/修改密码1.png) +2. 连续输入两次新密码,点击确定按钮;![本地路径](./figures/修改密码2.png) +3. 页面弹框提示“修改成功”。![本地路径](./figures/修改密码3.png) + +###### 2.2.2.2.2 重置密码 + +1. 管理员登录成功后点击左侧导航栏中的用户管理; +2. 找到用户信息,点击操作栏中的重置密码按钮; +3. 用户使用默认密码可以登录系统。![本地路径](./figures/重置密码1.png) + +#### 2.2.3 删除用户 + +1. 管理员登录成功后点击左侧导航栏中的用户管理; +2. 点击页面小方块选择要删除的用户; +3. 点击页面右上角的删除按钮,并点击确定;![本地路径](./figures/删除用户1.png) +4. 页面弹框提示“用户删除成功”,并用户管理页面不显示删除用户的信息。![本地路径](./figures/删除用户2.png) + +#### 2.2.4 导出用户 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的用户管理; +2. 点击页面的导出按钮;![本地路径](./figures/用户导出1.png) +3. 浏览器显示下载进度,成功下载后打开xlsx文件查看信息。![本地路径](./figures/用户导出2.png) + +#### 2.2.5 用户退出 + +1. 具有该权限的用户成功登录,点击页面右上角的按钮; +2. 点击页面的确定按钮; +3. 退出到登录页面。![本地路径](./figures/登录.png) + +### 2.3 角色模块 + +#### 2.3.1 添加角色 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的角色管理; +2. 点击页面的添加按钮; +3. 输入角色名和描述信息,并点击确定按钮;![本地路径](./figures/添加角色1.png) +4. 页面弹框提示“新增角色成功”,并页面显示新添加的角色信息。![本地路径](./figures/添加角色2.png) + +### 2.3.2 修改角色 + +#### 2.3.2.1 修改角色信息 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的角色管理; +2. 点击对应角色的编辑按钮; +3. 输入新的角色名和描述信息,并点击确定按钮;![本地路径](./figures/编辑角色1.png) +4. 页面弹框提示“角色信息修改成功”,并页面显示修改后的角色信息。![本地路径](./figures/编辑角色2.png) + +#### 2.3.2.2 修改角色权限 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的角色管理; +2. 点击对应角色的变更按钮; +3. 选择相应的权限,点击重置按钮可以清空所选权限,并点击确定按钮;![本地路径](./figures/变更权限1.png) +4. 页面弹框提示“角色权限变更成功”。![本地路径](./figures/变更权限2.png) + +### 2.3.3 删除角色 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的角色管理; +2. 点击对应角色的删除按钮,并点击确定;![本地路径](./figures/删除角色1.png)![本地路径](./figures/删除角色2.png) +3. 页面弹框提示“角色删除成功”,并不显示删除的角色信息。![本地路径](./figures/删除角色3.png) + +### 2.4 部门树模块 + +#### 2.4.1 修改部门节点 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 在部门节点对应位置点击修改符号,输入节点名字并点击确定;![本地路径](./figures/修改节点1.png)![本地路径](./figures/修改节点2.png) +3. 页面弹框提示“修改成功”,并显示修改后的部门节点信息。![本地路径](./figures/修改节点3.png) + +#### 2.4.2 删除部门节点 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 在部门节点对应位置点击删除符号并点击确定;![本地路径](./figures/删除节点1.png)![本地路径](./figures/删除节点2.png) +3. 页面弹框提示“删除成功”,并不显示删除节点的信息。![本地路径](./figures/删除节点3.png) + +#### 2.4.3 添加部门节点 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 在部门节点对应位置点击加号并点击确定;![本地路径](./figures/添加节点1.png) +3. 页面弹框提示“新建成功”,并显示添加节点的信息。![本地路径](./figures/添加节点2.png) + +### 2.5 批次模块 + +#### 2.5.1 创建批次 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和创建批次; +2. 点击机器所在的部门名字,在备选项中选择0个或多个机器ip(点击ip前面的方框),若选择一个或多个部门的所有机器可以点击部门列表的方框,并点击备选项中的部门名称,选择完成后点击向右的箭头;![本地路径](./figures/创建批次1.png) +3. 输入批次名称和描述,并点击创建按钮;![本地路径](./figures/创建批次2.png) +4. 页面弹框提示“批次入库成功”,并批次页面显示新创建的批次信息。![本地路径](./figures/创建批次3.png)![本地路径](./figures/创建批次4.png) + +#### 2.5.2 修改批次 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的批次; +2. 点击对应批次的编辑按钮;![本地路径](./figures/编辑批次1.png) +3. 输入新的批次名称和备注信息,并点击确定按钮;![本地路径](./figures/编辑批次2.png) +4. 页面弹框提示“批次修改成功”,并显示修改后的批次信息。![本地路径](./figures/编辑批次3.png) + +#### 2.5.3 删除批次 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的批次; +2. 选择要删除的批次,点击删除按钮并点击确定;![本地路径](./figures/删除批次1.png)![本地路径](./figures/删除批次2.png) +3. 页面弹框提示“批次删除成功”,并不显示删除批次的信息。![本地路径](./figures/删除批次3.png) + +#### 2.5.4 批量安装软件包 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的批次,并点击批次名称;![本地路径](./figures/批量操作1.png) +2. 点击右上角的rpm下发按钮,在搜索框输入软件包的名称,并点击下发按钮;![本地路径](./figures/批量下发1.png) +3. 页面弹框提示“软件包安装成功”,agent端可以查到下发的rpm包。![本地路径](./figures/批量下发2.png) + +#### 2.5.5 批量卸载软件包 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的批次,并点击批次名称;![本地路径](./figures/批量操作1.png) +2. 点击右上角的rpm卸载按钮,在搜索框输入软件包的名称,并点击卸载按钮;![本地路径](./figures/批量卸载1.png) +3. 页面弹框提示“软件包卸载成功”,agent端无此软件包。![本地路径](./figures/批量卸载2.png) + +### 2.6 机器模块 + +#### 2.6.1 删除机器 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 选择要删除的机器,点击删除按钮并点击确定;![本地路径](./figures/删除机器1.png)![本地路径](./figures/删除机器2.png) +3. 页面弹框提示“机器删除成功”,并不显示删除机器的信息。![本地路径](./figures/删除机器3.png) + +#### 2.6.2 变更机器部门 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 选择要变更部门的机器,点击变更部门按钮; +3. 核对变更部门机器ip的信息,选择新的部门,并点击确定;![本地路径](./figures/变更部门1.png) +4. 页面弹框提示“机器部门修改成功”,并显示变更后的信息。![本地路径](./figures/变更部门2.png) + +#### 2.6.3 安装软件包 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 点击要查看信息的机器ip,并点击软件包信息栏目; +3. 在搜索框输入软件包的名称,并点击安装按钮; +4. 页面显示repo名称、repo地址信息,并页面显示软件包名、执行动作、结果等信息。![本地路径](./figures/机器软件包安装.png) + +#### 2.6.4 卸载软件包 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 点击要查看信息的机器ip,并点击软件包信息栏目; +3. 在搜索框输入软件包的名称,并点击卸载按钮; +4. 页面显示repo名称、repo地址信息,并页面显示软件包名、执行动作、结果等信息。![本地路径](./figures/机器软件包卸载.png) + +#### 2.6.5 查看机器详情 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的系统和机器列表; +2. 点击要查看信息的机器ip; +3. 页面显示机器的相关信息。![本地路径](./figures/机器详情.png)![本地路径](./figures/机器服务查询.png)![本地路径](./figures/机器网络配置.png)![本地路径](./figures/机器用户信息.png) + +### 2.7 日志模块 + +#### 2.7.1 查看所有日志 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的审计日志; +2. 页面展示日志信息。![本地路径](./figures/日志查看.png) + +#### 2.7.2 查看批处理日志详情 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的审计日志; +2. 点击折叠按钮; +3. 页面显示子日志的信息。![本地路径](./figures/日志详情.png) + +## 3 PilotGo平台插件使用说明 + +### 3.1 PilotGo-plugin-grafana插件使用说明 + +1. 在任意一台服务器上执行dnf install PilotGo-plugin-grafana grafana; +2. 将/opt/PilotGo/plugin/grafana/config.yaml文件中ip地址修改为本机真实ip,修改/etc/grafana/grafana.ini文件一下信息: + + `root_url = http://真实ip:9999/plugin/grafana` + + `serve_from_sub_path = true` + + `allow_embedding = true` + +3. 重启两个服务,执行以下命令: + + `systemctl restart grafana-server` + + `systemctl start PilotGo-plugin-grafana` + +4. 成功登录pilotgo平台,点击左侧导航栏中的插件管理,点击添加插件按钮,填写插件名称和服务地址,机器地址例子:,并点击确定;![本地路径](./figures/G插件1.png) +5. 页面增加一条插件管理数据,导航栏增加一个插件按钮。![本地路径](./figures/G插件2.png)![本地路径](./figures/G插件3.png) + +### 3.2 PilotGo-plugin-prometheus插件使用说明 + +1. 在任意一台服务器上执行dnf install PilotGo-plugin-prometheus; +2. 将/opt/PilotGo/plugin/prometheus/server/config.yml文件中ip地址修改为本机真实ip和mysql服务地址; +3. 重启服务,执行以下命令: + + `systemctl start PilotGo-plugin-prometheus` + +4. 成功登录pilotgo平台,点击左侧导航栏中的插件管理,点击添加插件按钮,填写插件名称和服务地址,机器地址例子:,并点击确定;![本地路径](./figures/P插件1.png) +5. 页面增加一条插件管理数据,导航栏增加一个插件按钮。![本地路径](./figures/P插件2.png)![本地路径](./figures/P插件3.png) +6. 在页面选择机器ip和监控时间,展示机器数据面板。![本地路径](./figures/P插件4.png) + +### 3.3 PilotGo-plugin-a-tune插件使用说明 + +1. 在需要调优的机器上安装PilotGo-agent、atune,并执行dnf install PilotGo-plugin-a-tune; +2. 将/opt/PilotGo/plugin/a-tune/config.yml文件中ip地址修改为真实ip; +3. 重启服务,执行以下命令: + + `systemctl start PilotGo-plugin-a-tune` + +4. 成功登录pilotgo平台,点击左侧导航栏中的插件管理,点击添加插件按钮,填写插件名称和服务地址,机器地址例子:,并点击确定;![本地路径](./figures/A插件1.png) +5. 页面增加一条插件管理数据,导航栏增加一个插件按钮。![本地路径](./figures/A插件2.png) + +#### 3.3.1 调优模板 + +##### 3.3.1.1 添加调优模板 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-atune插件和调优模板; +2. 点击页面右上角的新增按钮,输入字段信息,并点击保存;![本地路径](./figures/A插件3.png) +3. 页面显示新添加的调优模板信息,并点击操作栏目的详情按钮可以查看模板详情。![本地路径](./figures/A插件4.png) + +##### 3.3.1.2 修改调优模板 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-atune插件和调优模板; +2. 在页面上找到要修改的模板,并点击编辑按钮;![本地路径](./figures/A插件6.png) +3. 修改信息后点击页面的保存按钮,刷新页面,页面显示修改后的调优模板信息。![本地路径](./figures/A插件7.png)![本地路径](./figures/A插件8.png) + +##### 3.3.1.3 删除调优模板 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-atune插件和调优模板; +2. 在页面上找到要删除的模板,选中对应模板,点击右上角的删除按钮,并点击确定;![本地路径](./figures/A插件9.png) +3. ![本地路径](./figures/A插件10.png)![本地路径](./figures/A插件5.png) + +#### 3.3.2 调优任务 + +##### 3.3.2.1 添加调优任务 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-atune插件和任删除模板后刷新页面,页面不存在已删除的模板信息。务列表; +2. 点击页面右上角的新增按钮,填写新增任务的信息,并点击保存按钮;![本地路径](./figures/A插件11.png) +3. 刷新页面,页面显示新增加的任务信息,状态栏显示等待。![本地路径](./figures/A插件12.png) + +##### 3.3.2.2 重启单个任务 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-atune插件和任务列表; +2. 在页面上找到要重启的任务,点击对应的重启按钮;![本地路径](./figures/A插件13.png) +3. 页面状态栏显示运行中,执行完成后状态变为完成。![本地路径](./figures/A插件14.png)![本地路径](./figures/A插件15.png) + +##### 3.3.2.3 查看单个任务详情 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-atune插件和任务列表; +2. 在页面上找到要查看的任务名称,点击对应的详情按钮; +3. 页面显示单个任务的详细信息。![本地路径](./figures/A插件16.png) + +##### 3.3.2.4 删除调优任务 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-atune插件和任务列表; +2. 在页面上找到要删除的任务列表,选中对应的任务,点击右上角的删除按钮,并点击确定;![本地路径](./figures/A插件17.png)![本地路径](./figures/A插件18.png) +3. 删除任务后刷新页面,页面不存在任已删除的务信息。![本地路径](./figures/A插件19.png) + +### 3.4 PilotGo-plugin-topology插件使用说明 + +1. 在任意一台服务器上执行dnf install PilotGo-plugin-topology-server; +2. 将/opt/PilotGo/plugin/topology/server/config.yml文件中ip地址修改为真实ip,并配置java、neo4j、mysq、redis数据库等信息; +3. 重启服务,执行以下命令: + + `systemctl start PilotGo-plugin-topology-server` + +4. 在需要topo展示的服务器上执行dnf install PilotGo-plugin-topology-agent; +5. 将/opt/PilotGo/plugin/topology/agent/config.yml文件中ip地址修改为真实ip; +6. 重启服务,执行以下命令: + + `systemctl start PilotGo-plugin-topology-agent` + +7. 成功登录pilotgo平台,点击左侧导航栏中的插件管理,点击添加插件按钮,填写插件名称和服务地址,,并点击确定;![本地路径](./figures/T插件1.png) +8. 页面增加一条插件管理数据,导航栏增加一个插件按钮。![本地路径](./figures/T插件2.png) + +#### 3.4.1 添加自定义拓扑配置 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-topology插件和创建配置; +2. 在页面上填写相关信息,并点击创建按钮;![本地路径](./figures/T插件3.png) +3. 页面显示新创拓扑配置的信息和拓扑图。![本地路径](./figures/T插件4.png) + +#### 3.4.2 修改自定义拓扑配置 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-topology插件和配置列表; +2. 在页面上找到要修改的配置,点击编辑;![本地路径](./figures/T插件5.png) +3. 修改配置信息后点击更新按钮,页面右半边将生成新的拓扑图。![本地路径](./figures/T插件6.png) + +#### 3.4.3 查看单机的全局拓扑图 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-topology插件和配置列表; +2. 点击页面上的单机/多机按钮,选择要查看拓扑信息的机器,点击确定;![本地路径](./figures/T插件7.png)![本地路径](./figures/T插件8.png) +3. 页面将展示单机的拓扑图。![本地路径](./figures/T插件9.png) + +#### 3.4.4 查看某个自定义配置的拓扑图和配置信息 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-topology插件和配置列表; +2. 在页面上找到要查看的配置名称,点击对应的拓扑图按钮;![本地路径](./figures/T插件10.png) +3. 页面将展示此配置拓扑图。![本地路径](./figures/T插件11.png) +4. 在页面上找到要查看的配置名称,点击对应的json配置按钮;![本地路径](./figures/T插件12.png) +5. 页面将展示此配置的详细信息。![本地路径](./figures/T插件13.png) + +#### 3.4.5 删除自定义拓扑配置 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-topology插件和配置列表; +2. 选择要删除的配置,点击删除按钮,再点击确定;![本地路径](./figures/T插件14.png) +3. 页面将不展示已删除的配置信息。![本地路径](./figures/T插件15.png) + +#### 3.4.6 查看多机的全局拓扑图 + +1. 具有该权限的用户成功登录,点击左侧导航栏中的plugin-topology插件和配置列表; +2. 点击页面上的单机/多机按钮,选择多机,点击确定;![本地路径](./figures/T插件16.png) +3. 页面将展示多机的拓扑图。![本地路径](./figures/T插件17.png) diff --git a/docs/zh/tools/community_tools/_toc.yaml b/docs/zh/tools/community_tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..44feffbde578d7897c4b92d10deca18a51cb4a8e --- /dev/null +++ b/docs/zh/tools/community_tools/_toc.yaml @@ -0,0 +1,15 @@ +label: 社区工具 +sections: + - label: 镜像构建 + sections: + - href: ./isocut/_toc.yaml + - href: ./image_tailor/_toc.yaml + - label: 迁移 + sections: + - href: ./migration_tools/_toc.yaml + - label: 虚拟化 + sections: + - href: ./virtualization/euler_launcher/_toc.yaml + - label: epkg软件包 + sections: + - href: ./epkg_use/_toc.yaml diff --git a/docs/zh/tools/community_tools/epkg_use/_toc.yaml b/docs/zh/tools/community_tools/epkg_use/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..963dc019e06010d57c8a4f724a470dcbf43732a3 --- /dev/null +++ b/docs/zh/tools/community_tools/epkg_use/_toc.yaml @@ -0,0 +1,6 @@ +label: epkg包管理器使用指南 +isManual: true +description: 使用 epkg 包管理器 +sections: + - label: epkg包管理器使用指南 + href: ./epkg_package_manager_usage_guide.md diff --git a/docs/zh/tools/community_tools/epkg_use/epkg_package_manager_usage_guide.md b/docs/zh/tools/community_tools/epkg_use/epkg_package_manager_usage_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..d1ff5db6ff5706e5f3d28ad437267d4afa5fba8b --- /dev/null +++ b/docs/zh/tools/community_tools/epkg_use/epkg_package_manager_usage_guide.md @@ -0,0 +1,268 @@ +# epkg 使用指南 + +## 介绍 + +本文介绍EPKG包管理器工作环境如何初始化,以及基本功能如何使用。本文涉及操作结果示例均以非root用户为例。 +注意:目前epkg的软件包只适配了aarch64架构,后续会不断扩展其他架构 + +## 快速上手 + +下面的实例介绍了安装不同软件包版本的方式 + +```bash +# curl 方式安装epkg +# 安装时可选user/global安装模式,user模式仅当前安装用户可用,global模式全局用户可用 +# 仅root用户可使用global安装模式 +wget https://repo.oepkgs.net/openeuler/epkg/rootfs/epkg-installer.sh +sh epkg-installer.sh + +# 卸载epkg +wget https://repo.oepkgs.net/openeuler/epkg/rootfs/epkg-uninstaller.sh +sh epkg-uninstaller.sh + +# 初始化epkg +epkg init +bash // 重新执行.bashrc, 获得新的PATH + +# 创建环境1 +epkg env create t1 +epkg install tree +tree --version +which tree + +# 查看repo +[root@vm-4p64g ~]# epkg repo list +------------------------------------------------------------------------------------------------------------------------------------------------------ +channel | repo | url +------------------------------------------------------------------------------------------------------------------------------------------------------ +openEuler-22.03-LTS-SP3 | OS | https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-22.03-LTS-SP3/OS/aarch64/ +openEuler-24.09 | everything | https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64/ +openEuler-24.09 | OS | https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/OS/aarch64/ +------------------------------------------------------------------------------------------------------------------------------------------------------ + +# 创建环境2, 指定repo +epkg env create t2 --repo openEuler-22.03-LTS-SP3 +epkg install tree +tree --version +which tree + +# 切换回环境1 +epkg env activate t1 +``` + +## EPKG包管理器使用说明 + +```bash +Usage: + epkg install PACKAGE + epkg install [--env ENV] PACKAGE (开发中...) + epkg remove [--env ENV] PACKAGE (开发中...) + epkg upgrade [PACKAGE] (开发中...) + + epkg search PACKAGE (开发中...) + epkg list (开发中...) + + epkg env list + epkg env create|remove ENV + epkg env activate ENV + epkg env deactivate ENV + epkg env register|unregister ENV + epkg env history ENV (开发中...) + epkg env rollback ENV (开发中...) +``` + +软件包安装: + +```bash + epkg env create $env // 创建环境 + epkg install $package // 在环境中安装软件包 + epkg env create $env2 --repo $repo // 创建环境2,指定repo + epkg install $package // 在环境2中安装软件包 +``` + +软件包构建: + +```bash + epkg build ${yaml_path}/$pkg_name.yaml +``` + +### 安装软件 + +功能描述: + 在当前所在环境安装软件(建议操作前确认当前所在环境) + +命令: + epkg install ${package_name} + +返回示例: + +``` +[root@2d785c36ee2e /]# epkg env activate t1 +Add common to path +Add t1 to path +Environment 't1' activated. +Environment 't1' activated. +[root@2d785c36ee2e /]# epkg install tree +EPKG_ENV_NAME: t1 +Caching repodata for: "OS" +Cache for "OS" already exists. Skipping... +Caching repodata for: "OS" +Cache for "OS" already exists. Skipping... +Caching repodata for: "everything" +Cache for "everything" already exists. Skipping... +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/FF/FFCRTKRFGFQ6S2YVLOSUF6PHSMRP7A2N__ncurses-libs__6.4__8.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/D5/D5BOEFTRBNV3E4EXBVXDSRNTIGLGWVB7__glibc-all-langpacks__2.38__34.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/VX/VX6SUOPGEVDWF6E5M2XBV53VS7IXSFM5__openEuler-repos__1.0__3.3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/LO/LO6RYZTBB2Q7ZLG6SWSICKGTEHUTBWUA__libselinux__3.5__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/EP/EPIEEK2P5IUPO4PIOJ2BXM3QPEFTZUCT__basesystem__12__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/2G/2GYDDYVWYYIDGOLGTVUACSBHYVRCRJH3__setup__2.14.5__2.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/HC/HCOKXTWQQUPCFPNI7DMDC6FGSDOWNACC__glibc__2.38__34.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/OJ/OJQAHJTY3Y7MZAXETYMTYRYSFRVVLPDC__glibc-common__2.38__34.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/FJ/FJXG3K2TSUYXNU4SES2K3YSTA3AHHUMB__tree__2.1.1__1.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/KD/KDYRBN74LHKSZISTLMYOMTTFVLV4GPYX__readline__8.2__2.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/MN/MNJPSSBS4OZJL5EB6YKVFLMV4TGVBUBA__tzdata__2024a__2.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/S4/S4FBO2SOMG3GKP5OMDWP4XN5V4FY7OY5__bash__5.2.21__1.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/EJ/EJGRNRY5I6XIDBWL7H5BNYJKJLKANVF6__libsepol__3.5__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/TZ/TZRQZRU2PNXQXHRE32VCADWGLQG6UL36__bc__1.07.1__12.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/WY/WYMBYMCARHXD62ZNUMN3GQ34DIWMIQ4P__filesystem__3.16__6.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/KQ/KQ2UE3U5VFVAQORZS4ZTYCUM4QNHBYZ7__openEuler-release__24.09__55.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/HD/HDTOK5OTTFFKSTZBBH6AIAGV4BTLC7VT__openEuler-gpg-keys__1.0__3.3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/EB/EBLBURHOKKIUEEFHZHMS2WYF5OOKB4L3__pcre2__10.42__8.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/YW/YW5WTOMKY2E5DLYYMTIDIWY3XIGHNILT__info__7.0.3__3.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start download https://repo.oepkgs.net/openeuler/epkg/channel/openEuler-24.09/everything/aarch64//store/E4/E4KCO6VAAQV5AJGNPW4HIXDHFXMR4EJV__ncurses-base__6.4__8.oe2409.epkg +############################################################################################################################################################################################################### 100.0% +start install FFCRTKRFGFQ6S2YVLOSUF6PHSMRP7A2N__ncurses-libs__6.4__8.oe2409 +start install D5BOEFTRBNV3E4EXBVXDSRNTIGLGWVB7__glibc-all-langpacks__2.38__34.oe2409 +start install VX6SUOPGEVDWF6E5M2XBV53VS7IXSFM5__openEuler-repos__1.0__3.3.oe2409 +start install LO6RYZTBB2Q7ZLG6SWSICKGTEHUTBWUA__libselinux__3.5__3.oe2409 +start install EPIEEK2P5IUPO4PIOJ2BXM3QPEFTZUCT__basesystem__12__3.oe2409 +start install 2GYDDYVWYYIDGOLGTVUACSBHYVRCRJH3__setup__2.14.5__2.oe2409 +start install HCOKXTWQQUPCFPNI7DMDC6FGSDOWNACC__glibc__2.38__34.oe2409 +start install OJQAHJTY3Y7MZAXETYMTYRYSFRVVLPDC__glibc-common__2.38__34.oe2409 +start install FJXG3K2TSUYXNU4SES2K3YSTA3AHHUMB__tree__2.1.1__1.oe2409 +start install KDYRBN74LHKSZISTLMYOMTTFVLV4GPYX__readline__8.2__2.oe2409 +start install MNJPSSBS4OZJL5EB6YKVFLMV4TGVBUBA__tzdata__2024a__2.oe2409 +start install S4FBO2SOMG3GKP5OMDWP4XN5V4FY7OY5__bash__5.2.21__1.oe2409 +start install EJGRNRY5I6XIDBWL7H5BNYJKJLKANVF6__libsepol__3.5__3.oe2409 +start install TZRQZRU2PNXQXHRE32VCADWGLQG6UL36__bc__1.07.1__12.oe2409 +start install WYMBYMCARHXD62ZNUMN3GQ34DIWMIQ4P__filesystem__3.16__6.oe2409 +start install KQ2UE3U5VFVAQORZS4ZTYCUM4QNHBYZ7__openEuler-release__24.09__55.oe2409 +start install HDTOK5OTTFFKSTZBBH6AIAGV4BTLC7VT__openEuler-gpg-keys__1.0__3.3.oe2409 +start install EBLBURHOKKIUEEFHZHMS2WYF5OOKB4L3__pcre2__10.42__8.oe2409 +start install YW5WTOMKY2E5DLYYMTIDIWY3XIGHNILT__info__7.0.3__3.oe2409 +start install E4KCO6VAAQV5AJGNPW4HIXDHFXMR4EJV__ncurses-base__6.4__8.oe2409 +``` + +### 列出环境列表 + +功能描述: + 列出当前epkg所有环境($EPKG_ENVS_ROOT目录下),及当前处于哪个环境 + +命令: + epkg env list + +返回示例: + [small_leek@19e784a5bc38 bin]# epkg env list + Available environments(sort by time): + w1 + main + common + You are in [main] now + +### 创建环境 + +功能描述: + 创建新环境(创建成功后,默认激活新环境,即切换进新环境;但是不全局注册) + +命令: + epkg env create ${env_name} + +返回示例: + [small_leek@b0e608264355 bin]# epkg env create work1 + YUM --installroot directory structure created successfully in: /root/.epkg/envs/work1/profile-1 + Environment 'work1' added to PATH. + Environment 'work1' activated. + Environment 'work1' created. + +### 激活环境 + +功能描述: + 激活指定环境,刷新EPKG_ENV_NAME和RPMDB_DIR(用于安装软件至指定环境时,指向--dbpath),刷新PATH,包含指定环境及common环境,并将指定环境设为第一优先级 + +命令: + epkg env activate ${env_name} + +返回示例: + [small_leek@9d991d463f89 bin]# epkg env activate main + Environment 'main' activated + +### 取消激活环境 + +功能描述: + 取消激活指定环境,刷新EPKG_ENV_NAME和RPMDB_DIR,刷新PATH,默认指向main环境 + +命令: + epkg env deactivate ${env_name} + +返回示例: + [small_leek@398ec57ce780 bin]# epkg env deactivate w1 + Environment 'w1' deactivated. + +### 注册环境 + +功能描述: + 注册指定环境,持久化刷新PATH,包含epkg所有已注册环境,并将指定环境设为第一优先级 + +命令: + epkg env register ${env_name} + +返回示例: + [small_leek@5042ae77dd75 bin]# epkg env register lkp + EPKG_ACTIVE_ENV: + Environment 'lkp' has been registered to PATH. + +### 取消注册环境 + +功能描述: + 去注册指定环境,持久化刷新PATH,包含除指定环境外的epkg所有已注册环境 + +命令: + epkg env unregister ${env_name} + +返回示例: + [small_leek@69393675945d /]# epkg env unregister w4 + EPKG_ACTIVE_ENV: + Environment 'w4' has been unregistered from PATH. + +### 编译epkg软件包 + +功能描述: + 根据autopkg提供的yaml编译epkg软件包 + +命令: + epkg build ${yaml_path}/$pkg_name.yaml + +返回示例: + [small_leek@69393675945d /]# epkg build /root/epkg/build/test/tree/package.yaml + pkg_hash: fbfqtsnza9ez1zk0cy23vyh07xfzsydh, dir: /root/.cache/epkg/build-workspace/result + Compress success: /root/.cache/epkg/build-workspace/epkg/fbfqtsnza9ez1zk0cy23vyh07xfzsydh__tree__2.1.1__0.oe2409.epkg + \ No newline at end of file diff --git a/docs/zh/tools/community_tools/image_tailor/_toc.yaml b/docs/zh/tools/community_tools/image_tailor/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fad930dc492c01305162b2778eeea3a658cd1a4b --- /dev/null +++ b/docs/zh/tools/community_tools/image_tailor/_toc.yaml @@ -0,0 +1,6 @@ +label: imageTailor 使用指南 +isManual: true +description: 按需裁剪操作系统镜像中的包或文件 +sections: + - label: imageTailor 使用指南 + href: ./imagetailor_userguide.md diff --git a/docs/zh/tools/community_tools/image_tailor/figures/flowchart.png b/docs/zh/tools/community_tools/image_tailor/figures/flowchart.png new file mode 100644 index 0000000000000000000000000000000000000000..e4fecb8b310f204d6cfd07449ccc3c93d1badd51 Binary files /dev/null and b/docs/zh/tools/community_tools/image_tailor/figures/flowchart.png differ diff --git a/docs/zh/tools/community_tools/image_tailor/figures/lack_pack.png b/docs/zh/tools/community_tools/image_tailor/figures/lack_pack.png new file mode 100644 index 0000000000000000000000000000000000000000..a4b7f1da15da70f63a86aae360e89017c2b98f2d Binary files /dev/null and b/docs/zh/tools/community_tools/image_tailor/figures/lack_pack.png differ diff --git a/docs/zh/tools/community_tools/image_tailor/imagetailor_userguide.md b/docs/zh/tools/community_tools/image_tailor/imagetailor_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..2114e0e0db817adbfafb611ba1afd7d2b930bebd --- /dev/null +++ b/docs/zh/tools/community_tools/image_tailor/imagetailor_userguide.md @@ -0,0 +1,892 @@ +# imageTailor 使用指南 + +## 简介 + +操作系统除内核外,还包含各种功能的外围包。通用操作系统包含较多外围包,提供了丰富的功能,但是这也带来了一些影响: + +- 占用资源(内存、磁盘、CPU 等)多,导致系统运行效率低 +- 很多功能用户不需要,增加了开发和维护成本 + +因此,openEuler 提供了 imageTailor 镜像裁剪定制工具。用户可以根据需求裁剪操作系统镜像中不需要的外围包,或者添加所需的业务包或文件。该工具主要提供了以下功能: + +- 系统包裁剪定制:用户可以选择默认安装以及裁剪的rpm,也支持用户裁剪定制系统命令、库、驱动。 +- 系统配置定制:用户可以配置主机名、启动服务、时区、网络、分区、加载驱动、版本号等。 +- 用户文件定制:支持用户添加定制文件到系统镜像中。 + +## 安装工具 + +### 软硬件要求 + +安装和运行 imageTailor 需要满足以下软硬件要求: + +- 机器架构为 x86_64 或者 AArch64 + +- 运行工具的机器根目录 '/' 需要 40 GB 以上空间 + +- python 版本 3.9 及以上 + +- kernel 内核版本 5.10 及以上 + +- 关闭 SElinux 服务 + + ```shell + $ sudo setenforce 0 + $ getenforce + Permissive + ``` + +### 获取安装包 + +安装和使用 imageTailor 工具,首先需要下载 openEuler 发布件。 + +1. 获取 ISO 镜像文件和对应的校验文件。 + + 镜像必须为 everything 版本,此处假设存放在 root 目录,参考命令如下: + + ```shell + cd /root/temp + wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso + wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso.sha256sum + ``` + +2. 获取 sha256sum 校验文件中的校验值。 + + ```shell + cat openEuler-{version}-everything-aarch64-dvd.iso.sha256sum + ``` + +3. 计算 ISO 镜像文件的校验值。 + + ```shell + sha256sum openEuler-{version}-everything-aarch64-dvd.iso + ``` + +4. 对比上述 sha256sum 文件的检验值和 ISO 镜像的校验值,如果两者相同,说明文件完整性检验成功。否则说明文件完整性被破坏,需要重新获取文件。 + +### 安装 imageTailor + +1. 确认机器已经安装操作系统( imageTailor 工具的运行环境)。 + + ```shell + # cat /etc/openEuler-release + ``` + +2. 创建文件 /etc/yum.repos.d/local.repo,配置对应 yum 源。配置内容参考如下,其中 baseurl 是用于挂载 ISO 镜像的目录: + + ```shell + [local] + name=local + baseurl=file:///root/imageTailor_mount + gpgcheck=0 + enabled=1 + ``` + +3. 使用 root 权限,挂载光盘镜像到 /root/imageTailor_mount 目录(请与上述 repo 文件中配置的 baseurl 保持一致,且建议该目录的磁盘空间大于 20 GB)作为 yum 源,参考命令如下: + + ```shell + mkdir /root/imageTailor_mount + sudo mount -o loop /root/temp/openEuler-{version}-everything-aarch64-dvd.iso /root/imageTailor_mount/ + ``` + +4. 使 yum 源生效。 + + ```shell + yum clean all + yum makecache + ``` + +5. 使用 root 权限,安装 imageTailor 裁剪工具。 + + ```shell + sudo yum install -y imageTailor + ``` + +6. 使用 root 权限,确认工具已安装成功。 + + ```shell + $ cd /opt/imageTailor/ + $ sudo ./mkdliso -h + ------------------------------------------------------------------------------------------------------------- + Usage: mkdliso -p product_name -c configpath [--minios yes|no|force] [-h] [--sec] + Options: + -p,--product Specify the product to make, check custom/cfg_yourProduct. + -c,--cfg-path Specify the configuration file path, the form should be consistent with custom/cfg_xxx + --minios Make minios: yes|no|force + --sec Perform security hardening + -h,--help Display help information + + Example: + command: + ./mkdliso -p openEuler -c custom/cfg_openEuler --sec + + help: + ./mkdliso -h + ------------------------------------------------------------------------------------------------------------- + ``` + +### 目录介绍 + +imageTailor 工具安装完成后,工具包的目录结构如下: + +```shell +[imageTailor] + |-[custom] + |-[cfg_openEuler] + |-[usr_file] // 存放用户添加的文件 + |-[usr_install] // 存放用户的 hook 脚本 + |-[all] + |-[conf] + |-[hook] + |-[cmd.conf] // 配置 ISO 镜像默认使用的命令和库 + |-[rpm.conf] // 配置 ISO 镜像默认安装的 RPM 包和驱动列表 + |-[security_s.conf] // 配置安全加固策略 + |-[sys.conf] // 配置 ISO 镜像系统参数 + |-[kiwi] // imageTailor 基础配置 + |-[repos] // RPM 源,制作 ISO 镜像需要的 RPM 包 + |-[security-tool] // 安全加固工具 + |-mkdliso // 制作 ISO 镜像的可执行脚本 +``` + +## 定制系统 + +本章介绍使用 imageTailor 工具将业务 RPM 包、自定义文件、驱动、命令和文件打包至目标 ISO 镜像。 + +### 总体流程 + +使用 imageTailor 工具定制系统的流程请参见下图: + +![](./figures/flowchart.png) + +各流程含义如下: + +- 检查软硬件环境:确认制作 ISO 镜像的机器满足软硬件要求。 + +- 定制业务包:包括添加 RPM 包(包括业务 RPM 包、命令、驱动、库文件)和添加文件(包括自定义文件、命令、驱动、库文件) + + - 添加业务 RPM 包:用户可以根据需要,添加 RPM 包到 ISO 镜像。具体要求请参见 [安装工具](#安装工具) 章节。 + - 添加自定义文件:若用户希望在目标 ISO 系统安装或启动时,能够进行自定义的硬件检查、系统配置检查、驱动安装等操作,可编写自定义文件,并打包到 ISO 镜像。 + - 添加驱动、命令、库文件:当 openEuler 的 RPM 包源未包含用户需要的驱动、命令或库文件时,可以使用 imageTailor 工具将对应驱动、命令或库文件打包至 ISO 镜像。 + +- 配置系统参数 + + - 配置主机参数:为了确保 ISO 镜像安装和启动成功,需要配置主机参数。 + - 配置分区:用户可以根据业务规划配置业务分区,同时可以调整系统分区。 + - 配置网络:用户可以根据需要配置系统网络参数,例如:网卡名称、IP 地址、子网掩码。 + - 配置初始密码:为了确保 ISO 镜像安装和启动成功,需要配置 root 初始密码和 grub 初始密码。 + - 配置内核参数:用户可以根据需求配置内核的命令行参数。 + +- 配置安全加固策略 + + imageTailor 提供了默认地安全加固策略。用户可以根据业务需要,通过编辑 security_s.conf 对系统进行二次加固(仅在系统 ISO 镜像定制阶段),具体的操作方法请参见 《 [安全加固指南](https://docs.openeuler.org/zh/docs/24.03_LTS_SP1/docs/SecHarden/secHarden.html) 》。 + +- 制作操作系统 ISO 镜像 + + 使用 imageTailor 工具制作操作系统 ISO 镜像。 + +### 定制业务包 + +用户可以根据业务需要,将业务 RPM 包、自定义文件、驱动、命令和库文件打包至目标 ISO 镜像。 + +#### 配置本地repo源 + +定制 ISO 操作系统镜像,必须在 /opt/imageTailor/repos/euler_base/ 目录配置 repo 源。本节主要介绍配置本地 repo 源的方法。 + +1. 下载 openEuler 发布的 ISO (必须使用 openEuler 发布 everything 版本镜像 的 RPM 包)。 + + ```shell + cd /opt + wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso + ``` + +2. 创建挂载目录 /opt/openEuler_repo ,并挂载 ISO 到该目录 。 + + ```shell + $ sudo mkdir -p /opt/openEuler_repo + $ sudo mount openEuler-{version}-everything-aarch64-dvd.iso /opt/openEuler_repo + mount: /opt/openEuler_repo: WARNING: source write-protected, mounted read-only. + ``` + +3. 拷贝 ISO 中的 RPM 包到 /opt/imageTailor/repos/euler_base/ 目录下。 + + ```shell + $ sudo rm -rf /opt/imageTailor/repos/euler_base && sudo mkdir -p /opt/imageTailor/repos/euler_base + $ sudo cp -ar /opt/openEuler_repo/Packages/* /opt/imageTailor/repos/euler_base + $ sudo chmod -R 644 /opt/imageTailor/repos/euler_base + $ sudo ls /opt/imageTailor/repos/euler_base|wc -l + 2577 + $ sudo umount /opt/openEuler_repo && sudo rm -rf /opt/openEuler_repo + $ cd /opt/imageTailor + ``` + +#### 添加文件 + +用户可以根据需要添加文件到 ISO 镜像,此处的文件类型可以是用户自定义文件、驱动、命令、库文件。用户只需要将文件放至 /opt/imageTailor/custom/cfg_openEuler/usr_file 目录下即可。 + +##### 注意事项 + +- 命令必须具有可执行权限,否则 imageTailor 工具无法将该命令打包至 ISO 中。 + +- 存放在 /opt/imageTailor/custom/cfg_openEuler/usr_file 目录下的文件,会生成在 ISO 根目录下,所以文件的目录结构必须是从根目录开始的完整路径,以便 imageTailor 工具能够将该文件放至正确的目录下。 + + 例如:假设希望文件 file1 在 ISO 的 /opt 目录下,则需要在 usr_file 目录下新建 opt 目录,再将 file1 文件拷贝至 opt 目录。如下: + + ```shell + $ pwd + /opt/imageTailor/custom/cfg_openEuler/usr_file + + $ tree + . + ├── etc + │   ├── default + │   │   └── grub + │   └── profile.d + │   └── csh.precmd + └── opt + └── file1 + + 4 directories, 3 files + ``` + +- 存放在 /opt/imageTailor/custom/cfg_openEuler/usr_file 目录下的目录必须是真实路径(例如路径中不包含软链接。可在系统中使用 `realpath` 或 `readlink -f` 命令查询真实路径)。 + +- 如果需要在系统启动或者安装阶段调用用户提供的脚本,即 hook 脚本,则需要将该文件放在 hook 目录下。 + +#### 添加 RPM 包 + +##### 操作流程 + +用户可以添加 RPM 包(驱动、命令或库文件)到 ISO 镜像,操作步骤如下: + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 下述 rpm.conf 和 cmd.conf 均在 /opt/imageTailor/custom/cfg_openEuler/ 目录下。 +>- 下述 RPM 包裁剪粒度是指 sys_cut='no' 。裁剪粒度详情请参见 [配置主机参数](#配置主机参数) 。 +>- 若没有配置本地 repo 源,请参见 [配置本地repo源](#配置本地repo源)进行配置。 +> + +1. 确认 /opt/imageTailor/repos/euler_base/ 目录中是否包含需要添加的 RPM 包。 + + - 是,请执行步骤 2 。 + - 否,请执行步骤 3 。 + +2. 在 rpm.conf 的 \ 字段配置该 RPM 包信息。 + + - 若为 RPM 包裁剪粒度,则操作完成。 + - 若为其他裁剪粒度,请执行步骤 4 。 + +3. 用户自己提供 RPM 包,放至 /opt/imageTailor/custom/cfg_openEuler/usr_rpm 目录下。如果 RPM 包依赖于其他 RPM 包,也必须将依赖包放至该目录,因为新增 RPM 包需要和依赖 RPM 包同时打包至 ISO 镜像。 + + - 若为用户 RPM 包文件裁剪,则执行 4 。 + - 其他裁剪粒度,则操作完成。 + +4. 请在 rpm.conf 和 cmd.conf 中配置该 RPM 包中要保留的驱动、命令和库文件。如果有要裁剪的普通文件,需要在 cmd.conf 文件中的 \\ 区域配置。 + +##### 配置文件说明 + +| 对象 | 对应配置文件 | 填写区域 | +| :----------- | :----------- | :----------------------------------------------------------- | +| 添加驱动 | rpm.conf | \
\
\
说明:其中驱动名称所在路径为 " /lib/modules/{内核版本号}/kernel/ " 的相对路径 | +| 添加命令 | cmd.conf | \
\
\ | +| 添加库文件 | cmd.conf | \
\
\ | +| 删除其他文件 | cmd.conf | \
\
\
说明:普通文件名称必须包含绝对路径 | + +**示例**如下 + +- 添加驱动 + + ```shell + + + + + ...... + + ``` + +- 添加命令 + + ```shell + + + + + ...... + + ``` + +- 添加库文件 + + ```shell + + + + + + ``` + +- 删除其他文件 + + ```shell + + + + + + ``` + +#### 添加 hook 脚本 + +hook 脚本由 OS 在启动和安装过程中调用,执行脚本中定义的动作。imageTailor 工具存放 hook 脚本的目录为 custom/cfg_openEuler/usr_install/hook,且其下有不同子目录,每个子目录代表 OS 启动或安装的不同阶段,用户根据脚本需要被调用的阶段存放,OS 会在对应阶段调用该脚本。用户可以根据需要存放自定义脚本到指定目录。 + +##### **脚本命名规则** + +用户可自定义脚本名称,必须 "S+数字(至少两位,个位数以0开头)" 开头,数字代表 hook 脚本的执行顺序。脚本名称示例:S01xxx.sh + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>hook 目录下的脚本是通过 source 方式调用,所以脚本中需要谨慎使用 exit 命令,因为调用 exit 命令之后,整个安装的脚本程序也同步退出了。 + +##### hook 子目录说明 + +| hook 子目录 | hook 脚本举例 | hook 执行点 | 说明 | +| :-------------------- | :---------------------| :------------------------------- | :----------------------------------------------------------- | +| insmod_drv_hook | 无 | 加载 OS 驱动之后 | 无 | +| custom_install_hook | S01custom_install.sh | 驱动加载完成后(即 insmod_drv_hook 执行后) | 用户可以自定义安装过程,不需要使用 OS 默认安装流程。 | +| env_check_hook | S01check_hw.sh | 安装初始化之前 | 初始化之前检查硬件配置规格、获取硬件类型。 | +| set_install_ip_hook | S01set_install_ip.sh | 安装初始化过程中,配置网络时 | 用户根据自身组网,自定义网络配置。 | +| before_partition_hook | S01checkpart.sh | 在分区前调用 | 用户可以在分区之前检查分区配置文件是否正确。 | +| before_setup_os_hook | 无 | 解压repo之前 | 用户可以进行自定义分区挂载操作。
如果安装包解压的路径不是分区配置中指定的根分区。则需要用户自定义分区挂载,并将解压路径赋值给传入的全局变量。 | +| before_mkinitrd_hook | S01install_drv.sh | 执行 mkinitrd 操作之前 | initrd 放在硬盘的场景下,执行 mkinitrd 操作之前的 hook。用户可以进行添加、更新驱动文件等自定义操作。 | +| after_setup_os_hook | 无 | 安装完系统之后 | 用户可以在安装完成之后进行系统文件的自定义操作,包括修改 grub.cfg 等 | +| install_succ_hook | 无 | 系统安装流程成功结束 | 用户执行解析安装信息,回传安装是否成功等操作。install_succ_hook 不可以设置为 install_break。 | +| install_fail_hook | 无 | 系统安装失败 | 用户执行解析安装信息,回传安装是否成功等操作。install_fail_hook 不可以设置为 install_break。 | + +### 配置系统参数 + +开始制作操作系统 ISO 镜像之前,需要配置系统参数,包括主机参数、初始密码、分区、网络、编译参数和系统命令行参数。 + +#### 配置主机参数 + + /opt/imageTailor/custom/cfg_openEuler/sys.conf 文件的 \ \ 区域用于配置系统的常用参数,例如主机名、内核启动参数等。 + +openEuler 提供的默认配置如下,用户可以根据需要进行修改: + +```shell + + sys_service_enable='ipcc' + sys_service_disable='cloud-config cloud-final cloud-init-local cloud-init' + sys_utc='yes' + sys_timezone='' + sys_cut='no' + sys_usrrpm_cut='no' + sys_hostname='Euler' + sys_usermodules_autoload='' + sys_gconv='GBK' + +``` + +配置中的各参数含义如下: + +- sys_service_enable + + 可选配置。OS 默认启用的服务,多个服务请以空格分开。如果用户不需要新增系统服务,请保持缺省值为 ipcc 。配置时请注意: + + - 只能在默认配置的基础上增加系统服务,不能删减系统服务。 + - 可以配置业务相关的服务,但是需要 repo 源中包含业务 RPM 包。 + - 默认只开启该参数中配置的服务,如果服务依赖其他服务,需要将被依赖的服务也配置在该参数中。 + +- sys_service_disable + + 可选配置。禁止服务开机自启动的服务,多个服务请以空格分开。如果用户没有需要禁用的系统服务,请修改该参数为空。 + +- sys_utc + + 必选配置。是否采用 UTC 时间。yes 表示采用,no 表示不采用,缺省值为 yes 。 + +- sys_timezone + + 可选配置。设置时区,即该单板所处的时区。可配置的范围为 openEuler 支持的时区,可通过 /usr/share/zoneinfo/zone.tab 文件查询。 + +- sys_cut + + 必选配置。是否裁剪 RPM 包。可配置为 yes、no 或者 debug 。yes 表示裁剪,no 表示不裁剪(仅安装 rpm.conf 中的 RPM 包),debug 表示裁剪但会保留 `rpm` 命令方便安装后定制。缺省值为 no 。 + + >![](./public_sys-resources/icon-note.gif) 说明: + > + > - imageTailor 工具会先安装用户添加的 RPM 包,再删除 cmd.conf + > 中 \ 区域的文件,最后删除 + > cmd.conf 和 rpm.conf 中未配置的命令、库和驱动。 + > - sys_cut='yes' 时,imageTailor 工具不支持 `rpm` 命令的安装,即使在 rpm.conf 中配置了也不生效。 + +- sys_usrrpm_cut + + 必选配置。是否裁剪用户添加到 /opt/imageTailor/custom/cfg_openEuler/usr_rpm 目录下的 RPM 包。yes 表示裁剪,no 表示不裁剪。缺省值为 no 。 + + - sys_usrrpm_cut='yes' :imageTailor 工具会先安装用户添加的 RPM 包,然后删除 cmd.conf 中 \ 区域配置的文件,最后删除 cmd.conf 和 rpm.conf 中未配置的命令、库和驱动。 + + - sys_usrrpm_cut='no' :imageTailor 工具会安装用户添加的 RPM 包,不删除用户 RPM 包中的文件。 + +- sys_hostname + + 必选配置。主机名。大批量部署 OS 时,部署成功后,建议修改每个节点的主机名,确保各个节点的主机名不重复。 + + 主机名要求:字母、数字、"-" 的组合,首字母必须是字母或数字。字母支持大小写。字符个数不超过 63 。缺省值为 Euler 。 + +- sys_usermodules_autoload + + 可选配置。系统启动阶段加载的驱动,配置该参数时,不需要填写后缀 .ko 。如果有多个驱动,请以空格分开。默认为空,不加载额外驱动。 + +- sys_gconv + + 可选配置。该参数用于定制 /usr/lib/gconv, /usr/lib64/gconv ,配置取值为: + + - null/NULL:表示不配置。如果裁剪系统(sys_cut=“yes”),则/usr/lib/gconv 和 /usr/lib64/gconv 会被删除。 + - all/ALL:不裁剪 /usr/lib/gconv 和 /usr/lib64/gconv 。 + - xxx,xxx:保留 /usr/lib/gconv 和 /usr/lib64/gconv 目录下对应的文件。若需要保留多个文件,可用 "," 分隔。 + +- sys_man_cut + + 可选配置。配置是否裁剪 man 文档。yes 表示裁剪,no 表示不裁剪。缺省值为 yes 。 + +>![](./public_sys-resources/icon-note.gif) 说明: +> +> sys_cut 和 sys_usrrpm_cut 同时配置时,sys_cut 优先级更高,即遵循如下原则: +> +> - sys_cut='no' +> +> 无论 sys_usrrpm_cut='no' 还是 sys_usrrpm_cut='yes' ,都为系统 RPM 包裁剪粒度,即 imageTailor 会安装 repo 源中的 RPM 包和 usr_rpm 目录下的 RPM 包,但不会裁剪 RPM 包中的文件。即使用户不需要这些 RPM 包中的部分文件,imageTailor 也不会进行裁剪。 +> +> - sys_cut='yes' +> +> - sys_usrrpm_cut='no' +> +> 系统 RPM 包文件裁剪粒度:imageTailor 会根据用户配置,裁剪 repo 源中 RPM 包的文件。 +> +> - sys_usrrpm_cut='yes' +> +> 系统和用户 RPM 包文件裁剪粒度:imageTailor 会根据用户的配置,裁剪 repo 源和 usr_rpm 目录中 RPM 包的文件。 +> + +#### 配置初始密码 + +操作系统安装时,必须具有 root 初始密码和 grub 初始密码,否则裁剪得到的 ISO 在安装后无法使用 root 帐号进行登录。本节介绍配置初始密码的方法。 + +> ![](./public_sys-resources/icon-note.gif)说明: +> +> root 初始密码和 grub 初始密码,必须由用户自行配置。 + +##### 配置 root 初始密码 + +###### 简介 + +root 初始密码保存在 "/opt/imageTailor/custom/cfg_openEuler/rpm.conf" 中,用户通过修改该文件配置 root 初始密码。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 若使用 `mkdliso` 命令制作 ISO 镜像时需要使用 --minios yes/force 参数(制作在系统安装时进行系统引导的 initrd),则还需要在 /opt/imageTailor/kiwi/minios/cfg_minios/rpm.conf 中填写相应信息。 + +/opt/imageTailor/custom/cfg_openEuler/rpm.conf 中 root 初始密码的默认配置如下,需要用户自行添加: + +```Conf + + + +``` + +各参数含义如下: + +- group:用户所属组。 +- pwd:用户初始密码的加密密文,加密算法为 SHA-512。${pwd} 需要替换成用户实际的加密密文。 +- home:用户的家目录。 +- name:需要配置用户的用户名。 + +###### 修改方法 + +用户在制作 ISO 镜像前需要修改 root 用户的初始密码,这里给出设置 root 初始密码的方法(需使用 root 权限): + +1. 添加用于生成密码的用户,此处假设 testUser。 + + ```shell + sudo useradd testUser + ``` + +2. 设置 testUser 用户的密码。参考命令如下,根据提示设置密码: + + ```shell + $ sudo passwd testUser + Changing password for user testUser. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + ``` + +3. 查看 /etc/shadow 文件,testUser 后的内容(两个 : 间的字符串)即为加密后的密码。 + + ``` shell script + $ sudo cat /etc/shadow | grep testUser + testUser:$6$YkX5uFDGVO1VWbab$jvbwkZ2Kt0MzZXmPWy.7bJsgmkN0U2gEqhm9KqT1jwQBlwBGsF3Z59heEXyh8QKm3Qhc5C3jqg2N1ktv25xdP0:19052:0:90:7:35:: + ``` + +4. 拷贝上述加密密码替换 /opt/imageTailor/custom/cfg_openEuler/rpm.conf 中的 pwd 字段,如下所示: + + ``` shell script + + + + ``` + +5. 若使用 `mkdliso` 命令制作 ISO 镜像时需要使用 --minios yes/force 参数,请修改 /opt/imageTailor/kiwi/minios/cfg_minios/rpm.conf 中对应用户的 pwd 字段。 + + ``` shell script + + + + ``` + +##### 配置 grub 初始密码 + +grub 初始密码保存在 /opt/imageTailor/custom/cfg_openEuler/usr_file/etc/default/grub 中,用户通过修改该文件配置 grub 初始密码。如果未配置 grub 初始密码,制作 ISO 镜像会失败。 + +> ![](./public_sys-resources/icon-note.gif)说明: +> +> - 配置 grub 初始密码需要使用 root 权限。 +> - grub 密码对应的默认用户为 root 。 +> +> - 系统中需有 grub2-set-password 命令,若不存在,请提前安装该命令。 + +1. 执行如下命令,根据提示设置 grub 密码: + + ```shell + $ sudo grub2-set-password -o ./ + Enter password: + Confirm password: + grep: .//grub.cfg: No such file or directory + WARNING: The current configuration lacks password support! + Update your configuration with grub2-mkconfig to support this feature. + ``` + +2. 命令执行完成后,会在当前目录生成 user.cfg 文件,grub.pbkdf2.sha512 开头的内容即 grub 加密密码。 + + ```shell + $ sudo cat user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.CE285BE1DED0012F8B2FB3DEA38782A5B1040FEC1E49D5F602285FD6A972D60177C365F1 + B5D4CB9D648AD4C70CF9AA2CF9F4D7F793D4CE008D9A2A696A3AF96A.0AF86AB3954777F40D324816E45DD8F66CA1DE836DC7FBED053DB02 + 4456EE657350A27FF1E74429546AD9B87BE8D3A13C2E686DD7C71D4D4E85294B6B06E0615 + ``` + +3. 复制上述密文,并在 /opt/imageTailor/custom/cfg_openEuler/usr_file/etc/default/grub 文件中增加如下配置: + + ```shell + GRUB_PASSWORD="grub.pbkdf2.sha512.10000.CE285BE1DED0012F8B2FB3DEA38782A5B1040FEC1E49D5F602285FD6A972D60177C365F1 + B5D4CB9D648AD4C70CF9AA2CF9F4D7F793D4CE008D9A2A696A3AF96A.0AF86AB3954777F40D324816E45DD8F66CA1DE836DC7FBED053DB02 + 4456EE657350A27FF1E74429546AD9B87BE8D3A13C2E686DD7C71D4D4E85294B6B06E0615" + ``` + +#### 配置分区 + +若用户想调整系统分区或业务分区,可以通过修改 /opt/imageTailor/custom/cfg_openEuler/sys.conf 文件中的 \ 实现。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 系统分区:存放操作系统的分区 +>- 业务分区:存放业务数据的分区 +>- 差别:在于存放的内容,而每个分区的大小、挂载路径和文件系统类型都不是区分业务分区和系统分区的依据。 +>- 配置分区为可选项,用户也可以在安装 OS 之后,手动配置分区 + + \ 的配置格式为: + +hd 磁盘号 挂载路径 分区大小 分区类型 文件系统类型 [二次格式化标志位] + +其默认配置如下: + +``` shell script + +hd0 /boot 512M primary ext4 yes +hd0 /boot/efi 200M primary vfat yes +hd0 / 30G primary ext4 +hd0 - - extended - +hd0 /var 1536M logical ext4 +hd0 /home max logical ext4 + +``` + +各参数含义如下: + +- 【hd 磁盘号】 + 磁盘的编号。请按照 hdx 的格式填写,x 指第 x 块盘。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >分区配置只在被安装机器的磁盘能被识别时才有效。 + +- 【挂载路径】 + 指定分区挂载的路径。用户既可以配置业务分区,也可以对默认配置中的系统分区进行调整。如果不挂载,则设置为 '-'。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- 分区配置中必须有 '/' 挂载路径。其他的请用户自行调整。 + >- 采用 UEFI 引导时,在 x86_64 的分区配置中必须有 '/boot' 挂载路径,在 AArch64 的分区配置中必须有 '/boot/efi' 挂载路径。 + +- 【分区大小】 + 分区大小的取值有以下四种: + + - G/g:指定以 GB 为单位的分区大小,例如:2G。 + - M/m:指定以 MB 为单位的分区大小,例如:300M。 + - T/t:指定以 TB 为单位的分区大小,例如:1T。 + - MAX/max:指定将硬盘上剩余的空间全部用来创建一个分区。只能在最后一个分区配置该值。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- 分区大小不支持小数,如果是小数,请换算成其他单位,调整为整数的数值。例如:不能填写 1.5G,应填写为 1536M。 + >- 分区大小取 MAX/max 值时,剩余分区大小不能超过支持文件系统类型的限制(默认文件系统类型 ext4,限制大小 16T)。 + +- 【分区类型】 + 分区有以下三种类型: + + - 主分区:primary + - 扩展分区:extended(该分区只需配置 hd 磁盘号即可) + - 逻辑分区:logical + +- 【文件系统类型】 + 目前支持的文件系统类型有:ext4、vfat + +- 【二次格式化标志位】 + 可选配置,表示二次安装时是否格式化: + + - 是:yes + - 否:no 。不配置默认为 no 。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >二次格式化是指本次安装之前,磁盘已安装过 openEuler 系统。当前一次安装跟本次安装的使用相同的分区表配置(分区大小,挂载点,文件类型)时,该标志位可以配置是否格式化之前的分区,'/boot' 和 '/' 分区除外,每次都会重新格式化。如果目标机器第一次安装,则该标志位不生效,所有指定了文件系统的分区都会进行格式化。 + +#### 配置网络 + +系统网络参数保存在 /opt/imageTailor/custom/cfg_openEuler/sys.conf 中,用户可以通过该文件的\\ 配置修改目标 ISO 镜像的网络参数,例如:网卡名称、IP地址、子网掩码。 + +sys.conf 中默认的网络配置如下,其中 netconfig-0 代表网卡 eth0。如果需要配置多块网卡,例如eth1,请在配置文件中增加 \\,并在其中填写网卡 eth1 的各项参数。 + +```shell + +BOOTPROTO="dhcp" +DEVICE="eth0" +IPADDR="" +NETMASK="" +STARTMODE="auto" + +``` + +各参数含义请参见下表: + +| 参数名称 | 是否必配 | 参数值 | 说明 | +| :-------- | -------- | :------------------------------------------------ | :----------------------------------------------------------- | +| BOOTPROTO | 是 | none / static / dhcp | none:引导时不使用协议,不配地址
static:静态分配地址
dhcp:使用 DHCP 协议动态获取地址 | +| DEVICE | 是 | 如:eth1 | 网卡名称 | +| IPADDR | 是 | 如:192.168.11.100 | IP 地址
当 BOOTPROTO 参数为 static 时,该参数必配;其他情况下,该参数不用配置 | +| NETMASK | 是 | - | 子网掩码
当 BOOTPROTO 参数为 static 时,该参数必配;其他情况下,该参数不用配置 | +| STARTMODE | 是 | manual / auto / hotplug / ifplugd / nfsroot / off | 启用网卡的方法:
manual:用户在终端执行 ifup 命令启用网卡。
auto \ hotplug \ ifplug \ nfsroot:当 OS 识别到该网卡时,便启用该网卡。
off:任何情况下,网卡都无法被启用。
各参数更具体的说明请在制作 ISO 镜像的机器上执行 `man ifcfg` 命令查看。 | + +#### 配置内核参数 + +为了系统能够更稳定高效地运行,用户可以根据需要修改内核命令行参数。imageTailor 工具制作的 OS 镜像,可以通过修改 /opt/imageTailor/custom/cfg_openEuler/usr_file/etc/default/grub 中的 GRUB_CMDLINE_LINUX 配置实现内核命令行参数修改。 GRUB_CMDLINE_LINUX 中内核命令行参数的默认配置如下: + +```shell +GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 crashkernel=512M oops=panic softlockup_panic=1 reserve_kbox_mem=16M crash_kexec_post_notifiers panic=3 console=tty0" +``` + +此处各配置含义如下(其余常见的内核命令行参数请查阅内核相关文档): + +- net.ifnames=0 biosdevname=0 + + 以传统方式命名网卡。 + +- crashkernel=512M + + 为 kdump 预留的内存空间大小为 512 MB。 + +- oops=panic panic=3 + + 内核 oops 时直接 panic,并且 3 秒后重启系统。 + +- softlockup_panic=1 + + 在检测到软死锁(soft-lockup)时让内核 panic。 + +- reserve_kbox_mem=16M + + 为 kbox 预留的内存空间大小为 16 MB。 + +- console=tty0 + + 指定第一个虚拟控制台的输出设备为 tty0。 + +- crash_kexec_post_notifiers + + 系统 crash 后,先调用注册到 panic 通知链上的函数,再执行 kdump。 + +### 制作系统 + +操作系统定制完成后,可以通过 mkdliso 脚本制作系统镜像文件。 imageTailor 制作的 OS 为 ISO 格式的镜像文件。 + +#### 命令介绍 + +##### 命令格式 + +mkdliso -p openEuler -c custom/cfg_openEuler [--minios yes|no|force] [--sec] [-h] + +##### 参数说明 + +| 参数名称 | 是否必选 | 参数含义 | 取值范围 | +| -------- | -------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| -p | 是 | 设置产品名称 | openEuler | +| c | 是 | 指定配置文件的相对路径 | custom/cfg_openEuler | +| --minios | 否 | 制作在系统安装时进行系统引导的 initrd | 默认为 yes
yes:第一次执行命令时会制作 initrd,之后执行命令会判断 'usr_install/boot'
目录下是否存在 initrd(sha256 校验)。如果存在,就不重新制作 initrd,否则制作 initrd 。
no:不制作 initrd,采用原有方式,系统引导和运行使用的 initrd 相同。
force:强制制作 initrd,不管 'usr_install/boot' 目录下是否存在 initrd。 | +| --sec | 否 | 是否对生成的 ISO 进行安全加固
如果用户不输入该参数,则由此造成的安全风险由用户承担 | 无 | +| -h | 否 | 获取帮助信息 | 无 | + +#### 制作指导 + +使用 mkdliso 制作 ISO 镜像的操作步骤如下: + +>![](./public_sys-resources/icon-note.gif) 说明: +> +> - mkdliso 所在的绝对路径中不能有空格,否则会导致制作 ISO 失败。 +> - 制作 ISO 的环境中,umask 的值必须设置为 0022。 +> - 命令需在/opt/imageTailor目录中执行 + +1. 使用 root 权限,执行 mkdliso 命令,生成 ISO 镜像文件。参考命令如下: + + ```shell + # cd /opt/imageTailor/ + # sudo mkdliso -p openEuler -c custom/cfg_openEuler --sec + ``` + + 命令执行完成后,制作出的新文件在 /opt/imageTailor/result/{日期} 目录下,包括 openEuler-aarch64.iso 和 openEuler-aarch64.iso.sha256 。 + +2. 验证 ISO 镜像文件的完整性。此处假设日期为 2022-03-21-14-48 。 + + ```shell + cd /opt/imageTailor/result/2022-03-21-14-48/ + sha256sum -c openEuler-aarch64.iso.sha256 + ``` + + 回显如下,表示 ISO 镜像文件完整,ISO 制作完成。 + + ```text + openEuler-aarch64.iso: OK + ``` + + 若回显如下,表示镜像不完整,说明 ISO 镜像文件完整性被破坏,需要重新制作。 + + ```shell + openEuler-aarch64.iso: FAILED + sha256sum: WARNING: 1 computed checksum did NOT match + ``` + +3. 查看日志 + + 镜像制作完成后,可以根据需要(例如制作出错时)查看日志。第一次制作镜像时,对应的日志和安全加固日志被压缩为一个 tar 包(日志的命名格式为:sys_custom_log_{*日期* }.tar.gz),存放在 result/log 目录下。该目录只保留最近时间的 50 个日志压缩包,超过 50 个时会对旧文件进行覆盖。 + +### 裁剪时区 + +定制完成的 ISO 镜像安装后,用户可以根据需求裁剪 openEuler 系统支持的时区。本节介绍裁剪时区的方法。 + +openEuler 操作系统支持的时区信息存放在时区文件夹 /usr/share/zoneinfo 下,可通过如下命令查看: + +```shell +$ ls /usr/share/zoneinfo/ +Africa/ America/ Asia/ Atlantic/ Australia/ Etc/ Europe/ +Pacific/ zone.tab +``` + +其中每个子文件夹代表一个 Area ,当前 Area 包括:大陆、海洋以及 Etc 。每个 Area 文件夹内部则包含了隶属于其的 Location 。一个 Location 一般为一座城市或者一个岛屿。 + +所有时区均以 Area/Location 的形式来表示,比如中国大陆南部使用北京时间,其时区为 Asia/Shanghai(Location 并不一定会使用首都)。对应的,其时区文件为: + +```text +/usr/share/zoneinfo/Asia/Shanghai +``` + +若用户希望裁剪某些时区,则只需将对应的时区文件删除即可。 + +### 定制示例 + +本节给出使用 imageTailor 工具定制一个 ISO 操作系统镜像的简易方案,方便用户了解制作的整体流程。 + +1. 检查制作 ISO 所在环境是否满足要求。 + + ``` shell + # cat /etc/openEuler-release + ``` + +2. 确保根目录有 40 GB 以上空间。 + + ```shell + $ df -h + Filesystem Size Used Avail Use% Mounted on + ...... + /dev/vdb 196G 28K 186G 1% / + ``` + +3. 安装 imageTailor 裁剪工具。具体安装方法请参见 [安装工具](#安装工具) 章节。 + + ```shell + $ sudo yum install -y imageTailor + $ ll /opt/imageTailor/ + total 88K + drwxr-xr-x. 3 root root 4.0K Mar 3 08:00 custom + drwxr-xr-x. 10 root root 4.0K Mar 3 08:00 kiwi + -r-x------. 1 root root 69K Mar 3 08:00 mkdliso + drwxr-xr-x. 2 root root 4.0K Mar 9 14:48 repos + drwxr-xr-x. 2 root root 4.0K Mar 9 14:48 security-tool + ``` + +4. 配置本地 repo 源。 + + ```shell + $ wget https://repo.openeuler.org/openEuler-{version}/ISO/aarch64/openEuler-{version}-everything-aarch64-dvd.iso + $ sudo mkdir -p /opt/openEuler_repo + $ sudo mount openEuler-{version}-everything-aarch64-dvd.iso /opt/openEuler_repo + mount: /opt/openEuler_repo: WARNING: source write-protected, mounted read-only. + $ sudo rm -rf /opt/imageTailor/repos/euler_base && sudo mkdir -p /opt/imageTailor/repos/euler_base + $ sudo cp -ar /opt/openEuler_repo/Packages/* /opt/imageTailor/repos/euler_base + $ sudo chmod -R 644 /opt/imageTailor/repos/euler_base + $ sudo ls /opt/imageTailor/repos/euler_base|wc -l + 2577 + $ sudo umount /opt/openEuler_repo && sudo rm -rf /opt/openEuler_repo + $ cd /opt/imageTailor + ``` + +5. 修改 grub/root 密码。 + + 以下 ${pwd} 的实际内容请参见 [配置初始密码](#配置初始密码) 章节生成并替换。 + + ```shell + $ cd /opt/imageTailor/ + $ sudo vi custom/cfg_openEuler/usr_file/etc/default/grub + GRUB_PASSWORD="${pwd1}" + $ + $ sudo vi kiwi/minios/cfg_minios/rpm.conf + + + + $ + $ sudo vi custom/cfg_openEuler/rpm.conf + + + + ``` + +6. 执行裁剪命令。 + + ```shell + $ sudo rm -rf /opt/imageTailor/result + $ sudo ./mkdliso -p openEuler -c custom/cfg_openEuler --minios force + ...... + Complete release iso file at: result/2022-03-09-15-31/openEuler-aarch64.iso + move all mkdliso log file to result/log/sys_custom_log_20220309153231.tar.gz + $ ll result/2022-03-09-15-31/ + total 889M + -rw-r--r--. 1 root root 889M Mar 9 15:32 openEuler-aarch64.iso + -rw-r--r--. 1 root root 87 Mar 9 15:32 openEuler-aarch64.iso.sha256 + ``` diff --git a/docs/zh/tools/community_tools/image_tailor/public_sys-resources/icon-note.gif b/docs/zh/tools/community_tools/image_tailor/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/tools/community_tools/image_tailor/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/tools/community_tools/isocut/_toc.yaml b/docs/zh/tools/community_tools/isocut/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..59c80a8d19efbd38109c73fdd3ea0cd1e3e1f4b1 --- /dev/null +++ b/docs/zh/tools/community_tools/isocut/_toc.yaml @@ -0,0 +1,6 @@ +label: isocut 使用指南 +isManual: true +description: 对 openEuler 光盘镜像进行裁剪定制 +sections: + - label: isocut 使用指南 + href: ./isocut_user_guide.md diff --git a/docs/zh/tools/community_tools/isocut/figures/flowchart.png b/docs/zh/tools/community_tools/isocut/figures/flowchart.png new file mode 100644 index 0000000000000000000000000000000000000000..e4fecb8b310f204d6cfd07449ccc3c93d1badd51 Binary files /dev/null and b/docs/zh/tools/community_tools/isocut/figures/flowchart.png differ diff --git a/docs/zh/tools/community_tools/isocut/figures/lack_pack.png b/docs/zh/tools/community_tools/isocut/figures/lack_pack.png new file mode 100644 index 0000000000000000000000000000000000000000..a4b7f1da15da70f63a86aae360e89017c2b98f2d Binary files /dev/null and b/docs/zh/tools/community_tools/isocut/figures/lack_pack.png differ diff --git a/docs/zh/tools/community_tools/isocut/isocut_user_guide.md b/docs/zh/tools/community_tools/isocut/isocut_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..bf7115169163617ee9be56d3ce022f27a3c1cace --- /dev/null +++ b/docs/zh/tools/community_tools/isocut/isocut_user_guide.md @@ -0,0 +1,355 @@ +# isocut 使用指南 + +## 简介 + +openEuler 光盘镜像较大,下载、传输镜像很耗时。另外,使用 openEuler 光盘镜像安装操作系统时,会安装镜像所包含的全量 RPM 软件包,用户无法只安装部分所需的软件包。 + +在某些场景下,用户不需要安装镜像提供的全量软件包,或者需要一些额外的软件包。因此,openEuler 提供了镜像裁剪定制工具。通过该工具,用户可以基于 openEuler 光盘镜像裁剪定制仅包含所需 RPM 软件包的 ISO 镜像。这些软件包可以来自原有 ISO 镜像,也可以额外指定,从而满足用户定制需求。 + +本文档介绍 openEuler 镜像裁剪定制工具的安装和使用方法,以指导用户更好的完成镜像裁剪定制。 + +## 软硬件要求 + +使用 openEuler 裁剪定制工具制作 ISO 所使用的机器需要满足如下软硬件要求: + +- CPU 架构为 AArch64 或者 x86_64 +- 建议预留 30 GB 以上的磁盘空间(用于运行裁剪定制工具和存放 ISO 镜像) + +## 安装工具 + +1. 确认机器已安装操作系统。 + + ``` shell script + # cat /etc/openEuler-release + ``` + +2. 下载对应架构的 ISO 镜像(必须是 everything 版本),并存放在任一目录(建议该目录磁盘空间大于 20 GB),此处假设存放在 /home/isocut_iso 目录。 + + AArch64 架构的镜像下载链接为: + +3. 创建文件 /etc/yum.repos.d/local.repo,配置对应 yum 源。配置内容参考如下,其中 baseurl 是用于挂载 ISO 镜像的目录。 + + ``` shell script + [local] + name=local + baseurl=file:///home/isocut_mount + gpgcheck=0 + enabled=1 + ``` + +4. 使用 root 权限,挂载光盘镜像到 /home/isocut_mount 目录(请与上述 repo 文件中配置的 baseurl 保持一致)作为 yum 源。参考命令如下: + + ```shell + sudo mount -o loop /home/isocut_iso/openEuler-24.03-LTS-SP1-everything-aarch64-dvd.iso /home/isocut_mount + ``` + +5. 使 yum 源生效。 + + ```shell + yum clean all + yum makecache + ``` + +6. 使用 root 权限,安装镜像裁剪定制工具。 + + ```shell + sudo yum install -y isocut + ``` + +7. 使用 root 权限,确认工具已安装成功。 + + ```shell + $ sudo isocut -h + Checking input ... + usage: isocut [-h] [-t temporary_path] [-r rpm_path] [-k file_path] source_iso dest_iso + + Cut openEuler iso to small one + + positional arguments: + source_iso source iso image + dest_iso destination iso image + + optional arguments: + -h, --help show this help message and exit + -t temporary_path temporary path + -r rpm_path extern rpm packages path + -k file_path kickstart file + ``` + +## 裁剪定制镜像 + +此处介绍如何使用镜像裁剪定制工具基于 openEuler 光盘镜像裁剪或添加额外 RPM 软件包制作新镜像的方法。 + +### 命令介绍 + +#### 命令格式 + +镜像裁剪定制工具通过 isocut 命令执行功能。命令的使用格式为: + +**isocut** [ --help | -h ] [ -t \<*temp_path*> ] [ -r \<*rpm_path*> ] [ -k \<*file_path*> ] \< *source_iso* > \< *dest_iso* > + +#### 参数说明 + +| 参数 | 是否必选 | 参数含义 | +| ---------------- | -------- | ------------------------------------------------------------ | +| --help \| -h | 否 | 查询命令的帮助信息。 | +| -t \<*temp_path*> | 否 | 指定工具运行的临时目录 *temp_path*,其中 *temp_path* 为绝对路径。默认为 /tmp 。 | +| -r \<*rpm_path*> | 否 | 用户需要额外添加到 ISO 镜像中的 RPM 包路径。 | +| -k \<*file_path*> | 否 | 用户需要使用 kickstart 自动安装,指定 kickstart 模板路径。 | +| *source_iso* | 是 | 用于裁剪的 ISO 源镜像所在路径和名称。不指定路径时,默认当前路径。 | +| *dest_iso* | 是 | 裁剪定制生成的 ISO 新镜像存放路径和名称。不指定路径时,默认当前路径。 | + +### 软件包来源 + +新镜像的 RPM 包来源有: + +- 原有 ISO 镜像。该情况通过配置文件 /etc/isocut/rpmlist 指定需要安装的 RPM 软件包,配置格式为 "软件包名.对应架构",例如:kernel.aarch64 。 + +- 额外指定。执行 **isocut** 时使用 -r 参数指定软件包所在路径,并将添加的 RPM 包按上述格式添加到配置文件 /etc/isocut/rpmlist 中。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- 裁剪定制镜像时,若无法找到配置文件中指定的 RPM 包,则镜像中不会添加该 RPM 包。 + >- 若 RPM 包的依赖有问题,则裁剪定制镜像时可能会报错。 + +### kickstart 功能介绍 + +用户需要实现镜像自动化安装,可以通过 kickstart 的方式。在执行 **isocut** 时使用 -k 参数指定 kickstart 文件。 + +isocut 为用户提供了 kickstart 模板,路径是 /etc/isocut/anaconda-ks.cfg,用户可以基于该模板修改。 + +#### 修改 kickstart 模板 + +若用户需要使用 isocut 工具提供的 kickstart 模板,需要修改以下内容: + +- 必须在文件 /etc/isocut/anaconda-ks.cfg 中配置 root 和 grub2 的密码。否则镜像自动化安装会卡在设置密码的环节,等待用户手动输入密码。 +- 如果要添加额外 RPM 包,并使用 kickstart 自动安装,则在 /etc/isocut/rpmlist 和 kickstart 文件的 %packages 字段都要指定该 RPM 包。 + +接下来介绍 kickstart 文件详细修改方法。 + +##### 配置初始密码 + +###### 配置 root 初始密码 + +/etc/isocut/anaconda-ks.cfg 中 root 初始密码的默认配置如下,其中 ${pwd} 需要替换成用户实际的加密密文: + +```shell +rootpw --iscrypted ${pwd} +``` + +这里给出设置 root 初始密码的方法(需使用 root 权限)。 + +1. 添加用于生成密码的用户,此处假设 testUser。 + + ``` shell script + $ sudo useradd testUser + ``` + +2. 设置 testUser 用户的密码。参考命令如下,根据提示设置密码。 + + ``` shell script + $ sudo passwd testUser + Changing password for user testUser. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + ``` + +3. 查看 /etc/shadow 文件,获取加密密码(用户 testUser 后,两个 : 间的字符串,此处使用 *** 代替)。 + + ``` shell script + $ sudo cat /etc/shadow | grep testUser + testUser:***:19052:0:90:7:35:: + ``` + +4. 拷贝上述加密密码替换 /etc/isocut/anaconda-ks.cfg 中的 pwd 字段,如下所示(请用实际内容替换 *** )。 + + ``` shell script + rootpw --iscrypted *** + ``` + +###### 配置 grub2 初始密码 + +/etc/isocut/anaconda-ks.cfg 文件中添加以下配置,配置 grub2 初始密码。其中 ${pwd} 需要替换成用户实际的加密密文。 + +```shell +%addon com_huawei_grub_safe --iscrypted --password='${pwd}' +%end +``` + +> ![](./public_sys-resources/icon-note.gif)说明: +> +> - 配置 grub 初始密码需要使用 root 权限。 +> - grub 密码对应的默认用户为 root 。 +> +> - 系统中需有 grub2-set-password 命令,若不存在,请提前安装该命令。 + +1. 执行如下命令,根据提示设置 grub2 密码。 + + ```shell + $ sudo grub2-set-password -o ./ + Enter password: + Confirm password: + grep: .//grub.cfg: No such file or directory + WARNING: The current configuration lacks password support! + Update your configuration with grub2-mkconfig to support this feature. + ``` + +2. 命令执行完成后,会在当前目录生成 user.cfg 文件,grub.pbkdf2.sha512 开头的内容即 grub2 加密密码。 + + ```shell + $ sudo cat user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.*** + ``` + +3. 复制上述密文,并在 /etc/isocut/anaconda-ks.cfg 文件中增加如下配置。 + + ```shell + %addon com_huawei_grub_safe --iscrypted --password='grub.pbkdf2.sha512.***' + %end + ``` + +##### 配置 %packages 字段 + +如果需要添加额外 RPM 包,并使用 kickstart 自动安装,需要在 /etc/isocut/rpmlist 和 kickstart 文件的 %packages 字段都指定该 RPM 包。 + +此处介绍在 /etc/isocut/anaconda-ks.cfg 文件中添加 RPM 包。 + +/etc/isocut/anaconda-ks.cfg 文件的 %packages 默认配置如下: + +```shell +%packages --multilib --ignoremissing +acl.aarch64 +aide.aarch64 +...... +NetworkManager.aarch64 +%end +``` + +将额外指定的 RPM 软件包添加到 %packages 配置中,需要遵循如下配置格式: + +"软件包名.对应架构",例如:kernel.aarch64 + +```shell +%packages --multilib --ignoremissing +acl.aarch64 +aide.aarch64 +...... +NetworkManager.aarch64 +kernel.aarch64 +%end +``` + +### 操作指导 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 请不要修改或删除 /etc/isocut/rpmlist 文件中的默认配置项。 +>- isocut 的所有操作需要使用 root 权限。 +>- 待裁剪的源镜像可以为基础镜像,也可以是 everything 版镜像,例子中以基础版镜像 openEuler-24.03-LTS-SP1-aarch64-dvd.iso 为例。 +>- 例子中假设新生成的镜像名称为 new.iso,且存放在 /home/result 路径;运行工具的临时目录为 /home/temp;额外的 RPM 软件包存放在 /home/rpms 目录。 + +1. 修改配置文件 /etc/isocut/rpmlist,指定用户需要安装的 RPM 软件包(来自原有 ISO 镜像)。 + + ``` shell script + sudo vi /etc/isocut/rpmlist + ``` + +2. 确定运行镜像裁剪定制工具的临时目录空间大于 8 GB 。默认临时目录为 /tmp,也可以使用 -t 参数指定其他目录作为临时目录,该目录必须为绝对路径。本例中使用目录 /home/temp,由如下回显可知 /home 目录可用磁盘为 38 GB,满足要求。 + + ```shell + $ df -h + Filesystem Size Used Avail Use% Mounted on + devtmpfs 1.2G 0 1.2G 0% /dev + tmpfs 1.5G 0 1.5G 0% /dev/shm + tmpfs 1.5G 23M 1.5G 2% /run + tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup + /dev/mapper/openeuler_openeuler-root 69G 2.8G 63G 5% / + /dev/sda2 976M 114M 796M 13% /boot + /dev/mapper/openeuler_openeuler-home 61G 21G 38G 35% /home + ``` + +3. 执行裁剪定制。 + + **场景一**:新镜像的所有 RPM 包来自原有 ISO 镜像 + + ``` shell script + $ sudo isocut -t /home/temp /home/isocut_iso/openEuler-24.03-LTS-SP1-aarch64-dvd.iso /home/result/new.iso + Checking input ... + Checking user ... + Checking necessary tools ... + Initing workspace ... + Copying basic part of iso image ... + Downloading rpms ... + Finish create yum conf + finished + Regenerating repodata ... + Checking rpm deps ... + Getting the description of iso image ... + Remaking iso ... + Adding checksum for iso ... + Adding sha256sum for iso ... + ISO cutout succeeded, enjoy your new image "/home/result/new.iso" + isocut.lock unlocked ... + ``` + + 回显如上,说明新镜像 new.iso 定制成功。 + + **场景二**:新镜像的 RPM 包除来自原有 ISO 镜像,还包含来自 /home/rpms 的额外软件包 + + ```shell + sudo isocut -t /home/temp -r /home/rpms /home/isocut_iso/openEuler-24.03-LTS-SP1-aarch64-dvd.iso /home/result/new.iso + ``` + + **场景三**:使用 kickstart 文件实现自动化安装,需要修改 /etc/isocut/anaconda-ks.cfg 文件 + + ```shell + sudo isocut -t /home/temp -k /etc/isocut/anaconda-ks.cfg /home/isocut_iso/openEuler-24.03-LTS-SP1-aarch64-dvd.iso /home/result/new.iso + ``` + +## FAQ + +### 默认 rpm 包列表安装系统失败 + +#### 背景描述 + +用户使用 isocut 裁剪镜像时通过配置文件 /etc/isocut/rpmlist 指定需要安装的软件包。 + +由于不同版本会有软件包减少,可能导致裁剪镜像时出现缺包等问题。 +因此 /etc/isocut/rpmlist 中默认只包含 kernel 软件包。 +保证默认配置裁剪镜像必定成功。 + +#### 问题描述 + +使用默认配置裁剪出来的 iso 镜像,能够裁剪成功,但是安装可能失败。 + +安装报错缺包,报错截图如下: + +![](./figures/lack_pack.png) + +#### 原因分析 + +使用默认配置的 RPM 软件包列表,裁剪的 iso 镜像在安装时缺少必要的 RPM 包。 +缺少的包如报错的图示,并且在不同版本中,缺少的 RPM 包也可能是不同的,以安装时实际报错为准。 + +#### 解决方案 + +1. 增加缺少的包 + + 1. 根据报错的提示整理缺少的 RPM 包列表。 + 2. 将上述 RPM 包列表添加到配置文件 /etc/isocut/rpmlist 中。 + 3. 再次裁剪安装 iso 镜像。 + + 以问题描述中的缺包情况为例,修改 rpmlist 配置文件如下: + + ```shell + $ cat /etc/isocut/rpmlist + kernel.aarch64 + lvm2.aarch64 + chrony.aarch64 + authselect.aarch64 + shim.aarch64 + efibootmgr.aarch64 + grub2-efi-aa64.aarch64 + dosfstools.aarch64 + ``` diff --git a/docs/zh/tools/community_tools/isocut/overview.md b/docs/zh/tools/community_tools/isocut/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..a59750ba597bdf80a9c5b817c6e18f067b7d463e --- /dev/null +++ b/docs/zh/tools/community_tools/isocut/overview.md @@ -0,0 +1,3 @@ +# 裁剪定制工具使用指南 + +本文主要介绍 openEuler 的裁剪定制工具,包含工具的介绍、安装以及使用等内容。 \ No newline at end of file diff --git a/docs/zh/tools/community_tools/isocut/public_sys-resources/icon-note.gif b/docs/zh/tools/community_tools/isocut/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/tools/community_tools/isocut/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/tools/community_tools/migration_tools/_toc.yaml b/docs/zh/tools/community_tools/migration_tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b7fdcbd76a2e144c6330e8ecb787df0b62851ed6 --- /dev/null +++ b/docs/zh/tools/community_tools/migration_tools/_toc.yaml @@ -0,0 +1,6 @@ +label: Migration-tools用户指南 +isManual: true +description: 从原系统(centos7、centos8)迁移到统信服务器操作系统 +sections: + - label: Migration-tools用户指南 + href: ./migration_tools_user_guide.md diff --git a/docs/zh/tools/community_tools/migration_tools/figures/kernel.png b/docs/zh/tools/community_tools/migration_tools/figures/kernel.png new file mode 100644 index 0000000000000000000000000000000000000000..ecd5bbb3cf306e46da3448de46c4f9fc2e03eed2 Binary files /dev/null and b/docs/zh/tools/community_tools/migration_tools/figures/kernel.png differ diff --git a/docs/zh/tools/community_tools/migration_tools/figures/migration-tools-conf.png b/docs/zh/tools/community_tools/migration_tools/figures/migration-tools-conf.png new file mode 100644 index 0000000000000000000000000000000000000000..80520c44a86172c9f18e3d50930e0fcc25f411bb Binary files /dev/null and b/docs/zh/tools/community_tools/migration_tools/figures/migration-tools-conf.png differ diff --git a/docs/zh/tools/community_tools/migration_tools/figures/openeuler-migration-complete.png b/docs/zh/tools/community_tools/migration_tools/figures/openeuler-migration-complete.png new file mode 100644 index 0000000000000000000000000000000000000000..20c5a4afaf2b06fae865137b9d4efd53326a9611 Binary files /dev/null and b/docs/zh/tools/community_tools/migration_tools/figures/openeuler-migration-complete.png differ diff --git a/docs/zh/tools/community_tools/migration_tools/figures/repo.png b/docs/zh/tools/community_tools/migration_tools/figures/repo.png new file mode 100644 index 0000000000000000000000000000000000000000..78437bbc839bff8906b535989bbac0c38a6263b7 Binary files /dev/null and b/docs/zh/tools/community_tools/migration_tools/figures/repo.png differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\346\217\220\347\244\272.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\346\217\220\347\244\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..224a79aece026a4fa2b003753f40fc0f1ebd4d0d Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\346\217\220\347\244\272.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\347\216\257\345\242\203\346\243\200\346\265\213.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\347\216\257\345\242\203\346\243\200\346\265\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..b03c4da5ba24e345a3614cd2c7d7e3b52983ad1a Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\347\216\257\345\242\203\346\243\200\346\265\213.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\347\224\250\346\210\267\346\243\200\346\265\213.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\347\224\250\346\210\267\346\243\200\346\265\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ec0b5518f37532eedb5897bc368d9b58a1ccafc Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\347\224\250\346\210\267\346\243\200\346\265\213.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\350\256\270\345\217\257\345\215\217\350\256\256.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\350\256\270\345\217\257\345\215\217\350\256\256.png" new file mode 100644 index 0000000000000000000000000000000000000000..41eb3b6aa755619b94965f8060a27c1940e6936e Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\350\256\270\345\217\257\345\215\217\350\256\256.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\344\270\255.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\344\270\255.png" new file mode 100644 index 0000000000000000000000000000000000000000..e5bae64aaa303a6e7950ec0fdeb46a66bfaa70a3 Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\344\270\255.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\345\256\214\346\210\220.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\345\256\214\346\210\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..c832bb723ea5400aa2fe1f932f1f5dcb5a3d5065 Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\345\256\214\346\210\220.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\345\274\200\345\247\213.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\345\274\200\345\247\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..d8a2b58cd5ce8e559bd82c14400e16b4635d0ec3 Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\345\274\200\345\247\213.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\346\243\200\346\237\245.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\346\243\200\346\237\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..776e9cafdf7e569cd33e1abd47217aa47c86f134 Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\346\243\200\346\237\245.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\347\241\256\350\256\244.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\347\241\256\350\256\244.png" new file mode 100644 index 0000000000000000000000000000000000000000..69567eabd886befe43fb8a512e7b6cde87fd0937 Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\350\277\201\347\247\273\347\241\256\350\256\244.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\351\205\215\347\275\256\346\226\207\344\273\266.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\351\205\215\347\275\256\346\226\207\344\273\266.png" new file mode 100644 index 0000000000000000000000000000000000000000..aed6ce1cf37b1aad8d7bb037a422c726bb024d86 Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\351\205\215\347\275\256\346\226\207\344\273\266.png" differ diff --git "a/docs/zh/tools/community_tools/migration_tools/figures/\351\246\226\351\241\265.png" "b/docs/zh/tools/community_tools/migration_tools/figures/\351\246\226\351\241\265.png" new file mode 100644 index 0000000000000000000000000000000000000000..2fb66ae7dc8336d6e38437ba79175fe1c2207a5d Binary files /dev/null and "b/docs/zh/tools/community_tools/migration_tools/figures/\351\246\226\351\241\265.png" differ diff --git a/docs/zh/tools/community_tools/migration_tools/migration_tools_user_guide.md b/docs/zh/tools/community_tools/migration_tools/migration_tools_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..804bf5552002c014fd08cac3010f2abeacaf4962 --- /dev/null +++ b/docs/zh/tools/community_tools/migration_tools/migration_tools_user_guide.md @@ -0,0 +1,283 @@ +# migration-tools + +## 介绍 + +本文主要介绍服务器迁移软件(以下简称“migration-tools”)的使用方法,帮助用户顺利从原系统(centos7、centos8)迁移到统信服务器操作系统。 +migration-tools 工具提供网页界面方式进行操作,以供使用者在图形化界面便捷的进行迁移操作。 + +### 部署方式 + +在安装 openeuler 23.09 服务器上部署服务端(server),在需要迁移的 centos7/centos8 服务器上部署客户端(agent)。 + +#### 支持迁移的系统 + +1. 支持将 AMD64 和 ARM64 架构的 CentOS 系列系统迁移到 UOS 系统,迁移前需自行准备目标系统的全量源。 + +2. openeuler迁移:目前仅支持 centos 7.4 cui 系统迁移至 openeuler 。 + +3. 不建议对安装了 i686 架构的 rpm 包的原系统进行迁移,如果对这种原系统进行迁移会出现迁移失败的结果。 + +|原系统|目标系统|使用的软件源| +|---|---|---| +|centos 7.4 cui|openeuler|使用openeuler外网源| +|centos 7.0~7.7|UOS 1002a|UOS 1002a(全量源)| +|centos 8.0~8.2|UOS 1050a|UOS 1050a(全量源)| + +### 使用方法 + +#### 安装与配置 + +##### 安装 migration-tools-server 端 + +- 关闭防火墙。 + + ``` shell + + systemctl stop firewalld + + ``` + +- 安装 migration-tools-server。 + + ``` shell + yum install migration-tools-server -y + ``` + +- 修改配置文件。 + + ``` shell + + vim /etc/migration-tools/migration-tools.conf + + ``` + + ![配置文件](./figures/migration-tools-conf.png) + +- 重启 migration-tools-server 服务。 + + ``` shell + + systemctl restart migration-tools-server + + ``` + +- 分发 agent 软件包。 + +- 根据迁移系统的版本选择分发的软件包。 + + centos7系列: + + xx.xx.xx.xx表示迁移机器IP + + ``` shell + + scp -r /usr/lib/migration-tools-server/agent-rpm/el7 root@xx.xx.xx.xx:/root + + ``` + + centos8系列: + + ``` shell + + scp -r /usr/lib/migration-tools-server/agent-rpm/el8 root@xx.xx.xx.xx:/root + + ``` + +#### 迁移 openeuler 系统 + +>**注意:** openeuler 系统目前仅支持单独使用脚本迁移。 + +- 从 server 端分发迁移脚本至 agent 端。 + + ``` shell + + cd /usr/lib/migration-tools-server/ut-Migration-tools-0.1/centos7/ + scp openeuler/centos72openeuler.py root@10.12.23.106:/root + + ``` + +- 安装迁移所需依赖。 + + ``` shell + + yum install python3 dnf rsync yum-utils -y + + ``` + +- 开始迁移。 + + ``` shell + + python3 centos7/openeuler/centos72openeuler.py + + ``` + +- 迁移完成后系统会自动重启,重启完成后即迁移完成。 + + ![openeuler迁移完成](./figures/openeuler-migration-complete.png) + +#### 迁移 UOS 系统 + +##### 安装 migration-tools-agent 端 + +在准备迁移的 centos 机器上执行以下步骤: + +>**注意:** 目前 migration-tools 仅支持 centos7.4 cui 迁移至 openeuler。 + +- 关闭防火墙。 + + ``` shell + + systemctl stop firewalld + + ``` + +- 安装 epel-release(部分依赖包含在 epel 源中)。 + + ``` shell + + yum install epel-release -y + + ``` + +- 安装 migration-tools-agent 软件包(centos7 系列需安装对应架构的软件包)。 + + centos7: + + ``` shell + + cd /root/el7/x86_64 + yum install ./* -y + + ``` + + centos8 + + ``` shell + + cd /root/el8/ + yum install ./* -y + + ``` + +- 修改配置文件。 + + ``` shell + + vim /etc/migration-tools/migration-tools.conf + + ``` + + ![配置文件](./figures/migration-tools-conf.png) + +- 重启 migration-tools-agent 服务。 + + ``` shell + + systemctl restart migration-tools-agent + + ``` + +##### UOS系统迁移步骤 + +- 登录web端 + + 在 server 端和 agent 端服务均启动后,打开浏览器(建议使用:Chrome),在浏览器导航栏中输入`https://SERVER_IP:9999`即可。 + + ![首页](./figures/首页.png) + +- 点击“我已阅读并同意此协议”,然后点击“下一步”。 + ![许可协议](./figures/许可协议.png) + +- 迁移提示页面内容如下,点击“下一步”。 + ![提示](./figures/提示.png) + +- 环境检测页面会检查系统版本和系统剩余空间大小,在检测完成后点击“下一步”。 + +>**注意:** 如果出现检测长时间无反应,请检查 agent 防火墙是否关闭,server与agent 服务是否开启。 +> +> 如需重新检测,在浏览器中刷新即可。 + + ![环境检测](./figures/环境检测.png) + +- 用户检测页面会检查用户名以及密码,推荐使用 root 用户,点击“下一步”开始检测,检测完成后自动进入 repo 源配置页面。 + + ![用户检测](./figures/用户检测.png) + +repo 源配置页面: + +- 请根据要迁移的系统输入对应的repo源。 + + centos7:1002a,centos8:1050a + +- 确保使用的软件源为全量源,否则迁移会失败。 + +- 输入栏中只需输入1个软件仓库路径即可。 + +![repo](./figures/repo.png) + +- 输入完成后点击“下一步”,等待软件源连通性检测完毕后,进入 kernel 版本选择页面,选择 4.19 内核,点击“下一步”。 + + ![kernel](./figures/kernel.png) + +- 迁移环境检查界面可以对比迁移前后的软件包差异,并输出检测报告,检查完成后可以导出检测报告。 + + > **注意:** 检测时间大约为1个小时,请耐心等待。 + + ![迁移检查](./figures/迁移检查.png) + +- 检测完成后,点击“下一步”会弹出系统迁移“确认”窗口,请确保系统已做好备份,准备完成后点击确认开始系统迁移。 + + ![迁移确认](./figures/迁移确认.png) + +- 点击“确认”后,进入系统迁移页面。 + + ![迁移开始](./figures/迁移开始.png) + +- 可以点击“查看详情”,来查看迁移情况。 + + ![迁移中](./figures/迁移中.png) + +- 迁移完成后,页面会跳转至迁移完成页面,可在该页面导出迁移分析报告及迁移日志。 + +- 导出后,可在 server 端 /var/tmp/uos-migration/ 目录下找到报告和日志的压缩包,解压后即可查看。 + + ![迁移完成](./figures/迁移完成.png) + +- 迁移完成后,需手动重启 agent 机器,并验证是否迁移完成。 + +###### 验证步骤 + +执行以下命令,检查操作系统版本是否已迁移至目标操作系统。 + +``` shell + +uosinfo + +``` + +如显示以下信息表示迁移成功。 + + 1002a: + + ``` shell + + ################################################# + Release: UnionTech OS Server release 20 (kongli) + Kernel : 4.19.0-91.77.97.uelc20.x86_64 + Build : UnionTech OS Server 20 1002c 20211228 x86_64 + ################################################# + + ``` + + 1050a: + + ``` shell + + ################################################# + Release: UnionTech OS Server release 20 (kongzi) + Kernel : 4.19.0-91.82.88.uelc20.x86_64 + Build : UnionTech OS Server 20 1050a 20220214 x86_64 + ################################################# + + ``` diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/_toc.yaml b/docs/zh/tools/community_tools/virtualization/euler_launcher/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d94a686b1d172c386bf0b72bb1119c25a47e32f7 --- /dev/null +++ b/docs/zh/tools/community_tools/virtualization/euler_launcher/_toc.yaml @@ -0,0 +1,10 @@ +label: EulerLauncher 用户指南 +isManual: true +description: 为开发者提供在主流桌面操作系统上高性能的开发资源 +sections: + - label: 概述 + href: ./overall.md + - label: 在Windows下安装与运行EulerLauncher + href: ./win_user_manual.md + - label: 在MacOS下安装与运行EulerLauncher + href: ./mac_user_manual.md diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-content.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-content.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4b9f101056fb7bde536342896b94a698e72889a2 Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-content.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-install.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-install.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b710de9b24b76c35017cee591bc704750855781d Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-install.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-start.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-start.jpg new file mode 100644 index 0000000000000000000000000000000000000000..2805c6244da9d1409958e8c33fc5296b1e138856 Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-start.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-terminal.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-terminal.jpg new file mode 100644 index 0000000000000000000000000000000000000000..d0f3082cc64658afd888a02ca578f76857578f83 Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-terminal.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-visudo.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-visudo.jpg new file mode 100644 index 0000000000000000000000000000000000000000..7466ef4fec0f928ca0c0255ba59b628251216eb1 Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/mac-visudo.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-install.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-install.jpg new file mode 100644 index 0000000000000000000000000000000000000000..e395f62c0eb29390c980853f1d51ceb09641001e Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-install.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-terminal-1.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-terminal-1.jpg new file mode 100644 index 0000000000000000000000000000000000000000..5976bff82cd34b6195f11291d0a99341133cfce3 Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-terminal-1.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-terminal-2.jpg b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-terminal-2.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a831c6972f99a30355f68e34f30e09be237f0723 Binary files /dev/null and b/docs/zh/tools/community_tools/virtualization/euler_launcher/images/win-terminal-2.jpg differ diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/mac_user_manual.md b/docs/zh/tools/community_tools/virtualization/euler_launcher/mac_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..812dbf0d707c8708202e82f23a7a7821d5fcf209 --- /dev/null +++ b/docs/zh/tools/community_tools/virtualization/euler_launcher/mac_user_manual.md @@ -0,0 +1,241 @@ +# 在MacOS下安装与运行EulerLauncher + +## 准备工作 + +### 安装Homebrew + +Homebrew是一款Mac OS平台下的软件包管理工具,拥有安装、卸载、更新、查看、搜索等很多实用的功能。简单的一条指令,就可以实现包管理,而不用你关心各种依赖和文件路径的情况,十分方便快捷。 + +在MacOS桌面下敲击 `command` + `shift` + `u` 组合键,打开`访达`中的`实用工具`,并找到`终端.app`。 + + +并根据网络情况输入以下命令进行安装。 + +可以使用以下命令安装Homebrew: + +``` Shell +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +``` + +由于国内网络原因,可能需要修改源到国内源以进行安装: + +``` Shell +/bin/zsh -c "$(curl -fsSL https://gitee.com/cunkai/HomebrewCN/raw/master/Homebrew.sh)" +``` + +### 安装Qemu及wget + +**EulerLauncher**在MacOS上运行依赖于`QEMU`,镜像下载依赖于`wget`,使用`Homebrew`可以非常方便的下载和管理此类软件,使用以下命令进行安装: + +``` Shell +brew install qemu +brew install wget +``` + +### 配置sudo免密码权限 + +**EulerLauncher**在MacOS上运行依赖于`QEMU`,为了使用户的网络体验更加优秀,因此采用了MacOS的[vmnet framework][1]来提供虚拟机的网络能力,当前`vmnet`使用时需要使用管理员权限,因此在使用`QEMU`后端创建带有`vmnet`类型网络设备的虚拟机时,需要启用管理员权限,EulerLauncher在启动时会自动使用`sudo`命令来实现这一过程,因此需要为当前用户配置`sudo`免密码使用权限,如您介意此配置,请停止使用EulerLauncher。 + +1. 在MacOS桌面下敲击 `command` + `shift` + `u` 组合键,打开`访达`中的`实用工具`,并找到`终端.app`。 + + +2. 在终端中输入`sudo visudo`修改sudo配置文件,注意,此步骤有可能要求输入密码,请按指示输入密码。 + +3. 找到并将`%admin ALL=(ALL) ALL`替换为 `%admin ALL=(ALL) NOPASSWD: ALL`。 + + +4. 敲击`ESC`,再输入`:wq`进行保存。 + +## 安装EulerLauncher + +**EulerLauncher**当前支持MacOS Ventura, 支持Apple Silicon芯片版及x86芯片版,前往[EulerLauncher最新版][1]下载MacOS版软件包并解压到期望的位置。 + +解压后的目录包含以下文件: + + + +其中`install`可执行文件为安装文件,用于将**EulerLauncher**所需支持文件安装到指定位置,`EulerLauncher.dmg`为主程序的磁盘映象。 + +1. 本操作需要sudo权限,请先完成[配置sudo免密码权限](#配置sudo免密码权限)操作。 + +2. 安装支持文件:双击`install`可执行文件,等待程序完成执行。 + +3. 配置**EulerLauncher**: + + - 查看`qemu`及`wget`所处位置,`qemu`二进制文件在不同架构下名称不同,请根据自身情况选择正确的名称(Apple Silicon: qemu-system-aarch64; Intel: qemu-system-x86_64): + + ``` Shell + which wget + which qemu-system-{host_arch} + ``` + + 参考输出: + + ```bash + /opt/homebrew/bin/wget + /opt/homebrew/bin/qemu-system-aarch64 + ``` + + 查看完成后,记录路径结果,在接下来的步骤中将会使用到。 + + - 打开`eulerlauncher.conf`并进行配置: + + ``` Shell + sudo vi /Library/Application\ Support/org.openeuler.eulerlauncher/eulerlauncher.conf + ``` + + EulerLauncher的配置如下: + + ```bash + [default] + log_dir = # 日志文件位置(xxx.log) + work_dir = # EulerLauncher工作目录,用于存储虚拟机镜像、虚拟机文件等 + wget_dir = # wget的可执行文件路径,请参考上一步的内容进行配置 + qemu_dir = # qemu的可执行文件路径,请参考上一步的内容进行配置 + debug = True + + [vm] + cpu_num = 1 # 配置虚拟机的CPU个数 + memory = 1024 # 配置虚拟机的内存大小,单位为M,M1用户请勿配置超过2048 + ``` + + 完成编辑后保存退出。 + +3. 安装**EulerLauncher.app**: + + 双击`EulerLauncher.dmg`,在弹出的窗口中用鼠标将`EulerLauncher.app`拖动到`Applications`中,即可完成安装,并可在应用程序中找到`EulerLauncher.app`。 + + + +## 使用EulerLauncher + +1. 在应用程序中找到`EulerLauncher.app`,单击启动程序。 + +2. EulerLauncher需要访问网络,在弹出如下窗口时点击`允许`: + + + +3. EulerLauncher当前仅支持命令行方式进行访问,请打开`终端.app`,使用命令行进行操作。 + +### 镜像操作 + +1. 获取可用镜像列表: + +```Shell + +eulerlauncher images + +``` + +**EulerLauncher**镜像有两种位置属性:1)远端镜像 2)本地镜像,只有处于本地且状态为 `Ready` 的镜像可以直接用来创建虚拟机,位于远端的镜像需要下载后才能够使用;你也可以加载已经预先下载好的本地镜像到**EulerLauncher**中,具体操作方法可以参考接下来的操作指导。 + +2. 下载远端镜像。 + +```Shell +eulerlauncher download-image 23.09 + +Downloading: 23.09, this might take a while, please check image status with "images" command. +``` + +镜像下载请求是一个异步请求,具体的下载动作将在后台完成,具体耗时与你的网络情况相关,整体的镜像下载流程包括下载、解压缩、格式转换等相关子流程,在下载过程中可以通过 `image` 命令随时查看下载进展与镜像状态: + +```Shell + +eulerlauncher images + +``` + +当镜像状态转变为 `Ready` 时,表示镜像下载完成,处于 `Ready` 状态的镜像可被用来创建虚拟机: + +```Shell + +eulerlauncher images + +``` + +3. 加载本地镜像。 + +用户也可以加载自定义镜像或预先下载到本地的镜像到EulerLauncher中用于创建自定义虚拟机: + +```Shell +eulerlauncher load-image --path {image_file_path} IMAGE_NAME +``` + +当前支持加载的镜像格式有 `xxx.qcow2.xz`,`xxx.qcow2`。 + +例如: + +```Shell +eulerlauncher load-image --path /opt/openEuler-23.09-x86_64.qcow2.xz 2309-load + +Loading: 2309-load, this might take a while, please check image status with "images" command. +``` + +将位于 `/opt` 目录下的 `openEuler-23.09-x86_64.qcow2.xz` 加载到EulerLauncher系统中,并命名为 `2309-load`,与下载命令一样,加载命令也是一个异步命令,用户需要用镜像列表命令查询镜像状态直到显示为 `Ready`, 但相对于直接下载镜像,加载镜像的速度会快很多: + +```Shell +eulerlauncher images + +...... + +eulerlauncher images + +...... + +``` + +4. 删除镜像: + +通过下面的命令将镜像从EulerLauncher系统中删除: + +```Shell +eulerlauncher delete-image 2309-load + +Image: 2309-load has been successfully deleted. +``` + +### 虚拟机操作 + +1. 获取虚拟机列表: + +```shell +eulerlauncher list + ++----------+-----------+---------+---------------+ +| Name | Image | State | IP | ++----------+-----------+---------+---------------+ +| test1 | 2309-load | Running | 172.22.57.220 | ++----------+-----------+---------+---------------+ +| test2 | 2309-load | Running | N/A | ++----------+-----------+---------+---------------+ +``` + +若虚拟机IP地址显示为 `N/A` ,若这台虚拟机的状态为 `Running` 则表示这台虚拟机为新创建的虚拟机,网络还未配置完成,网络配置过程大概需要若干秒,请稍后重新尝试获取相关虚拟机信息。 + +2. 登录虚拟机: + +若虚拟机已成功分配到IP地址,可以直接使用 `SSH` 命令进行登录: + +```Shell +ssh root@{instance_ip} +``` + +若使用的是openEuler社区提供的官方镜像,则默认用户为 `root` 默认密码为 `openEuler12#$`。 + +3. 创建虚拟机。 + +```Shell +eulerlauncher launch --image {image_name} {instance_name} +``` + +通过\-\-image指定镜像,同时指定虚拟机名称。 + +4. 删除虚拟机。 + +```Shell +eulerlauncher delete-instance {instance_name} +``` + +根据虚拟机名称删除指定的虚拟机。 + +[1]: https://developer.apple.com/documentation/vmnet diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/overall.md b/docs/zh/tools/community_tools/virtualization/euler_launcher/overall.md new file mode 100644 index 0000000000000000000000000000000000000000..1250b724e64281ed063f4fe80a6c1f05377db97b --- /dev/null +++ b/docs/zh/tools/community_tools/virtualization/euler_launcher/overall.md @@ -0,0 +1,18 @@ +# EulerLauncher + +**EulerLauncher**是由openEuler社区技术运营团队及基础设施团队孵化的开发者工具集,通过对主流桌面操作系统中的虚拟化技术(LXD、HyperV、Virtualization framework)等进行有机整合,使用openEuler社区官方发布的虚拟机、容器镜像,为开发者在Windows、MacOS、Linux上提供统一的开发资源(虚拟机、容器)发放和管理体验,提升主流桌面操作系统上openEuler开发环境使用的便利性和稳定性,有效提升开发者体验。 + +## 背景 & 简介 + +主流桌面操作系统上提供相关开发资源(虚拟机、容器等)的便利性和稳定性是影响openEuler开发者体验的重要因素,尤其是对开发资源受限的个人及高校开发者openEuler开发体验影响更为明显。当前常见的虚拟机管理平台有诸多局限性,如VirtualBox需要下载体积庞大的ISO镜像,同时需要进行操作系统安装等相关操作,WSL无法提供真实的openEuler内核,绝大多数虚拟机管理软件目前对Apple Sillicon芯片支持尚不完善且众多软件需要付费等,这些都极大的降低了开发者的工作效率。 + +**EulerLauncher**支持在Windows、MacOS及Linux(规划中)等主流桌面操作系统上提供方便、易用、统一体验的开发者工具集,硬件架构支持x86_64及Aarch64(包含Apple Sillicon系列芯片);并支持各平台对应的虚拟化硬件加速能力,为开发者提供高性能的开发资源。**EulerLauncher**支持使用openEuler社区发布的虚拟机、容器(规划中)镜像、openEuler社区提供的Daily Build镜像以及其他符合要求的自定义镜像,为开发者提供多种选择。 + +## 快速开始 + +**EulerLauncher** MacOS用户请参考[《MacOS用户指导文档》][1] + +**EulerLauncher** Windows用户请参考[《Windows用户指导文档》][2] + +[1]: ./mac_user_manual.md +[2]: ./win_user_manual.md diff --git a/docs/zh/tools/community_tools/virtualization/euler_launcher/win_user_manual.md b/docs/zh/tools/community_tools/virtualization/euler_launcher/win_user_manual.md new file mode 100644 index 0000000000000000000000000000000000000000..5aedd2b5a73ae110c67eb49d079617b1afe58a3e --- /dev/null +++ b/docs/zh/tools/community_tools/virtualization/euler_launcher/win_user_manual.md @@ -0,0 +1,162 @@ +# 在Windows下安装与运行EulerLauncher + +**EulerLauncher**当前支持Windows11/10,前往[EulerLauncher最新版下载][1]下载Windows版软件包并解压到期望的位置。 +右键点击 `config-env.bat` 并选择**以管理员身份运行**,该脚本将进行环境变量相关的配置,将当前目录添加到系统环境变量 `PATH`中,如果使用者掌握如何配置环境变量,或配置脚本出现问题,也可以进行手动配置,将当前脚本所在目录及 `qemu-img` 子目录添加至系统环境变量 `PATH` 中。 + +**EulerLauncher**在Windows上运行需要对接 `Hyper-V` 虚拟化后端,`Hyper-V` 是 Microsoft 的硬件虚拟化产品,可以为Windows上的虚拟机提供更为出色的性能。在运行**EulerLauncher**前,请先检查你的系统是否开启了 `Hyper-V`,具体检查及开启方法请参考[Hyper-V开启指导][2]或其他网络资源。 + +**EulerLauncher**解压后包含以下几个部分: + +- eulerlauncherd.exe:EulerLauncher的主进程,是运行在后台的守护进程,负责与各类虚拟化后端交互,管理虚拟机、容器以及镜像的生命周期,eulerlauncherd.exe是运行在后台的守护进程。 +- eulerlauncher.exe:EulerLauncher的CLI客户端,用户通过该客户端与eulerlauncherd守护进程交互,对虚拟机、镜像等进行相关操作。 +- eulerlauncher.conf:EulerLauncher配置文件,需与eulerlauncherd.exe放置于同一目录下,参考下面配置进行相应配置: + +```Conf +[default] +# 配置日志文件的存储目录 +log_dir = D:\eulerlauncher-workdir\logs +# 配置日志等级是否开启Debug +debug = True +# 配置EulerLauncher的工作目录 +work_dir = D:\eulerlauncher-workdir +# 配置EulerLauncher的镜像目录,镜像目录为对工作目录的相对目录 +image_dir = images +# 配置EulerLauncher的虚拟机文件目录,虚拟机文件目录为对工作目录的相对目录 +instance_dir = instances +``` + +配置完成后请右键点击eulerlauncherd.exe,选择以管理员身份运行,点击后omnivird.exe将以守护进程的形式在后台运行。 + +打开 `PowerShell` 或 `Terminal` ,准备进行对应的操作。 + +## Windows下退出eulerlauncherd后台进程 + +当eulerlauncherd.exe运行后,会在操作系统右下角托盘区域生成eulerlauncherd托盘图标,鼠标右键点击托盘图标,并选择 `Exit eulerlauncher` 即可退出eulerlauncherd后台进程。 + +## 镜像操作 + +1. 获取可用镜像列表。 + +```PowerShell +eulerlauncher.exe images + ++-----------+----------+--------------+ +| Images | Location | Status | ++-----------+----------+--------------+ +| 22.03-LTS | Remote | Downloadable | +| 21.09 | Remote | Downloadable | +| 2203-load | Local | Ready | ++-----------+----------+--------------+ +``` + +**EulerLauncher**镜像有两种位置属性:1)远端镜像 2)本地镜像,只有处于本地且状态为 `Ready` 的镜像可以直接用来创建虚拟机,位于远端的镜像需要下载后才能够使用;你也可以加载已经预先下载好的本地镜像到**EulerLauncher**中,具体操作方法可以参考接下来的操作指导。 + +2. 下载远端镜像。 + +```PowerShell +eulerlauncher.exe download-image 23.09 + +Downloading: 23.09, this might take a while, please check image status with "images" command. +``` + +镜像下载请求是一个异步请求,具体的下载动作将在后台完成,具体耗时与你的网络情况相关,整体的镜像下载流程包括下载、解压缩、格式转换等相关子流程,在下载过程中可以通过 `image` 命令随时查看下载进展与镜像状态: + +```PowerShell +eulerlauncher.exe images + +``` + +当镜像状态转变为 `Ready` 时,表示镜像下载完成,处于 `Ready` 状态的镜像可被用来创建虚拟机: + +```PowerShell +eulerlauncher.exe images + +``` + +3. 加载本地镜像。 + +用户也可以加载自定义镜像或预先下载到本地的镜像到EulerLauncher中用于创建自定义虚拟机: + +```PowerShell +eulerlauncher.exe load-image --path {image_file_path} IMAGE_NAME +``` + +当前支持加载的镜像格式有 `xxx.qcow2.xz`,`xxx.qcow2`。 + +例如: + +```PowerShell +eulerlauncher.exe load-image --path D:\openEuler-23.09-x86_64.qcow2.xz 2309-load + +Loading: 2309-load, this might take a while, please check image status with "images" command. +``` + +将位于 `D:\` 目录下的 `openEuler-23.09-x86_64.qcow2.xz` 加载到EulerLauncher系统中,并命名为 `2309-load`,与下载命令一样,加载命令也是一个异步命令,用户需要用镜像列表命令查询镜像状态直到显示为 `Ready`, 但相对于直接下载镜像,加载镜像的速度会快很多: + +```PowerShell +eulerlauncher.exe images + +...... + +eulerlauncher images + +...... + +``` + +4. 删除镜像。 + +通过下面的命令将镜像从EulerLauncher系统中删除: + +```PowerShell +eulerlauncher.exe delete-image 2309-load + +Image: 2309-load has been successfully deleted. +``` + +## 虚拟机操作 + +1. 获取虚拟机列表。 + +```Powershell +eulerlauncher.exe list + ++----------+-----------+---------+---------------+ +| Name | Image | State | IP | ++----------+-----------+---------+---------------+ +| test1 | 2309-load | Running | 172.22.57.220 | ++----------+-----------+---------+---------------+ +| test2 | 2309-load | Running | N/A | ++----------+-----------+---------+---------------+ +``` + +若虚拟机IP地址显示为 `N/A` ,若这台虚拟机的状态为 `Running` 则表示这台虚拟机为新创建的虚拟机,网络还未配置完成,网络配置过程大概需要若干秒,请稍后重新尝试获取相关虚拟机信息。 + +2. 登录虚拟机。 + +若虚拟机已成功分配到IP地址,可以直接使用 `SSH` 命令进行登录: + +```PowerShell +ssh root@{instance_ip} +``` + +若使用的是openEuler社区提供的官方镜像,则默认用户为 `root` 默认密码为 `openEuler12#$`。 + +3. 创建虚拟机。 + +```PowerShell +eulerlauncher.exe launch --image {image_name} {instance_name} +``` + +通过\-\-image指定镜像,同时指定虚拟机名称。 + +4. 删除虚拟机。 + +```PowerShell +eulerlauncher.exe delete-instance {instance_name} +``` + +根据虚拟机名称删除指定的虚拟机。 + +[1]: https://gitee.com/openeuler/eulerlauncher/releases +[2]: https://learn.microsoft.com/zh-cn/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v diff --git a/docs/zh/tools/desktop/_toc.yaml b/docs/zh/tools/desktop/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9fb00dc99d06bb9fba7b13a69a1eba7379b11d1d --- /dev/null +++ b/docs/zh/tools/desktop/_toc.yaml @@ -0,0 +1,6 @@ +label: 图形桌面使用 +sections: + - href: ./gnome/_toc.yaml + - href: ./ukui/_toc.yaml + - href: ./dde/_toc.yaml + - href: ./kiran/_toc.yaml diff --git a/docs/zh/tools/desktop/dde/_toc.yaml b/docs/zh/tools/desktop/dde/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f59a438adcbe01006407ac1f2e30790eaebac08f --- /dev/null +++ b/docs/zh/tools/desktop/dde/_toc.yaml @@ -0,0 +1,9 @@ +label: DDE用户指南 +isManual: true +description: 安装并使用 DDE 桌面环境 +sections: + - label: 安装 DDE + href: ./dde_installation.md + - label: 使用 DDE + href: ./dde_userguide.md + diff --git a/docs/zh/tools/desktop/dde/dde_installation.md b/docs/zh/tools/desktop/dde/dde_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..7b6ae21a730c5c2cda5030666cf056bdd8002a32 --- /dev/null +++ b/docs/zh/tools/desktop/dde/dde_installation.md @@ -0,0 +1,39 @@ +# 在 openEuler 上安装 DDE + +## 简介 + +DDE是统信软件团队研发的一款功能强大的桌面环境。包含数十款功能强大的桌面应用,是真正意义上的自主自研桌面产品。 + +## 安装方法 + +1. [下载](https://www.openeuler.org/zh/download/archive/detail/?version=openEuler%2024.03%20LTS%20SP1)openEuler ISO镜像并安装系统 +2. 更新软件源 + + ```bash + sudo dnf update + ``` + +3. 安装DDE + + ```bash + sudo dnf install dde + ``` + +4. 设置以图形界面的方式启动 + + ```bash + sudo systemctl set-default graphical.target + ``` + +5. 重启 + + ```bash + sudo reboot + ``` + +6. 在重启完成后,使用安装过程中创建的用户或openeuler用户登录桌面 + + > dde桌面无法使用root帐号登录 + > dde内置了openeuler用户,此用户的密码为openeuler + +现在您可以尽情的使用dde桌面了。 diff --git a/docs/zh/tools/desktop/dde/dde_userguide.md b/docs/zh/tools/desktop/dde/dde_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..666ddcd8452f751c359ed151e3d36d1b18b77576 --- /dev/null +++ b/docs/zh/tools/desktop/dde/dde_userguide.md @@ -0,0 +1,850 @@ +# DDE桌面环境用户手册 + +## 概述 + +DDE桌面环境是一款美观易用、安全可靠的图形化操作界面。桌面环境主要由桌面、任务栏、启动器、控制中心等组成,是您使用该操作系统的基础,主界面如下图所示。 + +![1|desk](./figures/43.jpg) + +### 欢迎 + +初次进入DDE桌面环境,会自动打开欢迎程序。您可以观看视频了解系统功能,选择桌面样式和图标主题,进一步了解该系统。 + +![welcome](./figures/64.png) + +## 桌面 + +桌面是您登录后看到的主屏幕区域。在桌面上,您可以新建文件/文件夹、排列文件、打开终端、设置壁纸和屏保等,还可以通过启动器 [发送到桌面](#设置快捷方式) 向桌面添加应用的快捷方式。 + +![0|rightbuttonmenu](./figures/41.png) + +### 新建文件夹/文档 + +在桌面新建文件夹或文档,也可以对文件进行常规操作,和在文件管理器中一样。 + +- 在桌面上,单击鼠标右键,单击 **新建文件夹**,输入新建文件夹的名称。 +- 在桌面上,单击鼠标右键,单击 **新建文档**,选择新建文档的类型,输入新建文档的名称。 + +在桌面文件或文件夹上,单击鼠标右键,您可以使用文件管理器的相关功能: + +| 功能 | 说明 | +| ----------- | -------------------------------------------------------- | +| 打开方式 | 选定系统默认打开方式,也可以选择其他关联应用程序来打开。 | +| 剪切 | 移动文件或文件夹。 | +| 复制 | 复制文件或文件夹。 | +| 重命名 | 重命名文件或文件夹。 | +| 删除 | 删除文件或文件夹。 | +| 创建链接 | 创建一个快捷方式。 | +| 标记信息 | 添加标记信息,以对文件或文件夹进行标签化管理。 | +| 压缩/解压缩 | 压缩文件或文件夹,或对压缩文件进行解压。 | +| 属性 | 查看文件或文件夹的基本信息,共享方式,及其权限。 | + +### 设置排列方式 + +您可以对桌面上的图标按照需要进行排序。 + +1. 在桌面上,单击鼠标右键。 +2. 单击 **排序方式**,您可以: + - 单击 **名称**,将按文件的名称顺序显示。 + - 单击 **大小**,将按文件的大小顺序显示。 + - 单击 **类型**,将按文件的类型顺序显示。 + - 单击 **修改时间**,文件将按最近一次的修改日期顺序显示。 + +> ![tips](./figures/icon125-o.svg)窍门:*您也可以勾选 **自动排列**,桌面图标将从上往下,从左往右按照当前排序规则排列,有图标被删除时后面的图标会自动向前填充。* + +### 调整图标大小 + +1. 在桌面上,单击鼠标右键。 +2. 单击 **图标大小**。 +3. 选择一个合适的图标大小。 + +> ![tips](./figures/icon125-o.svg)窍门:*您也可以用 **Ctrl** + ![=](./figures/icon134-o.svg)/![-](./figures/icon132-o.svg) 鼠标滚动来调整桌面和启动器中的图标大小。* + +### 设置显示器 + +从这里快速进入控制中心设置显示器的缩放比例、分辨率和亮度等。 + +1. 在桌面上,单击鼠标右键。 +2. 单击 **显示设置**,快速进入控制中心的显示设置界面。 + +> ![notes](./figures/icon99-o.svg)说明:*关于显示的设置,具体操作请参阅 [显示设置](#显示设置) 。* + +### 更改壁纸 + +您可以选择一些精美、时尚的壁纸来美化桌面,让您的电脑显示与众不同。 + +1. 在桌面上,单击鼠标右键。 +2. 单击 **壁纸与屏保**,在桌面底部预览所有壁纸。 +3. 选择某一壁纸后,壁纸就会在桌面和锁屏中生效。 +4. 您可以单击 **仅设置桌面** 、 **仅设置锁屏** 和 **同时设置** 来控制壁纸的生效范围。 + +![1|wallpaper](./figures/63.jpg) + +              + +> ![tips](./figures/icon125-o.svg)窍门: *您还可以在图片查看器中设置您喜欢的图片为桌面壁纸。* + +### 剪贴板 + +剪贴板展示当前用户登录系统后复制和剪切的所有文本、图片和文件。使用剪贴板可以快速复制其中的某项内容。注销或关机后,剪贴板会自动清空。 + +1. 使用快捷键 **Ctrl** + **Alt** + **V** 唤出剪贴板。 +2. 双击剪贴板内的某一区块,会快速复制当前内容, 且当前区块会被移动到剪贴板顶部。 +3. 选择目标位置粘贴。 +4. 鼠标移入剪贴板的某一区块,单击上方的![close](./figures/icon57-o.svg),删除当前内容;单击顶部的 **全部清除**,清空剪贴板。 + +![1|clipboard](./figures/40.png) + +## 任务栏 + +任务栏是指位于桌面底部的长条,主要由启动器、应用程序图标、托盘区、系统插件等组成。在任务栏,您可以打开启动器、显示桌面、进入工作区,对其上的应用程序进行打开、新建、关闭、强制退出等操作,还可以设置输入法,调节音量,连接网络,查看日历,进入关机界面等。 + +### 认识任务栏图标 + +任务栏图标包括启动器图标、应用程序图标、托盘区图标、系统插件图标等。 + +![1|fashion](./figures/45.png) + +| 图标 | 说明 | 图标 | 说明 | +| ------------------------------------------- | :------------------------------------------ | ------------------------------------------------ | ------------------------------------- | +| ![launcher](./figures/icon66-o.svg) | 启动器 - 点击查看所有已安装的应用。 | ![deepin-toggle-desktop](./figures/icon69-o.svg) | 显示桌面。 | +| ![dde-file-manager](./figures/icon63-o.svg) | 文件管理器 - 点击查看磁盘中的文件、文件夹。 | ![dde-calendar](./figures/icon62-o.svg) | 日历 - 查看日期、新建日程。 | +| ![controlcenter](./figures/icon58-o.svg) | 控制中心 - 点击进入系统设置。 | ![notification](./figures/icon101-o.svg) | 通知中心 - 显示所有系统和应用的通知。 | +| ![onboard](./figures/icon103-o.svg) | 屏幕键盘 - 点击使用虚拟键盘。 | ![shutdown](./figures/icon122-o.svg) | 电源 - 点击进入关机界面。 | +| ![trash](./figures/icon126-o.svg) | 回收站。 | | | + +              + +> ![tips](./figures/icon125-o.svg)窍门:*在高效模式下,单击任务栏最右侧可显示桌面。将鼠标指针移到任务栏上已打开窗口的图标时,会显示相应的预览窗口。* + +### 切换显示模式 + +任务栏提供两种显示模式:时尚模式和高效模式,显示不同的图标大小和应用窗口激活效果。 + +![1|fashion](./figures/46.png) + +![1|efficient](./figures/63.png) + +              + +您可以通过以下操作来切换显示模式: + +1. 右键单击任务栏。 +2. 在 **模式** 子菜单中选择一种显示模式。 + +### 设置任务栏位置 + +您可以将任务栏放置在桌面的任意方向。 + +1. 右键单击任务栏。 +2. 在 **位置** 子菜单中选择一个方向。 + +### 调整任务栏高度 + +鼠标拖动任务栏边缘,改变任务栏高度。 + +### 显示/隐藏插件 + +1. 右键单击任务栏。 +2. 在 **插件区域** 子菜单中勾选或取消勾选 **回收站、电源、显示桌面、屏幕键盘、通知中心、时间**,可以设置这些插件在任务栏上的显示和隐藏效果。 + +### 查看通知 + +当有系统或应用通知时,会在桌面上方弹出通知消息。若有按钮,单击按钮执行对应操作;若无按钮,单击关闭此消息。 + +![message](./figures/51.png) + +              + +您还可以单击任务栏上的 ![notification](./figures/icon101-o.svg), 打开通知中心,查看所有通知。 + +### 查看日期时间 + +- 鼠标指针悬停在任务栏的时间上,查看当前日期、星期和时间。 +- 单击时间,打开日历。 + +### 进入关机界面 + +您可以单击任务栏上的 ![shutdown](./figures/icon136-o.svg) 进入关机界面,也可以在启动器的小窗口模式中单击 ![poweroff_normal](./figures/icon136-o.svg)。 + +| 功能 | 说明 | +| ---------------------------------------------------------- | ------------------------------------------------------- | +| 关机![poweroff_normal](./figures/icon136-o.svg) | 关闭电脑。 | +| 重启![reboot_normal](./figures/icon110-o.svg) | 关机后再次重新运行您的电脑。 | +| 锁定![lock_normal](./figures/icon90-o.svg) | 锁定电脑,或按下键盘上的 **Super** + **L** 组合键锁定。 | +| 切换用户![userswitch_normal](./figures/icon128-o.svg) | 选择另一个用户帐户登录。 | +| 注销![logout_normal](./figures/icon92-o.svg) | 清除当前登录用户的信息。 | +| 启动系统监视器![deepin-system-monitor](./figures/icon68-o.svg) | 快速启动系统监视器。 | + +              + +> ![notes](./figures/icon99-o.svg)说明:*当系统存在多个帐户时才显示 ![userswitch_normal](./figures/icon128-o.svg)。* + +### 回收站 + +电脑中临时被删除的所有文件您都可以在回收站中找到,回收站中的文件可以被恢复或清空。 + +#### 还原文件 + +对于已删除的文件,您可以进入回收站进行还原,或使用 **Ctrl** + **Z** 还原刚删除的文件。 + +1. 在回收站中,选择要恢复的文件。 +2. 单击鼠标右键,选择 **还原**。 +3. 还原文件到原来的存储路径下。 + +> ![attention](./figures/icon52-o.svg)注意:*如果原来所在的文件夹已经删除,还原文件时会自动新建文件夹*。 + +#### 清空回收站 + +在回收站中,单击 **清空**,将彻底删除回收站的所有内容。 + +## 启动器 + +启动器 ![launcher](./figures/icon66-o.svg) 帮助您管理系统中已安装的所有应用,在启动器中使用分类导航或搜索功能可以快速找到您需要的应用程序。 + +> ![tips](./figures/icon125-o.svg)窍门:*您可以进入启动器查看新安装的应用。新安装应用的旁边会出现一个小蓝点提示*。 + +### 切换模式 + +启动器有全屏和小窗口两种模式。单击启动器界面右上角的图标来切换模式。 + +两种模式均支持搜索应用、设置快捷方式等操作。 + +小窗口模式还支持快速打开文件管理器,控制中心和进入关机界面等功能。 + +![1|fullscreen](./figures/47.jpg)![1|ini](./figures/52.png) + +### 排列应用 + +在全屏模式下,系统默认按照安装时间排列所有应用。 + +- 将鼠标悬停在应用图标上,按住鼠标左键不放,将应用图标拖拽到指定的位置自由排列。 +- 单击启动器界面左上角分类图标![category](./figures/icon56-o.svg)进行排列。 + +![1|sortapp](./figures/60.jpg) + +              + +在小窗口模式下,默认按照使用频率排列应用。 + +### 查找应用 + +在启动器中,您可以滚动鼠标滚轮或切换分类导航查找应用。 + +如果知道应用名称,直接在搜索框中输入关键字,快速定位到需要的应用。 + +### 设置快捷方式 + +快捷方式提供了一种简单快捷地启动应用的方法。 + +#### 创建快捷方式 + +将应用发送到桌面或任务栏上,方便您的后续操作。 + +在启动器中,右键单击应用图标,您可以: + +- 单击 **发送到桌面**,在桌面创建快捷方式。 + +- 单击 **发送到任务栏**,将应用固定到任务栏。 + +![0|sendto](./figures/58.png) + +> ![notes](./figures/icon99-o.svg)说明:*您还可以从启动器拖拽应用图标到任务栏上放置。但是当应用处于运行状态时您将无法拖拽固定,此时您可以右键单击任务栏上的应用图标,选择 **驻留** 将应用固定到任务栏,以便下次使用时从任务栏上快速打开。* + +#### 删除快捷方式 + +您既可以在桌面直接删除应用的快捷方式,也可以在任务栏和启动器中删除。 + +**从任务栏上删除** + +- 在任务栏上,按住鼠标左键不放,将应用图标拖拽到任务栏以外的区域移除快捷方式。 +- 当应用处于运行状态时您将无法拖拽移除,此时可以右键单击任务栏上的应用图标,选择 **移除驻留** 将应用从任务栏上移除。 + +**从启动器中删除** + +在启动器中,右键单击应用图标,您可以: + +- 单击 **从桌面上移除**,删除桌面快捷方式。 +- 单击 **从任务栏上移除**,将固定到任务栏上的应用移除。 + +> ![notes](./figures/icon99-o.svg)说明:*以上操作,只会删除应用的快捷方式,而不会卸载应用。* + +### 运行应用 + +对于已经创建了桌面快捷方式或固定到任务栏上的应用,您可以通过以下途径来打开应用。 + +- 双击桌面图标,或右键单击桌面图标选择 **打开**。 +- 直接单击任务栏上的应用图标,或右键单击任务栏上的应用图标选择 **打开**。 + +在启动器中,直接单击应用图标打开,或右键单击应用图标选择 **打开**。 + +> ![tips](./figures/icon125-o.svg)窍门:*对于经常使用的应用,您可以在启动器中,右键单击应用图标选择 **开机自动启动**。* + +## 控制中心 + +DDE桌面操作系统通过控制中心来管理系统的基本设置,包括帐户管理、网络设置、日期和时间、个性化设置、显示设置、系统信息查看等。当您进入桌面环境后,单击任务栏上的 ![controlcenter](./figures/icon58-o.svg) 即可打开控制中心窗口。 + +### 首页介绍 + +控制中心首页主要展示各个设置模块,方便日常查看和快速设置。 + +![2|dcchomepage](./figures/42.png) + +              + +打开控制中心的某一设置模块后,可以通过左侧导航栏快速切换到另一设置模块。 + +![2|cc-navigation](./figures/39.png) + +#### 标题栏 + +标题栏包含返回按钮,搜索框,主菜单及窗口按钮。 + +- 返回按钮:若要返回首页,单击 ![back](./figures/icon53-o.svg)。 +- 搜索框:输入关键字后,回车,搜索相应设置。 +- 主菜单:单击![menu](./figures/icon83-o.svg) 进入主菜单。在主菜单中,您可以设置窗口主题,查看版本,或退出控制中心。 + +### 帐户设置 + +在安装系统时您已经创建了一个帐户。在这里,您可以修改帐户设置或创建一个新帐户。 + +![0|account](./figures/38.png) + +#### 创建新帐户 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击![add](./figures/icon50-o.svg)。 +3. 输入用户名、密码和重复密码。 +4. 单击 **创建**。 +5. 在授权对话框输入当前帐户的密码,新帐户就会添加到帐户列表中。 + +#### 更改头像 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击列表中的帐户。 +3. 单击帐户头像,选择一个头像或添加本地头像,头像就替换完成了。 + +#### 设置全名 + +帐户全名会显示在帐户列表和系统登录界面,可根据需要设置。 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击列表中的帐户。 +3. 单击 **设置全名** 后的 ![edit](./figures/icon75-o.svg),输入帐户全名。 + +#### 修改密码 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击当前帐户。 +3. 单击 **修改密码**,进入修改密码页面。 +4. 输入当前密码、新密码和重复密码。 + +#### 删除帐户 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击其他未登录的帐户。 +3. 单击 **删除帐户** 。 +4. 在弹出的确认界面中单击 **删除**。 + +> ![attention](./figures/icon52-o.svg)注意: *已登录的帐户无法被删除。* + +#### 权限设置 + +除安装时的第一个帐户是管理员权限外,后面所添加的所有帐户都是普通用户。一个帐户可以在多个用户组内。 + +##### 设置组 + +添加或修改帐户时,可以: + +- 选择系统内已有的组。 +- 选择当前用户同名的组。 +- 选择之前添加帐户时和其他用户同名的组。 + +### 显示设置 + +设置显示器的分辨率、亮度、屏幕方向等,让您的电脑显示到达最佳状态。 + +![0|video](./figures/44.png) + +#### 单屏设置 + +##### 更改分辨率 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **分辨率**,进入分辨率设置界面。 +3. 在列表中选择合适的分辨率参数。 +4. 单击 **保存**。 + +##### 调节亮度 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **亮度**,进入亮度设置界面。 + + - 拖动亮度条滑块,调节屏幕亮度。 + - 打开 **自动调节色温** 开关,开启进入护眼模式,自动调节色温。 + - 打开 **手动调节** 亮度开关,可以调节屏幕亮度 。 + +##### 设置屏幕刷新率 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **刷新率**。 +3. 选择一个合适的刷新率,单击 **保存**。 + +##### 改变屏幕方向 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 ![rotate](./figures/icon112-o.svg) 。 +3. 每单击一下鼠标左键,屏幕逆时针旋转90°。 +4. 要还原为之前的屏幕方向,单击鼠标右键退出;要使用当前屏幕方向,请按下组合键 **Ctrl** + **S** 保存。 + +#### 多屏设置 + +多屏显示,让您的视野无限延伸!使用VGA、HDMI、EDP等线缆将您的电脑和另一台显示器、投影仪等连接起来,同时在多个屏幕显示您电脑上的内容。 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **多屏显示模式**。 +3. 选择一种显示模式。 + - **复制** 将主屏的显示内容复制到其他屏幕。 + - **扩展** 将主屏的显示内容扩展到其他屏幕,扩大桌面区域。 + - **自定义** 设置显示模式,主屏、分辨率、刷新率和屏幕旋转方向。 + +在多屏环境下,按下 **Super** + **P**调出多屏显示模式的OSD。 + +详细操作方法如下。 + +1. 按住 **Super** 不放,再按下 **P** 或鼠标单击来进行模式选择。 +2. 松开按键,确认选择,模式生效。 + +> ![notes](./figures/icon99-o.svg)说明:*当多屏显示模式为扩展模式时,仅主屏支持桌面图标显示、操作右键菜单等功能,而副屏不支持。* + +##### 自定义设置 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **多屏显示模式** > **自定义**。 +3. 单击 “识别”,查看屏幕名称。 +4. 选择“合并”或“拆分”,然后对多个屏幕进行设置,如主屏、分辨率、刷新率,旋转屏幕等。 +5. 单击 **保存**。 + +> ![notes](./figures/icon99-o.svg)说明:*合并即复制模式,拆分即扩展模式。* + +### 默认程序设置 + +当安装有多个功能相似的应用程序时,可以选择其中的一个应用作为对应文件类型的默认启动程序。 + +![0|default](./figures/39.png) + +#### 设置默认程序 + +1. 右键单击文件,选择 **打开方式** > **选择默认程序**。 +2. 选择一个应用,自动勾选"设为默认",单击 **确定**。 +3. 该应用将自动添加到控制中心的默认程序列表。 + +#### 更改默认程序 + +1. 在控制中心首页,单击 ![default_applications_normal](./figures/icon70-o.svg)。 +2. 选择一个文件类型进入默认程序列表。 +3. 在列表中选择另一个应用程序。 + +#### 添加默认程序 + +1. 在控制中心首页,单击 ![default_applications_normal](./figures/icon70-o.svg)。 +2. 选择文件类型进入默认程序列表。 +3. 单击列表下的![add](./figures/icon50-o.svg),选择desktop文件(一般在/usr/share/applications),或特定的二进制文件。 +4. 该程序将添加到列表,并自动设置为默认程序。 + +#### 删除默认程序 + +在默认程序列表中,您只能删除自己添加的应用程序,不能删除系统已经安装的应用。要删除系统已经安装的应用,只能卸载应用。卸载后该应用将自动从默认程序列表中删除。 + +可用以下方法删除自己添加的默认程序。 + +1. 在控制中心首页,单击 ![default_applications_normal](./figures/icon70-o.svg)。 +2. 选择文件类型进入默认程序列表。 +3. 单击程序后面的![close](./figures/icon57-o.svg),删除默认程序。 + +### 个性化设置 + +在这里,您可以设置系统主题、活动用色、字体等,改变桌面和窗口的外观,设置成您喜欢的显示风格。 + +![0|personalise](./figures/56.png) + +#### 设置窗口主题 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **通用**,选择一种窗口主题。 +3. 该主题即为系统窗口主题。 + +> ![tips](./figures/icon125-o.svg)窍门:*自动主题表示根据当前时区的时间,根据日出日落的时间自动更换窗口主题。日出后是浅色,日落后是深色。* + +#### 更改活动用色 + +活动用色是指选中某一选项时的强调色。 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **通用**。 +3. 单击 **活动用色** 下的一种颜色,可实时查看该颜色效果。 + +#### 设置图标主题 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **图标主题**,选择一款图标样式。 + +#### 设置光标主题 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **光标主题**,选择一款光标样式。 + +#### 更改系统字体 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **字体**,进入设置字体界面。 +3. 设置系统字号和字体。 + +### 网络设置 + +登录系统后,您需要连接网络,才能接收邮件、浏览新闻、下载文件、聊天、网上购物等。 + +> ![tips](./figures/icon125-o.svg)窍门:*您可以单击任务栏托盘区的网络图标,查看当前网络状态。* + +![0|network](./figures/54.png) + +#### 有线网络 + +有线网络安全快速稳定,是最常见的网络连接方式。当您设置好路由器后,把网线两端分别插入电脑和路由器,即可连接有线网络。 + +1. 将网线插入电脑上的网络插孔。 +2. 将网线的另一端插入路由器或网络端口。 +3. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +4. 单击 **有线网络**,进入有线网络设置界面。 +5. 打开 **有线网卡**,开启有线网络连接功能。 +6. 当网络连接成功后,桌面右上角将弹出“已连接有线连接”的提示信息。 + +您还可以在有线网络的设置界面,编辑或新建有线网络设置。 + +#### 移动网络 + +当您处于一个没有网络信号的地方时,可以使用无线上网卡来上网。在有电话信号覆盖的任何地方,无线上网卡通过运营商的移动数据网络接入宽带服务。 + +1. 将移动网卡插入电脑上的USB接口中。 +2. 电脑将根据移动网卡和运营商信息,自动适配并自动连接网络。 +3. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +4. 单击 **移动网络**,查看详细设置信息。 + +#### 拨号网络 + +拨号上网(DSL)是指通过本地电话拨号连接到网络的连接方式。配置好调制解调器,把电话线插入电脑的网络接口,创建宽带拨号连接,输入运营商提供的用户名和密码,即可拨号连接到Internet上。 + +##### 新建拨号连接 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **DSL**,单击 ![add](./figures/icon50-o.svg)。 +3. 输入宽带名称、帐户、密码。 +4. 单击 **保存**,系统自动创建宽带连接并尝试连接。 + +#### VPN + +VPN即虚拟专用网络,其主要功能是在公用网络上建立专用网络,进行加密通讯。无论您是在外地出差还是在家中办公,只要能上网就能利用VPN访问企业的内网资源。您还可以使用VPN加速访问其他国家的网站。 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **VPN**,选择 ![add](./figures/icon50-o.svg) 或 ![import](./figures/icon84-o.svg)。 +3. 选择VPN协议类型,并输入名称、网关、帐号、密码等信息。(导入VPN会自动填充信息) +4. 单击 **保存**,系统自动尝试连接VPN网络。 +5. 您可以将VPN设置导出,备用或共享给其他用户。 + +> ![notes](./figures/icon99-o.svg)说明:*打开 **仅用于相对应的网络上的资源** 开关,可以不将VPN设置为默认路由,只在特定的网络资源上生效。* + +#### 系统代理 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **系统代理**,进入系统代理界面。 + + - 单击 **无**,关闭代理服务器功能。 + - 单击 **手动**,输入代理服务器的地址和端口信息。 + - 单击 **自动**,输入URL,系统将自动配置代理服务器的信息。 + +#### 应用代理 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **应用代理**。 +3. 设置应用代理参数。 +4. 单击 **保存**。 + +> ![notes](./figures/icon99-o.svg)说明:*应用代理设置成功后,打开启动器,右键单击应用图标,可以选择 **使用代理**。* + +#### 网络详情 + +在网络详情界面,您可以查看MAC、IP地址、网关和其他网络信息。 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **网络详情**,进入网络信息界面。 +3. 查看当前有线网络或无线网络的信息。 + +### 声音设置 + +输入输出设备声音的设置(如设置扬声器和麦克风),让您听得更舒适,录音更清晰。 + +![0|sound](./figures/61.png) + +#### 输出设备 + +1. 在控制中心首页,单击 ![sound_normal](./figures/icon116-o.svg)。 +2. 单击 **输出**,进入输出设备配置界面,您可以: + - 在输出设备后面的下拉框中选择输出设备类型。 + - 通过拖曳滑块调节输出音量和左/右声道平衡。 + - 打开 **音量增强**,音量的可调节区间由0-100% 转变为0-150%。 + +#### 输入设备 + +1. 在控制中心首页,单击 ![sound_normal](./figures/icon116-o.svg)。 +2. 单击 **输入**,进入输入设备配置界面,您可以: + - 在输入设备后面的下拉框中选择输入设备类型。 + - 通过拖曳滑块调节输入音量。 + - 打开 **开启** 按钮,还可以设置 **噪音抑制** 功能。 + +> ![tips](./figures/icon125-o.svg)窍门:*通常,需要调大输入音量,确保能够听到声源的声音,但是音量不宜过大,因为这会导致声音失真。可以对着麦克风以正常说话的音量讲话,并观察反馈音量的变化,变化较明显,则说明输入音量合适。* + +#### 系统音效 + +1. 在控制中心首页,单击 ![sound_normal](./figures/icon116-o.svg)。 +2. 单击 **系统音效**,勾选选项,开启某一事件发生时的声音效果。 + +> ![tips](./figures/icon125-o.svg)窍门:*您可以单击试听音效。* + +### 时间日期 + +正确选择您所在的时区,一般即可显示正确的日期和时间。您也可以手动修改时间和日期。 + +![0|time](./figures/62.png) + +#### 修改时区 + +在您安装系统时,已选择了系统时区。若要修改系统时区,请按如下步骤设置。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时区列表**。 +3. 单击 **修改系统时区**, 通过搜索或单击地图选择时区。 +4. 单击 **确定**。 + +#### 添加时区 + +您可以同时使用多个时区,以便查看另一时区的时间。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时区列表**。 +3. 单击![add](./figures/icon50-o.svg),通过搜索或单击地图选择时区。 +4. 单击 **添加**。 + +#### 删除时区 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时区列表**。 +3. 单击时区列表后面的 **编辑**。 +4. 单击 ![delete](./figures/icon71-o.svg),删除已添加的时区。 + +#### 修改时间和日期 + +默认情况下,系统通过网络自动同步该时区的本地时间和日期。您也可以手动修改时间和日期。手动设置后,自动同步功能会被关闭。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时间设置** 。 + - 开启或关闭自动同步配置。 + - 设置正确的时间和日期。 +3. 单击 **确定**。 + +#### 设置时间日期格式 + +支持即时设置时间日期的格式。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **格式设置**,可以设置星期、长短日期、长短时间等格式。 + +### 电源管理 + +对系统电源进行一些设置,让系统更安全。 + +![0|power](./figures/57.png) + +              + +#### 设置显示器关闭时间 + +1. 在控制中心首页,单击 ![power_normal](./figures/icon107-o.svg)。 +2. 单击 **使用电源**。 +3. 选择关闭显示器的时间。 + +#### 设置自动锁屏时间 + +1. 在控制中心首页,单击 ![power_normal](./figures/icon107-o.svg)。 +2. 单击 **使用电源**。 +3. 选择自动锁屏的时间。 + +#### 设置电源按钮 + +1. 在控制中心首页,单击 ![power_normal](./figures/icon107-o.svg)。 +2. 单击 **使用电源**。 +3. 选择电源按钮 **关机**、**关闭显示器** 或 **无任何操作**,更改电源设置。 + +更改设置后会即时生效,同时系统通知用户已修改电源设置。 + +### 鼠标 + +鼠标是计算机的常用输入设备。使用鼠标,可以使操作更加简便快捷。 + +![0|mouse](./figures/53.png) + +#### 通用设置 + +1. 在控制中心首页,单击 ![mouse_touchpad_normal](./figures/icon94-o.svg)。 +2. 单击 **通用**。 +3. 开启 **左手模式**,调节鼠标和触控板的**滚动速度**,**双击速度**。 + +> ![notes](./figures/icon99-o.svg)说明:*开启左手模式后,鼠标的左右键功能互换。* + +#### 鼠标设置 + +插入或连接鼠标后,在控制中心进行相关设置,让其更符合您的使用习惯。 + +1. 在控制中心首页,单击 ![mouse_touchpad_normal](./figures/icon94-o.svg)。 +2. 单击 **鼠标**。 +3. 调节 **指针速度**, 控制鼠标移动时指针移动的速度。 +4. 单击 **自然滚动** / **鼠标加速** 开关,开启相应功能。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> - *开启鼠标加速,提高了指针精确度,鼠标指针在屏幕上的移动距离会根据移动速度的加快而增加。可以根据使用情况开启或关闭。* +> - *自然滚动开启后,鼠标滚轮向下滚动,内容会向下滚动;鼠标滚轮向上滚动,内容会向上滚动。* + +### 键盘和语言 + +在此模块,您可以设置键盘属性,以便符合您的输入习惯,还可以根据国家和语言调整键盘布局,设置系统语言,以及自定义快捷键。 + +![0|keyboard](./figures/59.png) + +#### 键盘属性 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **通用**。 +3. 调节 **重复延迟**/**重复速度**。 +4. 单击“请在此测试”,按下键盘上的任意字符不松开,查看调节效果。 +5. 单击 **启用数字键盘**/**大写锁定提示** 开关,开启相应功能。 + +#### 键盘布局 + +设置键盘布局,可以为当前语言自定义键盘。按下键盘上的按键时,键盘布局会控制哪些字符显示在屏幕上。更改键盘布局后,屏幕上的字符可能与键盘按键上的字符不相符。 + +一般在安装系统时,就已经设置了键盘布局,您也可以添加其他的键盘布局。 + +![layout](./figures/50.png) + +##### 添加键盘布局 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **键盘布局**,进入键盘布局界面。 +3. 单击![add](./figures/icon50-o.svg),单击某一键盘布局即可添加到列表。 + +##### 删除键盘布局 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **键盘布局**,进入键盘布局界面。 +3. 单击”键盘布局“后的 **编辑**。 +4. 单击 ![delete](./figures/icon71-o.svg),删除该键盘布局。 + +##### 切换键盘布局 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **键盘布局**,进入键盘布局界面。 +3. 选择一个键盘布局进行切换。 +4. 切换成功后,该键盘布局将标记为已选择。 + +> ![tips](./figures/icon125-o.svg)窍门:*您也可以选择一组或多组快捷键,按顺序切换已添加的键盘布局。选择 **切换方式**, 让切换后的键盘布局应用于整个系统或当前应用。* + +#### 系统语言 + +系统语言默认为您安装系统时所选择的语言,可以随时更改。 + +##### 添加系统语言 + +您可以添加多个语言到系统语言列表,以便切换系统语言。 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **系统语言**,进入系统语言界面。 +3. 单击 ![add](./figures/icon50-o.svg) 进入语言列表。 +4. 选择语言,该语言将自动添加到系统语言列表。 + +##### 切换系统语言 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **系统语言**,进入系统语言界面。 +3. 选择要切换的语言,系统将自动开始安装语言包。 +4. 语言包安装完成后,需要注销后重新登录,以便设置生效。 + +> ![attention](./figures/icon52-o.svg)注意:*更改系统语言后,键盘布局可能也会发生改变。重新登录时,请确保使用正确的键盘布局来输入密码。* + +#### 快捷键 + +快捷键列表显示了系统所有的快捷键。您可以在这里查看、修改和自定义快捷键。 + +![0|shortcut](./figures/59.png) + +##### 查看快捷键 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **快捷键**,进入快捷键设置界面。 +3. 搜索或查看默认的系统快捷键、窗口快捷键和工作区快捷键。 + +##### 修改快捷键 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **快捷键**,进入快捷键设置界面。 +3. 单击需要修改的快捷键。 +4. 使用键盘输入新的快捷键。 + +> ![tips](./figures/icon125-o.svg)窍门:*若要禁用快捷键,请按下键盘上的 ![Backspace](./figures/icon54-o.svg)。若要取消修改快捷键,按下键盘上 **Esc** 键, 或单击下方的”恢复默认”按钮。* + +##### 自定义快捷键 + +您可以为常用的应用自定义一个快捷键。 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **快捷键**。 +3. 单击![add](./figures/icon50-o.svg),进入添加快捷键界面。 +4. 输入快捷键名称、命令和快捷键。 +5. 单击 **添加**。 +6. 添加成功后,单击”自定义快捷键“后的 **编辑**。 +7. 单击某个快捷键后 ![delete](./figures/icon71-o.svg), 删除自定义的快捷键。 + +> ![tips](./figures/icon125-o.svg)窍门:*若要修改快捷键,单击输入新的快捷键即可。若要修改自定义快捷键的名称和命令,单击“自定义快捷键”后的 **编辑** ,单击快捷键名称后的 ![edit](./figures/icon75-o.svg),进入修改页面。* + +### 系统信息 + +您可以查看系统版本、版本授权和电脑硬件等信息,以及该系统的一些协议。 + +![0|info](./figures/48.png) + +#### 关于本机 + +1. 在控制中心首页,单击 ![system_info_normal](./figures/icon120-o.svg)。 +2. 在 **关于本机** 下,您可以查看当前系统版本、版本授权及电脑硬件信息; +3. 若系统未激活,可在此页面单击 **激活**,进行系统激活。 + +#### 版本协议 + +1. 在控制中心首页,单击 ![system_info_normal](./figures/icon120-o.svg)。 +2. 在 **版本协议** 下,查看系统版本协议。 + +#### 最终用户许可协议 + +1. 在控制中心首页,单击 ![system_info_normal](./figures/icon120-o.svg)。 +2. 在 **最终用户许可协议** 下,查看最终用户许可协议。 + +## 键盘交互 + +您可以使用键盘在各个界面区域内切换,并选择对象,执行操作。 + +| 按键 | 功能 | +| :----------------------------------------------------------- | :----------------------------------------------------------- | +| **Tab** | 在不同区域或对话框按钮之间切换。 | +| ![Up](./figures/icon127-o.svg) ![Down](./figures/icon73-o.svg) ![Left](./figures/icon88-o.svg) ![Right](./figures/icon111-o.svg) | 在同区域内对不同的对象进行选择。使用 ![Right](./figures/icon111-o.svg) 进入下级菜单,使用 ![Left](./figures/icon88-o.svg) 返回上级菜单。使用![Up](./figures/icon127-o.svg)![Down](./figures/icon73-o.svg) 键进行上下切换 。 | +| **Enter** | 执行选定对象。 | +| **Space** | 在文件管理器中,预览选定对象;在影院和音乐中,开始/暂停播放;在下拉列表中,展开下拉选项(也可使用回车键)。 | +| **Ctrl**+**M** | 打开右键菜单。 | diff --git a/docs/zh/tools/desktop/dde/dde_userguide1.md b/docs/zh/tools/desktop/dde/dde_userguide1.md new file mode 100644 index 0000000000000000000000000000000000000000..cf094d5fcb0ac4b863f34946f09464ec94906d67 --- /dev/null +++ b/docs/zh/tools/desktop/dde/dde_userguide1.md @@ -0,0 +1,23 @@ +# DDE 用户指南 + +本节主要描述 DDE 桌面环境的安装和使用。 + +## FAQ 常见问题及解答 + +### 1.安装DDE后,root帐户登录桌面无计算机和回收站图标? + +* 问题表现 + + 安装DDE后,root帐户登录桌面无计算机和回收站图标 + +![img](./figures/dde-1.png) + +* 问题原因 + + 由于root用户在安装DDE前已创建,而DDE在安装时不会对已经创建的用户进行新增桌面图标操作。DDE安装后新建用户无此问题。 + +* 解决方案 + + 用户可通过启动器中右键对应图标发送到桌面即可,无任何功能差异。 + + ![img](./figures/dde-2.png) diff --git a/docs/zh/tools/desktop/dde/figures/.keep b/docs/zh/tools/desktop/dde/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/zh/tools/desktop/dde/figures/1.png b/docs/zh/tools/desktop/dde/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/10.png b/docs/zh/tools/desktop/dde/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/10.png differ diff --git a/docs/zh/tools/desktop/dde/figures/11.png b/docs/zh/tools/desktop/dde/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/11.png differ diff --git a/docs/zh/tools/desktop/dde/figures/12.png b/docs/zh/tools/desktop/dde/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/12.png differ diff --git a/docs/zh/tools/desktop/dde/figures/13.png b/docs/zh/tools/desktop/dde/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/13.png differ diff --git a/docs/zh/tools/desktop/dde/figures/14.png b/docs/zh/tools/desktop/dde/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/14.png differ diff --git a/docs/zh/tools/desktop/dde/figures/15.png b/docs/zh/tools/desktop/dde/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/15.png differ diff --git a/docs/zh/tools/desktop/dde/figures/16.png b/docs/zh/tools/desktop/dde/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/16.png differ diff --git a/docs/zh/tools/desktop/dde/figures/17.png b/docs/zh/tools/desktop/dde/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/17.png differ diff --git a/docs/zh/tools/desktop/dde/figures/18.png b/docs/zh/tools/desktop/dde/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/18.png differ diff --git a/docs/zh/tools/desktop/dde/figures/19.png b/docs/zh/tools/desktop/dde/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/19.png differ diff --git a/docs/zh/tools/desktop/dde/figures/2.png b/docs/zh/tools/desktop/dde/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/2.png differ diff --git a/docs/zh/tools/desktop/dde/figures/20.png b/docs/zh/tools/desktop/dde/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/20.png differ diff --git a/docs/zh/tools/desktop/dde/figures/21.png b/docs/zh/tools/desktop/dde/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/21.png differ diff --git a/docs/zh/tools/desktop/dde/figures/22.png b/docs/zh/tools/desktop/dde/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/22.png differ diff --git a/docs/zh/tools/desktop/dde/figures/23.png b/docs/zh/tools/desktop/dde/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/23.png differ diff --git a/docs/zh/tools/desktop/dde/figures/24.png b/docs/zh/tools/desktop/dde/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/24.png differ diff --git a/docs/zh/tools/desktop/dde/figures/25.png b/docs/zh/tools/desktop/dde/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/25.png differ diff --git a/docs/zh/tools/desktop/dde/figures/26.png b/docs/zh/tools/desktop/dde/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/26.png differ diff --git a/docs/zh/tools/desktop/dde/figures/27.png b/docs/zh/tools/desktop/dde/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/27.png differ diff --git a/docs/zh/tools/desktop/dde/figures/28.png b/docs/zh/tools/desktop/dde/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/28.png differ diff --git a/docs/zh/tools/desktop/dde/figures/29.png b/docs/zh/tools/desktop/dde/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/29.png differ diff --git a/docs/zh/tools/desktop/dde/figures/3.png b/docs/zh/tools/desktop/dde/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/3.png differ diff --git a/docs/zh/tools/desktop/dde/figures/30.png b/docs/zh/tools/desktop/dde/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/30.png differ diff --git a/docs/zh/tools/desktop/dde/figures/31.png b/docs/zh/tools/desktop/dde/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/31.png differ diff --git a/docs/zh/tools/desktop/dde/figures/32.png b/docs/zh/tools/desktop/dde/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/32.png differ diff --git a/docs/zh/tools/desktop/dde/figures/33.png b/docs/zh/tools/desktop/dde/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/33.png differ diff --git a/docs/zh/tools/desktop/dde/figures/34.png b/docs/zh/tools/desktop/dde/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/34.png differ diff --git a/docs/zh/tools/desktop/dde/figures/35.png b/docs/zh/tools/desktop/dde/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/35.png differ diff --git a/docs/zh/tools/desktop/dde/figures/36.png b/docs/zh/tools/desktop/dde/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/36.png differ diff --git a/docs/zh/tools/desktop/dde/figures/37.png b/docs/zh/tools/desktop/dde/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/37.png differ diff --git a/docs/zh/tools/desktop/dde/figures/38.png b/docs/zh/tools/desktop/dde/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/38.png differ diff --git a/docs/zh/tools/desktop/dde/figures/39.png b/docs/zh/tools/desktop/dde/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/39.png differ diff --git a/docs/zh/tools/desktop/dde/figures/4.png b/docs/zh/tools/desktop/dde/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/4.png differ diff --git a/docs/zh/tools/desktop/dde/figures/40.png b/docs/zh/tools/desktop/dde/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/40.png differ diff --git a/docs/zh/tools/desktop/dde/figures/41.png b/docs/zh/tools/desktop/dde/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/41.png differ diff --git a/docs/zh/tools/desktop/dde/figures/42.png b/docs/zh/tools/desktop/dde/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/42.png differ diff --git a/docs/zh/tools/desktop/dde/figures/43.jpg b/docs/zh/tools/desktop/dde/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/43.jpg differ diff --git a/docs/zh/tools/desktop/dde/figures/44.png b/docs/zh/tools/desktop/dde/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/44.png differ diff --git a/docs/zh/tools/desktop/dde/figures/45.png b/docs/zh/tools/desktop/dde/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/45.png differ diff --git a/docs/zh/tools/desktop/dde/figures/46.png b/docs/zh/tools/desktop/dde/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/46.png differ diff --git a/docs/zh/tools/desktop/dde/figures/47.jpg b/docs/zh/tools/desktop/dde/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/47.jpg differ diff --git a/docs/zh/tools/desktop/dde/figures/48.png b/docs/zh/tools/desktop/dde/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/48.png differ diff --git a/docs/zh/tools/desktop/dde/figures/49.png b/docs/zh/tools/desktop/dde/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/49.png differ diff --git a/docs/zh/tools/desktop/dde/figures/5.png b/docs/zh/tools/desktop/dde/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/5.png differ diff --git a/docs/zh/tools/desktop/dde/figures/50.png b/docs/zh/tools/desktop/dde/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/50.png differ diff --git a/docs/zh/tools/desktop/dde/figures/51.png b/docs/zh/tools/desktop/dde/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/51.png differ diff --git a/docs/zh/tools/desktop/dde/figures/52.png b/docs/zh/tools/desktop/dde/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/52.png differ diff --git a/docs/zh/tools/desktop/dde/figures/53.png b/docs/zh/tools/desktop/dde/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/53.png differ diff --git a/docs/zh/tools/desktop/dde/figures/54.png b/docs/zh/tools/desktop/dde/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/54.png differ diff --git a/docs/zh/tools/desktop/dde/figures/56.png b/docs/zh/tools/desktop/dde/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/56.png differ diff --git a/docs/zh/tools/desktop/dde/figures/57.png b/docs/zh/tools/desktop/dde/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/57.png differ diff --git a/docs/zh/tools/desktop/dde/figures/58.png b/docs/zh/tools/desktop/dde/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/58.png differ diff --git a/docs/zh/tools/desktop/dde/figures/59.png b/docs/zh/tools/desktop/dde/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/59.png differ diff --git a/docs/zh/tools/desktop/dde/figures/6.png b/docs/zh/tools/desktop/dde/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/6.png differ diff --git a/docs/zh/tools/desktop/dde/figures/60.jpg b/docs/zh/tools/desktop/dde/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/60.jpg differ diff --git a/docs/zh/tools/desktop/dde/figures/61.png b/docs/zh/tools/desktop/dde/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/61.png differ diff --git a/docs/zh/tools/desktop/dde/figures/62.png b/docs/zh/tools/desktop/dde/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/62.png differ diff --git a/docs/zh/tools/desktop/dde/figures/63.jpg b/docs/zh/tools/desktop/dde/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/63.jpg differ diff --git a/docs/zh/tools/desktop/dde/figures/63.png b/docs/zh/tools/desktop/dde/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/63.png differ diff --git a/docs/zh/tools/desktop/dde/figures/64.png b/docs/zh/tools/desktop/dde/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/64.png differ diff --git a/docs/zh/tools/desktop/dde/figures/7.png b/docs/zh/tools/desktop/dde/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/7.png differ diff --git a/docs/zh/tools/desktop/dde/figures/8.png b/docs/zh/tools/desktop/dde/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/8.png differ diff --git a/docs/zh/tools/desktop/dde/figures/9.png b/docs/zh/tools/desktop/dde/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/9.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-01.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-01.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-02.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-02.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-03.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-03.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-04.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-04.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-05.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-05.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-06.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-06.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-07.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-07.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-08.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-08.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-09.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-09.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-10.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-10.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-11.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-11.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-12.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-12.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-13.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-13.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-14.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-14.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-15.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-15.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-16.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-16.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-17.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-17.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-18.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-18.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-19.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-19.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-20.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-20.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-21.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-21.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-22.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-22.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-23.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-23.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-24.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-24.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-25.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-25.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-26.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-26.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-27.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-27.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-28.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-28.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-29.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-29.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-30-0.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-30-0.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-30-1.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-30-1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-31.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-31.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-32.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-32.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-33.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-33.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-34.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-34.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-35-0.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-35-0.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-35-1.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-35-1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-36.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-36.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-37.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-37.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-38.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-38.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-39.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-39.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-40.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-40.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-41-0.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-41-0.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-41-1.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-41-1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-42.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-42.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-43.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-43.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-44.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-44.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-45.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-45.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-46.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-46.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-47.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-47.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-48.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-48.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-49.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-49.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-50.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-50.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-51.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-51.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-52.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-52.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-53.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-53.png differ diff --git a/docs/zh/tools/desktop/dde/figures/Cinnamon-54.png b/docs/zh/tools/desktop/dde/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/Cinnamon-54.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-add-resource.png b/docs/zh/tools/desktop/dde/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-add-resource.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-apache-show.png b/docs/zh/tools/desktop/dde/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-apache-show.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-apache-suc.png b/docs/zh/tools/desktop/dde/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-apache-suc.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-api.png b/docs/zh/tools/desktop/dde/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-api.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-clone-suc.png b/docs/zh/tools/desktop/dde/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-clone-suc.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-clone.png b/docs/zh/tools/desktop/dde/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-clone.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-corosync.png b/docs/zh/tools/desktop/dde/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-corosync.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-firstchoice-cmd.png b/docs/zh/tools/desktop/dde/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-firstchoice-cmd.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-firstchoice.png b/docs/zh/tools/desktop/dde/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-firstchoice.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-group-new-suc.png b/docs/zh/tools/desktop/dde/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-group-new-suc.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-group-new-suc2.png b/docs/zh/tools/desktop/dde/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-group-new-suc2.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-group-new.png b/docs/zh/tools/desktop/dde/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-group-new.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-group-suc.png b/docs/zh/tools/desktop/dde/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-group-suc.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-group.png b/docs/zh/tools/desktop/dde/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-group.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-home-page.png b/docs/zh/tools/desktop/dde/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-home-page.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-login.png b/docs/zh/tools/desktop/dde/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-login.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-mariadb-suc.png b/docs/zh/tools/desktop/dde/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-mariadb-suc.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-mariadb.png b/docs/zh/tools/desktop/dde/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-mariadb.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-nfs-suc.png b/docs/zh/tools/desktop/dde/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-nfs-suc.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-nfs.png b/docs/zh/tools/desktop/dde/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-nfs.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-pacemaker.png b/docs/zh/tools/desktop/dde/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-pacemaker.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-pcs-status.png b/docs/zh/tools/desktop/dde/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-pcs-status.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-pcs.png b/docs/zh/tools/desktop/dde/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-pcs.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-qdevice.png b/docs/zh/tools/desktop/dde/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-qdevice.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-refresh.png b/docs/zh/tools/desktop/dde/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-refresh.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-vip-suc.png b/docs/zh/tools/desktop/dde/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-vip-suc.png differ diff --git a/docs/zh/tools/desktop/dde/figures/HA-vip.png b/docs/zh/tools/desktop/dde/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/HA-vip.png differ diff --git a/docs/zh/tools/desktop/dde/figures/dde-1.png b/docs/zh/tools/desktop/dde/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/dde-1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/dde-2.png b/docs/zh/tools/desktop/dde/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/dde-2.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-1.png b/docs/zh/tools/desktop/dde/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-10.png b/docs/zh/tools/desktop/dde/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-10.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-11.png b/docs/zh/tools/desktop/dde/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-11.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-12.png b/docs/zh/tools/desktop/dde/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-12.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-13.png b/docs/zh/tools/desktop/dde/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-13.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-14.png b/docs/zh/tools/desktop/dde/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-14.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-15.png b/docs/zh/tools/desktop/dde/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-15.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-16.png b/docs/zh/tools/desktop/dde/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-16.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-17.png b/docs/zh/tools/desktop/dde/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-17.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-18.png b/docs/zh/tools/desktop/dde/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-18.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-19.png b/docs/zh/tools/desktop/dde/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-19.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-2.png b/docs/zh/tools/desktop/dde/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-2.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-20.png b/docs/zh/tools/desktop/dde/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-20.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-21.png b/docs/zh/tools/desktop/dde/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-21.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-22.png b/docs/zh/tools/desktop/dde/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-22.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-23.png b/docs/zh/tools/desktop/dde/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-23.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-24.png b/docs/zh/tools/desktop/dde/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-24.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-25.png b/docs/zh/tools/desktop/dde/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-25.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-26.png b/docs/zh/tools/desktop/dde/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-26.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-27.png b/docs/zh/tools/desktop/dde/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-27.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-28.png b/docs/zh/tools/desktop/dde/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-28.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-29.png b/docs/zh/tools/desktop/dde/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-29.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-3.png b/docs/zh/tools/desktop/dde/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-3.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-30.png b/docs/zh/tools/desktop/dde/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-30.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-31.png b/docs/zh/tools/desktop/dde/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-31.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-32.png b/docs/zh/tools/desktop/dde/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-32.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-33.png b/docs/zh/tools/desktop/dde/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-33.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-34.png b/docs/zh/tools/desktop/dde/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-34.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-35.png b/docs/zh/tools/desktop/dde/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-35.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-36.png b/docs/zh/tools/desktop/dde/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-36.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-37.png b/docs/zh/tools/desktop/dde/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-37.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-38.png b/docs/zh/tools/desktop/dde/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-38.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-39.png b/docs/zh/tools/desktop/dde/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-39.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-4.png b/docs/zh/tools/desktop/dde/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-4.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-40.png b/docs/zh/tools/desktop/dde/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-40.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-41.png b/docs/zh/tools/desktop/dde/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-41.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-42.png b/docs/zh/tools/desktop/dde/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-42.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-43.png b/docs/zh/tools/desktop/dde/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-43.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-44.png b/docs/zh/tools/desktop/dde/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-44.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-45.png b/docs/zh/tools/desktop/dde/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-45.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-46.png b/docs/zh/tools/desktop/dde/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-46.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-47.png b/docs/zh/tools/desktop/dde/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-47.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-48.png b/docs/zh/tools/desktop/dde/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-48.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-49.png b/docs/zh/tools/desktop/dde/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-49.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-5.png b/docs/zh/tools/desktop/dde/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-5.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-50.png b/docs/zh/tools/desktop/dde/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-50.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-51.png b/docs/zh/tools/desktop/dde/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-51.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-52.png b/docs/zh/tools/desktop/dde/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-52.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-53.png b/docs/zh/tools/desktop/dde/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-53.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-54.png b/docs/zh/tools/desktop/dde/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-54.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-55.png b/docs/zh/tools/desktop/dde/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-55.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-56.png b/docs/zh/tools/desktop/dde/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-56.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-57.png b/docs/zh/tools/desktop/dde/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-57.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-58.png b/docs/zh/tools/desktop/dde/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-58.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-59.png b/docs/zh/tools/desktop/dde/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-59.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-6.png b/docs/zh/tools/desktop/dde/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-6.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-7.png b/docs/zh/tools/desktop/dde/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-7.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-8.png b/docs/zh/tools/desktop/dde/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-8.png differ diff --git a/docs/zh/tools/desktop/dde/figures/gnome-9.png b/docs/zh/tools/desktop/dde/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/gnome-9.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon1.png b/docs/zh/tools/desktop/dde/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon10-o.png b/docs/zh/tools/desktop/dde/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon10-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon101-o.svg b/docs/zh/tools/desktop/dde/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon103-o.svg b/docs/zh/tools/desktop/dde/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon105-o.svg b/docs/zh/tools/desktop/dde/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon107-o.svg b/docs/zh/tools/desktop/dde/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon11-o.png b/docs/zh/tools/desktop/dde/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon11-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon110-o.svg b/docs/zh/tools/desktop/dde/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon111-o.svg b/docs/zh/tools/desktop/dde/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon112-o.svg b/docs/zh/tools/desktop/dde/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon116-o.svg b/docs/zh/tools/desktop/dde/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon12-o.png b/docs/zh/tools/desktop/dde/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon12-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon120-o.svg b/docs/zh/tools/desktop/dde/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon122-o.svg b/docs/zh/tools/desktop/dde/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon124-o.svg b/docs/zh/tools/desktop/dde/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon125-o.svg b/docs/zh/tools/desktop/dde/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon126-o.svg b/docs/zh/tools/desktop/dde/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon127-o.svg b/docs/zh/tools/desktop/dde/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon128-o.svg b/docs/zh/tools/desktop/dde/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon13-o.png b/docs/zh/tools/desktop/dde/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon13-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon132-o.svg b/docs/zh/tools/desktop/dde/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon133-o.svg b/docs/zh/tools/desktop/dde/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon134-o.svg b/docs/zh/tools/desktop/dde/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon135-o.svg b/docs/zh/tools/desktop/dde/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon136-o.svg b/docs/zh/tools/desktop/dde/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon14-o.png b/docs/zh/tools/desktop/dde/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon14-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon15-o.png b/docs/zh/tools/desktop/dde/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon15-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon16.png b/docs/zh/tools/desktop/dde/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon16.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon17.png b/docs/zh/tools/desktop/dde/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon17.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon18.png b/docs/zh/tools/desktop/dde/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon18.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon19-o.png b/docs/zh/tools/desktop/dde/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon19-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon2.png b/docs/zh/tools/desktop/dde/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon2.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon20.png b/docs/zh/tools/desktop/dde/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon20.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon21.png b/docs/zh/tools/desktop/dde/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon21.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon22.png b/docs/zh/tools/desktop/dde/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon22.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon23.png b/docs/zh/tools/desktop/dde/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon23.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon24.png b/docs/zh/tools/desktop/dde/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon24.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon25.png b/docs/zh/tools/desktop/dde/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon25.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon26-o.png b/docs/zh/tools/desktop/dde/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon26-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon27-o.png b/docs/zh/tools/desktop/dde/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon27-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon28-o.png b/docs/zh/tools/desktop/dde/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon28-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon29-o.png b/docs/zh/tools/desktop/dde/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon29-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon3.png b/docs/zh/tools/desktop/dde/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon3.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon30-o.png b/docs/zh/tools/desktop/dde/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon30-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon31-o.png b/docs/zh/tools/desktop/dde/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon31-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon32.png b/docs/zh/tools/desktop/dde/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon32.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon33.png b/docs/zh/tools/desktop/dde/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon33.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon34.png b/docs/zh/tools/desktop/dde/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon34.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon35.png b/docs/zh/tools/desktop/dde/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon35.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon36.png b/docs/zh/tools/desktop/dde/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon36.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon37.png b/docs/zh/tools/desktop/dde/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon37.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon38.png b/docs/zh/tools/desktop/dde/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon38.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon39.png b/docs/zh/tools/desktop/dde/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon39.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon4.png b/docs/zh/tools/desktop/dde/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon4.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon40.png b/docs/zh/tools/desktop/dde/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon40.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon41.png b/docs/zh/tools/desktop/dde/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon41.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon42-o.png b/docs/zh/tools/desktop/dde/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon42-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon42.png b/docs/zh/tools/desktop/dde/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon42.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon43-o.png b/docs/zh/tools/desktop/dde/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon43-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon44-o.png b/docs/zh/tools/desktop/dde/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon44-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon45-o.png b/docs/zh/tools/desktop/dde/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon45-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon46-o.png b/docs/zh/tools/desktop/dde/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon46-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon47-o.png b/docs/zh/tools/desktop/dde/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon47-o.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon49-o.svg b/docs/zh/tools/desktop/dde/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon5.png b/docs/zh/tools/desktop/dde/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon5.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon50-o.svg b/docs/zh/tools/desktop/dde/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon52-o.svg b/docs/zh/tools/desktop/dde/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon53-o.svg b/docs/zh/tools/desktop/dde/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon54-o.svg b/docs/zh/tools/desktop/dde/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon56-o.svg b/docs/zh/tools/desktop/dde/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon57-o.svg b/docs/zh/tools/desktop/dde/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon58-o.svg b/docs/zh/tools/desktop/dde/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon6.png b/docs/zh/tools/desktop/dde/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon6.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon62-o.svg b/docs/zh/tools/desktop/dde/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon63-o.svg b/docs/zh/tools/desktop/dde/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon66-o.svg b/docs/zh/tools/desktop/dde/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon68-o.svg b/docs/zh/tools/desktop/dde/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon69-o.svg b/docs/zh/tools/desktop/dde/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon7.png b/docs/zh/tools/desktop/dde/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon7.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon70-o.svg b/docs/zh/tools/desktop/dde/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon71-o.svg b/docs/zh/tools/desktop/dde/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon72-o.svg b/docs/zh/tools/desktop/dde/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon73-o.svg b/docs/zh/tools/desktop/dde/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon75-o.svg b/docs/zh/tools/desktop/dde/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon8.png b/docs/zh/tools/desktop/dde/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon8.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon83-o.svg b/docs/zh/tools/desktop/dde/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon84-o.svg b/docs/zh/tools/desktop/dde/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon86-o.svg b/docs/zh/tools/desktop/dde/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon88-o.svg b/docs/zh/tools/desktop/dde/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon9.png b/docs/zh/tools/desktop/dde/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/icon9.png differ diff --git a/docs/zh/tools/desktop/dde/figures/icon90-o.svg b/docs/zh/tools/desktop/dde/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon92-o.svg b/docs/zh/tools/desktop/dde/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/icon94-o.svg b/docs/zh/tools/desktop/dde/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon97-o.svg b/docs/zh/tools/desktop/dde/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/dde/figures/icon99-o.svg b/docs/zh/tools/desktop/dde/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/zh/tools/desktop/dde/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/dde/figures/kiran-1.png b/docs/zh/tools/desktop/dde/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-10.png b/docs/zh/tools/desktop/dde/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-10.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-11.png b/docs/zh/tools/desktop/dde/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-11.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-12.png b/docs/zh/tools/desktop/dde/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-12.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-13.png b/docs/zh/tools/desktop/dde/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-13.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-14.png b/docs/zh/tools/desktop/dde/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-14.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-15.png b/docs/zh/tools/desktop/dde/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-15.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-16.png b/docs/zh/tools/desktop/dde/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-16.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-17.png b/docs/zh/tools/desktop/dde/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-17.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-18.png b/docs/zh/tools/desktop/dde/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-18.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-19.png b/docs/zh/tools/desktop/dde/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-19.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-2.png b/docs/zh/tools/desktop/dde/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-2.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-20.png b/docs/zh/tools/desktop/dde/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-20.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-21.png b/docs/zh/tools/desktop/dde/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-21.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-22.png b/docs/zh/tools/desktop/dde/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-22.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-23.png b/docs/zh/tools/desktop/dde/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-23.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-24.png b/docs/zh/tools/desktop/dde/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-24.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-25.png b/docs/zh/tools/desktop/dde/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-25.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-26.png b/docs/zh/tools/desktop/dde/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-26.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-27.png b/docs/zh/tools/desktop/dde/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-27.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-28.png b/docs/zh/tools/desktop/dde/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-28.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-29.png b/docs/zh/tools/desktop/dde/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-29.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-3.png b/docs/zh/tools/desktop/dde/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-3.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-30.png b/docs/zh/tools/desktop/dde/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-30.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-31.png b/docs/zh/tools/desktop/dde/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-31.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-32.png b/docs/zh/tools/desktop/dde/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-32.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-33.png b/docs/zh/tools/desktop/dde/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-33.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-34.png b/docs/zh/tools/desktop/dde/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-34.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-35.png b/docs/zh/tools/desktop/dde/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-35.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-36.png b/docs/zh/tools/desktop/dde/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-36.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-37.png b/docs/zh/tools/desktop/dde/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-37.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-38.png b/docs/zh/tools/desktop/dde/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-38.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-39.png b/docs/zh/tools/desktop/dde/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-39.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-4.png b/docs/zh/tools/desktop/dde/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-4.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-40.png b/docs/zh/tools/desktop/dde/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-40.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-41.png b/docs/zh/tools/desktop/dde/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-41.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-42.png b/docs/zh/tools/desktop/dde/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-42.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-43.png b/docs/zh/tools/desktop/dde/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-43.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-44.png b/docs/zh/tools/desktop/dde/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-44.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-45.png b/docs/zh/tools/desktop/dde/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-45.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-46.png b/docs/zh/tools/desktop/dde/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-46.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-47.png b/docs/zh/tools/desktop/dde/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-47.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-48.png b/docs/zh/tools/desktop/dde/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-48.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-49.png b/docs/zh/tools/desktop/dde/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-49.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-5.png b/docs/zh/tools/desktop/dde/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-5.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-50.png b/docs/zh/tools/desktop/dde/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-50.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-6.png b/docs/zh/tools/desktop/dde/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-6.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-7.png b/docs/zh/tools/desktop/dde/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-7.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-8.png b/docs/zh/tools/desktop/dde/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-8.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kiran-9.png b/docs/zh/tools/desktop/dde/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kiran-9.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kubesphere-console.png b/docs/zh/tools/desktop/dde/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kubesphere-console.png differ diff --git a/docs/zh/tools/desktop/dde/figures/kubesphere.png b/docs/zh/tools/desktop/dde/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/kubesphere.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-1.png b/docs/zh/tools/desktop/dde/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-1.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-2.png b/docs/zh/tools/desktop/dde/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-2.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-3.png b/docs/zh/tools/desktop/dde/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-3.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-4.png b/docs/zh/tools/desktop/dde/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-4.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-5.png b/docs/zh/tools/desktop/dde/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-5.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-6.png b/docs/zh/tools/desktop/dde/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-6.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-7.png b/docs/zh/tools/desktop/dde/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-7.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-71.png b/docs/zh/tools/desktop/dde/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-71.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-8.png b/docs/zh/tools/desktop/dde/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-8.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-81.png b/docs/zh/tools/desktop/dde/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-81.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-811.png b/docs/zh/tools/desktop/dde/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-811.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-812.png b/docs/zh/tools/desktop/dde/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-812.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-813.png b/docs/zh/tools/desktop/dde/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-813.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-814.png b/docs/zh/tools/desktop/dde/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-814.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-82.png b/docs/zh/tools/desktop/dde/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-82.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-821.png b/docs/zh/tools/desktop/dde/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-821.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-83.png b/docs/zh/tools/desktop/dde/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-83.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-831.png b/docs/zh/tools/desktop/dde/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-831.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-832.png b/docs/zh/tools/desktop/dde/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-832.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-84.png b/docs/zh/tools/desktop/dde/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-84.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-841.png b/docs/zh/tools/desktop/dde/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-841.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-842.png b/docs/zh/tools/desktop/dde/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-842.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-85.png b/docs/zh/tools/desktop/dde/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-85.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-851.png b/docs/zh/tools/desktop/dde/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-851.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-86.png b/docs/zh/tools/desktop/dde/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-86.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-861.png b/docs/zh/tools/desktop/dde/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-861.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-87.png b/docs/zh/tools/desktop/dde/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-87.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-9.png b/docs/zh/tools/desktop/dde/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-9.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-91.png b/docs/zh/tools/desktop/dde/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-91.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-911.png b/docs/zh/tools/desktop/dde/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-911.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-92.png b/docs/zh/tools/desktop/dde/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-92.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-921.png b/docs/zh/tools/desktop/dde/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-921.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-93.png b/docs/zh/tools/desktop/dde/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-93.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-931.png b/docs/zh/tools/desktop/dde/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-931.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-94.png b/docs/zh/tools/desktop/dde/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-94.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-941.png b/docs/zh/tools/desktop/dde/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-941.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-95.png b/docs/zh/tools/desktop/dde/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-95.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-951.png b/docs/zh/tools/desktop/dde/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-951.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-96.png b/docs/zh/tools/desktop/dde/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-96.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-961.png b/docs/zh/tools/desktop/dde/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-961.png differ diff --git a/docs/zh/tools/desktop/dde/figures/xfce-962.png b/docs/zh/tools/desktop/dde/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/zh/tools/desktop/dde/figures/xfce-962.png differ diff --git a/docs/zh/tools/desktop/gnome/_toc.yaml b/docs/zh/tools/desktop/gnome/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..efdb46b5e0f97ddd34c1f7cb00595a258dbbf6a6 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/_toc.yaml @@ -0,0 +1,8 @@ +label: Gnome用户指南 +isManual: true +description: 安装并使用 Gnome 桌面环境 +sections: + - label: 安装 Gnome + href: ./gnome_installation.md + - label: 使用 Gnome + href: ./gnome_userguide.md diff --git a/docs/zh/tools/desktop/gnome/figures/.keep b/docs/zh/tools/desktop/gnome/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/zh/tools/desktop/gnome/figures/1.png b/docs/zh/tools/desktop/gnome/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/10.png b/docs/zh/tools/desktop/gnome/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/10.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/11.png b/docs/zh/tools/desktop/gnome/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/11.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/12.png b/docs/zh/tools/desktop/gnome/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/12.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/13.png b/docs/zh/tools/desktop/gnome/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/13.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/14.png b/docs/zh/tools/desktop/gnome/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/14.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/15.png b/docs/zh/tools/desktop/gnome/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/15.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/16.png b/docs/zh/tools/desktop/gnome/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/16.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/17.png b/docs/zh/tools/desktop/gnome/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/17.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/18.png b/docs/zh/tools/desktop/gnome/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/18.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/19.png b/docs/zh/tools/desktop/gnome/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/19.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/2.png b/docs/zh/tools/desktop/gnome/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/2.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/20.png b/docs/zh/tools/desktop/gnome/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/20.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/21.png b/docs/zh/tools/desktop/gnome/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/21.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/22.png b/docs/zh/tools/desktop/gnome/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/22.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/23.png b/docs/zh/tools/desktop/gnome/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/23.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/24.png b/docs/zh/tools/desktop/gnome/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/24.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/25.png b/docs/zh/tools/desktop/gnome/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/25.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/26.png b/docs/zh/tools/desktop/gnome/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/26.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/27.png b/docs/zh/tools/desktop/gnome/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/27.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/28.png b/docs/zh/tools/desktop/gnome/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/28.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/29.png b/docs/zh/tools/desktop/gnome/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/29.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/3.png b/docs/zh/tools/desktop/gnome/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/3.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/30.png b/docs/zh/tools/desktop/gnome/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/30.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/31.png b/docs/zh/tools/desktop/gnome/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/31.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/32.png b/docs/zh/tools/desktop/gnome/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/32.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/33.png b/docs/zh/tools/desktop/gnome/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/33.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/34.png b/docs/zh/tools/desktop/gnome/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/34.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/35.png b/docs/zh/tools/desktop/gnome/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/35.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/36.png b/docs/zh/tools/desktop/gnome/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/36.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/37.png b/docs/zh/tools/desktop/gnome/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/37.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/38.png b/docs/zh/tools/desktop/gnome/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/38.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/39.png b/docs/zh/tools/desktop/gnome/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/39.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/4.png b/docs/zh/tools/desktop/gnome/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/4.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/40.png b/docs/zh/tools/desktop/gnome/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/40.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/41.png b/docs/zh/tools/desktop/gnome/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/41.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/42.png b/docs/zh/tools/desktop/gnome/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/42.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/43.jpg b/docs/zh/tools/desktop/gnome/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/43.jpg differ diff --git a/docs/zh/tools/desktop/gnome/figures/44.png b/docs/zh/tools/desktop/gnome/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/44.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/45.png b/docs/zh/tools/desktop/gnome/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/45.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/46.png b/docs/zh/tools/desktop/gnome/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/46.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/47.jpg b/docs/zh/tools/desktop/gnome/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/47.jpg differ diff --git a/docs/zh/tools/desktop/gnome/figures/48.png b/docs/zh/tools/desktop/gnome/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/48.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/49.png b/docs/zh/tools/desktop/gnome/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/49.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/5.png b/docs/zh/tools/desktop/gnome/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/5.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/50.png b/docs/zh/tools/desktop/gnome/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/50.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/51.png b/docs/zh/tools/desktop/gnome/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/51.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/52.png b/docs/zh/tools/desktop/gnome/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/52.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/53.png b/docs/zh/tools/desktop/gnome/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/53.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/54.png b/docs/zh/tools/desktop/gnome/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/54.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/56.png b/docs/zh/tools/desktop/gnome/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/56.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/57.png b/docs/zh/tools/desktop/gnome/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/57.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/58.png b/docs/zh/tools/desktop/gnome/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/58.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/59.png b/docs/zh/tools/desktop/gnome/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/59.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/6.png b/docs/zh/tools/desktop/gnome/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/6.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/60.jpg b/docs/zh/tools/desktop/gnome/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/60.jpg differ diff --git a/docs/zh/tools/desktop/gnome/figures/61.png b/docs/zh/tools/desktop/gnome/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/61.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/62.png b/docs/zh/tools/desktop/gnome/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/62.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/63.jpg b/docs/zh/tools/desktop/gnome/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/63.jpg differ diff --git a/docs/zh/tools/desktop/gnome/figures/63.png b/docs/zh/tools/desktop/gnome/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/63.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/64.png b/docs/zh/tools/desktop/gnome/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/64.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/7.png b/docs/zh/tools/desktop/gnome/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/7.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/8.png b/docs/zh/tools/desktop/gnome/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/8.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/9.png b/docs/zh/tools/desktop/gnome/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/9.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-01.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-01.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-02.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-02.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-03.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-03.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-04.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-04.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-05.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-05.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-06.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-06.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-07.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-07.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-08.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-08.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-09.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-09.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-10.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-10.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-11.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-11.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-12.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-12.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-13.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-13.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-14.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-14.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-15.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-15.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-16.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-16.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-17.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-17.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-18.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-18.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-19.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-19.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-20.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-20.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-21.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-21.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-22.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-22.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-23.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-23.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-24.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-24.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-25.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-25.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-26.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-26.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-27.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-27.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-28.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-28.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-29.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-29.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-30-0.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-30-0.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-30-1.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-30-1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-31.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-31.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-32.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-32.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-33.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-33.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-34.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-34.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-35-0.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-35-0.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-35-1.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-35-1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-36.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-36.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-37.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-37.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-38.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-38.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-39.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-39.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-40.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-40.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-41-0.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-41-0.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-41-1.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-41-1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-42.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-42.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-43.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-43.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-44.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-44.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-45.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-45.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-46.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-46.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-47.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-47.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-48.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-48.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-49.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-49.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-50.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-50.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-51.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-51.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-52.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-52.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-53.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-53.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/Cinnamon-54.png b/docs/zh/tools/desktop/gnome/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/Cinnamon-54.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-add-resource.png b/docs/zh/tools/desktop/gnome/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-add-resource.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-apache-show.png b/docs/zh/tools/desktop/gnome/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-apache-show.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-apache-suc.png b/docs/zh/tools/desktop/gnome/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-apache-suc.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-api.png b/docs/zh/tools/desktop/gnome/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-api.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-clone-suc.png b/docs/zh/tools/desktop/gnome/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-clone-suc.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-clone.png b/docs/zh/tools/desktop/gnome/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-clone.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-corosync.png b/docs/zh/tools/desktop/gnome/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-corosync.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-firstchoice-cmd.png b/docs/zh/tools/desktop/gnome/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-firstchoice-cmd.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-firstchoice.png b/docs/zh/tools/desktop/gnome/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-firstchoice.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-group-new-suc.png b/docs/zh/tools/desktop/gnome/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-group-new-suc.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-group-new-suc2.png b/docs/zh/tools/desktop/gnome/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-group-new-suc2.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-group-new.png b/docs/zh/tools/desktop/gnome/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-group-new.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-group-suc.png b/docs/zh/tools/desktop/gnome/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-group-suc.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-group.png b/docs/zh/tools/desktop/gnome/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-group.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-home-page.png b/docs/zh/tools/desktop/gnome/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-home-page.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-login.png b/docs/zh/tools/desktop/gnome/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-login.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-mariadb-suc.png b/docs/zh/tools/desktop/gnome/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-mariadb-suc.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-mariadb.png b/docs/zh/tools/desktop/gnome/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-mariadb.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-nfs-suc.png b/docs/zh/tools/desktop/gnome/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-nfs-suc.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-nfs.png b/docs/zh/tools/desktop/gnome/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-nfs.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-pacemaker.png b/docs/zh/tools/desktop/gnome/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-pacemaker.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-pcs-status.png b/docs/zh/tools/desktop/gnome/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-pcs-status.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-pcs.png b/docs/zh/tools/desktop/gnome/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-pcs.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-qdevice.png b/docs/zh/tools/desktop/gnome/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-qdevice.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-refresh.png b/docs/zh/tools/desktop/gnome/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-refresh.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-vip-suc.png b/docs/zh/tools/desktop/gnome/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-vip-suc.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/HA-vip.png b/docs/zh/tools/desktop/gnome/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/HA-vip.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/dde-1.png b/docs/zh/tools/desktop/gnome/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/dde-1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/dde-2.png b/docs/zh/tools/desktop/gnome/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/dde-2.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-1.png b/docs/zh/tools/desktop/gnome/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-10.png b/docs/zh/tools/desktop/gnome/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-10.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-11.png b/docs/zh/tools/desktop/gnome/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-11.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-12.png b/docs/zh/tools/desktop/gnome/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-12.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-13.png b/docs/zh/tools/desktop/gnome/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-13.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-14.png b/docs/zh/tools/desktop/gnome/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-14.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-15.png b/docs/zh/tools/desktop/gnome/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-15.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-16.png b/docs/zh/tools/desktop/gnome/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-16.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-17.png b/docs/zh/tools/desktop/gnome/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-17.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-18.png b/docs/zh/tools/desktop/gnome/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-18.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-19.png b/docs/zh/tools/desktop/gnome/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-19.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-2.png b/docs/zh/tools/desktop/gnome/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-2.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-20.png b/docs/zh/tools/desktop/gnome/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-20.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-21.png b/docs/zh/tools/desktop/gnome/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-21.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-22.png b/docs/zh/tools/desktop/gnome/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-22.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-23.png b/docs/zh/tools/desktop/gnome/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-23.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-24.png b/docs/zh/tools/desktop/gnome/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-24.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-25.png b/docs/zh/tools/desktop/gnome/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-25.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-26.png b/docs/zh/tools/desktop/gnome/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-26.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-27.png b/docs/zh/tools/desktop/gnome/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-27.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-28.png b/docs/zh/tools/desktop/gnome/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-28.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-29.png b/docs/zh/tools/desktop/gnome/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-29.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-3.png b/docs/zh/tools/desktop/gnome/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-3.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-30.png b/docs/zh/tools/desktop/gnome/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-30.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-31.png b/docs/zh/tools/desktop/gnome/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-31.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-32.png b/docs/zh/tools/desktop/gnome/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-32.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-33.png b/docs/zh/tools/desktop/gnome/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-33.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-34.png b/docs/zh/tools/desktop/gnome/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-34.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-35.png b/docs/zh/tools/desktop/gnome/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-35.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-36.png b/docs/zh/tools/desktop/gnome/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-36.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-37.png b/docs/zh/tools/desktop/gnome/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-37.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-38.png b/docs/zh/tools/desktop/gnome/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-38.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-39.png b/docs/zh/tools/desktop/gnome/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-39.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-4.png b/docs/zh/tools/desktop/gnome/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-4.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-40.png b/docs/zh/tools/desktop/gnome/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-40.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-41.png b/docs/zh/tools/desktop/gnome/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-41.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-42.png b/docs/zh/tools/desktop/gnome/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-42.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-43.png b/docs/zh/tools/desktop/gnome/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-43.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-44.png b/docs/zh/tools/desktop/gnome/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-44.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-45.png b/docs/zh/tools/desktop/gnome/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-45.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-46.png b/docs/zh/tools/desktop/gnome/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-46.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-47.png b/docs/zh/tools/desktop/gnome/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-47.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-48.png b/docs/zh/tools/desktop/gnome/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-48.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-49.png b/docs/zh/tools/desktop/gnome/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-49.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-5.png b/docs/zh/tools/desktop/gnome/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-5.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-50.png b/docs/zh/tools/desktop/gnome/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-50.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-51.png b/docs/zh/tools/desktop/gnome/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-51.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-52.png b/docs/zh/tools/desktop/gnome/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-52.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-53.png b/docs/zh/tools/desktop/gnome/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-53.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-54.png b/docs/zh/tools/desktop/gnome/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-54.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-55.png b/docs/zh/tools/desktop/gnome/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-55.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-56.png b/docs/zh/tools/desktop/gnome/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-56.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-57.png b/docs/zh/tools/desktop/gnome/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-57.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-58.png b/docs/zh/tools/desktop/gnome/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-58.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-59.png b/docs/zh/tools/desktop/gnome/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-59.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-6.png b/docs/zh/tools/desktop/gnome/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-6.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-7.png b/docs/zh/tools/desktop/gnome/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-7.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-8.png b/docs/zh/tools/desktop/gnome/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-8.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/gnome-9.png b/docs/zh/tools/desktop/gnome/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/gnome-9.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon1.png b/docs/zh/tools/desktop/gnome/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon10-o.png b/docs/zh/tools/desktop/gnome/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon10-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon101-o.svg b/docs/zh/tools/desktop/gnome/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon103-o.svg b/docs/zh/tools/desktop/gnome/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon105-o.svg b/docs/zh/tools/desktop/gnome/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon107-o.svg b/docs/zh/tools/desktop/gnome/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon11-o.png b/docs/zh/tools/desktop/gnome/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon11-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon110-o.svg b/docs/zh/tools/desktop/gnome/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon111-o.svg b/docs/zh/tools/desktop/gnome/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon112-o.svg b/docs/zh/tools/desktop/gnome/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon116-o.svg b/docs/zh/tools/desktop/gnome/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon12-o.png b/docs/zh/tools/desktop/gnome/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon12-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon120-o.svg b/docs/zh/tools/desktop/gnome/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon122-o.svg b/docs/zh/tools/desktop/gnome/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon124-o.svg b/docs/zh/tools/desktop/gnome/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon125-o.svg b/docs/zh/tools/desktop/gnome/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon126-o.svg b/docs/zh/tools/desktop/gnome/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon127-o.svg b/docs/zh/tools/desktop/gnome/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon128-o.svg b/docs/zh/tools/desktop/gnome/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon13-o.png b/docs/zh/tools/desktop/gnome/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon13-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon132-o.svg b/docs/zh/tools/desktop/gnome/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon133-o.svg b/docs/zh/tools/desktop/gnome/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon134-o.svg b/docs/zh/tools/desktop/gnome/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon135-o.svg b/docs/zh/tools/desktop/gnome/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon136-o.svg b/docs/zh/tools/desktop/gnome/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon14-o.png b/docs/zh/tools/desktop/gnome/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon14-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon15-o.png b/docs/zh/tools/desktop/gnome/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon15-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon16.png b/docs/zh/tools/desktop/gnome/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon16.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon17.png b/docs/zh/tools/desktop/gnome/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon17.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon18.png b/docs/zh/tools/desktop/gnome/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon18.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon19-o.png b/docs/zh/tools/desktop/gnome/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon19-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon2.png b/docs/zh/tools/desktop/gnome/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon2.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon20.png b/docs/zh/tools/desktop/gnome/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon20.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon21.png b/docs/zh/tools/desktop/gnome/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon21.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon22.png b/docs/zh/tools/desktop/gnome/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon22.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon23.png b/docs/zh/tools/desktop/gnome/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon23.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon24.png b/docs/zh/tools/desktop/gnome/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon24.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon25.png b/docs/zh/tools/desktop/gnome/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon25.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon26-o.png b/docs/zh/tools/desktop/gnome/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon26-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon27-o.png b/docs/zh/tools/desktop/gnome/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon27-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon28-o.png b/docs/zh/tools/desktop/gnome/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon28-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon29-o.png b/docs/zh/tools/desktop/gnome/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon29-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon3.png b/docs/zh/tools/desktop/gnome/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon3.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon30-o.png b/docs/zh/tools/desktop/gnome/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon30-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon31-o.png b/docs/zh/tools/desktop/gnome/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon31-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon32.png b/docs/zh/tools/desktop/gnome/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon32.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon33.png b/docs/zh/tools/desktop/gnome/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon33.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon34.png b/docs/zh/tools/desktop/gnome/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon34.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon35.png b/docs/zh/tools/desktop/gnome/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon35.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon36.png b/docs/zh/tools/desktop/gnome/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon36.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon37.png b/docs/zh/tools/desktop/gnome/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon37.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon38.png b/docs/zh/tools/desktop/gnome/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon38.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon39.png b/docs/zh/tools/desktop/gnome/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon39.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon4.png b/docs/zh/tools/desktop/gnome/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon4.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon40.png b/docs/zh/tools/desktop/gnome/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon40.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon41.png b/docs/zh/tools/desktop/gnome/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon41.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon42-o.png b/docs/zh/tools/desktop/gnome/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon42-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon42.png b/docs/zh/tools/desktop/gnome/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon42.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon43-o.png b/docs/zh/tools/desktop/gnome/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon43-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon44-o.png b/docs/zh/tools/desktop/gnome/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon44-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon45-o.png b/docs/zh/tools/desktop/gnome/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon45-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon46-o.png b/docs/zh/tools/desktop/gnome/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon46-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon47-o.png b/docs/zh/tools/desktop/gnome/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon47-o.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon49-o.svg b/docs/zh/tools/desktop/gnome/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon5.png b/docs/zh/tools/desktop/gnome/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon5.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon50-o.svg b/docs/zh/tools/desktop/gnome/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon52-o.svg b/docs/zh/tools/desktop/gnome/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon53-o.svg b/docs/zh/tools/desktop/gnome/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon54-o.svg b/docs/zh/tools/desktop/gnome/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon56-o.svg b/docs/zh/tools/desktop/gnome/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon57-o.svg b/docs/zh/tools/desktop/gnome/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon58-o.svg b/docs/zh/tools/desktop/gnome/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon6.png b/docs/zh/tools/desktop/gnome/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon6.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon62-o.svg b/docs/zh/tools/desktop/gnome/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon63-o.svg b/docs/zh/tools/desktop/gnome/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon66-o.svg b/docs/zh/tools/desktop/gnome/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon68-o.svg b/docs/zh/tools/desktop/gnome/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon69-o.svg b/docs/zh/tools/desktop/gnome/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon7.png b/docs/zh/tools/desktop/gnome/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon7.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon70-o.svg b/docs/zh/tools/desktop/gnome/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon71-o.svg b/docs/zh/tools/desktop/gnome/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon72-o.svg b/docs/zh/tools/desktop/gnome/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon73-o.svg b/docs/zh/tools/desktop/gnome/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon75-o.svg b/docs/zh/tools/desktop/gnome/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon8.png b/docs/zh/tools/desktop/gnome/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon8.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon83-o.svg b/docs/zh/tools/desktop/gnome/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon84-o.svg b/docs/zh/tools/desktop/gnome/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon86-o.svg b/docs/zh/tools/desktop/gnome/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon88-o.svg b/docs/zh/tools/desktop/gnome/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon9.png b/docs/zh/tools/desktop/gnome/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/icon9.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/icon90-o.svg b/docs/zh/tools/desktop/gnome/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon92-o.svg b/docs/zh/tools/desktop/gnome/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/icon94-o.svg b/docs/zh/tools/desktop/gnome/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon97-o.svg b/docs/zh/tools/desktop/gnome/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/gnome/figures/icon99-o.svg b/docs/zh/tools/desktop/gnome/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-1.png b/docs/zh/tools/desktop/gnome/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-10.png b/docs/zh/tools/desktop/gnome/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-10.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-11.png b/docs/zh/tools/desktop/gnome/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-11.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-12.png b/docs/zh/tools/desktop/gnome/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-12.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-13.png b/docs/zh/tools/desktop/gnome/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-13.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-14.png b/docs/zh/tools/desktop/gnome/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-14.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-15.png b/docs/zh/tools/desktop/gnome/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-15.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-16.png b/docs/zh/tools/desktop/gnome/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-16.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-17.png b/docs/zh/tools/desktop/gnome/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-17.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-18.png b/docs/zh/tools/desktop/gnome/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-18.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-19.png b/docs/zh/tools/desktop/gnome/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-19.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-2.png b/docs/zh/tools/desktop/gnome/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-2.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-20.png b/docs/zh/tools/desktop/gnome/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-20.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-21.png b/docs/zh/tools/desktop/gnome/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-21.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-22.png b/docs/zh/tools/desktop/gnome/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-22.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-23.png b/docs/zh/tools/desktop/gnome/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-23.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-24.png b/docs/zh/tools/desktop/gnome/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-24.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-25.png b/docs/zh/tools/desktop/gnome/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-25.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-26.png b/docs/zh/tools/desktop/gnome/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-26.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-27.png b/docs/zh/tools/desktop/gnome/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-27.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-28.png b/docs/zh/tools/desktop/gnome/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-28.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-29.png b/docs/zh/tools/desktop/gnome/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-29.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-3.png b/docs/zh/tools/desktop/gnome/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-3.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-30.png b/docs/zh/tools/desktop/gnome/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-30.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-31.png b/docs/zh/tools/desktop/gnome/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-31.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-32.png b/docs/zh/tools/desktop/gnome/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-32.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-33.png b/docs/zh/tools/desktop/gnome/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-33.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-34.png b/docs/zh/tools/desktop/gnome/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-34.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-35.png b/docs/zh/tools/desktop/gnome/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-35.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-36.png b/docs/zh/tools/desktop/gnome/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-36.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-37.png b/docs/zh/tools/desktop/gnome/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-37.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-38.png b/docs/zh/tools/desktop/gnome/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-38.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-39.png b/docs/zh/tools/desktop/gnome/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-39.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-4.png b/docs/zh/tools/desktop/gnome/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-4.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-40.png b/docs/zh/tools/desktop/gnome/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-40.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-41.png b/docs/zh/tools/desktop/gnome/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-41.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-42.png b/docs/zh/tools/desktop/gnome/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-42.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-43.png b/docs/zh/tools/desktop/gnome/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-43.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-44.png b/docs/zh/tools/desktop/gnome/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-44.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-45.png b/docs/zh/tools/desktop/gnome/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-45.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-46.png b/docs/zh/tools/desktop/gnome/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-46.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-47.png b/docs/zh/tools/desktop/gnome/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-47.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-48.png b/docs/zh/tools/desktop/gnome/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-48.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-49.png b/docs/zh/tools/desktop/gnome/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-49.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-5.png b/docs/zh/tools/desktop/gnome/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-5.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-50.png b/docs/zh/tools/desktop/gnome/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-50.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-6.png b/docs/zh/tools/desktop/gnome/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-6.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-7.png b/docs/zh/tools/desktop/gnome/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-7.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-8.png b/docs/zh/tools/desktop/gnome/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-8.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kiran-9.png b/docs/zh/tools/desktop/gnome/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kiran-9.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kubesphere-console.png b/docs/zh/tools/desktop/gnome/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kubesphere-console.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/kubesphere.png b/docs/zh/tools/desktop/gnome/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/kubesphere.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-1.png b/docs/zh/tools/desktop/gnome/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-1.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-2.png b/docs/zh/tools/desktop/gnome/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-2.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-3.png b/docs/zh/tools/desktop/gnome/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-3.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-4.png b/docs/zh/tools/desktop/gnome/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-4.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-5.png b/docs/zh/tools/desktop/gnome/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-5.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-6.png b/docs/zh/tools/desktop/gnome/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-6.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-7.png b/docs/zh/tools/desktop/gnome/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-7.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-71.png b/docs/zh/tools/desktop/gnome/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-71.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-8.png b/docs/zh/tools/desktop/gnome/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-8.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-81.png b/docs/zh/tools/desktop/gnome/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-81.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-811.png b/docs/zh/tools/desktop/gnome/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-811.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-812.png b/docs/zh/tools/desktop/gnome/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-812.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-813.png b/docs/zh/tools/desktop/gnome/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-813.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-814.png b/docs/zh/tools/desktop/gnome/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-814.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-82.png b/docs/zh/tools/desktop/gnome/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-82.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-821.png b/docs/zh/tools/desktop/gnome/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-821.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-83.png b/docs/zh/tools/desktop/gnome/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-83.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-831.png b/docs/zh/tools/desktop/gnome/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-831.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-832.png b/docs/zh/tools/desktop/gnome/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-832.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-84.png b/docs/zh/tools/desktop/gnome/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-84.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-841.png b/docs/zh/tools/desktop/gnome/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-841.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-842.png b/docs/zh/tools/desktop/gnome/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-842.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-85.png b/docs/zh/tools/desktop/gnome/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-85.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-851.png b/docs/zh/tools/desktop/gnome/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-851.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-86.png b/docs/zh/tools/desktop/gnome/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-86.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-861.png b/docs/zh/tools/desktop/gnome/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-861.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-87.png b/docs/zh/tools/desktop/gnome/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-87.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-9.png b/docs/zh/tools/desktop/gnome/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-9.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-91.png b/docs/zh/tools/desktop/gnome/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-91.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-911.png b/docs/zh/tools/desktop/gnome/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-911.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-92.png b/docs/zh/tools/desktop/gnome/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-92.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-921.png b/docs/zh/tools/desktop/gnome/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-921.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-93.png b/docs/zh/tools/desktop/gnome/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-93.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-931.png b/docs/zh/tools/desktop/gnome/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-931.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-94.png b/docs/zh/tools/desktop/gnome/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-94.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-941.png b/docs/zh/tools/desktop/gnome/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-941.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-95.png b/docs/zh/tools/desktop/gnome/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-95.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-951.png b/docs/zh/tools/desktop/gnome/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-951.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-96.png b/docs/zh/tools/desktop/gnome/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-96.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-961.png b/docs/zh/tools/desktop/gnome/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-961.png differ diff --git a/docs/zh/tools/desktop/gnome/figures/xfce-962.png b/docs/zh/tools/desktop/gnome/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/zh/tools/desktop/gnome/figures/xfce-962.png differ diff --git a/docs/zh/tools/desktop/gnome/gnome.md b/docs/zh/tools/desktop/gnome/gnome.md new file mode 100644 index 0000000000000000000000000000000000000000..df0034b180aa22932fe1f42618d8ec89e470bbc9 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/gnome.md @@ -0,0 +1,3 @@ +# Gnome 用户指南 + +本节主要描述 Gnome 桌面环境的安装和使用。 diff --git a/docs/zh/tools/desktop/gnome/gnome_installation.md b/docs/zh/tools/desktop/gnome/gnome_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..3b8347446296b27baa260f4fd9104b57e9e0bcb2 --- /dev/null +++ b/docs/zh/tools/desktop/gnome/gnome_installation.md @@ -0,0 +1,123 @@ +# 在 openEuler 上安装 GNOME + +GNOME是运行在类Unix操作系统中最常用桌面环境。是一个功能完善、操作简单,界面友好,集使用和开发为一身的桌面环境,是GNU计划的正式桌面。 + +从用户的角度看,GNOME是一个集成桌面环境和应用程序的套件。从开发者的角度看,它是一个应用程序开发框架(由数目众多的实用函数库组成)。即使用户不运行GNOME桌面环境,用GNOME编写的应用程序也可以正常运行。 + +GNOME既包含文件管理器,应用商店,文本编辑器等基础软件,也包含系统采样分析,系统日志,软件工程IDE,web浏览器,简洁虚拟机监视器,开发者文档浏览器等高级应用和工具。 + +安装时,建议新建一个管理员用户。 + +1. [下载](https://www.openeuler.org/zh/download/archive/detail/?version=openEuler%2024.03%20LTS%20SP1)openEuler ISO镜像并安装系统,更新软件源(需要配置Everything源,以及EPOL源,下面命令是在最小化安装系统的情况下安装GNOME)。 + +```shell +sudo dnf update +``` + +2.安装字库。 + +```shell +sudo dnf install dejavu-fonts liberation-fonts gnu-*-fonts google-*-fonts +``` + +3.安装Xorg。 + +```shell +sudo dnf install xorg-* +``` + +这可能会安装很多没用的包,可以使用下面的命令安装必要的xorg相关包。 + +```shell +sudo dnf install xorg-x11-apps xorg-x11-drivers xorg-x11-drv-ati \ + xorg-x11-drv-dummy xorg-x11-drv-evdev xorg-x11-drv-fbdev xorg-x11-drv-intel \ + xorg-x11-drv-libinput xorg-x11-drv-nouveau xorg-x11-drv-qxl \ + xorg-x11-drv-synaptics-legacy xorg-x11-drv-v4l xorg-x11-drv-vesa \ + xorg-x11-drv-vmware xorg-x11-drv-wacom xorg-x11-fonts xorg-x11-fonts-others \ + xorg-x11-font-utils xorg-x11-server xorg-x11-server-utils xorg-x11-server-Xephyr \ + xorg-x11-server-Xspice xorg-x11-util-macros xorg-x11-utils xorg-x11-xauth \ + xorg-x11-xbitmaps xorg-x11-xinit xorg-x11-xkb-utils +``` + +4.安装GNOME及组件。 + +```shell +sudo dnf install adwaita-icon-theme atk atkmm at-spi2-atk at-spi2-core baobab \ + abattis-cantarell-fonts cheese clutter clutter-gst3 clutter-gtk cogl dconf \ + dconf-editor devhelp eog epiphany evince evolution-data-server file-roller folks \ + gcab gcr gdk-pixbuf2 gdm gedit geocode-glib gfbgraph gjs glib2 glibmm24 \ + glib-networking gmime30 gnome-autoar gnome-backgrounds gnome-bluetooth \ + gnome-boxes gnome-builder gnome-calculator gnome-calendar gnome-characters \ + gnome-clocks gnome-color-manager gnome-contacts gnome-control-center \ + gnome-desktop3 gnome-disk-utility gnome-font-viewer gnome-getting-started-docs \ + gnome-initial-setup gnome-keyring gnome-logs gnome-menus gnome-music \ + gnome-online-accounts gnome-online-miners gnome-photos gnome-remote-desktop \ + gnome-screenshot gnome-session gnome-settings-daemon gnome-shell \ + gnome-shell-extensions gnome-software gnome-system-monitor gnome-terminal \ + gnome-tour gnome-user-docs gnome-user-share gnome-video-effects \ + gnome-weather gobject-introspection gom grilo grilo-plugins \ + gsettings-desktop-schemas gsound gspell gssdp gtk3 gtk4 gtk-doc gtkmm30 \ + gtksourceview4 gtk-vnc2 gupnp gupnp-av gupnp-dlna gvfs json-glib libchamplain \ + libdazzle libgdata libgee libgnomekbd libgsf libgtop2 libgweather libgxps libhandy \ + libmediaart libnma libnotify libpeas librsvg2 libsecret libsigc++20 libsoup \ + mm-common mutter nautilus orca pango pangomm libphodav python3-pyatspi \ + python3-gobject rest rygel simple-scan sushi sysprof tepl totem totem-pl-parser \ + tracker3 tracker3-miners vala vte291 yelp yelp-tools \ + yelp-xsl zenity +``` + +5.启动gdm显示管理器。 + +```shell +sudo systemctl enable gdm +``` + +6.设置系统默认以图形界面登录。 + +```shell +sudo systemctl set-default graphical.target +``` + +重启验证。 + +```shell +sudo reboot +``` + +7.当gdm不能工作。 + +如果默认安装了gdm,则停用gdm。 + +```shell +sudo systemctl disable gdm +``` + +安装lightdm显示管理器替代。 + +```shell +sudo dnf install lightdm lightdm-gtk +``` + +设置默认桌面为GNOME,通过root权限用户设置。 + +```shell +echo 'user-session=gnome' >> /etc/lightdm/lightdm.conf.d/60-lightdm-gtk-greeter.conf +``` + +启动lightdm显示管理器。 + +```shell +sudo systemctl enable lightdm +``` + +设置系统默认以图形界面登录。 + +```shell +sudo systemctl set-default graphical.target +``` + +重启验证。 + +```shell +sudo reboot +``` diff --git a/docs/zh/tools/desktop/gnome/gnome_userguide.md b/docs/zh/tools/desktop/gnome/gnome_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..1fb24506b483d0f3b53c237d43ef3e32affb42ee --- /dev/null +++ b/docs/zh/tools/desktop/gnome/gnome_userguide.md @@ -0,0 +1,390 @@ +# Gnome 用户指南 + +## 一 概述 + +Gnome是运行在类Unix操作系统中最常用桌面环境。其目标是基于自由软件,为Unix或者类Unix操作系统构造一个功能完善、操作简单以及界面友好的桌面环境,是GNU计划的正式桌面。 + +Gnome提供了多个功能部件: + +ATK:可达性工具包。 + +Bonobo:复合文档技术。 + +GObject:用于C语言的面向对象框架。 + +GConf:保存应用软件设置。 + +GNOME VFS:虚拟文件系统。 + +GNOME Keyring:安全系统。 + +GNOME Print:GNOME软件打印文档。 + +GStreamer:GNOME软件的多媒体框架。 + +GTK+:构件工具包。 + +Cairo:复杂的2D图形库。 + +Human Interface Guidelines:Sun微系统公司提供的使得GNOME应用软件易于使用的研究和文档。 + +LibXML:为GNOME设计的XML库。 + +ORBit:使软件组件化的CORBAORB。 + +Pango:i18n文本排列和变换库。 + +Metacity:窗口管理器。 + +本文主要描述 Gnome 的使用。 + +界面如下图所示。 + +![图 1 桌面主界面-big](./figures/gnome-1.png) + +
+ +## 二 桌面 + +### 2.1 桌面 + +Gnome桌面比较干净,不摆放任何文件或者目录。桌面仅有顶部左、中、右三部分有入口选项。它们分别是活动程序入口、消息通知入口、系统状态入口。 + +![图 2 桌面顶部图标-big](./figures/gnome-2.png) + +### 2.2 右键菜单 + +在桌面空白处单击鼠标右键,出现的菜单如下图所示,为用户提供了一些快捷功能。 + +![图 3 右键菜单](./figures/gnome-3.png) + +选项说明如表。 + +| 选项 | 说明| +| :------------ | :------------ | +| 更换壁纸 | 更换桌面显示图像 | +| 显示设置 | 屏幕分辨率、屏幕旋转及夜间模式设置 | +| 设置 | 系统设置 | + +
+ +## 三 桌面顶部 + +### 3.1 活动程序 + +活动程序入口位于桌面左上角,其包括应用程序收藏夹、所有应用程序列表、活动程序列表、多视图切换、当前活动程序指示。 + +#### 3.1.1 应用程序收藏夹 + +![图 4 应用程序收藏夹-big](./figures/gnome-4.png) + +右键点击收藏夹内的应用程序图标,可以选择"从收藏夹中移除",从而把应用移出收藏夹。 + +#### 3.1.2 所有应用程序列表 + +点击应用程序收藏夹下面的九个小点"![](./figures/gnome-5.png)"——"显示应用程序",可打开所有应程序列表。 + +![图 5 所有应用程序列表1-big](./figures/gnome-6.png) + +右键点击列表内的应用程序图标,可以选择"添加到收藏夹",从而把应用加入收藏夹。 + +当应用程序很多并且知道其名字时,可以在搜索一栏输入应用名字进行搜索打开。 + +![图 6 所有应用程序列表2-big](./figures/gnome-7.png) + +#### 3.1.3 活动程序列表 + +当多个程序打开,即存在多个活动程序时,活动程序会在收藏夹内最后一个应用程序后逐个显示。打开的程序其下有个点表示已打开。 + +![图 7 活动程序列表-big](./figures/gnome-8.png) + +右键单击活动程序,可以弹出活动状态下此程序可以进行的一些操作,不同的程序可执行的操作不同。以"截图"程序为例,如图所示。 + +![图 8 活动程序右键菜单-big](./figures/gnome-9.png) + +#### 3.1.4 多视图切换 + +查看活动程序列表的同时,活动程序也以多视图方式显示在活动程序列表右侧。 + +![图 9 多视图切换1-big](./figures/gnome-10.png) + +鼠标移到多视图右侧,右侧竖条将会变宽,显示当前桌面处于顶层的活动程序窗口和桌面。点击桌面图像将会切换回桌面。 + +![图 10 多视图切换2-big](./figures/gnome-11.png) + +点击不属于当前活动程序的其他程序,则顶层切换到相应应用程序。 + +#### 3.1.5 当前活动程序指示 + +当前活动程序的指示会显示在活动程序入口右侧,并且点击可弹出活动状态下此程序可以进行的一些操作,不同的程序可执行的操作不同。以"终端"程序为例,如图所示。 + +![图 11 当前活动程序指示-big](./figures/gnome-12.png) + +点击"首选项"可对终端进行设置。 + +### 3.2 消息通知 + +消息通知入口位于桌面顶部中央,其包括消息通知、日历、时钟和天气。 + +![图 12 消息通知-big](./figures/gnome-13.png) + +#### 3.2.1 消息通知 + +当在"时钟"程序中设置闹钟和倒计时,定时到了后都会将消息通知到消息通知入口的左侧。在"日历"程序中设置的待办事项,详细信息也会显示到左侧消息通知,其概要信息将会显示到右侧日历下方。 + +![图 13 消息-big](./figures/gnome-14.png) + +点击"请勿打扰"可以关闭这些消息在外部(没有点击此入口之前)的弹窗通知。 + +#### 3.2.2 日历 + +如上图,右侧显示日历,对于有待办事项的日期,其下会有一个点。点击这些日期,可在日历下方看到待办事项概要信息。 + +#### 3.2.3 时钟和天气 + +可以把时钟和天气添加到右下角连同日历一并作信息显示。点击时钟位置将调用"时钟"程序并使用其"世界时钟"的功能,点击"天气"将调用"天气"程序。 + +![图 14 时钟和天气-big](./figures/gnome-15.png) + +### 3.3 系统状态 + +系统状态入口位于桌面右上角,其包括多个选项,部分说明如表。 + +| 选项 | 说明| +| :------------ | :------------ | +| 声音 | 音量调节 | +| 以太网 | 以太网卡及其连接状况 | +| 定位服务 | 系统所在设置 | +| 设置 | 系统设置 | +| 锁定 | 立即锁屏,再次打开需要密码 | +| 关机/注销 | 包括挂起、关机、重启、注销四种动作 | + +![图 15 系统状态-big](./figures/gnome-16.png) + +不同的设置和系统配置此处显示的系统状态也有所不同,例如wifi,蓝牙,电池。系统状态还可以由其他程序追加到右上角左侧,例如上图中输入源相关的显示。 + +#### 3.3.1 声音 + +快捷的音量调节设置。如要进一步设置声音需要打开系统设置。 + +#### 3.3.2 网络 + +快捷的网络禁用与否设置。如要进一步设置网络需要打开系统设置。 + +![图 16 网络状态-big](./figures/gnome-17.png) + +#### 3.3.3 定位服务 + +快捷的定位服务禁用与否设置。如要进一步设置定位需要打开系统设置。 + +![图 17 定位状态-big](./figures/gnome-18.png) + +#### 3.3.4 设置 + +便捷的系统设置入口之一。 + +![图 18 设置1-big](./figures/gnome-19.png) + +系统设置可以设置数量众多系统相关的选项,除了上图左侧已经展示的项,余下的项如下图左侧。 + +![图 19 设置2-big](./figures/gnome-20.png) + +设置项也是动态拓展的,例如当系统所在的硬件有wifi时,wifi的设置项将会出现在设置中。一些重要的设置项将在下文中举例。 + +#### 3.3.4 锁定 + +点击"锁定"将立即回到锁屏界面并黑屏,鼠标移动立马亮屏,点击任意按键进入登录界面,并需要用户密码输入以实现再次登录。以下是锁屏界面。 + +![图 20 锁屏界面-big](./figures/gnome-21.png) + +#### 3.3.4 关机/注销 + +包括挂起、关机、重启、注销四种动作。其中挂起和锁定的区别在于挂起后直接黑屏,需要使用键盘唤醒到登录界面,时间较锁屏久。注销是登出当前用户,退回到登录界面并且不黑屏,以选择另外的用户登录或者相同用户再次登录。 + +![图 21 关机_注销-big](./figures/gnome-22.png) + +以下是用户登录界面。 + +![图 22 登录界面-big](./figures/gnome-23.png) + +锁定和挂起唤醒后首先进入锁屏界面,再次点击按钮或者按键才进入用户登录界面。注销和重启后直接进入登录界面。 + +
+ +## 四 常用系统设置和应用举例 + +### 4.1 系统设置举例 + +系统设置有四个个入口,分别是: + +桌面右键->设置 + +右上角系统状态入口->设置 + +左上角活动程序入口->设置 + +在终端中->执行gnome-control-center + +#### 4.1.1 网络 + +![图 23 网络设置1-big](./figures/gnome-19.png) + +这里显示有线网络,点击按钮可以打开和关闭网络。还可以设置vpn和网络代理。 + +点击以太网的某个连接右侧的小齿轮,可查看此连接的详细信息,也可对此连接进行修改,包括移除此连接。 + +![图 24 网络设置2-big](./figures/gnome-24.png) + +修改此连接名字。 + +![图 25 网络设置3-big](./figures/gnome-25.png) + +修改ip地址获取方式(自动,手动),添加DNS,添加路由等。 + +![图 26 网络设置4-big](./figures/gnome-26.png) + +点击小齿轮上的"+"号,可以从头创建一个连接,新连接的设置项和上图类似,前提是这个以太网口要存在。 + +#### 4.1.2 显示器 + +固定分辨率设置可在"显示器"一项进行配置,如果这里不包含你的硬件系统的分辨率,那么需要在命令设置好分辨率,再打开此处设置,新加入的分辨率将会显示在这里。 + +![图 27 分辨率设置-big](./figures/gnome-27.png) + +选择分辨率后点击弹出的"保留更改"以使设置生效。 + +![图 28 分辨率设置确认-big](./figures/gnome-28.png) + +有些显示器允许旋转以便竖向观察屏幕,例如文本可以一次查看到更底部的内容。这里的"方向"也提供支持。 + +![图 29 屏幕方向-big](./figures/gnome-29.png) + +#### 4.1.3 键盘快捷键 + +设置键盘快捷键可以执行快捷的操作,例如快速打开主目录,摄像头或者浏览器等。gnome没有为打开终端设置快捷键,可以考虑设置打开终端的默认快捷键。 + +已有的快捷键设置可以滚动查看也可以进行搜索。 + +![图 30 键盘快捷键-big](./figures/gnome-30.png) + +单击已禁用的项,例如主目录和网页浏览器,可以触发快捷键设置。 + +![图 31 快捷键设置-big](./figures/gnome-31.png) + +![图 32 快捷键设置反馈-big](./figures/gnome-32.png) + +设置成功后的效果。 + +![图 33 快捷键设置结果-big](./figures/gnome-33.png) + +拖动"键盘快捷键"设置到底部,点击"+"新加一个打开终端的快捷键。 + +![图 34 快捷键添加设置1-big](./figures/gnome-34.png) + +![图 35 快捷键添加设置2-big](./figures/gnome-35.png) + +![图 36 快捷键添加设置3-big](./figures/gnome-36.png) + +![图 37 快捷键添加设置结果-big](./figures/gnome-37.png) + +按住“ctrl+alt+t”可打开终端。主目录和网页浏览器与此相似。 + +![图 38 快捷键测试-big](./figures/gnome-38.png) + +#### 4.1.4 区域和语言 + +系统语言可以在多种语言间切换,即使安装系统时没有选择这种语言。 + +![图 39 区域和语言-big](./figures/gnome-39.png) + +点击语言和格式选择,可以把语言从中文换为英文,并反馈重启按钮,需要重新登录重启会话设置才能生效。 + +![图 40 语言设置-big](./figures/gnome-40.png) + +![图 41 格式设置-big](./figures/gnome-41.png) + +![图 42 语言和格式设置结果-big](./figures/gnome-42.png) + +点击"输入源"右侧的小齿轮可以查看到输入法的快捷键以及输入源选项设置。点击其下方的"+"可以添加输入源。 + +![图 43 输入设置-big](./figures/gnome-43.png) + +当使用快捷键切换输入法时,可以在右上角系统状态处查看到变化。 + +![图 44 输入切换结果查看-big](./figures/gnome-44.png) + +#### 4.1.5 用户 + +可以在图形界面添加和删除用户。使用非root用户登录时,此项功能需要点击"解锁",输入超级权限用户的密码才能显示完整。 + +![图 45 用户-big](./figures/gnome-45.png) + +点击密码可以修改当前用户的密码。 + +![图 46 修改用户密码-big](./figures/gnome-46.png) + +点击帐号活动可以看到本周的此用户的登录状况。 + +![图 47 用户活动记录-big](./figures/gnome-47.png) + +点击右上角添加用户可以添加一个新用户并在添加用户时设置密码或者在登录时设置密码。登录新用户需要先登出当前用户再选择新用户登录。新加的用户可以在"移除用户"移除,当然,不能移除当前登录的用户。 + +![图 48 添加新用户-big](./figures/gnome-48.png) + +### 4.2 应用举例 + +#### 4.2.1 文件 + +"文件"应用的二进制文件名为nautilus。可在"文件"所图形化显示的文件系统内创建、修改、移动、保存和删除文件等操作。 + +![图 49 文件系统主目录-big](./figures/gnome-49.png) + +#### 4.2.2 终端 + +运行的"终端"是gnome登录会话下的特殊进程,它相当于一个控制台,本质是一个新的会话。它几乎能完成控制台能完成的所有任务,这是没有图形界面的linux原本的样子。 + +![图 50 终端及其设置项-big](./figures/gnome-50.png) + +在其"配置文件首选项"中能对字体、字符间隔、主题背景等选项进行设置。 + +#### 4.2.3 软件 + +"软件"内能搜索安装许多开源免费的应用,也能查看和卸载当前已经安装的程序。 + +![图 51 软件-big](./figures/gnome-51.png) + +![图 52 已安装-big](./figures/gnome-52.png) + +#### 4.2.4 浏览器 + +gnome自带了名为"Web"的浏览器,其界面和功能较google或者firefox浏览器要简单,但是常见的书签、搜索引擎设置、历史记录、文件下载等均支持。 + +![图 53 浏览器-big](./figures/gnome-53.png) + +#### 4.2.5 系统监视器 + +相当于windows下的任务管理器,可以看到进程名字、用户、cpu和内存等资源的使用状况。这个是动态的,不过其变化效果远逊于top命令。 + +![图 54 进程-big](./figures/gnome-54.png) + +还可以看到cpu,内存,网络等重要部件的利用率走势。 + +![图 55 资源-big](./figures/gnome-55.png) + +#### 4.2.6 文本编辑器 + +创建、修改、保存文件等操作需要文本编辑器。在其菜单栏的"首选项"中可进行字体、制表符宽度、主题、插件等选项进行设置。 + +![图 56 文本编辑器-big](./figures/gnome-56.png) + +#### 4.2.7 Sysprof + +这是对系统包括软硬件的采样和呈现,这可以用来定位系统的性能问题,例如应用启动卡顿,系统响应延迟等。点击选择要跟踪的项目并点击"Record",便开始采样。 + +![图 57 采样对象选择-big](./figures/gnome-57.png) + +![图 58 开始记录-big](./figures/gnome-58.png) + +停止采样后,采样结果提供了非常丰富的信息,可用于诊断和分析。 + +![图 59 采样结果-big](./figures/gnome-59.png) diff --git a/docs/zh/tools/desktop/kiran/_toc.yaml b/docs/zh/tools/desktop/kiran/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4ee827a9500cb1f0cea9772d11c8b78aa9c9c732 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/_toc.yaml @@ -0,0 +1,8 @@ +label: Kiran用户指南 +isManual: true +description: 安装并使用 Kiran 桌面环境 +sections: + - label: 安装 Kiran + href: ./kiran_installation.md + - label: 使用 Kiran + href: ./kiran_userguide.md diff --git a/docs/zh/tools/desktop/kiran/figures/.keep b/docs/zh/tools/desktop/kiran/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/zh/tools/desktop/kiran/figures/1.png b/docs/zh/tools/desktop/kiran/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/10.png b/docs/zh/tools/desktop/kiran/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/10.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/11.png b/docs/zh/tools/desktop/kiran/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/11.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/12.png b/docs/zh/tools/desktop/kiran/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/12.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/13.png b/docs/zh/tools/desktop/kiran/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/13.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/14.png b/docs/zh/tools/desktop/kiran/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/14.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/15.png b/docs/zh/tools/desktop/kiran/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/15.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/16.png b/docs/zh/tools/desktop/kiran/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/16.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/17.png b/docs/zh/tools/desktop/kiran/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/17.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/18.png b/docs/zh/tools/desktop/kiran/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/18.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/19.png b/docs/zh/tools/desktop/kiran/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/19.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/2.png b/docs/zh/tools/desktop/kiran/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/2.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/20.png b/docs/zh/tools/desktop/kiran/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/20.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/21.png b/docs/zh/tools/desktop/kiran/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/21.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/22.png b/docs/zh/tools/desktop/kiran/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/22.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/23.png b/docs/zh/tools/desktop/kiran/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/23.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/24.png b/docs/zh/tools/desktop/kiran/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/24.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/25.png b/docs/zh/tools/desktop/kiran/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/25.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/26.png b/docs/zh/tools/desktop/kiran/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/26.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/27.png b/docs/zh/tools/desktop/kiran/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/27.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/28.png b/docs/zh/tools/desktop/kiran/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/28.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/29.png b/docs/zh/tools/desktop/kiran/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/29.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/3.png b/docs/zh/tools/desktop/kiran/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/3.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/30.png b/docs/zh/tools/desktop/kiran/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/30.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/31.png b/docs/zh/tools/desktop/kiran/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/31.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/32.png b/docs/zh/tools/desktop/kiran/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/32.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/33.png b/docs/zh/tools/desktop/kiran/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/33.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/34.png b/docs/zh/tools/desktop/kiran/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/34.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/35.png b/docs/zh/tools/desktop/kiran/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/35.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/36.png b/docs/zh/tools/desktop/kiran/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/36.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/37.png b/docs/zh/tools/desktop/kiran/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/37.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/38.png b/docs/zh/tools/desktop/kiran/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/38.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/39.png b/docs/zh/tools/desktop/kiran/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/39.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/4.png b/docs/zh/tools/desktop/kiran/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/4.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/40.png b/docs/zh/tools/desktop/kiran/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/40.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/41.png b/docs/zh/tools/desktop/kiran/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/41.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/42.png b/docs/zh/tools/desktop/kiran/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/42.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/43.jpg b/docs/zh/tools/desktop/kiran/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/43.jpg differ diff --git a/docs/zh/tools/desktop/kiran/figures/44.png b/docs/zh/tools/desktop/kiran/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/44.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/45.png b/docs/zh/tools/desktop/kiran/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/45.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/46.png b/docs/zh/tools/desktop/kiran/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/46.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/47.jpg b/docs/zh/tools/desktop/kiran/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/47.jpg differ diff --git a/docs/zh/tools/desktop/kiran/figures/48.png b/docs/zh/tools/desktop/kiran/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/48.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/49.png b/docs/zh/tools/desktop/kiran/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/49.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/5.png b/docs/zh/tools/desktop/kiran/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/5.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/50.png b/docs/zh/tools/desktop/kiran/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/50.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/51.png b/docs/zh/tools/desktop/kiran/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/51.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/52.png b/docs/zh/tools/desktop/kiran/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/52.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/53.png b/docs/zh/tools/desktop/kiran/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/53.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/54.png b/docs/zh/tools/desktop/kiran/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/54.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/56.png b/docs/zh/tools/desktop/kiran/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/56.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/57.png b/docs/zh/tools/desktop/kiran/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/57.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/58.png b/docs/zh/tools/desktop/kiran/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/58.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/59.png b/docs/zh/tools/desktop/kiran/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/59.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/6.png b/docs/zh/tools/desktop/kiran/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/6.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/60.jpg b/docs/zh/tools/desktop/kiran/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/60.jpg differ diff --git a/docs/zh/tools/desktop/kiran/figures/61.png b/docs/zh/tools/desktop/kiran/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/61.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/62.png b/docs/zh/tools/desktop/kiran/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/62.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/63.jpg b/docs/zh/tools/desktop/kiran/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/63.jpg differ diff --git a/docs/zh/tools/desktop/kiran/figures/63.png b/docs/zh/tools/desktop/kiran/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/63.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/64.png b/docs/zh/tools/desktop/kiran/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/64.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/7.png b/docs/zh/tools/desktop/kiran/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/7.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/8.png b/docs/zh/tools/desktop/kiran/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/8.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/9.png b/docs/zh/tools/desktop/kiran/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/9.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-01.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-01.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-02.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-02.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-03.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-03.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-04.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-04.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-05.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-05.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-06.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-06.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-07.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-07.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-08.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-08.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-09.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-09.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-10.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-10.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-11.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-11.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-12.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-12.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-13.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-13.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-14.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-14.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-15.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-15.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-16.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-16.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-17.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-17.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-18.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-18.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-19.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-19.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-20.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-20.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-21.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-21.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-22.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-22.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-23.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-23.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-24.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-24.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-25.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-25.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-26.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-26.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-27.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-27.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-28.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-28.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-29.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-29.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-30-0.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-30-0.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-30-1.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-30-1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-31.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-31.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-32.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-32.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-33.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-33.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-34.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-34.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-35-0.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-35-0.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-35-1.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-35-1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-36.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-36.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-37.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-37.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-38.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-38.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-39.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-39.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-40.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-40.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-41-0.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-41-0.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-41-1.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-41-1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-42.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-42.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-43.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-43.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-44.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-44.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-45.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-45.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-46.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-46.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-47.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-47.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-48.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-48.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-49.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-49.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-50.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-50.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-51.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-51.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-52.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-52.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-53.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-53.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/Cinnamon-54.png b/docs/zh/tools/desktop/kiran/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/Cinnamon-54.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-add-resource.png b/docs/zh/tools/desktop/kiran/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-add-resource.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-apache-show.png b/docs/zh/tools/desktop/kiran/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-apache-show.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-apache-suc.png b/docs/zh/tools/desktop/kiran/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-apache-suc.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-api.png b/docs/zh/tools/desktop/kiran/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-api.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-clone-suc.png b/docs/zh/tools/desktop/kiran/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-clone-suc.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-clone.png b/docs/zh/tools/desktop/kiran/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-clone.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-corosync.png b/docs/zh/tools/desktop/kiran/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-corosync.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-firstchoice-cmd.png b/docs/zh/tools/desktop/kiran/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-firstchoice-cmd.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-firstchoice.png b/docs/zh/tools/desktop/kiran/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-firstchoice.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-group-new-suc.png b/docs/zh/tools/desktop/kiran/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-group-new-suc.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-group-new-suc2.png b/docs/zh/tools/desktop/kiran/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-group-new-suc2.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-group-new.png b/docs/zh/tools/desktop/kiran/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-group-new.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-group-suc.png b/docs/zh/tools/desktop/kiran/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-group-suc.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-group.png b/docs/zh/tools/desktop/kiran/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-group.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-home-page.png b/docs/zh/tools/desktop/kiran/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-home-page.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-login.png b/docs/zh/tools/desktop/kiran/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-login.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-mariadb-suc.png b/docs/zh/tools/desktop/kiran/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-mariadb-suc.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-mariadb.png b/docs/zh/tools/desktop/kiran/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-mariadb.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-nfs-suc.png b/docs/zh/tools/desktop/kiran/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-nfs-suc.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-nfs.png b/docs/zh/tools/desktop/kiran/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-nfs.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-pacemaker.png b/docs/zh/tools/desktop/kiran/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-pacemaker.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-pcs-status.png b/docs/zh/tools/desktop/kiran/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-pcs-status.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-pcs.png b/docs/zh/tools/desktop/kiran/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-pcs.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-qdevice.png b/docs/zh/tools/desktop/kiran/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-qdevice.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-refresh.png b/docs/zh/tools/desktop/kiran/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-refresh.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-vip-suc.png b/docs/zh/tools/desktop/kiran/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-vip-suc.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/HA-vip.png b/docs/zh/tools/desktop/kiran/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/HA-vip.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/dde-1.png b/docs/zh/tools/desktop/kiran/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/dde-1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/dde-2.png b/docs/zh/tools/desktop/kiran/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/dde-2.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-1.png b/docs/zh/tools/desktop/kiran/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-10.png b/docs/zh/tools/desktop/kiran/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-10.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-11.png b/docs/zh/tools/desktop/kiran/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-11.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-12.png b/docs/zh/tools/desktop/kiran/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-12.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-13.png b/docs/zh/tools/desktop/kiran/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-13.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-14.png b/docs/zh/tools/desktop/kiran/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-14.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-15.png b/docs/zh/tools/desktop/kiran/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-15.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-16.png b/docs/zh/tools/desktop/kiran/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-16.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-17.png b/docs/zh/tools/desktop/kiran/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-17.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-18.png b/docs/zh/tools/desktop/kiran/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-18.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-19.png b/docs/zh/tools/desktop/kiran/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-19.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-2.png b/docs/zh/tools/desktop/kiran/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-2.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-20.png b/docs/zh/tools/desktop/kiran/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-20.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-21.png b/docs/zh/tools/desktop/kiran/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-21.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-22.png b/docs/zh/tools/desktop/kiran/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-22.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-23.png b/docs/zh/tools/desktop/kiran/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-23.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-24.png b/docs/zh/tools/desktop/kiran/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-24.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-25.png b/docs/zh/tools/desktop/kiran/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-25.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-26.png b/docs/zh/tools/desktop/kiran/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-26.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-27.png b/docs/zh/tools/desktop/kiran/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-27.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-28.png b/docs/zh/tools/desktop/kiran/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-28.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-29.png b/docs/zh/tools/desktop/kiran/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-29.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-3.png b/docs/zh/tools/desktop/kiran/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-3.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-30.png b/docs/zh/tools/desktop/kiran/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-30.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-31.png b/docs/zh/tools/desktop/kiran/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-31.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-32.png b/docs/zh/tools/desktop/kiran/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-32.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-33.png b/docs/zh/tools/desktop/kiran/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-33.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-34.png b/docs/zh/tools/desktop/kiran/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-34.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-35.png b/docs/zh/tools/desktop/kiran/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-35.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-36.png b/docs/zh/tools/desktop/kiran/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-36.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-37.png b/docs/zh/tools/desktop/kiran/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-37.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-38.png b/docs/zh/tools/desktop/kiran/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-38.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-39.png b/docs/zh/tools/desktop/kiran/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-39.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-4.png b/docs/zh/tools/desktop/kiran/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-4.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-40.png b/docs/zh/tools/desktop/kiran/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-40.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-41.png b/docs/zh/tools/desktop/kiran/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-41.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-42.png b/docs/zh/tools/desktop/kiran/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-42.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-43.png b/docs/zh/tools/desktop/kiran/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-43.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-44.png b/docs/zh/tools/desktop/kiran/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-44.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-45.png b/docs/zh/tools/desktop/kiran/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-45.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-46.png b/docs/zh/tools/desktop/kiran/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-46.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-47.png b/docs/zh/tools/desktop/kiran/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-47.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-48.png b/docs/zh/tools/desktop/kiran/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-48.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-49.png b/docs/zh/tools/desktop/kiran/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-49.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-5.png b/docs/zh/tools/desktop/kiran/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-5.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-50.png b/docs/zh/tools/desktop/kiran/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-50.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-51.png b/docs/zh/tools/desktop/kiran/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-51.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-52.png b/docs/zh/tools/desktop/kiran/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-52.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-53.png b/docs/zh/tools/desktop/kiran/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-53.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-54.png b/docs/zh/tools/desktop/kiran/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-54.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-55.png b/docs/zh/tools/desktop/kiran/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-55.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-56.png b/docs/zh/tools/desktop/kiran/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-56.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-57.png b/docs/zh/tools/desktop/kiran/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-57.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-58.png b/docs/zh/tools/desktop/kiran/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-58.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-59.png b/docs/zh/tools/desktop/kiran/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-59.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-6.png b/docs/zh/tools/desktop/kiran/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-6.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-7.png b/docs/zh/tools/desktop/kiran/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-7.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-8.png b/docs/zh/tools/desktop/kiran/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-8.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/gnome-9.png b/docs/zh/tools/desktop/kiran/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/gnome-9.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon1.png b/docs/zh/tools/desktop/kiran/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon10-o.png b/docs/zh/tools/desktop/kiran/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon10-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon101-o.svg b/docs/zh/tools/desktop/kiran/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon103-o.svg b/docs/zh/tools/desktop/kiran/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon105-o.svg b/docs/zh/tools/desktop/kiran/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon107-o.svg b/docs/zh/tools/desktop/kiran/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon11-o.png b/docs/zh/tools/desktop/kiran/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon11-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon110-o.svg b/docs/zh/tools/desktop/kiran/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon111-o.svg b/docs/zh/tools/desktop/kiran/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon112-o.svg b/docs/zh/tools/desktop/kiran/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon116-o.svg b/docs/zh/tools/desktop/kiran/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon12-o.png b/docs/zh/tools/desktop/kiran/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon12-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon120-o.svg b/docs/zh/tools/desktop/kiran/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon122-o.svg b/docs/zh/tools/desktop/kiran/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon124-o.svg b/docs/zh/tools/desktop/kiran/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon125-o.svg b/docs/zh/tools/desktop/kiran/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon126-o.svg b/docs/zh/tools/desktop/kiran/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon127-o.svg b/docs/zh/tools/desktop/kiran/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon128-o.svg b/docs/zh/tools/desktop/kiran/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon13-o.png b/docs/zh/tools/desktop/kiran/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon13-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon132-o.svg b/docs/zh/tools/desktop/kiran/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon133-o.svg b/docs/zh/tools/desktop/kiran/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon134-o.svg b/docs/zh/tools/desktop/kiran/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon135-o.svg b/docs/zh/tools/desktop/kiran/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon136-o.svg b/docs/zh/tools/desktop/kiran/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon14-o.png b/docs/zh/tools/desktop/kiran/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon14-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon15-o.png b/docs/zh/tools/desktop/kiran/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon15-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon16.png b/docs/zh/tools/desktop/kiran/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon16.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon17.png b/docs/zh/tools/desktop/kiran/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon17.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon18.png b/docs/zh/tools/desktop/kiran/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon18.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon19-o.png b/docs/zh/tools/desktop/kiran/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon19-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon2.png b/docs/zh/tools/desktop/kiran/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon2.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon20.png b/docs/zh/tools/desktop/kiran/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon20.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon21.png b/docs/zh/tools/desktop/kiran/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon21.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon22.png b/docs/zh/tools/desktop/kiran/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon22.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon23.png b/docs/zh/tools/desktop/kiran/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon23.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon24.png b/docs/zh/tools/desktop/kiran/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon24.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon25.png b/docs/zh/tools/desktop/kiran/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon25.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon26-o.png b/docs/zh/tools/desktop/kiran/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon26-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon27-o.png b/docs/zh/tools/desktop/kiran/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon27-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon28-o.png b/docs/zh/tools/desktop/kiran/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon28-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon29-o.png b/docs/zh/tools/desktop/kiran/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon29-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon3.png b/docs/zh/tools/desktop/kiran/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon3.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon30-o.png b/docs/zh/tools/desktop/kiran/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon30-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon31-o.png b/docs/zh/tools/desktop/kiran/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon31-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon32.png b/docs/zh/tools/desktop/kiran/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon32.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon33.png b/docs/zh/tools/desktop/kiran/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon33.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon34.png b/docs/zh/tools/desktop/kiran/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon34.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon35.png b/docs/zh/tools/desktop/kiran/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon35.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon36.png b/docs/zh/tools/desktop/kiran/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon36.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon37.png b/docs/zh/tools/desktop/kiran/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon37.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon38.png b/docs/zh/tools/desktop/kiran/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon38.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon39.png b/docs/zh/tools/desktop/kiran/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon39.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon4.png b/docs/zh/tools/desktop/kiran/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon4.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon40.png b/docs/zh/tools/desktop/kiran/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon40.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon41.png b/docs/zh/tools/desktop/kiran/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon41.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon42-o.png b/docs/zh/tools/desktop/kiran/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon42-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon42.png b/docs/zh/tools/desktop/kiran/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon42.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon43-o.png b/docs/zh/tools/desktop/kiran/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon43-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon44-o.png b/docs/zh/tools/desktop/kiran/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon44-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon45-o.png b/docs/zh/tools/desktop/kiran/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon45-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon46-o.png b/docs/zh/tools/desktop/kiran/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon46-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon47-o.png b/docs/zh/tools/desktop/kiran/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon47-o.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon49-o.svg b/docs/zh/tools/desktop/kiran/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon5.png b/docs/zh/tools/desktop/kiran/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon5.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon50-o.svg b/docs/zh/tools/desktop/kiran/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon52-o.svg b/docs/zh/tools/desktop/kiran/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon53-o.svg b/docs/zh/tools/desktop/kiran/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon54-o.svg b/docs/zh/tools/desktop/kiran/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon56-o.svg b/docs/zh/tools/desktop/kiran/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon57-o.svg b/docs/zh/tools/desktop/kiran/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon58-o.svg b/docs/zh/tools/desktop/kiran/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon6.png b/docs/zh/tools/desktop/kiran/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon6.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon62-o.svg b/docs/zh/tools/desktop/kiran/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon63-o.svg b/docs/zh/tools/desktop/kiran/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon66-o.svg b/docs/zh/tools/desktop/kiran/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon68-o.svg b/docs/zh/tools/desktop/kiran/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon69-o.svg b/docs/zh/tools/desktop/kiran/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon7.png b/docs/zh/tools/desktop/kiran/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon7.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon70-o.svg b/docs/zh/tools/desktop/kiran/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon71-o.svg b/docs/zh/tools/desktop/kiran/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon72-o.svg b/docs/zh/tools/desktop/kiran/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon73-o.svg b/docs/zh/tools/desktop/kiran/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon75-o.svg b/docs/zh/tools/desktop/kiran/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon8.png b/docs/zh/tools/desktop/kiran/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon8.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon83-o.svg b/docs/zh/tools/desktop/kiran/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon84-o.svg b/docs/zh/tools/desktop/kiran/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon86-o.svg b/docs/zh/tools/desktop/kiran/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon88-o.svg b/docs/zh/tools/desktop/kiran/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon9.png b/docs/zh/tools/desktop/kiran/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/icon9.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/icon90-o.svg b/docs/zh/tools/desktop/kiran/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon92-o.svg b/docs/zh/tools/desktop/kiran/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/icon94-o.svg b/docs/zh/tools/desktop/kiran/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon97-o.svg b/docs/zh/tools/desktop/kiran/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/kiran/figures/icon99-o.svg b/docs/zh/tools/desktop/kiran/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-1.png b/docs/zh/tools/desktop/kiran/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-10.png b/docs/zh/tools/desktop/kiran/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-10.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-11.png b/docs/zh/tools/desktop/kiran/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-11.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-12.png b/docs/zh/tools/desktop/kiran/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-12.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-13.png b/docs/zh/tools/desktop/kiran/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-13.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-14.png b/docs/zh/tools/desktop/kiran/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-14.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-15.png b/docs/zh/tools/desktop/kiran/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-15.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-16.png b/docs/zh/tools/desktop/kiran/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-16.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-17.png b/docs/zh/tools/desktop/kiran/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-17.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-18.png b/docs/zh/tools/desktop/kiran/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-18.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-19.png b/docs/zh/tools/desktop/kiran/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-19.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-2.png b/docs/zh/tools/desktop/kiran/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-2.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-20.png b/docs/zh/tools/desktop/kiran/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-20.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-21.png b/docs/zh/tools/desktop/kiran/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-21.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-22.png b/docs/zh/tools/desktop/kiran/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-22.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-23.png b/docs/zh/tools/desktop/kiran/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-23.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-24.png b/docs/zh/tools/desktop/kiran/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-24.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-25.png b/docs/zh/tools/desktop/kiran/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-25.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-26.png b/docs/zh/tools/desktop/kiran/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-26.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-27.png b/docs/zh/tools/desktop/kiran/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-27.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-28.png b/docs/zh/tools/desktop/kiran/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-28.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-29.png b/docs/zh/tools/desktop/kiran/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-29.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-3.png b/docs/zh/tools/desktop/kiran/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-3.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-30.png b/docs/zh/tools/desktop/kiran/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-30.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-31.png b/docs/zh/tools/desktop/kiran/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-31.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-32.png b/docs/zh/tools/desktop/kiran/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-32.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-33.png b/docs/zh/tools/desktop/kiran/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-33.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-34.png b/docs/zh/tools/desktop/kiran/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-34.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-35.png b/docs/zh/tools/desktop/kiran/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-35.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-36.png b/docs/zh/tools/desktop/kiran/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-36.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-37.png b/docs/zh/tools/desktop/kiran/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-37.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-38.png b/docs/zh/tools/desktop/kiran/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-38.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-39.png b/docs/zh/tools/desktop/kiran/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-39.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-4.png b/docs/zh/tools/desktop/kiran/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-4.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-40.png b/docs/zh/tools/desktop/kiran/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-40.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-41.png b/docs/zh/tools/desktop/kiran/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-41.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-42.png b/docs/zh/tools/desktop/kiran/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-42.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-43.png b/docs/zh/tools/desktop/kiran/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-43.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-44.png b/docs/zh/tools/desktop/kiran/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-44.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-45.png b/docs/zh/tools/desktop/kiran/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-45.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-46.png b/docs/zh/tools/desktop/kiran/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-46.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-47.png b/docs/zh/tools/desktop/kiran/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-47.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-48.png b/docs/zh/tools/desktop/kiran/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-48.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-49.png b/docs/zh/tools/desktop/kiran/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-49.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-5.png b/docs/zh/tools/desktop/kiran/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-5.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-50.png b/docs/zh/tools/desktop/kiran/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-50.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-6.png b/docs/zh/tools/desktop/kiran/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-6.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-7.png b/docs/zh/tools/desktop/kiran/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-7.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-8.png b/docs/zh/tools/desktop/kiran/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-8.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kiran-9.png b/docs/zh/tools/desktop/kiran/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kiran-9.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kubesphere-console.png b/docs/zh/tools/desktop/kiran/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kubesphere-console.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/kubesphere.png b/docs/zh/tools/desktop/kiran/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/kubesphere.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-1.png b/docs/zh/tools/desktop/kiran/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-1.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-2.png b/docs/zh/tools/desktop/kiran/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-2.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-3.png b/docs/zh/tools/desktop/kiran/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-3.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-4.png b/docs/zh/tools/desktop/kiran/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-4.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-5.png b/docs/zh/tools/desktop/kiran/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-5.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-6.png b/docs/zh/tools/desktop/kiran/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-6.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-7.png b/docs/zh/tools/desktop/kiran/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-7.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-71.png b/docs/zh/tools/desktop/kiran/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-71.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-8.png b/docs/zh/tools/desktop/kiran/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-8.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-81.png b/docs/zh/tools/desktop/kiran/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-81.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-811.png b/docs/zh/tools/desktop/kiran/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-811.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-812.png b/docs/zh/tools/desktop/kiran/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-812.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-813.png b/docs/zh/tools/desktop/kiran/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-813.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-814.png b/docs/zh/tools/desktop/kiran/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-814.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-82.png b/docs/zh/tools/desktop/kiran/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-82.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-821.png b/docs/zh/tools/desktop/kiran/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-821.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-83.png b/docs/zh/tools/desktop/kiran/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-83.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-831.png b/docs/zh/tools/desktop/kiran/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-831.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-832.png b/docs/zh/tools/desktop/kiran/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-832.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-84.png b/docs/zh/tools/desktop/kiran/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-84.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-841.png b/docs/zh/tools/desktop/kiran/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-841.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-842.png b/docs/zh/tools/desktop/kiran/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-842.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-85.png b/docs/zh/tools/desktop/kiran/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-85.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-851.png b/docs/zh/tools/desktop/kiran/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-851.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-86.png b/docs/zh/tools/desktop/kiran/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-86.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-861.png b/docs/zh/tools/desktop/kiran/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-861.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-87.png b/docs/zh/tools/desktop/kiran/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-87.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-9.png b/docs/zh/tools/desktop/kiran/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-9.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-91.png b/docs/zh/tools/desktop/kiran/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-91.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-911.png b/docs/zh/tools/desktop/kiran/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-911.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-92.png b/docs/zh/tools/desktop/kiran/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-92.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-921.png b/docs/zh/tools/desktop/kiran/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-921.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-93.png b/docs/zh/tools/desktop/kiran/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-93.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-931.png b/docs/zh/tools/desktop/kiran/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-931.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-94.png b/docs/zh/tools/desktop/kiran/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-94.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-941.png b/docs/zh/tools/desktop/kiran/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-941.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-95.png b/docs/zh/tools/desktop/kiran/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-95.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-951.png b/docs/zh/tools/desktop/kiran/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-951.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-96.png b/docs/zh/tools/desktop/kiran/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-96.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-961.png b/docs/zh/tools/desktop/kiran/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-961.png differ diff --git a/docs/zh/tools/desktop/kiran/figures/xfce-962.png b/docs/zh/tools/desktop/kiran/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/zh/tools/desktop/kiran/figures/xfce-962.png differ diff --git a/docs/zh/tools/desktop/kiran/kiran.md b/docs/zh/tools/desktop/kiran/kiran.md new file mode 100644 index 0000000000000000000000000000000000000000..8a1184aea452420f27dbaf9690182cc3c518bd99 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/kiran.md @@ -0,0 +1,3 @@ +# Kiran 用户指南 + +本节主要描述 Kiran 桌面环境的安装和使用。 diff --git a/docs/zh/tools/desktop/kiran/kiran_installation.md b/docs/zh/tools/desktop/kiran/kiran_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..e608e6e455367dcf845d073904fa0a98cab05d64 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/kiran_installation.md @@ -0,0 +1,37 @@ +# 在 openEuler 上安装 Kiran + +## 简介 + +kiran 桌面是湖南麒麟信安团队以用户和市场需求为导向,研发的一个安全、稳定、高效、易用的桌面环境。Kiran 可以支持 x86 和 aarch64 架构。 + +## 安装方法 + +安装时建议使用 root 用户或者新建一个管理员用户。 + +1.下载 openEuler 镜像并安装系统。 + +2.更新软件源: + +```sh + +sudo dnf update + +``` + +3.安装 kiran-desktop: + +```sh + +sudo dnf -y install kiran-desktop + +``` + +4.设置以图形界面的方式启动,并重启(`reboot`)。 + +```sh + +systemctl set-default graphical.target + +``` + +重启系统即可通过 Kiran 桌面登录,您就可以尽情使用 Kiran 桌面了。 diff --git a/docs/zh/tools/desktop/kiran/kiran_userguide.md b/docs/zh/tools/desktop/kiran/kiran_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..51bb6f02d132a3f503efaa416ab2939210d212b5 --- /dev/null +++ b/docs/zh/tools/desktop/kiran/kiran_userguide.md @@ -0,0 +1,328 @@ +# Kiran桌面环境用户手册 + +## 1.概述 + +Kiran桌面是一款以用户和市场需求为主导的稳定、高效、易用的桌面环境,主要包括了桌面、任务栏、托盘、控制中心和窗口管理等组件。本文介绍了Kiran桌面的使用。 + +## 2.桌面 + +### 2.1.登录界面 + +安装完成后重启系统,系统启动后需要输入登录的用户名和密码才能进入系统,登录界面会显示时间日期,电源按钮,软键盘按钮。界面支持自适应调整,支持屏幕放缩,支持多屏显示,登录框可以跟随鼠标进行屏幕切换。 + +![图1-登录界面](figures/kiran-1.png) + +### 2.2.主界面 + +输入正确的用户名和密码后即可登录系统进入主界面,如下图所示: + +![图2-主界面](figures/kiran-2.png) + +桌面上放置有几个图标,如计算机、主文件夹、回收站等,位于屏幕底部的一个长条称为面板,从这里可以启动应用程序或在模拟桌面上切换。 +桌面是用户的工作区域,用户操作和程序运行都是在桌面上。桌面上还有用户希望能方便访问的文件和应用程序图标,用鼠标双击可以运行相应程序或打开文件。可以拖动、添加或删除桌面图标。使用桌面图标可以更加便捷地完成工作。 + +![图3-计算机](figures/kiran-3.png)计算机:双击可以显示从本计算机访问的所有本地和远程磁盘和文件夹。 + +![图4-主文件夹](figures/kiran-4.png)主文件夹:双击可以显示/root(家目录)下的内容。 + +![图5-回收站](figures/kiran-5.png)回收站:暂时存放已删除文件的地方。 + +桌面右键:提供了创建文件夹、创建启动器、创建文档、更改桌面背景、图标保持对齐等快捷方式。 + +创建文件夹:可以创建新的文件夹。 + +创建启动器:可以创建一个新的启动器。 + +创建文档:可以创建空的纯文本文档。 + +按名称组织桌面:按名称来进行排序桌面文件。 + +保持对齐:勾选了保持对齐,桌面图标会按照网格对齐排列。 + +打开终端:直接打开终端应用。 + +更改桌面背景:打开“背景”,以改变桌面或锁屏的背景图片。 + +### 2.3.面板 + +面板通常位于屏幕的底部,上面包括了开始菜单按钮、快速启动区域、经常使用的应用程序与桌面小程序图标和显示当前运行应用程序的任务条。 +将鼠标停在某个图标上呆几秒钟,会看到一个白色的弹出提示框,内容是对这个图标作用的描述。 + +![图6-系统面板](figures/kiran-6.png) + +## 3.任务栏 + +任务栏:显示正在运行的程序或打开的文档,点击任务条上某一项可以最大化或最小化被选中的程序。可以通过在对应项上点击鼠标右键对其运行窗口进行最大化、最小化或关闭等操作。 + +| 组件 | 说明 | +| :------------ | :------------ | +|![图7-开始菜单](figures/kiran-7.png)|开始菜单按钮:相当于Windows中的开始按钮,单击会弹出系统级联的开始菜单| +|![图8-工作区按钮](figures/kiran-8.png)|单机此按钮启动工作区| +|![图9-文件浏览器按钮](figures/kiran-9.png)|单击此按钮启动文件浏览器,可浏览管理文件| +|![图10-终端命令按钮](figures/kiran-10.png)|单击将启动终端| +|![图11-Web浏览器按钮](figures/kiran-11.png)|单击此按钮启动firefox浏览器| +|![图12-网络控制图标](figures/kiran-12.png)|显示当前网络状态,单击可修改系统的网络配置| +|![图13-时钟按钮](figures/kiran-13.png)|显示当前日期和时间,可以根据需要定制显示的样式| + +## 4.控制中心 + +### 4.1.开始菜单设置 + +选择“开始菜单”>“控制中心”>“开始菜单设置”。 +开始菜单可设置开始菜单样式,根据个人喜好设置开始菜单的显示模式与不透明度,如图所示: + +![图14-开始菜单设置](figures/kiran-14.png) + +开始菜单根据设置的透明度、显示模式而更改,如下图: + +![图15-开始菜单界面](figures/kiran-15.png) + +### 4.2.登录设置 + +选择“开始菜单”>“控制中心”>“登录设置”打开。 +在kiran桌面,用户可以通过选择控制中心中的登录设置对登录界面环境效果进行设置,其中包括登录界面背景图、是否自动登录、缩放比例、是否允许手动输入用户名登录、是否显示用户列表等,如图所示: + +![图16-登录设置](figures/kiran-16.png) + +还可以设置自动登录,设置自动登录的用户和延时,重启系统后会自动登录该用户,无需输入密码。 + +![图17-设置自动登录](figures/kiran-17.png) + +### 4.3.显示设置 + +定制显示属性是每个桌面系统所必备的,kiran桌面提供了强大的显示属性定制工具。您可以通过选择“开始菜单”>“控制中心”>“显示设置”进入显示设置界面,如下图所示: + +![图18-显示设置](figures/kiran-18.png) + +这里可以设置屏幕旋转、分辨率、刷新率、缩放率和旋转,设置完成后点击“应用”即可。 + +### 4.4.鼠标设置 + +用户可以通过选择控制中心中的“鼠标设置”对鼠标进行配置,可以修改鼠标手持模式为左手和右手模式,调整鼠标移动速度,可以设置是否自动滚动,是否同时按下左右键模拟中键功能。鼠标设置常见界面如图所示: + +![图19-鼠标设置](figures/kiran-19.png) + +### 4.5.账户管理工具 + +账户管理工具工具是对用户和组进行管理的一个简单易用工具,您可以通过这个工具对用户和组群进行配置和管理,主要包括: +1)增加用户,设置用户属性; +2)修改用户属性; +3)显示用户属性; +4)删除用户; + +用户属性包括:账号、口令(密码)、登录 shell,用户组属性指在该组包含哪些用户。 + +#### 4.5.1.启动账户管理工具 + +在控制中心中选择启动“账户管理工具”选项即可启动账户管理工具,如图所示: + +![图20-账户管理工具](figures/kiran-20.png) + +在这个界面中您可以看到有左侧菜用户栏和右侧详细信息栏两个部分。目前在列出的是系统中的所有用户(除root用户除外)。点击左侧某个用户,详细信息栏将显示用户的基本信息(用户ID、用户类型等)。 + +点击“创建用户”,在右侧出现页面,如下图所示,按照要求填写您要添加的用户名、用户类型、设置密码、头像。填写完毕后,单击“创建”即完成添加。 + +![图21-创建账户](figures/kiran-21.png) + +【注】:如果您已经设置了密码允许的最小位数(例如四位),则您在此处输入的密码位数要不小于 4 位,否则系统将不会接受该密码。 + +单击头像区域打开头像修改功能,系统预设了各种类型的头像供用户选择,用户也可以自己添加头像,点击“确认”后记得保存: + +![图22-修改头像](figures/kiran-22.png) + +#### 4.5.2.删除用户 + +首先在左侧信息栏里的欲删除的用户上单击,选中该用户,然后在右侧工具栏上点击“删除”按钮,如下图所示: + +![图23-删除用户](figures/kiran-23.png) + +![图24-删除确认提示](figures/kiran-24.png) + +在弹出上图所示的对话框中单击“否”撤消删除,单击“是”确认删除。 + +#### 4.5.3.高级设置 + +选择“创建新用户”>“输入账号密码”>“高级设置”,打开一个对话框,如下图所示,可以设置用户的登录shell、指定用户ID和指定用户目录。 + +![图25-高级设置](figures/kiran-25.png) + +### 4.6.外观 + +定制显示属性是每个桌面系统所必备的,Kiran桌面为您提供了强大的显示属性定制工具。外观是一个对系统的桌面背景,主题,字体三个方面提供统一配置和管理的工具。 +选择“开始菜单”>“控制中心”>“外观”,显示的界面如下图所示: + +![图26-外观设置](figures/kiran-26.png) + +#### 4.6.1.主题 + +主题可以对系统的对话框风格,菜单风格,系统面板风格,图标风格进行统一设置或者也可以根据用户的喜好定制。 + +1)主题设置 +系统中默认已提供了多套主题,可以在主题浏览对话框中浏览主题的相关信息。点击主题浏览对话框中的主题,即可设置系统主题,如图所示: +![图27-主题设置](figures/kiran-27.png) + +2)自定义主题 +用户可以通过点击“自定义”按钮,来根据用户的喜好定制系统主题,如下图所示:自定义主题包括: +a.控制; +b.色彩; +c.窗口边框; +d.图标; +e.指针; + +![图28-自定义主题](figures/kiran-28.png) + +#### 4.6.2.背景 + +用户可以对桌面背景进行设置,可以修改颜色、样式。 + +1)背景图片设置 +如下图所示,点击壁纸文件浏览对话框中的壁纸,即可将桌面设置为此壁纸。 + +![图29-背景设置](figures/kiran-29.png) + +2)样式 +用户可以根据自己的喜好通过样式下拉式选择框来调整壁纸填充桌面背景时的方式。填充方式有以下六种方式: + +a.平铺; +b.缩放; +c.居中; +d.比例放大; +e.伸展; +f.适合宽度。 + +3)壁纸的添加与删除 +用户可以通过“添加”按钮添加自己喜欢的壁纸,如下图所示: + +![图30-添加壁纸](figures/kiran-30.png) + +点击“打开”即可添加壁纸。 +同时可以点击“删除”按钮来删除用户不喜欢的壁纸。具体步骤:选择壁纸,点击“删除”。 + +4)桌面背景色彩填充设置 +用户如果不喜欢用壁纸来设置桌面背景,也可以用色彩来设置背景,在壁纸选择对话框中选择无壁纸选项,即可使用色彩来填充桌面背景。 +填充色彩的方式有三种: + +a.纯色; +b.水平梯度; +c.垂直梯度。 + +![图31-背景图片色彩填充](figures/kiran-31.png) + +#### 4.6.3.字体 + +1)字体设置 +用户可以通过字体设置来设置系统图形界面的各种类型的字体,字体类型包括以下五种类型: + +a.应用程序字体; +b.文档字体; +c.桌面字体; +d.窗口标题字体; +e.等宽字体。 + +![图32-字体设置](figures/kiran-32.png) + +2)字体效果设置与详情设置 +字体渲染效果设置 +用户可以通过字体渲染效果设置来设置系统图形界面的以下四种类型的字体效果: + +a.单色; +b.最佳形状; +c.最佳对比; +d.次像素平滑; +系统默认使用的最佳形状的字体渲染效果,如下图所示: + +![图33-字体渲染设置](figures/kiran-33.png) + +3)字体细节设置 +字体效果的一些详情设置可以通过“细节”按钮进行设置。详情设置包括: + +a.字体分辨率; +b.字体平滑度; +c.字体微调; +d.字体次像素排序。 + +![图34-字体细节设置](figures/kiran-34.png) + +4)用户可以设置界面,选择是否在菜单显示图标和在按钮中显示图标: + +![图35-显示图标与否设置](figures/kiran-35.png) + +## 5.桌面应用 + +### 5.1.文本编辑器 + +要启动文本编辑器,点击“开始菜单”>“所有应用”>“工具”>“pluma”。也可以在shell提示符下键入pluma启动文本编辑器。 +文本编辑器是所有计算机系统中最常用的一种工具。用户在使用计算机时,往往需要创建自己的文件,无论是一般的文字文件、资料文件,还是编写源程序,这些工作都离不开编辑器。它用于查看和修改纯文本文件,纯文本文件是不包含应用字体或风格格式的普通文本文件,如系统日志和配置文件: + +![图36-文本编辑器](figures/kiran-36.png) + +### 5.2.终端 + +在桌面环境下,可以利用终端程序进入传统的命令操作界面,启动命令行终端的方法是:选择“开始菜单”>“所有应用”>“工具”>“终端”或者桌面面板上的图标: + +![图37-终端](figures/kiran-37.png) + +### 5.3.Firefox火狐浏览器 + +要启动Firefox火狐浏览器,点击“开始菜单”>“所有应用”>“互联网”>“Firefox火狐浏览器”。 +Firefox火狐浏览器,是一个自由及开放源代码网页浏览器,使用Gecko排版引擎,支持多种操作系统,如Windows、Mac OS X及GNU/Linux等。它体积小速度快,还有其他一些高级特征,主要特性有:标签式浏览、使用网上冲浪更快、可以禁止弹出式窗口、自定制工具栏、扩展管理、更好的搜索特性、快速而方便的侧栏: + +![图38-firefox浏览器](figures/kiran-38.png) + +### 5.4.截图工具 + +选择“开始菜单”>“所有应用”>“图像”>“截图工具”,可以启动截图工具。 +截图工具是kiranz桌面的一款小巧灵活的屏幕捕捉软件,操作界面简洁、使用极为方便。该软件启动时会在托盘处添加截图工具图标,如下图所示: + +![图39-托盘区截图图标](figures/kiran-39.png) + +点击该图标后,直接弹出屏幕捕捉界面,可自行选择截图范围。可通过有击该图标打开“打开启动器”,可选择需要抓取的范围是整个桌面,或者方形区域,可设置截图延迟时间,如下图所示: + +![图40-截图界面](figures/kiran-40.png) + +![图41-启动器界面](figures/kiran-41.png) + +在弹出的对话框中,点击“√”,即可保存至桌面,如想自定义保存位置,点击“选项”>勾选“自定义保存位置”即可。如下图所示: + +![图42-截图过程](figures/kiran-42.png) + +### 5.5.网络设置 + +Kiran桌面采用了NetworkManager作为网络配置工具,NetworkManager是用来设定、配置和管理各种网络类型的桌面工具,NetworkManager提供了对移动宽带设备、蓝牙、IPv6 提供改进的支持。通过点击“开始菜单-控制中心-网络连接”打开,或者通过点击桌面右下角网络图标选择编辑连接打开,如图所示: + +![图43-网络连接工具](figures/kiran-43.png) + +设置有线连接: +设备选择当前的网卡,如“ens160”是当前系统的网卡,选中该网卡,点击“编辑”按钮,弹出网卡编辑对话框: + +![图44-编辑网络](figures/kiran-44.png) + +“IPv4设置”是用户常用到的设置,这里选择了DHCP的方式获取IP和DNS服务器,系统会自动给用户分配IP地址。 +有些时候用户会碰到需要手动填写IP地址的情况,这就需要在IPv4设置的上方“方法”下拉菜单中选择“手动”,如下图所示: + +![图45-设置IPV4](figures/kiran-45.png) + +接下来点击“添加”按钮依次输入IP地址、子网掩码和网关,并填写DNS服务器,如下图: + +![图46-设置网络ip和dns等](figures/kiran-46.png) + +填写ip地址、子网掩码、网关和DNS后保存,点击桌面右下角网络图标断开网络后重新连接。 + +### 5.6.时间和日期管理 + +要对系统的日期和时间进行设置,您可以在控制中心中选择“时间和日期管理”选项,也可以通过点击桌面右下角日期区域,系统将弹出如图所示的界面: + +![图47-时间和日期管理工具](figures/kiran-47.png) + +自动同步日期和时间:打开“自动同步”并连接外网可以自动同步时间。 +设置时区:点击“更改时区”按钮,右侧显示如下图所示时区设置对话框,点击需要更改的时区后保存即可修改时区。 + +![图48-修改时区](figures/kiran-48.png) + +手动设置时间:关闭自动同步按钮,点击手动设置时间,可以手动调整年份、月份、日以及时间,修改完成后保存。 + +![图49-手动设置时间](figures/kiran-49.png) + +修改日期格式:点击日期时间格式设置可以修改显示的日期格式,可以设置长日期显示格式、短日期显示格式、时间格式、以及是否显示秒: + +![图50-修改日期格式](figures/kiran-50.png) diff --git a/docs/zh/tools/desktop/ukui/_toc.yaml b/docs/zh/tools/desktop/ukui/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..253f465b0c87999ee15d72d34b7065b698e316c5 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/_toc.yaml @@ -0,0 +1,8 @@ +label: UKUI用户指南 +isManual: true +description: 安装并使用 UKUI 桌面环境 +sections: + - label: 安装 UKUI + href: ./ukui_installation.md + - label: 使用 UKUI + href: ./ukui_userguide.md diff --git a/docs/zh/tools/desktop/ukui/figures/.keep b/docs/zh/tools/desktop/ukui/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/zh/tools/desktop/ukui/figures/1.png b/docs/zh/tools/desktop/ukui/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/10.png b/docs/zh/tools/desktop/ukui/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/10.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/11.png b/docs/zh/tools/desktop/ukui/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/11.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/12.png b/docs/zh/tools/desktop/ukui/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/12.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/13.png b/docs/zh/tools/desktop/ukui/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/13.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/14.png b/docs/zh/tools/desktop/ukui/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/14.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/15.png b/docs/zh/tools/desktop/ukui/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/15.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/16.png b/docs/zh/tools/desktop/ukui/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/16.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/17.png b/docs/zh/tools/desktop/ukui/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/17.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/18.png b/docs/zh/tools/desktop/ukui/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/18.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/19.png b/docs/zh/tools/desktop/ukui/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/19.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/2.png b/docs/zh/tools/desktop/ukui/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/2.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/20.png b/docs/zh/tools/desktop/ukui/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/20.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/21.png b/docs/zh/tools/desktop/ukui/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/21.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/22.png b/docs/zh/tools/desktop/ukui/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/22.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/23.png b/docs/zh/tools/desktop/ukui/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/23.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/24.png b/docs/zh/tools/desktop/ukui/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/24.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/25.png b/docs/zh/tools/desktop/ukui/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/25.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/26.png b/docs/zh/tools/desktop/ukui/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/26.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/27.png b/docs/zh/tools/desktop/ukui/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/27.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/28.png b/docs/zh/tools/desktop/ukui/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/28.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/29.png b/docs/zh/tools/desktop/ukui/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/29.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/3.png b/docs/zh/tools/desktop/ukui/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/3.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/30.png b/docs/zh/tools/desktop/ukui/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/30.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/31.png b/docs/zh/tools/desktop/ukui/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/31.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/32.png b/docs/zh/tools/desktop/ukui/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/32.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/33.png b/docs/zh/tools/desktop/ukui/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/33.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/34.png b/docs/zh/tools/desktop/ukui/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/34.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/35.png b/docs/zh/tools/desktop/ukui/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/35.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/36.png b/docs/zh/tools/desktop/ukui/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/36.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/37.png b/docs/zh/tools/desktop/ukui/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/37.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/38.png b/docs/zh/tools/desktop/ukui/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/38.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/39.png b/docs/zh/tools/desktop/ukui/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/39.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/4.png b/docs/zh/tools/desktop/ukui/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/4.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/40.png b/docs/zh/tools/desktop/ukui/figures/40.png new file mode 100644 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/40.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/41.png b/docs/zh/tools/desktop/ukui/figures/41.png new file mode 100644 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/41.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/42.png b/docs/zh/tools/desktop/ukui/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/42.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/43.jpg b/docs/zh/tools/desktop/ukui/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/43.jpg differ diff --git a/docs/zh/tools/desktop/ukui/figures/44.png b/docs/zh/tools/desktop/ukui/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/44.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/45.png b/docs/zh/tools/desktop/ukui/figures/45.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/45.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/46.png b/docs/zh/tools/desktop/ukui/figures/46.png new file mode 100644 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/46.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/47.jpg b/docs/zh/tools/desktop/ukui/figures/47.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/47.jpg differ diff --git a/docs/zh/tools/desktop/ukui/figures/48.png b/docs/zh/tools/desktop/ukui/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/48.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/49.png b/docs/zh/tools/desktop/ukui/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/49.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/5.png b/docs/zh/tools/desktop/ukui/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/5.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/50.png b/docs/zh/tools/desktop/ukui/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/50.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/51.png b/docs/zh/tools/desktop/ukui/figures/51.png new file mode 100644 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/51.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/52.png b/docs/zh/tools/desktop/ukui/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/52.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/53.png b/docs/zh/tools/desktop/ukui/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/53.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/54.png b/docs/zh/tools/desktop/ukui/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/54.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/56.png b/docs/zh/tools/desktop/ukui/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/56.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/57.png b/docs/zh/tools/desktop/ukui/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/57.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/58.png b/docs/zh/tools/desktop/ukui/figures/58.png new file mode 100644 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/58.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/59.png b/docs/zh/tools/desktop/ukui/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/59.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/6.png b/docs/zh/tools/desktop/ukui/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/6.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/60.jpg b/docs/zh/tools/desktop/ukui/figures/60.jpg new file mode 100644 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/60.jpg differ diff --git a/docs/zh/tools/desktop/ukui/figures/61.png b/docs/zh/tools/desktop/ukui/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/61.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/62.png b/docs/zh/tools/desktop/ukui/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/62.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/63.jpg b/docs/zh/tools/desktop/ukui/figures/63.jpg new file mode 100644 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/63.jpg differ diff --git a/docs/zh/tools/desktop/ukui/figures/63.png b/docs/zh/tools/desktop/ukui/figures/63.png new file mode 100644 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/63.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/64.png b/docs/zh/tools/desktop/ukui/figures/64.png new file mode 100644 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/64.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/7.png b/docs/zh/tools/desktop/ukui/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/7.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/8.png b/docs/zh/tools/desktop/ukui/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/8.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/9.png b/docs/zh/tools/desktop/ukui/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/9.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-01.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-01.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a43e7fa938b2ece73ad749e2b513daa976e7c9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-01.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-02.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-02.png new file mode 100644 index 0000000000000000000000000000000000000000..22413a83d51cb9ee177c0d39147da857868f0aec Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-02.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-03.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-03.png new file mode 100644 index 0000000000000000000000000000000000000000..5ccc6d4eef17f2d39841046dcf32b9c00652d1a9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-03.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-04.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-04.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7073a3d2a37727b83a6e43a684747175efa9d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-04.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-05.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-05.png new file mode 100644 index 0000000000000000000000000000000000000000..e2d0a0a523f10d6bce9f51c5d05f019c595e2625 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-05.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-06.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-06.png new file mode 100644 index 0000000000000000000000000000000000000000..61bb128fc2c8902edbfd1d76b28f963817753e32 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-06.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-07.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-07.png new file mode 100644 index 0000000000000000000000000000000000000000..ef01eb0001c6db0e3d1c024e51b0594372b9348c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-07.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-08.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-08.png new file mode 100644 index 0000000000000000000000000000000000000000..1049f355939b0121c123adc462dcb6d736e48760 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-08.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-09.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-09.png new file mode 100644 index 0000000000000000000000000000000000000000..6dc110900f5375ed9ede276f59ea89ba29e5e737 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-09.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-10.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-10.png new file mode 100644 index 0000000000000000000000000000000000000000..33dda6e0d0497c1589743c19a8d041a775b7bb7f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-10.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-11.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-11.png new file mode 100644 index 0000000000000000000000000000000000000000..98570f04a066d550b5971afc94ee1c63d24f6275 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-11.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-12.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-12.png new file mode 100644 index 0000000000000000000000000000000000000000..56cc0446efd9d72d97905296fd6f19e9e2ac4047 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-12.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-13.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-13.png new file mode 100644 index 0000000000000000000000000000000000000000..a3191cc6b2bb2e418353b76bcf645be954655a20 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-13.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-14.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-14.png new file mode 100644 index 0000000000000000000000000000000000000000..d673b9d12c8fb5ccaa0b0f3a35b85f939f1040c8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-14.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-15.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-15.png new file mode 100644 index 0000000000000000000000000000000000000000..518c3dca4b9b58f45f7aee5ef974c3dd41804e1d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-15.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-16.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-16.png new file mode 100644 index 0000000000000000000000000000000000000000..17ac8544dab141ddc8d7d98f1712757efedb5531 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-16.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-17.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-17.png new file mode 100644 index 0000000000000000000000000000000000000000..07a62594a1acadceeeaabe0e7cbe63c192f0ab37 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-17.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-18.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-18.png new file mode 100644 index 0000000000000000000000000000000000000000..d088bb1075ebd2c76304c5bd400a3892d401dfa0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-18.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-19.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-19.png new file mode 100644 index 0000000000000000000000000000000000000000..65198c16e3bdf0b948ba8da1d05943ea87065dfc Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-19.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-20.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-20.png new file mode 100644 index 0000000000000000000000000000000000000000..ac4c66887846509474cd57740079d396f5ffee64 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-20.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-21.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-21.png new file mode 100644 index 0000000000000000000000000000000000000000..ecc80c0ee42385907cea276726c891aab06f5ea2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-21.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-22.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-22.png new file mode 100644 index 0000000000000000000000000000000000000000..453a1b96f69ca37cf648e1bfd8a247cbd63f7f1f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-22.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-23.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-23.png new file mode 100644 index 0000000000000000000000000000000000000000..3290e73af52f1e88a435e925d6a17d21e78e287c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-23.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-24.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-24.png new file mode 100644 index 0000000000000000000000000000000000000000..825e58ddc9ec0027f0ff94b1d327eaff3a145357 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-24.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-25.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-25.png new file mode 100644 index 0000000000000000000000000000000000000000..7b3cdbe8e85b55dc9ee92569f6d668c9defc76eb Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-25.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-26.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-26.png new file mode 100644 index 0000000000000000000000000000000000000000..0d696fa8cbd18910bb16ca2c14996fefb5f0cb79 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-26.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-27.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-27.png new file mode 100644 index 0000000000000000000000000000000000000000..7312579e88c211b656a1b6e339373abfca7c8984 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-27.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-28.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-28.png new file mode 100644 index 0000000000000000000000000000000000000000..e5cf7e56e5663768e4f2698c77aeaa69c899b291 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-28.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-29.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-29.png new file mode 100644 index 0000000000000000000000000000000000000000..d796cb8d80a60281a7f67ec494c76ad14d06ac1b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-29.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-30-0.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-30-0.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea95ca410376dbc26729d0dec8bfc171911e960 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-30-0.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-30-1.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-30-1.png new file mode 100644 index 0000000000000000000000000000000000000000..730e9bdba19949c6e118c237af302b492f3d41b8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-30-1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-31.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-31.png new file mode 100644 index 0000000000000000000000000000000000000000..f80f3c86b92e6e00bf76c0101ce52af503d9b05c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-31.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-32.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-32.png new file mode 100644 index 0000000000000000000000000000000000000000..ed8f74fc04472e45ae6c76a7c2507da5dec28263 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-32.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-33.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-33.png new file mode 100644 index 0000000000000000000000000000000000000000..a90dda9e151f9ca48ff6c296ff62676b22a191ae Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-33.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-34.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-34.png new file mode 100644 index 0000000000000000000000000000000000000000..77c74765bb7116bf8a95b0164cb1de2d9032e56e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-34.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-35-0.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-35-0.png new file mode 100644 index 0000000000000000000000000000000000000000..4321c9e9a52bcf99bde6d72fae68647ab13510b0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-35-0.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-35-1.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-35-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e6f75a945fc73d5478c6515498c7a6a4781ca04f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-35-1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-36.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-36.png new file mode 100644 index 0000000000000000000000000000000000000000..a832fe2b440079f53775a2ba8c3115f57a89ab2c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-36.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-37.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-37.png new file mode 100644 index 0000000000000000000000000000000000000000..f091a5e910e7cb16dadd311de1100f8830a0eaf7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-37.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-38.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-38.png new file mode 100644 index 0000000000000000000000000000000000000000..7703dc11f1be241d9fe7e30452e7431c925833d3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-38.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-39.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-39.png new file mode 100644 index 0000000000000000000000000000000000000000..abf29f6ee9aaf13ab1f668a787d459a5ab0cb20c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-39.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-40.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-40.png new file mode 100644 index 0000000000000000000000000000000000000000..7c8ee5f4e78b46a0d762be06f96725ecef5d09b2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-40.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-41-0.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-41-0.png new file mode 100644 index 0000000000000000000000000000000000000000..56ea86556624602f4496b4079335245ac8c875a3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-41-0.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-41-1.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-41-1.png new file mode 100644 index 0000000000000000000000000000000000000000..44afad705b026dd69a9d2d7bf2ef35610720b85d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-41-1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-42.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-42.png new file mode 100644 index 0000000000000000000000000000000000000000..8270b69ca590c1831fbe54e2d08ced55bccef89d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-42.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-43.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-43.png new file mode 100644 index 0000000000000000000000000000000000000000..48259addbdb8cf18303d2afbcd6cbad77deaf141 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-43.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-44.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-44.png new file mode 100644 index 0000000000000000000000000000000000000000..e35a4acce457834d4d8608ee7fba783d596548e2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-44.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-45.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-45.png new file mode 100644 index 0000000000000000000000000000000000000000..d6d5e88587e26552ab4ab4d323eea0ae5ce721d2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-45.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-46.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-46.png new file mode 100644 index 0000000000000000000000000000000000000000..8e41651298319f1b72c3dce5b09cb1323c9a15a7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-46.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-47.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-47.png new file mode 100644 index 0000000000000000000000000000000000000000..eaa54608d956576555603d64ba72e374f147a315 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-47.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-48.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1ca6cb7b39ab375a69b95a7dfa02fa3acd8bb299 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-48.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-49.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-49.png new file mode 100644 index 0000000000000000000000000000000000000000..07fe6abf2ca2d7e8dd5184c760f416d094c4629d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-49.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-50.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-50.png new file mode 100644 index 0000000000000000000000000000000000000000..c5452b655b9100c7d144d9d6e923f29664998ca0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-50.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-51.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-51.png new file mode 100644 index 0000000000000000000000000000000000000000..72644867adbb64db4503ff5345425a32bf1cae6d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-51.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-52.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-52.png new file mode 100644 index 0000000000000000000000000000000000000000..571f6ac34edf149cc1e5bd30a875e4148dd4fdd3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-52.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-53.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-53.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7e9051ca448b017e13c6cbe6be66d2f83475c5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-53.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/Cinnamon-54.png b/docs/zh/tools/desktop/ukui/figures/Cinnamon-54.png new file mode 100644 index 0000000000000000000000000000000000000000..1b61db111ebdcb9bde1bff1cc08a2daed79a9f19 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/Cinnamon-54.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-add-resource.png b/docs/zh/tools/desktop/ukui/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-add-resource.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-apache-show.png b/docs/zh/tools/desktop/ukui/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-apache-show.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-apache-suc.png b/docs/zh/tools/desktop/ukui/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-apache-suc.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-api.png b/docs/zh/tools/desktop/ukui/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-api.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-clone-suc.png b/docs/zh/tools/desktop/ukui/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-clone-suc.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-clone.png b/docs/zh/tools/desktop/ukui/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-clone.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-corosync.png b/docs/zh/tools/desktop/ukui/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-corosync.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-firstchoice-cmd.png b/docs/zh/tools/desktop/ukui/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-firstchoice-cmd.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-firstchoice.png b/docs/zh/tools/desktop/ukui/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-firstchoice.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-group-new-suc.png b/docs/zh/tools/desktop/ukui/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-group-new-suc.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-group-new-suc2.png b/docs/zh/tools/desktop/ukui/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-group-new-suc2.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-group-new.png b/docs/zh/tools/desktop/ukui/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-group-new.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-group-suc.png b/docs/zh/tools/desktop/ukui/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-group-suc.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-group.png b/docs/zh/tools/desktop/ukui/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-group.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-home-page.png b/docs/zh/tools/desktop/ukui/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-home-page.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-login.png b/docs/zh/tools/desktop/ukui/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-login.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-mariadb-suc.png b/docs/zh/tools/desktop/ukui/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-mariadb-suc.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-mariadb.png b/docs/zh/tools/desktop/ukui/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-mariadb.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-nfs-suc.png b/docs/zh/tools/desktop/ukui/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-nfs-suc.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-nfs.png b/docs/zh/tools/desktop/ukui/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-nfs.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-pacemaker.png b/docs/zh/tools/desktop/ukui/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-pacemaker.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-pcs-status.png b/docs/zh/tools/desktop/ukui/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-pcs-status.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-pcs.png b/docs/zh/tools/desktop/ukui/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-pcs.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-qdevice.png b/docs/zh/tools/desktop/ukui/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-qdevice.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-refresh.png b/docs/zh/tools/desktop/ukui/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-refresh.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-vip-suc.png b/docs/zh/tools/desktop/ukui/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-vip-suc.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/HA-vip.png b/docs/zh/tools/desktop/ukui/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/HA-vip.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/dde-1.png b/docs/zh/tools/desktop/ukui/figures/dde-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fb1d5177c39262ed182f10a57fdae850d007eeb1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/dde-1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/dde-2.png b/docs/zh/tools/desktop/ukui/figures/dde-2.png new file mode 100644 index 0000000000000000000000000000000000000000..be5d296937bd17b9646b32c80934aa76738027af Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/dde-2.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-1.png b/docs/zh/tools/desktop/ukui/figures/gnome-1.png new file mode 100644 index 0000000000000000000000000000000000000000..b33f802aa6dcf8b23a70fe451830015c614193b3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-10.png b/docs/zh/tools/desktop/ukui/figures/gnome-10.png new file mode 100644 index 0000000000000000000000000000000000000000..1c7b1465209c7a92db36d1b4c83445ce45e0d187 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-10.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-11.png b/docs/zh/tools/desktop/ukui/figures/gnome-11.png new file mode 100644 index 0000000000000000000000000000000000000000..cc534ce5e1b250547dd9eb1db2b3f43a79c00409 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-11.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-12.png b/docs/zh/tools/desktop/ukui/figures/gnome-12.png new file mode 100644 index 0000000000000000000000000000000000000000..65de953b821cac6b09b9f0d6623760dc339d867b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-12.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-13.png b/docs/zh/tools/desktop/ukui/figures/gnome-13.png new file mode 100644 index 0000000000000000000000000000000000000000..103370de2f2d81fe4e880f18bb9a3b4546d14840 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-13.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-14.png b/docs/zh/tools/desktop/ukui/figures/gnome-14.png new file mode 100644 index 0000000000000000000000000000000000000000..13e1367d6ce006567e69fed8fd334aeb4810196c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-14.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-15.png b/docs/zh/tools/desktop/ukui/figures/gnome-15.png new file mode 100644 index 0000000000000000000000000000000000000000..fb86a36e2eb9c5ccfb3c53b0c49864e73c622ccf Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-15.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-16.png b/docs/zh/tools/desktop/ukui/figures/gnome-16.png new file mode 100644 index 0000000000000000000000000000000000000000..9b375517e433740b7e2c27ede1159cda1eb986b8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-16.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-17.png b/docs/zh/tools/desktop/ukui/figures/gnome-17.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfcc9c71afeda1d50b5355f23ec1ea422a17889 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-17.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-18.png b/docs/zh/tools/desktop/ukui/figures/gnome-18.png new file mode 100644 index 0000000000000000000000000000000000000000..5d28c8372499dd2b9b71186dee7d4854b5320999 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-18.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-19.png b/docs/zh/tools/desktop/ukui/figures/gnome-19.png new file mode 100644 index 0000000000000000000000000000000000000000..bea391d41386ab9b7953b269c44aec6cba4667c5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-19.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-2.png b/docs/zh/tools/desktop/ukui/figures/gnome-2.png new file mode 100644 index 0000000000000000000000000000000000000000..520df0228a38914ca7897dec6dc84e9639b757c0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-2.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-20.png b/docs/zh/tools/desktop/ukui/figures/gnome-20.png new file mode 100644 index 0000000000000000000000000000000000000000..d720a2c215de4172a8051d7e0554c7f6b3d6d043 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-20.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-21.png b/docs/zh/tools/desktop/ukui/figures/gnome-21.png new file mode 100644 index 0000000000000000000000000000000000000000..dec78c390a65a1e707a5c9620fa3392e38124430 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-21.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-22.png b/docs/zh/tools/desktop/ukui/figures/gnome-22.png new file mode 100644 index 0000000000000000000000000000000000000000..d8564596fd8ada47891a28b8fd97915722b28ff9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-22.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-23.png b/docs/zh/tools/desktop/ukui/figures/gnome-23.png new file mode 100644 index 0000000000000000000000000000000000000000..6fcb86d0b74acd102bc4e19bd483165fca0921bc Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-23.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-24.png b/docs/zh/tools/desktop/ukui/figures/gnome-24.png new file mode 100644 index 0000000000000000000000000000000000000000..692929de10b612af7e15ddef689a611b7f4e8693 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-24.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-25.png b/docs/zh/tools/desktop/ukui/figures/gnome-25.png new file mode 100644 index 0000000000000000000000000000000000000000..793a5a2d3ec63581902da5d4b8863f9ba33675b8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-25.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-26.png b/docs/zh/tools/desktop/ukui/figures/gnome-26.png new file mode 100644 index 0000000000000000000000000000000000000000..4d3f5418352e644f56a16099a9c77218045dabab Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-26.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-27.png b/docs/zh/tools/desktop/ukui/figures/gnome-27.png new file mode 100644 index 0000000000000000000000000000000000000000..908998f4c4624e8b3317a311643123f690153325 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-27.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-28.png b/docs/zh/tools/desktop/ukui/figures/gnome-28.png new file mode 100644 index 0000000000000000000000000000000000000000..8b47b2397fa8818dfecbc3c05341e31d4d70a940 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-28.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-29.png b/docs/zh/tools/desktop/ukui/figures/gnome-29.png new file mode 100644 index 0000000000000000000000000000000000000000..fc90cb58691e6484b6e263f4e81a1046e3adbed1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-29.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-3.png b/docs/zh/tools/desktop/ukui/figures/gnome-3.png new file mode 100644 index 0000000000000000000000000000000000000000..4d423b13941604a29ff794817ed6fb1d6fea9c1e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-3.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-30.png b/docs/zh/tools/desktop/ukui/figures/gnome-30.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4ab5dcd8ebd61b05a1b129b4c90e342f97e0fd Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-30.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-31.png b/docs/zh/tools/desktop/ukui/figures/gnome-31.png new file mode 100644 index 0000000000000000000000000000000000000000..93159341a996153105985451fa6d8391c358b52e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-31.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-32.png b/docs/zh/tools/desktop/ukui/figures/gnome-32.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ca5695e67a4a585f0ff074cd3645a32a9e4e83 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-32.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-33.png b/docs/zh/tools/desktop/ukui/figures/gnome-33.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b166e013144ed7e5f26c2b7bd7e8a00ac6a57f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-33.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-34.png b/docs/zh/tools/desktop/ukui/figures/gnome-34.png new file mode 100644 index 0000000000000000000000000000000000000000..dc8653255f8782ab72b8a24eeadff8fe64f88bb1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-34.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-35.png b/docs/zh/tools/desktop/ukui/figures/gnome-35.png new file mode 100644 index 0000000000000000000000000000000000000000..595c8d76ddc857ed9e76d421cf1e755874a6cc4a Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-35.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-36.png b/docs/zh/tools/desktop/ukui/figures/gnome-36.png new file mode 100644 index 0000000000000000000000000000000000000000..f5a22198f57d34fe05336d88c6e4b288ed78dc8e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-36.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-37.png b/docs/zh/tools/desktop/ukui/figures/gnome-37.png new file mode 100644 index 0000000000000000000000000000000000000000..1a855eee24e959c3e8bfed371d2f74f93fceda3c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-37.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-38.png b/docs/zh/tools/desktop/ukui/figures/gnome-38.png new file mode 100644 index 0000000000000000000000000000000000000000..e80fcb9c25299130ca94bef2cdce9d5e7f9ba02c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-38.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-39.png b/docs/zh/tools/desktop/ukui/figures/gnome-39.png new file mode 100644 index 0000000000000000000000000000000000000000..29843d242f260cd1b722fdcc13cef645a3679e7f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-39.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-4.png b/docs/zh/tools/desktop/ukui/figures/gnome-4.png new file mode 100644 index 0000000000000000000000000000000000000000..04391e2e926d5195b21d7e05dc5322a0d7646ad6 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-4.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-40.png b/docs/zh/tools/desktop/ukui/figures/gnome-40.png new file mode 100644 index 0000000000000000000000000000000000000000..8497bdd58dffe2210fca22d01912f82b5c39fd9c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-40.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-41.png b/docs/zh/tools/desktop/ukui/figures/gnome-41.png new file mode 100644 index 0000000000000000000000000000000000000000..a4357eb95c379dfecc1d627c59eb5da660d42d14 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-41.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-42.png b/docs/zh/tools/desktop/ukui/figures/gnome-42.png new file mode 100644 index 0000000000000000000000000000000000000000..bc01808fe7c12d7d433dc1da9367e858027fcce9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-42.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-43.png b/docs/zh/tools/desktop/ukui/figures/gnome-43.png new file mode 100644 index 0000000000000000000000000000000000000000..467e52cf41a32df9c7207417817f906b518c54c3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-43.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-44.png b/docs/zh/tools/desktop/ukui/figures/gnome-44.png new file mode 100644 index 0000000000000000000000000000000000000000..71303b84fce85478ccba02b10f6c0358c5bdc2a0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-44.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-45.png b/docs/zh/tools/desktop/ukui/figures/gnome-45.png new file mode 100644 index 0000000000000000000000000000000000000000..a0927659af30d18715ab8b43266de3f54a3142a0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-45.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-46.png b/docs/zh/tools/desktop/ukui/figures/gnome-46.png new file mode 100644 index 0000000000000000000000000000000000000000..ad2093e67041d656c25a5674a6e4282c804ec6f2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-46.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-47.png b/docs/zh/tools/desktop/ukui/figures/gnome-47.png new file mode 100644 index 0000000000000000000000000000000000000000..9a67dd6b3b0081fa858b4beed0cc40708d5418e9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-47.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-48.png b/docs/zh/tools/desktop/ukui/figures/gnome-48.png new file mode 100644 index 0000000000000000000000000000000000000000..8789fcb96ee2143eae12131b07acf1cfbd82cf41 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-48.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-49.png b/docs/zh/tools/desktop/ukui/figures/gnome-49.png new file mode 100644 index 0000000000000000000000000000000000000000..e5df514480c825a5c65b607721d80cf59642b4a1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-49.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-5.png b/docs/zh/tools/desktop/ukui/figures/gnome-5.png new file mode 100644 index 0000000000000000000000000000000000000000..b7148601f06fcee9517864aca19ba3cee863ba33 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-5.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-50.png b/docs/zh/tools/desktop/ukui/figures/gnome-50.png new file mode 100644 index 0000000000000000000000000000000000000000..7b1f4678846cb691b144b26f24bc5570961a3d7d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-50.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-51.png b/docs/zh/tools/desktop/ukui/figures/gnome-51.png new file mode 100644 index 0000000000000000000000000000000000000000..10466de4bbd4c7b31654bb1369a9a85a20e88a27 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-51.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-52.png b/docs/zh/tools/desktop/ukui/figures/gnome-52.png new file mode 100644 index 0000000000000000000000000000000000000000..16c8191ae59475d46cd7c275ad3841419544397d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-52.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-53.png b/docs/zh/tools/desktop/ukui/figures/gnome-53.png new file mode 100644 index 0000000000000000000000000000000000000000..b968bbd5c5df6148ef26c8cf292e040220987554 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-53.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-54.png b/docs/zh/tools/desktop/ukui/figures/gnome-54.png new file mode 100644 index 0000000000000000000000000000000000000000..6f169f432a1ad4290b3fca12b1a835330d922ab0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-54.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-55.png b/docs/zh/tools/desktop/ukui/figures/gnome-55.png new file mode 100644 index 0000000000000000000000000000000000000000..e40794fbf2e23e3496ac7f9352abe84ac943cb8c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-55.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-56.png b/docs/zh/tools/desktop/ukui/figures/gnome-56.png new file mode 100644 index 0000000000000000000000000000000000000000..d66360c2865ba03e7f2959612b2e33061dfad39f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-56.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-57.png b/docs/zh/tools/desktop/ukui/figures/gnome-57.png new file mode 100644 index 0000000000000000000000000000000000000000..f2ffff79898f36e290bb133efc36c7439d089f57 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-57.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-58.png b/docs/zh/tools/desktop/ukui/figures/gnome-58.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb30604a6dc2a4194da688830f88d0e596c5be9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-58.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-59.png b/docs/zh/tools/desktop/ukui/figures/gnome-59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b25d253604f353b0bd3ef0c153237d74459ccae Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-59.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-6.png b/docs/zh/tools/desktop/ukui/figures/gnome-6.png new file mode 100644 index 0000000000000000000000000000000000000000..3c54d7f40cb5caab2c3cecb9945f9c89a1afe00e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-6.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-7.png b/docs/zh/tools/desktop/ukui/figures/gnome-7.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4b0e178fb0332d334d98e0106746b7bff65449 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-7.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-8.png b/docs/zh/tools/desktop/ukui/figures/gnome-8.png new file mode 100644 index 0000000000000000000000000000000000000000..5c39bb44371d94a66c66e053a7f498b46d3a0937 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-8.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/gnome-9.png b/docs/zh/tools/desktop/ukui/figures/gnome-9.png new file mode 100644 index 0000000000000000000000000000000000000000..00a9ad1a7c94054c9418795c39b29574bfe16bf0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/gnome-9.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon1.png b/docs/zh/tools/desktop/ukui/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon10-o.png b/docs/zh/tools/desktop/ukui/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon10-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon101-o.svg b/docs/zh/tools/desktop/ukui/figures/icon101-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon103-o.svg b/docs/zh/tools/desktop/ukui/figures/icon103-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon105-o.svg b/docs/zh/tools/desktop/ukui/figures/icon105-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon107-o.svg b/docs/zh/tools/desktop/ukui/figures/icon107-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon11-o.png b/docs/zh/tools/desktop/ukui/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon11-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon110-o.svg b/docs/zh/tools/desktop/ukui/figures/icon110-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon111-o.svg b/docs/zh/tools/desktop/ukui/figures/icon111-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon112-o.svg b/docs/zh/tools/desktop/ukui/figures/icon112-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon116-o.svg b/docs/zh/tools/desktop/ukui/figures/icon116-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon12-o.png b/docs/zh/tools/desktop/ukui/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon12-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon120-o.svg b/docs/zh/tools/desktop/ukui/figures/icon120-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon122-o.svg b/docs/zh/tools/desktop/ukui/figures/icon122-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon124-o.svg b/docs/zh/tools/desktop/ukui/figures/icon124-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon125-o.svg b/docs/zh/tools/desktop/ukui/figures/icon125-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon126-o.svg b/docs/zh/tools/desktop/ukui/figures/icon126-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon127-o.svg b/docs/zh/tools/desktop/ukui/figures/icon127-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon128-o.svg b/docs/zh/tools/desktop/ukui/figures/icon128-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon13-o.png b/docs/zh/tools/desktop/ukui/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon13-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon132-o.svg b/docs/zh/tools/desktop/ukui/figures/icon132-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon133-o.svg b/docs/zh/tools/desktop/ukui/figures/icon133-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon134-o.svg b/docs/zh/tools/desktop/ukui/figures/icon134-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon135-o.svg b/docs/zh/tools/desktop/ukui/figures/icon135-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon136-o.svg b/docs/zh/tools/desktop/ukui/figures/icon136-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon14-o.png b/docs/zh/tools/desktop/ukui/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon14-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon15-o.png b/docs/zh/tools/desktop/ukui/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon15-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon16.png b/docs/zh/tools/desktop/ukui/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon16.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon17.png b/docs/zh/tools/desktop/ukui/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon17.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon18.png b/docs/zh/tools/desktop/ukui/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon18.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon19-o.png b/docs/zh/tools/desktop/ukui/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon19-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon2.png b/docs/zh/tools/desktop/ukui/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon2.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon20.png b/docs/zh/tools/desktop/ukui/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon20.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon21.png b/docs/zh/tools/desktop/ukui/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon21.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon22.png b/docs/zh/tools/desktop/ukui/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon22.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon23.png b/docs/zh/tools/desktop/ukui/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon23.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon24.png b/docs/zh/tools/desktop/ukui/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon24.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon25.png b/docs/zh/tools/desktop/ukui/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon25.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon26-o.png b/docs/zh/tools/desktop/ukui/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon26-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon27-o.png b/docs/zh/tools/desktop/ukui/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon27-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon28-o.png b/docs/zh/tools/desktop/ukui/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon28-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon29-o.png b/docs/zh/tools/desktop/ukui/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon29-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon3.png b/docs/zh/tools/desktop/ukui/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon3.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon30-o.png b/docs/zh/tools/desktop/ukui/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon30-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon31-o.png b/docs/zh/tools/desktop/ukui/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon31-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon32.png b/docs/zh/tools/desktop/ukui/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon32.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon33.png b/docs/zh/tools/desktop/ukui/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon33.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon34.png b/docs/zh/tools/desktop/ukui/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon34.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon35.png b/docs/zh/tools/desktop/ukui/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon35.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon36.png b/docs/zh/tools/desktop/ukui/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon36.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon37.png b/docs/zh/tools/desktop/ukui/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon37.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon38.png b/docs/zh/tools/desktop/ukui/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon38.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon39.png b/docs/zh/tools/desktop/ukui/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon39.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon4.png b/docs/zh/tools/desktop/ukui/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon4.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon40.png b/docs/zh/tools/desktop/ukui/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon40.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon41.png b/docs/zh/tools/desktop/ukui/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon41.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon42-o.png b/docs/zh/tools/desktop/ukui/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon42-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon42.png b/docs/zh/tools/desktop/ukui/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon42.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon43-o.png b/docs/zh/tools/desktop/ukui/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon43-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon44-o.png b/docs/zh/tools/desktop/ukui/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon44-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon45-o.png b/docs/zh/tools/desktop/ukui/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon45-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon46-o.png b/docs/zh/tools/desktop/ukui/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon46-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon47-o.png b/docs/zh/tools/desktop/ukui/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon47-o.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon49-o.svg b/docs/zh/tools/desktop/ukui/figures/icon49-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon5.png b/docs/zh/tools/desktop/ukui/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon5.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon50-o.svg b/docs/zh/tools/desktop/ukui/figures/icon50-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon52-o.svg b/docs/zh/tools/desktop/ukui/figures/icon52-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon53-o.svg b/docs/zh/tools/desktop/ukui/figures/icon53-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon54-o.svg b/docs/zh/tools/desktop/ukui/figures/icon54-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon56-o.svg b/docs/zh/tools/desktop/ukui/figures/icon56-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon57-o.svg b/docs/zh/tools/desktop/ukui/figures/icon57-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon58-o.svg b/docs/zh/tools/desktop/ukui/figures/icon58-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon6.png b/docs/zh/tools/desktop/ukui/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon6.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon62-o.svg b/docs/zh/tools/desktop/ukui/figures/icon62-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon63-o.svg b/docs/zh/tools/desktop/ukui/figures/icon63-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon66-o.svg b/docs/zh/tools/desktop/ukui/figures/icon66-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon68-o.svg b/docs/zh/tools/desktop/ukui/figures/icon68-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon69-o.svg b/docs/zh/tools/desktop/ukui/figures/icon69-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon7.png b/docs/zh/tools/desktop/ukui/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon7.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon70-o.svg b/docs/zh/tools/desktop/ukui/figures/icon70-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon71-o.svg b/docs/zh/tools/desktop/ukui/figures/icon71-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon72-o.svg b/docs/zh/tools/desktop/ukui/figures/icon72-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon73-o.svg b/docs/zh/tools/desktop/ukui/figures/icon73-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon75-o.svg b/docs/zh/tools/desktop/ukui/figures/icon75-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon8.png b/docs/zh/tools/desktop/ukui/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon8.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon83-o.svg b/docs/zh/tools/desktop/ukui/figures/icon83-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon84-o.svg b/docs/zh/tools/desktop/ukui/figures/icon84-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon86-o.svg b/docs/zh/tools/desktop/ukui/figures/icon86-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon88-o.svg b/docs/zh/tools/desktop/ukui/figures/icon88-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon9.png b/docs/zh/tools/desktop/ukui/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/icon9.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/icon90-o.svg b/docs/zh/tools/desktop/ukui/figures/icon90-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon92-o.svg b/docs/zh/tools/desktop/ukui/figures/icon92-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/icon94-o.svg b/docs/zh/tools/desktop/ukui/figures/icon94-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon97-o.svg b/docs/zh/tools/desktop/ukui/figures/icon97-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/tools/desktop/ukui/figures/icon99-o.svg b/docs/zh/tools/desktop/ukui/figures/icon99-o.svg new file mode 100644 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/zh/tools/desktop/ukui/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-1.png b/docs/zh/tools/desktop/ukui/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-10.png b/docs/zh/tools/desktop/ukui/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-10.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-11.png b/docs/zh/tools/desktop/ukui/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-11.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-12.png b/docs/zh/tools/desktop/ukui/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-12.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-13.png b/docs/zh/tools/desktop/ukui/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-13.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-14.png b/docs/zh/tools/desktop/ukui/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-14.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-15.png b/docs/zh/tools/desktop/ukui/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-15.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-16.png b/docs/zh/tools/desktop/ukui/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-16.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-17.png b/docs/zh/tools/desktop/ukui/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-17.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-18.png b/docs/zh/tools/desktop/ukui/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-18.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-19.png b/docs/zh/tools/desktop/ukui/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-19.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-2.png b/docs/zh/tools/desktop/ukui/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-2.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-20.png b/docs/zh/tools/desktop/ukui/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-20.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-21.png b/docs/zh/tools/desktop/ukui/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-21.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-22.png b/docs/zh/tools/desktop/ukui/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-22.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-23.png b/docs/zh/tools/desktop/ukui/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-23.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-24.png b/docs/zh/tools/desktop/ukui/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-24.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-25.png b/docs/zh/tools/desktop/ukui/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-25.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-26.png b/docs/zh/tools/desktop/ukui/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-26.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-27.png b/docs/zh/tools/desktop/ukui/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-27.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-28.png b/docs/zh/tools/desktop/ukui/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-28.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-29.png b/docs/zh/tools/desktop/ukui/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-29.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-3.png b/docs/zh/tools/desktop/ukui/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-3.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-30.png b/docs/zh/tools/desktop/ukui/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-30.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-31.png b/docs/zh/tools/desktop/ukui/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-31.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-32.png b/docs/zh/tools/desktop/ukui/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-32.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-33.png b/docs/zh/tools/desktop/ukui/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-33.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-34.png b/docs/zh/tools/desktop/ukui/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-34.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-35.png b/docs/zh/tools/desktop/ukui/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-35.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-36.png b/docs/zh/tools/desktop/ukui/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-36.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-37.png b/docs/zh/tools/desktop/ukui/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-37.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-38.png b/docs/zh/tools/desktop/ukui/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-38.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-39.png b/docs/zh/tools/desktop/ukui/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-39.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-4.png b/docs/zh/tools/desktop/ukui/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-4.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-40.png b/docs/zh/tools/desktop/ukui/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-40.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-41.png b/docs/zh/tools/desktop/ukui/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-41.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-42.png b/docs/zh/tools/desktop/ukui/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-42.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-43.png b/docs/zh/tools/desktop/ukui/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-43.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-44.png b/docs/zh/tools/desktop/ukui/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-44.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-45.png b/docs/zh/tools/desktop/ukui/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-45.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-46.png b/docs/zh/tools/desktop/ukui/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-46.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-47.png b/docs/zh/tools/desktop/ukui/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-47.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-48.png b/docs/zh/tools/desktop/ukui/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-48.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-49.png b/docs/zh/tools/desktop/ukui/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-49.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-5.png b/docs/zh/tools/desktop/ukui/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-5.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-50.png b/docs/zh/tools/desktop/ukui/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-50.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-6.png b/docs/zh/tools/desktop/ukui/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-6.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-7.png b/docs/zh/tools/desktop/ukui/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-7.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-8.png b/docs/zh/tools/desktop/ukui/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-8.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kiran-9.png b/docs/zh/tools/desktop/ukui/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kiran-9.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kubesphere-console.png b/docs/zh/tools/desktop/ukui/figures/kubesphere-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9c93fbeafe366d78bc05dda6e0e673d2dad8874f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kubesphere-console.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/kubesphere.png b/docs/zh/tools/desktop/ukui/figures/kubesphere.png new file mode 100644 index 0000000000000000000000000000000000000000..939dcb70202b19c7853cbfd8f27f6e8e4678ce26 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/kubesphere.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-1.png b/docs/zh/tools/desktop/ukui/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..0e478b9f10ddf3210d5f5fada2e45329e2d1d028 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-1.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-2.png b/docs/zh/tools/desktop/ukui/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..33a946d988d499a1e98cb43968b72119bd48d7a5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-2.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-3.png b/docs/zh/tools/desktop/ukui/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..020356f0c981fac2aafe33c8e997efbf01af9253 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-3.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-4.png b/docs/zh/tools/desktop/ukui/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..21369e366322955023b427e7a2ae63fd29b387e5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-4.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-5.png b/docs/zh/tools/desktop/ukui/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..1f7807877f775fe6aa32652a29ef833e48e1a6ee Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-5.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-6.png b/docs/zh/tools/desktop/ukui/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..e5376fcfd1737234a885d4d95649cd996005cf0c Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-6.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-7.png b/docs/zh/tools/desktop/ukui/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..b7a94df356b7b9f7dca3d305d066ec854406aaab Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-7.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-71.png b/docs/zh/tools/desktop/ukui/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..11d1618c907d4bb18de1eb68e42e9b98d92d91c3 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-71.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-8.png b/docs/zh/tools/desktop/ukui/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..f6f97d9a173105cb6a72e4b8c48deab25ecac898 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-8.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-81.png b/docs/zh/tools/desktop/ukui/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..b97c9a81c2a07efe361e6dc6ee8bed5db445ecfa Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-81.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-811.png b/docs/zh/tools/desktop/ukui/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..58233638eca203d917081d6a9ac5003474cbf60b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-811.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-812.png b/docs/zh/tools/desktop/ukui/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..0fc975f75da95dce8a3e5a098d024578335c9426 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-812.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-813.png b/docs/zh/tools/desktop/ukui/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..4d399468c74355cbaa765380720cb9561e95f834 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-813.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-814.png b/docs/zh/tools/desktop/ukui/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..c09fd6524a20ba04e0fca30307d35fa05e79c1f4 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-814.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-82.png b/docs/zh/tools/desktop/ukui/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..170deb5fb43f4e924d5ba4eba94a02c341d31515 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-82.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-821.png b/docs/zh/tools/desktop/ukui/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-821.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-83.png b/docs/zh/tools/desktop/ukui/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..95e4844c0ece09819d3e9f1e8457bbf371b1282e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-83.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-831.png b/docs/zh/tools/desktop/ukui/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..6456dd02f0281a5ec8d752ba5b95be581bcbfa09 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-831.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-832.png b/docs/zh/tools/desktop/ukui/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-832.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-84.png b/docs/zh/tools/desktop/ukui/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-84.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-841.png b/docs/zh/tools/desktop/ukui/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-841.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-842.png b/docs/zh/tools/desktop/ukui/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-842.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-85.png b/docs/zh/tools/desktop/ukui/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-85.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-851.png b/docs/zh/tools/desktop/ukui/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..893064ca10399a683afbcb3752266d93b0a79a51 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-851.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-86.png b/docs/zh/tools/desktop/ukui/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-86.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-861.png b/docs/zh/tools/desktop/ukui/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..affc46c874991a3b289e15072e06ba6566c099b1 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-861.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-87.png b/docs/zh/tools/desktop/ukui/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..47524c21d57c887c3398ea53a675f89e9f92113f Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-87.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-9.png b/docs/zh/tools/desktop/ukui/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..5586c4f62cc161665b91a56ad23b2320901901c0 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-9.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-91.png b/docs/zh/tools/desktop/ukui/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..ee69879bb4ad66405b045af5e3965e275fe8eabf Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-91.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-911.png b/docs/zh/tools/desktop/ukui/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..b49416558e9ab844fda2026b76e2e900ac106842 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-911.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-92.png b/docs/zh/tools/desktop/ukui/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..78dd6313c603aad9ebd37fe68e06f98b2a3b331e Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-92.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-921.png b/docs/zh/tools/desktop/ukui/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..5eb6f40df9ca73e11b9b9fa5079496ac0c36857b Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-921.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-93.png b/docs/zh/tools/desktop/ukui/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..06ac80c152fefbe1ad2ba1c989f6acfbbaf1a992 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-93.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-931.png b/docs/zh/tools/desktop/ukui/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a156e5cf14ae154b93e845ff1bd5bc6ba12c9beb Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-931.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-94.png b/docs/zh/tools/desktop/ukui/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..f48064ff5902c4ea740ccba9a1640cbca27b5b72 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-94.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-941.png b/docs/zh/tools/desktop/ukui/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..f7904da12dc807836acfb9d6f24b8d9b976a2fdc Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-941.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-95.png b/docs/zh/tools/desktop/ukui/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bda965b15a859e4cccf4b80f62875f79eb3470fd Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-95.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-951.png b/docs/zh/tools/desktop/ukui/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..6521a28275d2b63c12b47604c7afc926f7938697 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-951.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-96.png b/docs/zh/tools/desktop/ukui/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..29ce24923477065b98cacf603f185113e9959069 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-96.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-961.png b/docs/zh/tools/desktop/ukui/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..874fa200f4e63b690261d7827f3c73cf70861b32 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-961.png differ diff --git a/docs/zh/tools/desktop/ukui/figures/xfce-962.png b/docs/zh/tools/desktop/ukui/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..bb84e35e43e992bc68b053a0da760bd5aa8b0270 Binary files /dev/null and b/docs/zh/tools/desktop/ukui/figures/xfce-962.png differ diff --git a/docs/zh/tools/desktop/ukui/ukui.md b/docs/zh/tools/desktop/ukui/ukui.md new file mode 100644 index 0000000000000000000000000000000000000000..943d350942b65f7d7ea00c5c9f165e50dc5844bf --- /dev/null +++ b/docs/zh/tools/desktop/ukui/ukui.md @@ -0,0 +1,3 @@ +# UKUI 用户指南 + +本节主要描述 UKUI 桌面环境的安装和使用。 diff --git a/docs/zh/tools/desktop/ukui/ukui_installation.md b/docs/zh/tools/desktop/ukui/ukui_installation.md new file mode 100644 index 0000000000000000000000000000000000000000..4eafe5558405c645a92af731e7f183d23095a66a --- /dev/null +++ b/docs/zh/tools/desktop/ukui/ukui_installation.md @@ -0,0 +1,28 @@ +# 在 openEuler 上安装 UKUI + +UKUI是麒麟软件团队历经多年打造的一款Linux 桌面,主要基于 GTK 和 QT开发。与其他UI界面相比,UKUI更加注重易用性和敏捷度,各元件相依性小,可以不依赖其他套件而独自运行,给用户带来亲切和高效的使用体验。 + +UKUI支持x86_64和aarch64两种架构。 + +安装时,建议新建一个管理员用户。 + +1. 下载 openEuler ISO 镜像并安装系统。 + + ```sh + # sudo dnf update + ``` + +2. 安装UKUI。 + + ```sh + # sudo dnf install ukui + ``` + +3. 在确认正常安装后,如果希望以图形界面的方式启动,请在命令行运行以下代码,并重启(`reboot`)。 + + ```sh + # systemctl set-default graphical.target + ``` + +目前UKUI版本还在不断的更新,最新的安装方法请查阅: +[https://gitee.com/openeuler/ukui](https://gitee.com/openeuler/ukui) diff --git a/docs/zh/tools/desktop/ukui/ukui_userguide.md b/docs/zh/tools/desktop/ukui/ukui_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..42caf6fe60514e275f762b51b86043eeb7ae0a7f --- /dev/null +++ b/docs/zh/tools/desktop/ukui/ukui_userguide.md @@ -0,0 +1,391 @@ +# UKUI 用户指南 + +## 概述 + +桌面是用户进行图形界面操作的基础,UKUI提供了多个功能部件,包括任务栏、开始菜单等,本文主要描述 UKUI 的使用。 + +主界面如下图所示。 + +![图 1 桌面主界面-big](./figures/1.png) + +## 桌面 + +### 桌面图标 + +系统默认放置了计算机、回收站、主文件夹三个图标,鼠标左键双击即可打开页面,功能如下表。 + +| 图标 | 说明 | +| :------------ | :------------ | +| ![](./figures/icon1.png) | 计算机:显示连接到本机的驱动器和硬件| +| ![](./figures/icon2.png) | 回收站:显示移除的文件| +| ![](./figures/icon3.png) | 主文件夹:显示个人主目录| + +另外,右键单击“计算机”,选择“属性”,可显示当前系统版本、内核版本等相关信息。 + +![图 2 “计算机”-“属性”-big](./figures/2.png) + +### 右键菜单 + +在桌面空白处单击鼠标右键,出现的菜单如下图所示,为用户提供了一些快捷功能。 + +![图 3 右键菜单](./figures/3.png) + +部分选项说明如表 2。 + +| 选项 | 说明| +| :------------ | :------------ | +| 新建 | 可新建文件夹、文本文档、WPS文件 | +| 视图类型 | 提供四种视图类型:小图标、中图标、大图标、超大图标 | +| 排序方式 | 提供根据文件名称、文件类型、文件大小、修改日期排列的四种方式| + +
+ +## 任务栏 + +### 基本功能 + +任务栏位于底部,包括开始菜单、多视图切换、文件浏览器、Firefox网络浏览器、WPS、托盘菜单。 + +![图 4 任务栏](./figures/4.png) + +| 组件 | 说明 | +| :------------ | :------------ | +|![](./figures/icon4.png)| 开始菜单,用于弹出系统菜单,可查找应用和文件 | +|![](./figures/icon5.png)| 多视图切换,可在多个工作区互不干扰进行操作| +|![](./figures/icon6.png)| 文件浏览器,可浏览和管理系统中的文件| +|![](./figures/icon7.png)| Firefox网页浏览器,提供便捷安全的上网方式| +|![](./figures/icon8.png)| WPS办公套件,可以实现办公软件最常用的文字、表格、演示等多种功能| +|窗口显示区 |横条中间空白部分;显示正在运行的程序或打开的文档,可进行关闭窗口、窗口置顶操作。| +|![](./figures/icon9.png)| 托盘菜单,包含了对声音、麒麟天气、网络连接、输入法、通知中心、日期、夜间模式的设置| +|显示桌面| 按钮位于最右侧;最小化桌面的所有窗口,返回桌面;再次单击将恢复窗口| + +
+ +#### 多视图切换 + +点击任务栏“![](./figures/icon5.png)”图标,即可进入如下图所示界面,在多个工作区内选择当下需要工作的操作区。 + +![图 5 多视图切换-big](./figures/5.png) + +#### 预览窗口 + +用户将鼠标移动到任务栏的应用图标上,会对该应用打开的窗口进行小窗口预览,悬停在指定窗口如下图所示为悬停状态,该窗口会微微呈现毛玻璃效果(左),其余窗口为默认状态(右)。 + +![图 6 任务栏预览窗口](./figures/6.png) + +用户通过鼠标右键点击任务栏的应用图标,可关闭该应用。 + +![图 7 任务栏右键预览](./figures/7.png) + +#### 侧边栏 + +侧边栏位于整个桌面的右侧,点击任务栏托盘菜单中的“![](./figures/icon11-o.png)”图标打开收纳菜单,点击侧边栏“![](./figures/icon12-o.png)”图标,弹出侧边栏如下图所示。 + +侧边栏由两部分构成:通知中心、剪切板和小插件。 + +![图 8 侧边栏无消息状态-big](./figures/8.png) + +##### 通知中心 + +通知中心将会显示近期最新的重要信息列表,选择右上角“清空”可将信息列表清空;用户可通过选择右上角“设置”跳转进入控制面板的通知设置界面,能设置显示信息的应用,以及信息的数量。 + +![图 9 通知中心-big](./figures/9.png) + +右侧工作区可设置为按应用折叠的模式。 + +![图 10 按应用折叠通知消息-big](./figures/10.png) + +侧边栏右上角“![](./figures/icon13-o.png)”图标可收纳不重要信息,可以打开不重要的和已被设置为收纳的应用软件信息,消息超过999+后显示成![](./figures/icon14-o.png)的形式表示无穷大。 + +![图 11 消息收纳箱](./figures/11.png) + +##### 剪切板 + +剪切板可保存近期选择复制或剪切的内容,同时可通过表上说明的图标进行相应操作。 + +其中点击“![](./figures/icon15-o.png)”图标,可对剪切板的内容进行编辑。 + +|图标| 说明| 图标 |说明 | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon16.png)| 复制剪切板上的该内容 |![](./figures/icon18.png)| 编辑剪切板上的该内容 | +|![](./figures/icon17.png)| 删除剪切板上的该内容 | | | + +
+ +![图 12 剪切板](./figures/12.png) + +![图 13 编辑选中实的剪切板内容](./figures/13.png) + +剪切板的第二个标签为小插件,插件包含:闹钟、麒麟便签本、用户反馈,可供用户快捷选择。 + +![图 14 小插件](./figures/14.png) + +#### 托盘菜单 + +##### 收纳菜单 + +点击任务栏托盘菜单中的“![](./figures/icon19-o.png)”图标打开收纳菜单,收纳菜单中可收纳麒麟天气、输入法、蓝牙、u盘等小工具。 + +![图 15 收纳菜单](./figures/15.png) + +##### 输入法 + +任务栏输入法默认为搜狗输入法,使用快捷键“Ctrl+Space”可切换出来,“Shift”按键切换中英文模式。 + +![图 16 输入法](./figures/16.png) + +##### U盘 + +U盘插入主机后,自动读取U盘数据,点击任务栏中U盘“![](./figures/icon26-o.png)”图标弹窗如下图所示。 + +需要卸载U盘时仅需点击弹出“![](./figures/icon27-o.png)”图标即可。 + +![图 17 U盘状态窗口](./figures/17.png) + +##### 电源 + +没有检测到电源设备时,用户通过点击鼠标左键任务栏中电源“![](./figures/icon28-o.png)”图标。 + +![图 18 无电源设备](./figures/18.png) + +若检测到接入的电源设备,用户通过点击鼠标左键任务栏中电源“![](./figures/icon29-o.png)”图标。 + +![图 19 电源管理器窗口](./figures/19.png) + +用户通过点击鼠标右键任务栏中电源“![](./figures/icon30-o.png)”图标,弹出电源管理器设置菜单,设置调整屏幕亮度、设置电源和休眠两项。 + +![图 20 电源管理器设置](./figures/20.png) + +若电源管理器弹出“电池电量不足”的弹窗后,用户可点击开启节能模式,电源管理器则即刻将本机设为节能模式运行。 + +![图 21 电池电量不足开启节能模式](./figures/21.png) + +##### 网络 + +用户通过鼠标左键点击任务栏上的网络“![](./figures/icon31-o.png)”图标,可根据需要选择有线和无线两种网络连接方式。 + +|图标 |说明| 图标 |说明 | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon32.png)| 网络已连接 |![](./figures/icon37.png)| 网络未连接 | +|![](./figures/icon33.png)| 网络连接受限 |![](./figures/icon38.png)| 网络已上锁 | +|![](./figures/icon34.png)| 网络正在连接 |![](./figures/icon39.png)| Wifi已连接 | +|![](./figures/icon35.png)| Wifi未连接 |![](./figures/icon40.png)| Wifi连接受限 | +|![](./figures/icon36.png)| Wifi已上锁 |![](./figures/icon41.png)| Wifi正在连接 | + +
+ +![图 22 网络连接界面](./figures/22.png) + +- 有线网络 + + 在有线网络连接界面,点击有线网络方案即可展开,查看网络的详细信息。 + + ![图 23 有线网络连接](./figures/23.png) + +- 无线网络 + + 无线网络连接,点击右上角开关按钮打开无线网络连接,并在可用无线网络列表中选择需要连接的WiFi,并键入密码即可通过WiFi上网。 + + ![图 24 无线网络连接](./figures/24.png) + +- 网络设置窗口 + + 用户通过鼠标右键点击任务栏上的网络“![](./figures/icon42-o.png)”图标,弹出网络设置菜单。 + + ![图 25 有线网络设置](./figures/25.png) + + 点击设置网络,即刻进入网络设置窗口。 + + ![图 26 网络设置窗口](./figures/26.png) + +##### 音量 + +用户通过鼠标左键点击任务栏上的音量“![](./figures/icon43-o.png)”图标,打开声音界面。 + +- mini模式 + + 音量mini模式,仅显示扬声器的音量。 + + ![图 27 音量mini模式](./figures/27.png) + +- 按设备 + 音量按设备标签包括输出设备、输入设备。 + + ![图 28 按设备音量列表](./figures/28.png) +- 按应用 + 音量按应用标签包括系统音量、其他应用音量。 + + ![图 29 按应用音量列表](./figures/29.png) + +##### 日历 + +用户通过鼠标左键点击任务栏上的时间日期弹出日历窗口,查看日历、月历、年历窗口。 + +用户可通过筛选年 > 月 > 日查看一日信息,会以大字显示当日日期,并有当日的时间、星期、节气、农历,点击下方宜忌勾选可查看。 + +![图 30 日历查看-big](./figures/30.png) + +##### 夜间模式 + +用户通过鼠标左键点击任务栏上的夜间模式“![](./figures/icon44-o.png)”图标,可设置为夜间模式。 + +#### 高级设置 + +右键单击任务栏,出现的菜单。 + +![图 31 任务栏右键菜单](./figures/31.png) + +用户可对任务栏的布局进行设定,在“设置任务栏”中可进行相关设置。 + +
+ +## 窗口 + +### 窗口管理器 + +窗口管理器为用户提供了如表所示的功能。 + +|功能 |说明 | +| :--------| :----------| +|窗口标题栏| 显示当前窗口的标题名称 | +|最小化/最大化/关闭 |标题栏右侧的三个图标按钮,分别对应最小化窗口、最大化窗口、关闭窗口的功能 | +|侧边滑动 |在窗口右侧提供滑动条,可上下滚动查看页面 | +|窗口堆叠| 允许窗口之间产生重叠 | +|窗口拖拽 |在窗口标题栏长按鼠标左键,可移动窗口到任意位置 | +|窗口大小调整 |将鼠标移至窗口四角,长按左键,可任意调整窗口大小 | + +
+ +### 窗口切换 + +用户有三种方式可以切换: + +- 在任务栏上点击窗口标题; + +- 在桌面上点击不同窗口; + +- 使用快捷键\< Alt > + \< Tab >; + +
+ +## 开始菜单 + +### 基本功能 + +单击“开始菜单”按钮,菜单具备滑动条功能。 + +![图 32 开始菜单主界面](./figures/32.png) + +#### 右侧分类菜单 + +用户将鼠标停留在开始菜单右侧,会出现一个右侧预展开的提示栏,点击展开,即在右侧默认显示三个分类:“常用软件”、“字母分类”、“功能分类”,其中: + +- 所有软件:列出所有软件,近期使用过的软件将会在此页面置顶显示。 + +- 字母分类:列出系统根据首字母进行分类显示所有软件。 + +- 功能分类:列出系统根据功能进行分类显示所有软件。 + +用户可通过点击右上角开始菜单的全屏图标,查看全屏菜单。 + +![图 33 全屏开始菜单-big](./figures/33.png) + +#### 右侧功能键 + +右下侧显示用户头像、计算机、设置和电源四个选项。 + +##### 用户头像 + +点击“![](./figures/icon45-o.png)”图标,进入控制面板查看用户信息。 + +##### 计算机 + +点击“![](./figures/icon46-o.png)”图标进入计算机:个人主文件夹。 + +##### 设置 + +点击“![](./figures/icon47-o.png)”图标进入控制面板。 + +##### 电源 + +###### 锁定屏幕 + +当用户暂时不需要使用计算机时,可以选择锁屏(不会影响系统当前的运行状态),防止误操作;用户返回后,输入密码即可重新进入系统。 + +在默认设置下,系统在一段空闲时间后,将自动锁定屏幕。 + +锁屏界面如下图所示。 + +![图 34 锁屏界面-big](./figures/34.png) + +###### 切换用户和注销 + +当要选择其他用户登录使用计算机时,可选择“注销”或“切换用户”。 + +此时,系统会关闭所有正在运行的应用;所以,在执行此操作前,请先保存当前工作。 + +###### 关机与重启 + +有两种操作方式: + +1)“开始菜单” > “电源” > “关机” + +会弹出对话框,用户可根据需要选择重启或关机。 + +![图 35 关闭系统对话框-big](./figures/35.png) + +2)“开始菜单” > “关机” 按钮右边菜单 > “关机”/“重启” + +系统将直接关机/重启,不再弹出对话框。 + +### 高级设置 + +右键单击开始菜单图标,提供锁屏、切换用户、注销、重启、关闭五个快捷选项。 + +### 应用 + +用户可以在搜索框中,通过关键字搜索应用。如下图所示,可输入中文,如:搜索用户手册,查询结果会随着输入自动显示出来。 + +![图 36 搜索应用](./figures/36.png) + +通过右键点击开始菜单中的某个应用,弹出右键菜单,可将选中应用固定到“所有软件”、任务栏,可添加该应用到桌面方式,可快捷卸载该应用。 + +![图 37 应用的右键菜单](./figures/37.png) + +各个选项说明如下表。 + +|选项 |说明 | +| :------| :-------- | +|固定到所有软件 |将选中软件在所有软件列表中置顶 | +|固定到任务栏 |在任务栏上生成应用的图标 | +|添加到桌面快捷方式| 在桌面生成应用的快捷方式图标 | +|卸载| 卸载软件 | + +
+ +## 常见问题 + +### 锁屏后无法登录系统 + +- 通过Ctrl + Alt + F2切换到字符终端。 + +- 输入用户名和密码后登录。 + +- 执行命令“sudo rm -rf ~/.Xauthority”。 + +- 通过Ctrl + Alt + F1切回图形界面,输入用户密码登录。 + +
+ +## 附录 + +### 快捷键 + +|快捷键 |功能 | +| :------ | :----- | +|F5| 刷新桌面 | +|F1 |打开用户手册 | +|Alt + Tab |切换窗口 | +|win |打开开始菜单 | +|Ctrl + Alt + L| 锁屏 | +|Ctrl + Alt + Delete| 注销 | diff --git a/docs/zh/tools/devops/_toc.yaml b/docs/zh/tools/devops/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..eb4b0f8b7437dd7fc9da8fd505612e45c385abf9 --- /dev/null +++ b/docs/zh/tools/devops/_toc.yaml @@ -0,0 +1,14 @@ +label: 社区服务 +sections: + - label: 源码管理 + sections: + - href: ./patch_tracking/_toc.yaml + - label: 包管理 + sections: + - href: ./pkgship/_toc.yaml + - label: eulermaker + sections: + - href: ./eulermaker/_toc.yaml + - label: eulerpipeline + sections: + - href: ./eulerpipeline/_toc.yaml \ No newline at end of file diff --git a/docs/zh/tools/devops/eulermaker/_toc.yaml b/docs/zh/tools/devops/eulermaker/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..862a946cefab6cb4d4149e908ebb9abf012eca1b --- /dev/null +++ b/docs/zh/tools/devops/eulermaker/_toc.yaml @@ -0,0 +1,8 @@ +label: EulerMaker +isManual: true +description: 统一构建平台实现从源码到二进制软件包与软件仓库的平台服务 +sections: + - label: EulerMaker 快速入门 + href: ./eulermaker_user_guide.md + - label: EulerMaker 使用 + href: ./merge_configs.md diff --git a/docs/zh/tools/devops/eulermaker/eulermaker_user_guide.md b/docs/zh/tools/devops/eulermaker/eulermaker_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..86f6a003b03bc69b744079bf8518dc64f615df8d --- /dev/null +++ b/docs/zh/tools/devops/eulermaker/eulermaker_user_guide.md @@ -0,0 +1,568 @@ +# 简介 + +统一构建平台是一款软件包构建平台,实现从源码到二进制软件包与软件仓库的平台服务。该平台通过统一的软件包配置管理,软件包依赖关系分析,实现基于依赖关系的软件包高效构建。帮助开发者与合作伙伴建设自己的用户个人仓,OS核心仓,构建门禁能力。 + +# 快速入门 + +## 用户注册 + +### 登录注册流程 + +地址:[https://eulermaker.compass-ci.openeuler.openatom.cn](https://eulermaker.compass-ci.openeuler.openatom.cn),访问前需添加白名单。 + +1. 登录 + 首页右上角点击“登录”,跳转至openEuler社区登录页面。 + ![image](images/login.png) + 输入openEuler社区帐号用户名、密码。 + ![image](images/certification.png) + openEuler授权成功后,根据用户是否已经绑定eulermaker帐号,跳转页面。 + - 已绑定:页面返回首页 + ![image](images/home.png) + - 未绑定:页面跳转至帐号注册页面,填写用户信息,完成注册。 + ![image](images/register.png) + +### 创建工程 + +1. 创建project + 首页点击“all projects”的view按钮,跳转页面到projects总体页面。 + ![image](images/home.png) + 切换至Private Projects页签点击"Add project"按钮,填写project工程基本信息,完成创建。 + ![image](images/create_project.png) + +2. 查看新建的project + 成功新建project工程后,点击private projects中该工程名,页面跳转至project overview页面。 + +### 添加package + + 点击“add package”按钮,输入package信息,添加package。 + ![image](images/add_package.png) + +### 工程配置 + +1. 点击"config"tab栏, 跳转至project config页面。 +2. 此页面可编辑build targets、flags、publish、config等工程配置信息。config支持yaml格式输入,配置使能开关。 + ![image](images/config.png) + +### 继承工程 + +1. 工程继承 + project overview页面点击"inherit Project"按钮,填写继承项目名称,完成继承项目创建。页面跳转至继承工程overview页面,项目继承只继承父项目工程配置信息。 + ![image](images/inherit_project.png) + +2. 包继承 + package overview页面点击"Branch Package"按钮,弹窗中默认显示包继承项目信息,完成继承项目创建。页面跳转至继承工程overview页面,包继承会继承父项目工程配置信息及该软件包。 + ![image](images/branch_package.png) + +### 创建构建任务 + +**单包构建** + +1. 在project overview页面Packages列表中选择需要构建的包,点击包名进入package overview页面。 +2. Package overview页面Git Repo中可修改Git Url及Branch。 +3. 在build targets中完成构建设置,Os_variant设置构建任务执行环境,Arch设置执行机架构,Ground projects地基项目选择,Build Flag设置是否构建,Publish Flag设置是否发布,Operation列可对已添加数据进行修改及删除。 +4. 点击start Build按钮。 + ![image](images/single_build.png) +5. 切换至build tab页中可查看该构建任务执行情况,也可返回该项目build tab中查看构建状态。 + +**全量构建** + +1. 在project overview页面点击Full build按钮,可触发全量构建。 + ![image](images/full_build.png) +2. 切换至project build页面,点击build information列表中选择需要查看的build_id,右侧Details中展示该构建任务中待构建包列表及构建状态,点击上方export按钮可将待构建包列表导出为xlsx文件。 + +**增量构建** + +1. 在project overview页面点击Incremental build按钮,可触发增量构建。 + ![image](images/incremental_build.png) +2. 切换至project build 页面,点击build information列表中选择需要查看的build_id,右侧Details中展示该构建任务中待构建包列表及构建状态,点击上方export按钮可将待构建包列表导出为xlsx文件。 + +### 构建历史查看 + +**工程构建历史查看** + +1. 在project overview页面点击构建历史页面,可查看该工程历史构建任务及构建详情。 + ![image](images/build_history.png) +2. 点击构建历史中任意一条构建ID,页面右侧显示该次构建任务构建包的spec名称,状态,构建详情。 + ![image](images/build_detail.png) +3. 点击构建详情页面DAG关系表按钮,可查看本次构建任务依赖关系及构建相关信息。 + ![image](images/dag_relationships.png) + +### 获取软件包 + +1. 在project overview页面Packages列表中选择需要下载的包,点击包名进入package overview页面。 +2. 切换至Download tab页,该页面展示最新构建出的软件包,点击Download 按钮下载包,点击View Details查看软件包详情。 + ![image](images/download.png) + +## 镜像定制 + +### 添加流水线 + +**创建流水线** + +1. 首页点击“镜像定制”的查看按钮,跳转页面到流水线列表总体页面。 + + ![image](images/pipeline_list.png) + +2. 点击“添加流水线”功能按钮,填写流水线工程页面基本信息,流水线类型可选择版本镜像及镜像定制两种类型,点击确认按钮完成创建。 + + ![image](images/pipeline_add.png) + +**查看新建的流水线工程** + 成功新建流水线工程后,点击创建后的流水线名称,页面跳转至流水线详情页面。 + +![image](images/pipeline_start.png) + +### 版本镜像类型 + +#### 版本参数配置 + +1. 点击“版本参数配置”框,右侧跳转至版本参数配置页面,点击“修改”按钮,添加版本参数配置信息,其中表单字段校验规则如下: + ![image](images/pipeline_param.png) + +| 表单字段 | 校验规则 | +| ---------- | ------------------------------------------------------------ | +| repo源地址 | 地址长度小于1000,且配置多个repo源时用空格分割 | +| 镜像类型 | 只针对iso镜像,必填选择框 | +| 产品名称 | 只允许字母数字,且“产品名称-版本号[-Release号]-架构”的字符个数不超过32 | +| 版本号 | 只允许字母数字和“-”和“.”,必须字母或数字开头,且“产品名称-版本号[-Release号]-架构”的字符个数不超过32 | +| Release号 | 可缺省,若填写,则规则与版本号相同 | + +### 镜像定制类型 + +#### 定制业务包 + +##### iso/cpio格式 + +1. 点击创建好的镜像定制类型流水线名称,进入流水线详情。 +2. 点击定制业务包按钮,右边切换至定制业务包界面,界面如下图,点击修改按钮进入修改界面。 + ![image](images/custom_package.png) +3. 填写产品名称,填写安装镜像时的所展示的产品名称。 +4. 配置内核参数,为了系统能够更稳定高效地运行,用户可以根据需要修改内核命令行参数,多个参数使用空格分隔。 +
例如:"net.ifnames=0 biosdevname=0 crashkernel=512M oops=panic softlockup_panic=1 reserve_kbox_mem=16M crash_kexec_post_notifiers panic=3 console=tty0" +5. 添加repo源,输入需要添加rpm包的repo源的正确url地址。 +6. 添加rpm包:配置好正确的repo源后,点击添加按钮,弹出添加rpm包弹窗,勾选需要的rpm包,也可以通过弹窗右上角搜索需要的rpm包,点击确认即可保存。若要删除已添加的rpm包,点击rpm包表格操作列的移除或者勾选需要删除的rpm包,点击批量移除按钮即可。 + ![image](images/add_rpms.png) +7. 添加驱动:填写驱动文件路径及文件名,多个以空格分隔,可选填。 +8. 添加命令:填写系统命令,多个以空格分隔,可选填。 +9. 添加库文件:填写库文件名称,多个以空格分隔,可选填。 +10. 删除其他文件:填写需要删除的文件路径及文件名,多个以空格分隔,可选填。 +11. 配置分区:点击加号图标,新增一条配置分区,根据需要填写以下配置。 + ![image](images/config_partition.png) + + - 磁盘索引:磁盘的编号,请按照hdx的格式填写,x指第x块盘。 + - 挂载目录:指定分区挂载的路径。用户既可以配置业务分区,也可以对默认配置中的系统分区进行调整。 + - 分区大小:分区大小的取值有四种,可通过点击单位按钮来更换,最大上限为16T。其中MAX为指定将硬盘上剩余的空间全部用来创建一个分区,只能在最后一个分区配置该值。 + - 分区类型:分区有三种,主分区:primary;扩展分区:extended(该分区只需配置hd磁盘号即可);逻辑分区:logical。 + - 分区文件系统类型:目前支持的文件系统类型有:ext4、vfat。 + - 是否二次格式化:表示二次安装时是否格式化,选择是或否。 + +12. 配置网络:点击加号图标,新增一条配置网络,根据需要填写以下配置。
+ ![image](images/config_net.png) + + - BOOTPROTO:none:引导时不使用协议,不配地址;static:静态分配地址;dhcp:使用DHCP协议动态获取地址。
+ - DEVICE:网卡名称,如eth0。 + - IPADDR:IP地址。当BOOTPROTO参数为static时,该参数必配,如:192.168.11.100;其他情况下,该参数不用配置。
+ - NETMASK:子网掩码。当BOOTPROTO参数为static时,该参数必配,如:255.255.255.0;其他情况下,该参数不用配置。
+ - STARTMODE:启用网卡的方法。manual:用户在终端执行ifup命令启用网卡。auto\hotplug\ifplugd\nfsroot:当OS识别到该网卡时,便启用该网卡。off:任何情况下,网卡都无法被启用。 + +13. 添加用户自定义文件:点击加号图标,弹出文件管理器弹窗,选择需要上传的文件,点击打开按钮即可上传,上传成功后状态变为成功,并且需要填写目标存放路径。若要删除文件,点击操作列的删除字段即可。 + + > 注:用户自定义文件上传大小不得超过16M + +14. 添加hook脚本:点击加号图标,弹出文件管理器弹窗,选择需要上传的hook脚本文件,文件名称需符合“S+数字(至少两位,个位数以0开头)”开头,数字代表hook脚本的执行顺序(脚本名称示例:S01xxx.sh),点击打开按钮即可上传,上传成功后状态变为成功,并且需要选择hook脚本存放的子目录。若要删除文件,点击操作列的删除字段即可。 + + > 注:hook脚本上传文件大小不得超过16M + + ![image](images/add_file.png) + +15. 填好各项配置后,点击右上角保存按钮。 + +##### docker/mini_docker/mini_cpio/iso_normal/qcow2格式 + +1. 点击创建好的镜像定制类型流水线名称,进入流水线详情。 +2. 点击定制业务包按钮,右边切换至定制业务包界面,界面如下图,点击修改按钮进入修改界面。 + ![image](images/custom_package_2.png) +3. 添加repo源,输入需要添加rpm包的repo源的正确url地址。 +4. 添加rpm包:配置好正确的repo源后,点击添加按钮,弹出添加rpm包弹窗,勾选需要的rpm包,也可以通过弹窗右上角搜索需要的rpm包,点击确认即可保存。若要删除已添加的rpm包,点击rpm包表格操作列的移除或者勾选需要删除的rpm包,点击批量移除按钮即可。 + ![image](images/add_rpms_2.png) +5. 填好各项配置后,点击右上角保存按钮。 + +#### 配置系统参数 + +1. 只有`iso/cpio`格式需要配置系统参数。 +2. 进入创建好的流水线后,点击配置系统参数按钮,右边切换至配置系统参数界面,点击修改按钮进入修改界面。 + ![image](images/config_system.png) +3. 配置主机参数:根据需要填写或选择相关参数,其中主机名为字母、数字、“-”的组合,首字母必须是字母或数字。 + ![image](images/host_parameters.png) +4. 配置root初始密码:【密码校验格式】,两次需保持一致,可点击右边可视图标观测输入密码。 +5. 配置grub初始密码:【密码校验格式】,两次需保持一致,可点击右边可视图标观测输入密码。 + ![image](images/config_passwd.png) +6. 填好各项配置后,点击右上角保存按钮。 + +### 制作系统 + + 点击“制作系统”框,右侧自动跳转至制作系统页面,点击下方镜像构建按钮,弹出构建弹窗,点击确认按钮,页面显示相应的构建状态以及相关构建日志。 + ![image](images/release-image_build.png) + +### 镜像下载及构建日志查询 + +1. 方法一:镜像构建完成后,点击流水线中制作系统页面,下方显示构建日志信息,点击镜像下载按钮,将镜像下载至本地。 + ![image](images/image-build-1.png) + +2. 方法二:镜像构建完成后,点击流水线中的构建历史页面,操作栏显示镜像下载、查看日志选项。点击查看日志可进入构建日志页面。点击镜像下载按钮,将镜像下载至本地。 + ![image](images/image-build-2.png) + +### 构建历史 + +1. 在流水线详情页面,点击构建历史,跳转至流水线构建历史页面。 + ![image](images/image-his.png) + +2. 根据该页面查看流水线历史的镜像构建信息以及相关的镜像和构建日志。 + ![image](images/image-his-2.png) + +### 用户管理 + +1. 在流水线详情页面,点击用户管理,跳转至流水线用户管理页面。 + ![image](images/user_manager.png) + +2. 点击“添加用户”按钮,填写相关用户名称,并设置相应的用户权限(Maintainer/Reader)。 + ![image](images/user_add.png) + +### 流水线工程克隆 + +1. 点击需要克隆的流水线,进入到流水线详情页面,点击下方“克隆按钮”,填写或选择克隆流水线分组,填写新流水线名称后,点击确认按钮,完成流水线克隆。 + ![image](images/pipeline_clone.png) + +2. 页面跳转至克隆的流水线详情页面,流水线克隆了相应的配置参数信息。 + +### 删除流水线 + + 点击需要删除的流水线,进入到流水线详情页面,点击下方“删除按钮”,弹出确认窗口,点击确认按钮,删除整条流水线,包括相关构建的镜像。 + ![image](images/pipeline_delete.png) + +# 基于命令行进行构建 + +## 本地安装EulerMaker客户端 + +EulerMaker将[lkp-tests](https://gitee.com/openeuler-customization/lkp-tests.git)作为客户端,通过本地安装lkp-tests,lkp-tests提交任务依赖ruby,建议安装ruby2.5及以上版本。 + +## 下载安装 lkp-tests + +运行以下命令安装/设置lkp-test: + +```shell + git clone https://gitee.com/openeuler-customization/lkp-tests.git + cd lkp-tests + make install + source ~/.${SHELL##*/}rc +``` + +## 配置文件 + +本地配置文件配置用户名, 密码、网关等信息: + +- #{ENV['HOME']}/.config/cli/defaults/*.yaml 优先 + +```yaml + GATEWAY_IP: xxx + GATEWAY_PORT: xxx + SRV_HTTP_REPOSITORIES_HOST: xxx + SRV_HTTP_REPOSITORIES_PORT: xxx + SRV_HTTP_REPOSITORIES_PROTOCOL: xxx + SRV_HTTP_RESULT_HOST: xxx + SRV_HTTP_RESULT_PORT: xxx + SRV_HTTP_RESULT_PROTOCOL: xxx + DAG_HOST: xxx + DAG_PORT: xxx + ACCOUNT: xx + PASSWORD: xx + OAUTH_TOKEN_URL: https://omapi.osinfra.cn/oneid/oidc/token + OAUTH_REDIRECT_URL: xx + PUBLIC_KEY_URL: xx +``` + +其中网关GATEWAY_IP和GATEWAY_PORT必须配置; gitee帐号GITEE_ID和GITEE_PASSWORD若不配置只能执行游客可执行的命令; SRV_HTTP_RESULT_HOST,SRV_HTTP_RESULT_PORT是存储job日志的微服务,和SRV_HTTP_RESULT_PROTOCOL仅用于ccb log子命令;SRV_HTTP_REPOSITORIES_HOST和SRV_HTTP_REPOSITORIES_PORT是repo源,和SRV_HTTP_REPOSITORIES_PROTOCOL仅用于ccb download子命令,若无下载需求,可以不配置。 + +配置完成后可执行以下命令,查看是否可以正常使用ccb命令。 + +```shell +ccb -h/--help +``` + +# CLI 客户端 + +## 命令总览 + +```txt +# CRUD +# Elasticsearch 7.x文档基本操作(CRUD) + https://www.cnblogs.com/liugp/p/11848408.html + Elasticsearch CRUD基本操作 + https://www.cnblogs.com/powercto/p/14438907.html + +ccb create k=v|--json JSON|--yaml YAML # Details see "ccb create -h". +ccb update k=v|--json JSON|--yaml YAML + +ccb select k=v|--json JSON-file|--yaml YAML-file [-f/--field key1,key2...] + [-s/--sort key1:asc/desc,key2:asc/desc...] +ccb download os_project= packages= architecture=x86/aarch64 [--sub] [--source] [--debuginfo] +ccb cancel $build_id +ccb log +ccb build-single os_project= packages= k=v|--json JSON-file|--yaml YAML-file + +``` + +## 命令详情 + +### 1. ccb select查询各表信息 + +**查询所有的projects全部信息** + +```shell +ccb select projects +``` + +注意: +rpms和rpm_repos,这两个表由于数据量过大,无法通过`ccb select 表名`命令直接查询该表的全部信息, +查询rpms表必须使用-f指定过滤字段或者使用key=value指定明确的过滤条件。 + +```shell +ccb select rpms -f repo_id +ccb select rpms repo_id=openEuler-24.03-LTS:baseos-openEuler:24.03-LTS-x86_64-313 +``` + +查询rpm_repos表必须使用key=value指定明确的过滤条件,如果不知道value的值,可以先查询其他表获取,然后再使用key=value查询rpm_repos表。 + +```shell +ccb select builds -f repo_id # 先查询builds获得repo_id值 +ccb select rpm_repos repo_id=openEuler-24.03-LTS:baseos-openEuler:24.03-LTS-x86_64-313 # 使用上个命令获得的repo_id值查询rpm_repos表 +``` + + **查询符合要求的projects的全部信息** + +```shell +ccb select projects os_project=openEuler:Mainline owner=xxx +``` + + **查询符合要求的projects的部分信息** + +```shell +ccb select projects os_project=openEuler:Mainline --field os_project,users +``` + + **查询符合要求的projects的部分信息并排序** + +```shell +ccb select projects os_project=openEuler:Mainline --field os_project,users --sort create_time:desc,os_project:asc +``` + +**列出指定project的所有snapshot** + +```shell +ccb select snapshots os_project=openEuler:Mainline +``` + +**注:查看其他表类似** + +### 2. ccb create project + +**创建project** + +```json +ccb create projects test-project --json config.json +config.json: +{ + "os_project": "test-project", + "descrption": "this is a private project of zhangshan", + "my_specs": [ + { + "spec_name": "gcc", + "spec_url": "https://gitee.com/src-openEuler/gcc.git", + "spec_branch": "openEuler-24.03-LTS" + }, + { + "spec_name": "python-flask", + "spec_url": "https://gitee.com/src-openEuler/python-flask.git", + "spec_branch": "openEuler-24.03-LTS" + } + ], + "build_targets": [ + { + "os_variant": "openEuler_24.03", + "architecture": "x86_64" + }, + { + "os_variant": "openEuler_24.03", + "architecture": "aarch64" + } + ], + "flags": { + "build": true, + "publish": true + } +} +``` + +### 3. ccb update projects $os_project + +**project添加package** + +```json +ccb update projects $os_project --json update.json +update.json: +{ + "my_specs+": [ + { + "spec_name": , + "spec_url": , + "spec_branch": + }, + ... + ] +} +``` + +**project增删user** + +```json +ccb update projects $os_project --json update.json +update.json: +{ + "users-": ["zhangsan"], + "users+": { + "lisi": "reader", + "wangwu": "maintainer" + } +} +``` + +**锁定某个package** + +```shell +ccb update projects test-project package_overrides.$package.lock=true +``` + +**解锁某个package** + +```shell +ccb update projects test-project package_overrides.$package.lock=false +``` + +### 4. 单包构建 + +build_targets可以不传,可以有1或多个,如果不传,采用os_project默认配置的build_targets。 + +```json +ccb build-single os_project=test-project packages=gcc --json build_targets.json +build_targets.json: +{ + "build_targets": [ + { + "os_variant": "openEuler:24.03", + "architecture": "x86_64" + }, + { + "os_variant": "openEuler:24.03", + "architecture": "aarch64" + } + ] +} +``` + +### 5. 全量/增量构建 + +指定build_type=full则为全量构建,指定build_type=incremental则为增量构建; +build_targets参数与单包构建中的build_targets一样,可以不传,可以有1或多个,如果不传,采用os_project默认配置的build_targets; +如果指定snapshot_id,则os_project可不传,表示基于某个历史快照创建全量/增量构建。 + +```json +ccb build os_project=test-project build_type=full --json build_targets.json # 全量构建 +ccb build snapshot_id=xxx build_type=incremental --json build_targets.json # 增量构建 +build_targets.json: +{ + "build_targets": [ + { + "os_variant": "openEuler:24.03", + "architecture": "x86_64" + }, + { + "os_variant": "openEuler:24.03", + "architecture": "aarch64" + } + ] +} +``` + +### 6. 下载软件包 + +如果指定snapshot_id,则os_project可不传; +dest表示指定软件包下载后存放的路径,可不传,默认使用当前路径。 + +#### 基本用法 + +```shell +ccb download os_project=test-project packages=python-flask architecture=aarch64 dest=/tmp/rpm +ccb download snapshot_id=123456 packages=python-flask architecture=aarch64 dest=/tmp/rpm +``` + +#### -s的用法 + +```shell +# 使用-s 表示下载该packages的源码包。示例如下所示: +ccb download os_project=test-project packages=python-flask architecture=aarch64 -s +``` + +#### -d的用法 + +```shell +# 使用-d 表示下载该packages的debug(debuginfo和debugsource)包。示例如下所示: +ccb download os_project=test-project packages=python-flask architecture=aarch64 -d +``` + +#### -b的用法 + +```shell +# 使用-b all 表示下载该packages的所有子包。示例如下所示: +ccb download os_project=test-project packages=python-flask architecture=aarch64 -b all + +# 使用-b $rpm 表示下载该packages的指定子包$rpm,指定多个子包以逗号分隔。示例如下所示: +ccb download os_project=test-project packages=python-flask architecture=aarch64 -b python2-flask +ccb download os_project=test-project packages=python-flask architecture=aarch64 -b python2-flask,python3-flask +``` + +#### -s -d -b 组合使用 + +```shell +# 使用-b all -s -d 表示下载该packages的debug包,源码包和所有子包。示例如下所示: +ccb download os_project=test-project packages=python-flask architecture=aarch64 -b all -s -d + +# 使用-b $rpm -s -d 表示下载该packages的debug包,源码包和指定子包(指定多个子包以逗号分隔)。示例如下所示: +ccb download os_project=test-project packages=python-flask architecture=aarch64 -b python2-flask -s -d +ccb download os_project=test-project packages=python-flask architecture=aarch64 -b python2-flask,python3-flask -s -d +``` + +### 7. cancel 取消构建任务 + +```shell +ccb cancel $build_id + +``` + +### 8. 查看job日志 + +```shell +ccb log +``` + +# 概念/术语 + +| 术语 | 含义 | +| ------------ | ------------------------------------------------------------ | +| project | 一组包的集合,其中包含build_target配置,软件包的git_url配置 | +| build_target | 指定构建目标,包含目标的os系统及版本,cpu架构 | +| package | 软件包,使用spec_name来标识,一个package会生成一个或多个rpm。 | +| snapshot | project的快照,将记录当前时刻下,各个软件包的commit_id,以及依赖project的snapshot,保障构建一个包所需要的依赖固定,snapshot_id全局唯一 | +| build | 对project的构建任务,基于snapshot来创建,每个build_target会生成一个build,build_id全局唯一 | +| job | 每一次build任务会生成一个或多个job,每个job对应一个软件包的构建 | +| build_single | 单包构建 | +| build_type | 构建类型,可指定为full/incremental | diff --git a/docs/zh/tools/devops/eulermaker/figures/1686189862936_image.png b/docs/zh/tools/devops/eulermaker/figures/1686189862936_image.png new file mode 100644 index 0000000000000000000000000000000000000000..25d9365f454d8ac950673c8c89ff5abcf7fb4157 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686189862936_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/1686190779219_image.png b/docs/zh/tools/devops/eulermaker/figures/1686190779219_image.png new file mode 100644 index 0000000000000000000000000000000000000000..c94d01cd9057cdb9e3a51eefb7f389ceab72c3ee Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686190779219_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/1686190839529_image.png b/docs/zh/tools/devops/eulermaker/figures/1686190839529_image.png new file mode 100644 index 0000000000000000000000000000000000000000..146eedad4cd02978bfb18ee5f4aa6bb05092cda8 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686190839529_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/1686193530087_image.png b/docs/zh/tools/devops/eulermaker/figures/1686193530087_image.png new file mode 100644 index 0000000000000000000000000000000000000000..e89f4e78266e7dcb4ea320d74f73610438d500b0 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686193530087_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/1686193606679_image.png b/docs/zh/tools/devops/eulermaker/figures/1686193606679_image.png new file mode 100644 index 0000000000000000000000000000000000000000..3070dddbbcd1dca259bef95d62e5ec18dcc44499 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686193606679_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/1686193747460_image.png b/docs/zh/tools/devops/eulermaker/figures/1686193747460_image.png new file mode 100644 index 0000000000000000000000000000000000000000..76c8c5fd75b6ed406737f6c3445559c355fd21c0 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686193747460_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/1686194008501_image.png b/docs/zh/tools/devops/eulermaker/figures/1686194008501_image.png new file mode 100644 index 0000000000000000000000000000000000000000..82134424e83f72f6c3aba04077d34f555149015d Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686194008501_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/1686194042686_image.png b/docs/zh/tools/devops/eulermaker/figures/1686194042686_image.png new file mode 100644 index 0000000000000000000000000000000000000000..60f00d2b818b75b0778caacefcf7de0dae1e6663 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/1686194042686_image.png differ diff --git a/docs/zh/tools/devops/eulermaker/figures/image.png b/docs/zh/tools/devops/eulermaker/figures/image.png new file mode 100644 index 0000000000000000000000000000000000000000..1051e6fc1a7068898108b862aea1835b43799030 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/figures/image.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/.keep b/docs/zh/tools/devops/eulermaker/images/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/zh/tools/devops/eulermaker/images/add_file.png b/docs/zh/tools/devops/eulermaker/images/add_file.png new file mode 100644 index 0000000000000000000000000000000000000000..6fc4c5b089237ecbb5dabdae6954093c5234c380 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/add_file.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/add_package.png b/docs/zh/tools/devops/eulermaker/images/add_package.png new file mode 100644 index 0000000000000000000000000000000000000000..1c58f18f4781f6c34c995d56dee131149b835df8 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/add_package.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/add_rpms.png b/docs/zh/tools/devops/eulermaker/images/add_rpms.png new file mode 100644 index 0000000000000000000000000000000000000000..1bb748b49523bfa1b328f4bd9fbf2bf45fcf9bf2 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/add_rpms.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/add_rpms_2.png b/docs/zh/tools/devops/eulermaker/images/add_rpms_2.png new file mode 100644 index 0000000000000000000000000000000000000000..25c845415c8ce1fdedac308b777422405502bffa Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/add_rpms_2.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/brach_package.png b/docs/zh/tools/devops/eulermaker/images/brach_package.png new file mode 100644 index 0000000000000000000000000000000000000000..ab72263596c18b2e4a11d69c68cde4f775dcc1c5 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/brach_package.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/branch_package.png b/docs/zh/tools/devops/eulermaker/images/branch_package.png new file mode 100644 index 0000000000000000000000000000000000000000..d9230ffbfc6b9bd006fdf6268537a8b70b43a8f4 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/branch_package.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/build_detail.png b/docs/zh/tools/devops/eulermaker/images/build_detail.png new file mode 100644 index 0000000000000000000000000000000000000000..52a49744799e5387ba0dc76dfce3e0d4ebeb1c2f Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/build_detail.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/build_history.png b/docs/zh/tools/devops/eulermaker/images/build_history.png new file mode 100644 index 0000000000000000000000000000000000000000..b413f18a53409a3ba6fb0891e887a9a6a10c001a Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/build_history.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/certification.png b/docs/zh/tools/devops/eulermaker/images/certification.png new file mode 100644 index 0000000000000000000000000000000000000000..3bd145b7070b8fd2a1f5c29e762214540f747f8b Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/certification.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/config.png b/docs/zh/tools/devops/eulermaker/images/config.png new file mode 100644 index 0000000000000000000000000000000000000000..2042e3bb09a98d34429586322de51e398ed99a20 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/config.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/config_net.png b/docs/zh/tools/devops/eulermaker/images/config_net.png new file mode 100644 index 0000000000000000000000000000000000000000..64f514ded1a9575708c1a379e118b5297d0ee580 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/config_net.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/config_partition.png b/docs/zh/tools/devops/eulermaker/images/config_partition.png new file mode 100644 index 0000000000000000000000000000000000000000..8f63e16cd6c9c07795ad3174a6f4de621ba6bb37 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/config_partition.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/config_passwd.png b/docs/zh/tools/devops/eulermaker/images/config_passwd.png new file mode 100644 index 0000000000000000000000000000000000000000..e9947adc07c9147faae1ec5ad58c327b703ae86c Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/config_passwd.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/config_system.png b/docs/zh/tools/devops/eulermaker/images/config_system.png new file mode 100644 index 0000000000000000000000000000000000000000..147fc5ba087113ec34ec4b73bc615b5d5c222d16 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/config_system.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/create-project.png b/docs/zh/tools/devops/eulermaker/images/create-project.png new file mode 100644 index 0000000000000000000000000000000000000000..e4c80324bf81eb3a9c54d300ae2795a693959898 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/create-project.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/create_project.png b/docs/zh/tools/devops/eulermaker/images/create_project.png new file mode 100644 index 0000000000000000000000000000000000000000..22f369f3558657c5287bb62bbe344880ea530034 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/create_project.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/custom_package.png b/docs/zh/tools/devops/eulermaker/images/custom_package.png new file mode 100644 index 0000000000000000000000000000000000000000..7f89731a1734e9426099ad26cd9a6ac85528adf6 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/custom_package.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/custom_package_2.png b/docs/zh/tools/devops/eulermaker/images/custom_package_2.png new file mode 100644 index 0000000000000000000000000000000000000000..612a003bd902b6e50ddc51bf94aebb6e3e08a49e Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/custom_package_2.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/dag_relation.PNG b/docs/zh/tools/devops/eulermaker/images/dag_relation.PNG new file mode 100644 index 0000000000000000000000000000000000000000..64bc551096b0978d20dabdaee1a69bb4cfcf14fb Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/dag_relation.PNG differ diff --git a/docs/zh/tools/devops/eulermaker/images/dag_relationships.png b/docs/zh/tools/devops/eulermaker/images/dag_relationships.png new file mode 100644 index 0000000000000000000000000000000000000000..acfca3666f7937105337b57e1b4305c7af0681c7 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/dag_relationships.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/download.png b/docs/zh/tools/devops/eulermaker/images/download.png new file mode 100644 index 0000000000000000000000000000000000000000..40e4d418f2f8a57fb730dec03960f995cf255ca4 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/download.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/enter_pipeline.png b/docs/zh/tools/devops/eulermaker/images/enter_pipeline.png new file mode 100644 index 0000000000000000000000000000000000000000..bf41d190deed529ec11d7fce0c929fb914360cc2 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/enter_pipeline.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/fork_backlight.png b/docs/zh/tools/devops/eulermaker/images/fork_backlight.png new file mode 100644 index 0000000000000000000000000000000000000000..0000eff2d35e972bf61fd2af1a7d0ae01f6d0122 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/fork_backlight.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/full_build.png b/docs/zh/tools/devops/eulermaker/images/full_build.png new file mode 100644 index 0000000000000000000000000000000000000000..cdc25c7a4be1b2a6ea2e744086e9c31f4a5d9346 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/full_build.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/home.png b/docs/zh/tools/devops/eulermaker/images/home.png new file mode 100644 index 0000000000000000000000000000000000000000..32d301ac9c3edea498c5445c732cbdf87c1056a8 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/home.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/host_parameters.png b/docs/zh/tools/devops/eulermaker/images/host_parameters.png new file mode 100644 index 0000000000000000000000000000000000000000..dd13cee631c0ef793cc529f702f5de239f1a2b39 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/host_parameters.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/image-build-1.png b/docs/zh/tools/devops/eulermaker/images/image-build-1.png new file mode 100644 index 0000000000000000000000000000000000000000..1cf2b33f2141144ffbd4164cd307f8fa81e67568 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/image-build-1.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/image-build-2.png b/docs/zh/tools/devops/eulermaker/images/image-build-2.png new file mode 100644 index 0000000000000000000000000000000000000000..54a99f7d29965db62522f55370b1fbc3ebcced3b Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/image-build-2.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/image-build.png b/docs/zh/tools/devops/eulermaker/images/image-build.png new file mode 100644 index 0000000000000000000000000000000000000000..71238d92d6c08fda87c4c900d68ba4cfd1f81f77 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/image-build.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/image-his-2.png b/docs/zh/tools/devops/eulermaker/images/image-his-2.png new file mode 100644 index 0000000000000000000000000000000000000000..23956c3506f782175e920feb70c2a1d958e5818a Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/image-his-2.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/image-his.png b/docs/zh/tools/devops/eulermaker/images/image-his.png new file mode 100644 index 0000000000000000000000000000000000000000..43dcee777c89c499efd250d8adb6c9377e18a3f9 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/image-his.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/image_details.png b/docs/zh/tools/devops/eulermaker/images/image_details.png new file mode 100644 index 0000000000000000000000000000000000000000..9e05e11da1f2265c2f5101b247cfd980f1e250e7 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/image_details.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/incremental_build.png b/docs/zh/tools/devops/eulermaker/images/incremental_build.png new file mode 100644 index 0000000000000000000000000000000000000000..1550b4025eb2bd7b55b9b9391e8f8130cd546a99 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/incremental_build.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/inherit_project.png b/docs/zh/tools/devops/eulermaker/images/inherit_project.png new file mode 100644 index 0000000000000000000000000000000000000000..6faee2fa96a4ec76fb32a5acd43c469c28dbd0d3 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/inherit_project.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/jobs.png b/docs/zh/tools/devops/eulermaker/images/jobs.png new file mode 100644 index 0000000000000000000000000000000000000000..0469194c994e0b022463b43cea7f2c92e7c74cbd Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/jobs.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/login.png b/docs/zh/tools/devops/eulermaker/images/login.png new file mode 100644 index 0000000000000000000000000000000000000000..32383e5176d5f691fdbd079df2546385e7ce0aac Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/login.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/openeuler-community-login.png b/docs/zh/tools/devops/eulermaker/images/openeuler-community-login.png new file mode 100644 index 0000000000000000000000000000000000000000..9e9bede08d8dba2ce9c0bd32644a42746bff48f4 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/openeuler-community-login.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/package_overview.png b/docs/zh/tools/devops/eulermaker/images/package_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..0242c985fec75ef004d1aaec46c675ac486b3412 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/package_overview.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/pipeline_add.png b/docs/zh/tools/devops/eulermaker/images/pipeline_add.png new file mode 100644 index 0000000000000000000000000000000000000000..2a7464d743a7a243311d7be10d32f0e75532233c Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/pipeline_add.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/pipeline_clone.png b/docs/zh/tools/devops/eulermaker/images/pipeline_clone.png new file mode 100644 index 0000000000000000000000000000000000000000..111ba197509d71436d52734da73f4c6882b43df6 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/pipeline_clone.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/pipeline_delete.png b/docs/zh/tools/devops/eulermaker/images/pipeline_delete.png new file mode 100644 index 0000000000000000000000000000000000000000..2a5d91c407d99a98561dbaae9c0f73e6a6700d60 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/pipeline_delete.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/pipeline_list.png b/docs/zh/tools/devops/eulermaker/images/pipeline_list.png new file mode 100644 index 0000000000000000000000000000000000000000..01722cdbc16f3a7de8998978aea227168ebbfe50 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/pipeline_list.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/pipeline_param.png b/docs/zh/tools/devops/eulermaker/images/pipeline_param.png new file mode 100644 index 0000000000000000000000000000000000000000..70852e6d7112e08b54c1741b74c4923e15b6a128 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/pipeline_param.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/pipeline_start.png b/docs/zh/tools/devops/eulermaker/images/pipeline_start.png new file mode 100644 index 0000000000000000000000000000000000000000..1f4d7ba885bb08cde3c523f7e23c0751d42f516f Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/pipeline_start.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/register.png b/docs/zh/tools/devops/eulermaker/images/register.png new file mode 100644 index 0000000000000000000000000000000000000000..32c00ccebee78b4652ac57b9507d107d31f24f6a Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/register.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/release-image_build.png b/docs/zh/tools/devops/eulermaker/images/release-image_build.png new file mode 100644 index 0000000000000000000000000000000000000000..56d7c636cdce03e226efd57f3c8127a579fd06be Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/release-image_build.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/run-job.png b/docs/zh/tools/devops/eulermaker/images/run-job.png new file mode 100644 index 0000000000000000000000000000000000000000..744e674f6eed82525d60fe4c6ce6f383852c7db9 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/run-job.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/sign-up-local-account.png b/docs/zh/tools/devops/eulermaker/images/sign-up-local-account.png new file mode 100644 index 0000000000000000000000000000000000000000..7f7ebb44d2314cab3939c57b1871d4f8b1063acf Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/sign-up-local-account.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/single_build.png b/docs/zh/tools/devops/eulermaker/images/single_build.png new file mode 100644 index 0000000000000000000000000000000000000000..76d92fdd9c95afb984720de169712d9a5e402dcb Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/single_build.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/user_add.png b/docs/zh/tools/devops/eulermaker/images/user_add.png new file mode 100644 index 0000000000000000000000000000000000000000..644d014f9561a7bccdc7f92cd494e38f42f20435 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/user_add.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/user_manager.png b/docs/zh/tools/devops/eulermaker/images/user_manager.png new file mode 100644 index 0000000000000000000000000000000000000000..fd44cb94dedea095eba93a5110e8ac1a973e2b0d Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/user_manager.png differ diff --git a/docs/zh/tools/devops/eulermaker/images/web-project.PNG b/docs/zh/tools/devops/eulermaker/images/web-project.PNG new file mode 100644 index 0000000000000000000000000000000000000000..4f53c375d41eb3a0481dc8ad192cb7c139248311 Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/web-project.PNG differ diff --git a/docs/zh/tools/devops/eulermaker/images/wgcloud-web.PNG b/docs/zh/tools/devops/eulermaker/images/wgcloud-web.PNG new file mode 100644 index 0000000000000000000000000000000000000000..3ed2a07058365b5609cf923926171df8a9b11e0f Binary files /dev/null and b/docs/zh/tools/devops/eulermaker/images/wgcloud-web.PNG differ diff --git a/docs/zh/tools/devops/eulermaker/merge_configs.md b/docs/zh/tools/devops/eulermaker/merge_configs.md new file mode 100644 index 0000000000000000000000000000000000000000..eab880f279d6d9a85e8ad37bff86528e870bd3d1 --- /dev/null +++ b/docs/zh/tools/devops/eulermaker/merge_configs.md @@ -0,0 +1,109 @@ +# 概述 + +本特性可以按照用户自定义需求,修改、定制、迭代软件包的构建文件,使构建文件的各版本、包间宏定义差异性管理。 + +# 安装与卸载 + +## 安装 + + pip install merge_configs-0.0.6-py3-none-any.whl + +## 卸载 + + pip uninstall merge-configs + +# 使用方法 + +## 命令行 + + merge-configs --help + -p PACKAGES, --packages PACKAGES: 设置需要merge的软件包,多个软件包用空格隔开。 + -c CONFIG_FILE, --config_file CONFIG_FILE: 设置分层根目录文件config.yaml。 + -o OUTPUT, --output OUTPUT: 设置输出文件的路径。 + -d --debug : 是否需要设置日志模式为debug。 + -l LIST_FEATURES, --list-features LIST_FEATURES: 不为空时显示用户配置信息,设置存在于-p参数值中的软件包,多个软件包用逗号隔开。 + -a TARGET_ARCH, --arch TARGET_ARCH: 设置merge的目标架构,例如:x86_64,aarch64。 +常用命令:merge-configs -p \\\$\{package} -c \\\$\{config_path}/config.yaml -o \\\$\{output_path} -a \\\$\{target_arch_name} -l \\\$\{package} + +常见的yaml结构如下: + +![](./figures/image.png) + +经过转换后: + +![](./figures/1686189862936_image.png) + +## 软件包定制 + +软件包编译信息经过的分层的架构分开保存,分成yaml主要配置、files.yaml文件配置、编译执行脚本、运行时执行脚本和changelog。其各个文件中定制的内容经由merge-configs工具解析转换,会在编译中生效。 + +### 参数定制 + +1. 参数名定制: +参数名可以根据定制需求修改,通常只修改source,patch的编号,随意修改可能导致spec语法不支持。 + +2. 参数值定制: +参数值定制的范围比较大,根据需求可随意修改内容,但是尽量不要修改值类型,如string类型改为list类型,可能导致转换错误。 + +修改Patch编号和它的值: + +![](./figures/1686190779219_image.png) + +经过转换后: + +![](./figures/1686190839529_image.png) + +### 条件定制 + +条件定制的方式是在yaml配置层的key中添加when条件。 + + Source: + 0: http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.xz + source when arch in aarch64: + 100: libtool-aarch-%{version}.tar.xz +有三种方式定制: + +1. 架构定制。 + + ```sh + buildRequires: + - "gcc" + buildRequires when arch in x86_64: + - "gcc-c++" + buildRequires when arch not in x86_64: + - "gzip" + ``` + +2. 标签定制: + defineFlags字段将会转换为bcond_with/bcond_without。 + + ```sh + defineFlags: + +auto_compile: "" + patchset when +auto_compile: + 1001: libtool-0.0.1-auto_compile.patch + ``` + +3. 宏定制: + %%{rpmGlobal.}表示在包信息中定义的宏,%%%{rpmGlobal.}表示在rpm系统中定义的宏。 + + ```sh + rpmGloal: + posttest: 0 + source when %%{rpmGlobal.posttest}: + 1: posttest.sh + source when %%%{rpmGlobal._debugsource_packages}: + 2: openEuler_setup.py + ``` + +定制后: + +![](./figures/1686194042686_image.png) + +经过定制再转换后: + +![](./figures/1686194008501_image.png) + +## 转换 + +目前eulermaker仅支持yaml->spec的转换,仅支持rpmbuild编译rpm包的编译方式。 diff --git a/docs/zh/tools/devops/eulerpipeline/_toc.yaml b/docs/zh/tools/devops/eulerpipeline/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9d9560571a009fb6822d820d8269a2078dde8ef7 --- /dev/null +++ b/docs/zh/tools/devops/eulerpipeline/_toc.yaml @@ -0,0 +1,12 @@ +label: EulerPipeline +isManual: true +description: 聚焦于web页面的维度进行EulerPipeline原生开发服务的功能介绍 +sections: + - label: EulerPipeline 用户指南 + href: ./eulerpipeline_user_guide.md + - label: v1.0 语法说明文档 + href: ./v1.0_grammar.md + - label: v1.1 语法说明文档 + href: ./v1.1_grammar.md + - label: kernel-ci + href: ./kernel_ci_guide.md diff --git a/docs/zh/tools/devops/eulerpipeline/eulerpipeline_user_guide.md b/docs/zh/tools/devops/eulerpipeline/eulerpipeline_user_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..ed2615d9029d75e86fdb096d221e69b3479f8387 --- /dev/null +++ b/docs/zh/tools/devops/eulerpipeline/eulerpipeline_user_guide.md @@ -0,0 +1,172 @@ +# EulerPipeline原生开发服务使用手册 + +本文聚焦于web页面的维度进行EulerPipeline原生开发服务的功能介绍。 + +## 1. 登录与注册 + +EulerPipeline原生开发服务采用基于openEuler社区鉴权服务的多端统一用户管理系统,社区身份+集群身份共同组成用户个体。 + +- 初始页面,点击悬浮右上角图标,点击登录按钮登录 + + ![登录](./image/登录.jpg) + +- openEuler社区鉴权,验证身份 + + ![鉴权](./image/社区鉴权.jpg) + +- lab-z9作为当前公共执行机集群,用户可以在社区身份鉴权完成后,需要注册或绑定lab-z9的Compass-CI帐户 + + - 绑定用户,需要提供Compass-CI帐号、Compass-CI用户名、Compass-CI邮箱、Compass-CI令牌四个必填字段 + + ![登录](./image/cci帐户绑定.jpg) + + - 如果之前没有lab-z9集群的Compass-CI帐户,也可以注册新用户 + + ![注册](./image/cci帐户注册.jpg) + +## 2. 新建流水线 + +EulerPipeline原生开发服务支持基于lkp-tests仓库中的流水线yaml模板快速创建新流水线,流水线模板根据其所属目录分为不同类型,便于用户根据具体需求场景快速选取。 + +- 点击新建流水线按钮(当页面不存在流水线数据时按钮居中,当页面存在流水线数据时按钮位于左上角) + + ![新建](./image/新建流水线.jpg) + +- 可以通过选择“公开”或“受限”设定流水线的初始类型,公开类型的流水线所有用户可查看其内容但无法操作,受限类型的流水线所有接口权限均被管控。同时,用户需要选择某个仓库类型或自定义类型的客户端,流水线基于该客户端运作(客户端不同流水线模板以及可选的原子任务不同) + +- 公开类型的流水线可以被任意用户查看详情,但除查询外的操作需要流水线maintainer管理权限 + +- 受限类型的流水线则受到流水线maintainer的全权管控 + + ![选择客户端](./image/选择客户端.jpg) + + ![选择模板](./image/选择模板.jpg) + +## 3. 编排流水线 + +流水线的编排分为通过web页面进行UI编排,以及通过YAML编排(修改流水线描述文本) + +- UI编排 + + 通过UI编排后,变更同样会被同步到流水线YAML中,本质是一致的行为。流水线web服务提供将UI编排“翻译”为YAML内容变更的能力,以此降低用户编排流水线的入门门槛。 + + ![UI编排](./image/UI编排.jpg) + + - 流水线变量设置 + + ![流水线变量](./image/配置流水线变量.jpg) + + - 定时触发条件设置 + + ![定时](./image/配置定时触发条件.jpg) + + - webhook触发条件设置 + + ![webhook](./image/添加webhook触发条件.jpg) + + - 添加webhook触发条件后,需要到仓库进行webhook配置,下图以gitee为例。在gitee代码仓点击设置—WebHooks—添加webHook + + ![webhook1](./image/仓库配置webhook1.jpg) + + - URL需要填写流水线服务配置webhook触发条件页面中提供的webhook URL,然后选择WebHook密码,填写页面中生成的密码。 + + ![webhook2](./image/仓库配置webhook2.jpg) + + - 原子任务添加/删除(暂未开放) + + - 原子任务选择/详情介绍查看(暂未开放) + + - 原子任务参数修改(暂未开放) + +- YAML编排 + + - 通过YAML编排需要熟悉流水线支持的语法,流水线支持多版本语法解析,语法版本通过“version”关键字声明,目前仅支持v1.0版本语法。 + + - v1.0语法请参考文档:[EulerPipeline原生开发服务流水线语法v1.0](./v1.0_grammar.md) + + ![yaml](./image/YAML编排.jpg) + + - 变更流水线类型,由公开变为受限,或由受限变为公开 + + ![变更类型](./image/变更流水线类型.jpg) + + - 删除流水线 + + ![删除](./image/删除流水线.jpg) + +## 4. 运行流水线 + +运行流水线有三种方式,用户可以手动点击流水线的运行按钮或者重新运行按钮触发流水线的执行,也可以通过编排触发设置令流水线被webhook事件或定时事件驱动。 + +- webhook事件驱动 +- 定时事件驱动 + +- 手动运行可以通过如下两种按钮运行 + + ![运行1](./image/运行流水线1.jpg) + + ![运行2](./image/运行流水线2.jpg) + +## 5. 流水线权限设置 + +点击设置按钮,可进入流水线的权限配置页面,通过成员管理、角色分配以及角色权限设置完成流水线权限管理。 + +- 点击设置,进入成员管理 + + ![点击设置](./image/设置流水线权限.jpg) + + ![成员管理](./image/成员管理.jpg) + +- 可以通过邀请链接(暂未开放)或者直接用户名添加的方式添加流水线成员 + + ![添加成员](./image/添加成员.jpg) + +- 可以通过成员管理的操作列修改成员角色 + + ![修改角色](./image/修改角色.jpg) + +- 点击权限管理页签,可以添加自定义角色,或者基于现有角色修改访问权限 + + ![权限1](./image/修改角色权限1.jpg) + + ![权限2](./image/修改角色权限2.jpg) + +## 6. 流水线运行详情 + +流水线运行后,可以点击流水线名称列亮起的流水线名,进入流水线最新运行的详情页,如下所示。 + +![查看运行](./image/查看最新运行详情.jpg) + +![详情](./image/运行详情.jpg) + +用户在本页面可以清晰感知流水线的运行状态,以及流水线各任务的运行细节,以及可以通过重新运行、挂起、取消运行按钮控制流水线运行状态。 + +- 查看任务详情,检阅dmesg日志 + + ![任务详情](./image/任务详情.jpg) + +- 重试单个任务,尝试使流水线从失败的节点继续运作 + + ![任务重试](./image/任务重试.jpg) + +- 查看历史运行记录,可通过历史运行记录表的操作列,点击详情按钮,从而跳转到历史运行详情页面检阅历史数据 + + ![历史运行](./image/历史运行.jpg) + +- 点击右上角matrix总览按钮,可以在流水线存在矩阵时以方块视图直观感知不同参数组合下流水线的实时执行情况 + + ![matrix](./image/matrix总览.jpg) + +## 7. 一键复现与结对调试 + +原生开发流水线提供了一键复现的能力,用户可以于流水线运行详情页面,点击任意任务卡片上的一键复现按钮,选择独立或者结对的方式重现任务执行环境,通过服务提供的web控制台或者利用公钥ssh的方式(暂未开放)访问终端,进行问题定位与调试。 + +- 独立复现意味着用户独立建立一个复现的房间,在不共享他人房间token时,独享该环境的web终端 + +- 结对复现需要用户输入已有复现房间的token,进入他人创建的房间共享web终端结对调试 + +![选择复现方式](./image/选择复现方式.jpg) + +![结对选项](./image/结对复现.jpg) + +![结对复现](./image/结对复现调试.jpg) diff --git "a/docs/zh/tools/devops/eulerpipeline/image/UI\347\274\226\346\216\222.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/UI\347\274\226\346\216\222.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c0ed1c60374edba909ca898bf82ed48b9228bc4a Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/UI\347\274\226\346\216\222.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/YAML\347\274\226\346\216\222.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/YAML\347\274\226\346\216\222.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..782c9cd987712f9087990a5159971d2a05358f7f Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/YAML\347\274\226\346\216\222.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\346\263\250\345\206\214.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\346\263\250\345\206\214.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..ca163e10f3198b5aa120aea410e4a25c6fb3ffe2 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\346\263\250\345\206\214.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\347\273\221\345\256\232.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\347\273\221\345\256\232.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..8cb9da2ba91a75aae8a6b112753c64d1e6f4c76e Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/cci\345\270\220\346\210\267\347\273\221\345\256\232.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/kernel-ci_yaml\347\274\226\346\216\222.png" "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci_yaml\347\274\226\346\216\222.png" new file mode 100644 index 0000000000000000000000000000000000000000..5f59337191719c1ea87e02b24d40beed409002fa Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci_yaml\347\274\226\346\216\222.png" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\346\250\241\346\235\277.png" "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\346\250\241\346\235\277.png" new file mode 100644 index 0000000000000000000000000000000000000000..27c425ab668412629c63c987c48c553b233d648c Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\346\250\241\346\235\277.png" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\350\257\204\350\256\272.png" "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..14603629f0cefb0fd7b40bc6b4f7872eae9e8dd9 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\350\257\204\350\256\272.png" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\351\224\231\350\257\257\350\257\246\346\203\205.png" "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\351\224\231\350\257\257\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..cf7be977043a924e2de8b036d09861f6ad56ef99 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/kernel-ci\351\224\231\350\257\257\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/matrix\346\200\273\350\247\210.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/matrix\346\200\273\350\247\210.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1244aa6147af43a67fd000855b66ba11711e27fe Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/matrix\346\200\273\350\247\210.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/webhook\350\257\267\346\261\202\347\273\223\346\236\234.png" "b/docs/zh/tools/devops/eulerpipeline/image/webhook\350\257\267\346\261\202\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..88811a4793c61f011dd182a13bfd0d839b27f538 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/webhook\350\257\267\346\261\202\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook1.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook1.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..8900f78845be8b45e3f677e9fc255b9f4d092f6d Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook1.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook2.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook2.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1f3d4d7cb390b1a04377da0d5a1426a174b7ba79 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\223\345\272\223\351\205\215\347\275\256webhook2.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\350\257\246\346\203\205.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1e7f99e6b83371ad665df0353129ae4cf45c5be6 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\351\207\215\350\257\225.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\351\207\215\350\257\225.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..7ad1ce1b8b1013b89096607bed6ce132c796015c Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\344\273\273\345\212\241\351\207\215\350\257\225.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..0487c824d31c50be7edf0f4f80859c14c3fe5951 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2201.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..dfcc830a5a734a12c73af9f37819b950ec520163 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2201.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2202.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2202.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..abfbe32c67022f385250f73fed14153118f88ffa Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\344\277\256\346\224\271\350\247\222\350\211\262\346\235\203\351\231\2202.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\345\210\240\351\231\244\346\265\201\346\260\264\347\272\277.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\345\210\240\351\231\244\346\265\201\346\260\264\347\272\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..cdac7a7a2649e82b0eea40a51104a5adbf4f83c1 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\345\210\240\351\231\244\346\265\201\346\260\264\347\272\277.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\345\216\206\345\217\262\350\277\220\350\241\214.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\345\216\206\345\217\262\350\277\220\350\241\214.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..a0e6d7558e2b853921646a4882dd0c93b1d7c5b0 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\345\216\206\345\217\262\350\277\220\350\241\214.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\345\217\230\346\233\264\346\265\201\346\260\264\347\272\277\347\261\273\345\236\213.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\345\217\230\346\233\264\346\265\201\346\260\264\347\272\277\347\261\273\345\236\213.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..3fad8fbb1d1176cde38329d16f1c1004eb18bea0 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\345\217\230\346\233\264\346\265\201\346\260\264\347\272\277\347\261\273\345\236\213.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\346\210\220\345\221\230\347\256\241\347\220\206.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\346\210\220\345\221\230\347\256\241\347\220\206.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c1f73666826bbf68f8a9a6ffcc9c3b298c52fe5f Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\346\210\220\345\221\230\347\256\241\347\220\206.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\346\226\260\345\273\272\346\265\201\346\260\264\347\272\277.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\346\226\260\345\273\272\346\265\201\346\260\264\347\272\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..451793dc756d3de06559bb15ba343a61bcc9925b Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\346\226\260\345\273\272\346\265\201\346\260\264\347\272\277.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\346\237\245\347\234\213\346\234\200\346\226\260\350\277\220\350\241\214\350\257\246\346\203\205.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\346\237\245\347\234\213\346\234\200\346\226\260\350\277\220\350\241\214\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5edd5100c1aa78a58c3b466c806bb4ef7d393b09 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\346\237\245\347\234\213\346\234\200\346\226\260\350\277\220\350\241\214\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\346\267\273\345\212\240webhook\350\247\246\345\217\221\346\235\241\344\273\266.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\346\267\273\345\212\240webhook\350\247\246\345\217\221\346\235\241\344\273\266.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..168a7e480f8a4b6f01e3339305d30bd11c29db96 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\346\267\273\345\212\240webhook\350\247\246\345\217\221\346\235\241\344\273\266.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\346\267\273\345\212\240\346\210\220\345\221\230.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\346\267\273\345\212\240\346\210\220\345\221\230.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..b7bf76af38091df75ed1954d55eaa3f698c12270 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\346\267\273\345\212\240\346\210\220\345\221\230.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\347\231\273\345\275\225.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\347\231\273\345\275\225.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..defa329929d065e39ef27fd7cf65d33117ed49f2 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\347\231\273\345\275\225.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\347\244\276\345\214\272\351\211\264\346\235\203.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\347\244\276\345\214\272\351\211\264\346\235\203.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..d1a665f670873ed8e9538c784a8d00afad8f1925 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\347\244\276\345\214\272\351\211\264\346\235\203.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5a393bed7116cc0c959398480c447e80ed35a257 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260\350\260\203\350\257\225.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260\350\260\203\350\257\225.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..3436e7bedd5cda5dad5e55966db94ba576e1b97f Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\347\273\223\345\257\271\345\244\215\347\216\260\350\260\203\350\257\225.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\347\274\226\346\216\222\347\233\256\346\240\207\346\265\201\346\260\264\347\272\277.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\347\274\226\346\216\222\347\233\256\346\240\207\346\265\201\346\260\264\347\272\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c4aae306bec750f9a3121bcfac2014846d9adeeb Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\347\274\226\346\216\222\347\233\256\346\240\207\346\265\201\346\260\264\347\272\277.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\350\256\276\347\275\256\346\265\201\346\260\264\347\272\277\346\235\203\351\231\220.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\350\256\276\347\275\256\346\265\201\346\260\264\347\272\277\346\235\203\351\231\220.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..c4d2f21e6051000969295c3011c22500a12daed2 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\350\256\276\347\275\256\346\265\201\346\260\264\347\272\277\346\235\203\351\231\220.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2771.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2771.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..e9d48f17fb05a5ed9966973e212fbea83081a2c5 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2771.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2772.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2772.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..4c00631e6d785cfca1493748a9f529f9b73c469a Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\346\265\201\346\260\264\347\272\2772.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\350\257\246\346\203\205.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..db831e2baa85e04f65a5ca9565885ef7fe2016ee Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\350\277\220\350\241\214\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\244\215\347\216\260\346\226\271\345\274\217.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\244\215\347\216\260\346\226\271\345\274\217.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..d746819f65486e9ba0f98250d95e926b6ea0aa6d Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\244\215\347\216\260\346\226\271\345\274\217.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\256\242\346\210\267\347\253\257.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\256\242\346\210\267\347\253\257.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..675f30fcf1dd480cf3e6a1f6202d4912596444fc Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\345\256\242\346\210\267\347\253\257.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\346\250\241\346\235\277.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\346\250\241\346\235\277.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..ebde36c2b8ae3f30aff0d9519208bc5b41651108 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\351\200\211\346\213\251\346\250\241\346\235\277.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\345\256\232\346\227\266\350\247\246\345\217\221\346\235\241\344\273\266.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\345\256\232\346\227\266\350\247\246\345\217\221\346\235\241\344\273\266.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..990d99a5ffa13bfdabdcd05ab73428eaca278e68 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\345\256\232\346\227\266\350\247\246\345\217\221\346\235\241\344\273\266.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\346\265\201\346\260\264\347\272\277\345\217\230\351\207\217.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\346\265\201\346\260\264\347\272\277\345\217\230\351\207\217.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5c58a5ada93c8260daf2ff4cbe5af4659b45badd Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\351\205\215\347\275\256\346\265\201\346\260\264\347\272\277\345\217\230\351\207\217.jpg" differ diff --git "a/docs/zh/tools/devops/eulerpipeline/image/\351\207\215\350\257\225\346\265\201\346\260\264\347\272\2771.jpg" "b/docs/zh/tools/devops/eulerpipeline/image/\351\207\215\350\257\225\346\265\201\346\260\264\347\272\2771.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..91cdb6a6b06855c1293602665080c41cebfba301 Binary files /dev/null and "b/docs/zh/tools/devops/eulerpipeline/image/\351\207\215\350\257\225\346\265\201\346\260\264\347\272\2771.jpg" differ diff --git a/docs/zh/tools/devops/eulerpipeline/kernel_ci_guide.md b/docs/zh/tools/devops/eulerpipeline/kernel_ci_guide.md new file mode 100644 index 0000000000000000000000000000000000000000..cfa73f5c828b135a99369f9d9b0a771876713d21 --- /dev/null +++ b/docs/zh/tools/devops/eulerpipeline/kernel_ci_guide.md @@ -0,0 +1,253 @@ +# kernel-ci + +本文介绍在 EulerPipeline 平台自动化流水线构建 kernel 软件包(包括源码仓与制品仓),验证启动、功能及性能 + +## 1 前置准备 + +- 注册并登录流水线公网 + + ```yaml + https://eulerpipeline.test.osinfra.cn/ + 注意:注册时Lab请选择集成双内核特性的环境(lab-new-z9) + ``` + +- 注册 EulerMaker 账号 + + ```yaml + https://eulermaker.compass-ci.openeuler.openatom.cn/ + 注意:注册时请选择openEuler社区账号 + ``` + +## 2 运行流水线 + +### 2.1 场景一:制品仓 kernel + +**手动运行** + +(1)新建流水线,选择流水线模板 + +```yaml +客户端:jmr-new-z9/lkp-tests +模板分类:持续集成 +模板名称:制品仓双内核测试 +``` + +![kernel-ci模板](./image/kernel-ci模板.png) + +(2)编排流水线 + +点击新建的流水线,进入 YAML 编排界面,填写必要信息,填写字段如下: + +```yaml +# 流水线名称,可自定义 +name: "kernel-ci-src-openEuler-manual" + +vars: + # 制品仓地址(注意:仓库名称需为kernel) + git_repo: + # 制品仓分支 + git_branch: + # 个人openEuler社区账号密码,用于接入EulerMaker + openeuler_account: + openeuler_password: + # mugen执行机用户名及密码 + username: + userpassword: + # 执行环境(20.03-LTS-SP4的os启动内存需大于等于16g) + os_version: + # 替换的内核地址(内核版本为4.19需删除kernel-headers.rpm的url) + kernel_rpms_url_aarch64: + kernel_rpms_url_x86_64: +``` + +![kernel-ci yaml编排](./image/kernel-ci_yaml编排.png) + +(3)保存并运行 + +**webhook 触发** + +(1)新建流水线,选择流水线模板 + +```yaml +客户端:jmr-new-z9/lkp-tests +模板分类:持续集成 +模板名称:制品仓双内核测试(webhook) +``` + +(2)编排流水线 + +点击新建的流水线,进入 YAML 编排界面,填写必要信息,填写字段如下,并配置 webhook(详见 FAQ): + +```yaml +# 流水线名称,可自定义 +name: "kernel-ci-src-openEuler-webhook" + +on: + # PR提交触发 + - type: webhook/pr + # 制品仓地址(注意:仓库名称需为kernel) + git_repo: + # 制品仓分支 + branch: + - + action: open + + # PR评论触发 + - type: webhook/note + # 制品仓地址(注意:仓库名称需为kernel) + git_repo: + # 制品仓分支 + branch: + - + notable_type: PullRequest + # 触发钩子(可自定义增减) + note: + - /retest + +vars: + # 个人openEuler社区账号密码,用于接入EulerMaker + openeuler_account: + openeuler_password: + # gitee令牌,用于评论门禁结果 + token: + # mugen执行机用户名及密码 + username: + userpassword: + # 执行环境(20.03-LTS-SP4的os启动内存需大于等于16g) + os_version: + # 替换的内核地址(内核版本为4.19需删除kernel-headers.rpm的url) + kernel_rpms_url_aarch64: + kernel_rpms_url_x86_64: +``` + +(3)保存,通过 webhook 触发运行 + +### 2.2 场景二:源码仓 kernel + +**手动运行** + +(1)新建流水线,选择流水线模板 + +```yaml +客户端:jmr-new-z9/lkp-tests +模板分类:持续集成 +模板名称:源码仓双内核测试 +``` + +(2)编排流水线 + +点击新建的流水线,进入 YAML 编排界面,填写必要信息,填写字段如下: + +```yaml +# 流水线名称,可自定义 +name: "kernel-ci-openEuler-manual" + +vars: + # 源码仓地址 + git_repo: + # 源码仓分支 + git_branch: + # mugen执行机用户名及密码 + username: + userpassword: + # 执行环境(20.03-LTS-SP4的os启动内存需大于等于16g) + os_version: + # 替换的内核地址(内核版本为4.19需删除kernel-headers.rpm的url) + kernel_rpms_url_aarch64: + kernel_rpms_url_x86_64: +``` + +(3)保存并运行 + +**webhook 触发** + +(1)新建流水线,选择流水线模板 + +```yaml +客户端:jmr-new-z9/lkp-tests +模板分类:持续集成 +模板名称:源码仓双内核测试(webhook) +``` + +(2)编排流水线 + +点击新建的流水线,进入YAML编排界面,填写必要信息,填写字段如下,并配置 webhook(详见 FAQ): + +```yaml +# 流水线名称,可自定义 +name: "kernel-ci-openEuler-webhook" + +on: + # PR提交触发 + - type: webhook/pr + # 源码仓地址 + git_repo: + # 源码仓分支 + branch: + - + action: open + + # PR评论触发 + - type: webhook/note + # 源码仓地址 + git_repo: + # 源码仓分支 + branch: + - + notable_type: PullRequest + # 触发钩子(可自定义增减) + note: + - /retest + +vars: + # gitee令牌,用于评论门禁结果 + token: + # mugen执行机用户名及密码 + username: + userpassword: + # 执行环境(20.03-LTS-SP4的os启动内存需大于等于16g) + os_version: + # 替换的内核地址(内核版本为4.19需删除kernel-headers.rpm的url) + kernel_rpms_url_aarch64: + kernel_rpms_url_x86_64: +``` + +(3)保存,通过 webhook 触发运行 + +## 3 查看结果 + +方式一:登录 new-z9,通过 job_id 查询 + +方式二:登录 new-z9 前端,通过 job_id 查询 + +方式三:webhook 反馈验证结果,点击 job_id + +![kernel-ci评论](./image/kernel-ci评论.png) + +## 4 FAQ + +**(1)webhook 触发条件设置** + +参考文档: + +[如何设置 webhook 触发条件](eulerpipeline_user_guide.md) + +**(2)webhook 流水线未触发** + +在 gitee 代码仓点击管理—WebHooks,查看请求结果,若请求失败,通过评论重新触发;若请求成功,检查流水线 yaml + +![webhook请求结果](./image/webhook请求结果.png) + +**(3)功能及性能测试套提交失败** + +错误详情同下图,即为缺少对应的 kernel 软件包 + +![kernel-ci错误详情](./image/kernel-ci错误详情.png) + +**(4)eulermaker-build-project 测试套运行失败** + +工程构建多个软件包,除 kernel 外其他软件包失败,不影响流水线后续运行 + +**(5)功能及性能测试套超时** + +替换内核启动失败 diff --git a/docs/zh/tools/devops/eulerpipeline/v1.0_grammar.md b/docs/zh/tools/devops/eulerpipeline/v1.0_grammar.md new file mode 100644 index 0000000000000000000000000000000000000000..0a1cbb62199a2c7c6b9b62b47687a72df59ac98d --- /dev/null +++ b/docs/zh/tools/devops/eulerpipeline/v1.0_grammar.md @@ -0,0 +1,1065 @@ +# 从零开始编写workflow.yaml + +workflow,即流水线,是一连串具备一定串并联关系的任务组合,描述一连串的任务之间存在的依赖关系、输入输出参数,以及整个流水线的触发条件。 + +不同版本具备不同的语法规则,从零编写和学会workflow的声明方法请详阅对应版本的文档,避免无法正常解析。 + +## 版本信息 + +| 版本 | v1.0 | +| -------- | ------------------------------------- | +| 维护者 | Ethan-Zhang() | +| 创建时间 | 2023-09-30 | +| 是否废弃 | 否 | + +## 1. 语法特性 + +流水线通过YAML描述,描述文件的YAML语法规则基于YAML 1.2版本,书写时需要基于YAML 1.2支持的书写方式进行书写。后文中提及的语法特性是描述的基于此之上的解析规则,不涉及YAML 1.2语法的说明。 + +> YAML(YAML Ain't Markup Language)是一种人类可读的数据序列化标准,它被广泛用于配置文件、数据交换语言、云计算等场景。YAML 1.2 是 YAML 的最新版本,于 2009 年发布。 +> +> 相比于之前的版本,做了一些重要的改进和修正,包括: +> +> - 更严格的类型转换规则,以避免一些常见的类型转换错误。 +> - 支持 JSON,即任何有效的 JSON 文件也是一个有效的 YAML 1.2 文件。 +> - 更好的 Unicode 支持。 +> +> YAML 1.2 的官方文档可以在以下链接找到:[YAML 1.2 官方文档](http://yaml.org/spec/1.2/spec.html)。这份文档详细地描述了 YAML 1.2 的所有特性和语法规则。 + +### 1.0. 编码风格 + +- 键命名风格 + + 为使流水线描述文档风格统一,建议所有的键命名均采用"lower_case"的命名方式,尽量不使用大写字符,如下示例: + + ```yaml + this_is_a_key: value + jobs.this_is_a_job: job + ``` + + 注意:命名风格不等于命名规则,如果不遵循建议的键命名风格并不会出现错误。 + +- 一级key声明风格 + + 一级key的含义为整个YAML文档的第一级键,虽然第一级键无论以何种顺序排列不会影响解析结果,但基于统一风格的出发点考虑,建议用户按照如下顺序对一级key进行排列,且一级key之间通过一行空行间隔,如下示例: + + ```yaml + # 版本声明,可以不存在 + version: + + # 流水线命名 + name: + + # 流水线触发设置,可以不存在 + on: + + # 流水线变量,可以不存在 + vars: + + # 流水线额外事件声明,可以不存在 + events.xxx: + + # 流水线job声明,至少需要声明一个job + jobs.xxx: + + # 流水线控制流说明 + sequence: + xxx: + ``` + + 对于本版本流水线语法而言,一级key仅识别上述6类关键字,在这七种关键字之外的一级key将被忽略。如果某个关键字不存在,比如vars,剩余关键字建议仍保持上述先后顺序排列。 + + 对于关键字的含义和详细语法说明见后文。 + +- 每行文本长度 + + 为了保持良好的可读性,建议每行文本长度不要超过**80**个字符。这是一种常见的编程规范,可以使代码在大多数编辑器和终端中看起来更清晰。但这并不是强制性的规定,根据实际情况和个人习惯,可以适当调整。 + + 对于长文本,可以利用YAML的特性转行声明,如下示例: + + ```yaml + # 通过"|"语法保留换行符"\n" + key: | + this is a long long story, + you could learn it step by step. + # key = "this is a long long story,\nyou could learn it step by step." + + # 通过"|+"语法保留所有换行符"\n" + key: |+ + this is a long long story, + you could learn it step by step. + + + # key = "this is a long long story,\nyou could learn it step by step.\n\n\n" + + # 通过"|-"语法,去除末尾换行符"\n" + key: |- + this is a long long story, + you could learn it step by step. + + + # key = "this is a long long story,\nyou could learn it step by step." + + # 通过">"语法,虽然内容书写存在换行,但解析后的内容去除换行,以空格代替 + key: > + https://repo1/ + https://repo2/ + # key = "https://repo1/ https://repo2" + ``` + + 更多的说明请参考YAML1.2官方文档(见 **章节1. 语法特性** 开头) + +### 1.1. 基本声明 + +基本声明包含**version**与**name**两个一级key,前者用以锚定语法解析版本,后者用以标识流水线名称。 + +#### 1.1.1. 语法版本声明 + +workflow支持多版本语法解析,对于不声明version的workflow而言,采用默认版本语法(v1.0)进行解析。 +声明版本通过关键字version定义: + +```yaml +# 一般情况下,version会被声明在workflow.yaml的顶部 +# 但version的位置并不会影响解析,确保version并非嵌套于其他key下即可 + +version: v1.0 +``` + +根据声明的version的不同,请查阅不同版本的语法特性介绍。 + +#### 1.1.2. 流水线命名 + +无论在什么版本,workflow的名字均由name字段定义。流水线的名字不要求唯一,可以是任意**字符串**。 + +name为一定需要定义的key,如果流水线yaml中缺少这个key解析器将不予通过。 + +```yaml +version: v1.0 + +name: my workflow +``` + +### 1.2. 触发条件定义 + +#### 1.2.1. workflow支持三种触发方式 + +- 手动触发: 基本的触发方式,不传递触发事件数据的方式,触发后将提交所有不存在依赖的任务 +- 定时触发: 周期性自动触发方式,通过设定时间条件,系统自动触发。 +- webhook触发: git仓库配置服务的webhook回调地址等信息,通过webhook回调请求自动触发。 + + 定时触发和webhook触发方式通过关键字"on"定义,如果不需要这两种触发方式,on可以不声明。 + + 示例: + +```yaml + version: v1.1 + + name: workflow + + on: + # webhook触发事件定义 + - type: webhook/pr + git_repo: https://gitee.com/openeuler/radiaTest.git + branch: master + # 定时触发事件定义 + - type: cron + crontab: 0 15 10 ? * MON-FRI + + other_keys: other_values +``` + +#### 1.2.2. webhook触发 + + webhook事件分为webhook/pr,webhook/push,webhook/note,webhook/issue四种类型。 + +- PullRequest类事件 + + 声明的事件键值对必须包含type(webhook/pr),git_repo(仓库地址),branch(仓库分支),action(场景,共8类) + + 即当对应的仓库分支存在PullRequest相关事件时,均会触发此流水线,包括新建PR/删除PR/合入PR/...等事件。 + + 如果需要对PR事件进行更细致的筛选,用户可以指定action进行过滤。 + +- Push类事件 + + 声明的事件键值对必须包含type(webhook/push),git_repo(仓库地址),branch(仓库分支) + + 即当对应的仓库分支被推送更新后,均会触发此流水线。 + +- 评论类事件 + + 声明的事件键值对必须包含type(webhook/note),git_repo(仓库地址),branch(仓库分支,仅支持PullRequest场景存在),notable_type(评论主体),notes(评论钩子) + + 即当对应的仓库分支的指定被评论主体(如PullRequest作为被评论主体)并且评论内容能够匹配评论钩子时,会触发此流水线。 + +- Issue类事件 + + 声明的事件键值对必须包含type(webhook/issue),git_repo(仓库地址),state(问题单状态) + + 即当对应的仓库分支存在Issue相关事件时,均会触发此流水线,包括新建issue/删除issue/...等事件。 + + state提供了对issue的场景细分能力,通过配置状态可以拆分不同场景。 + + webhook事件的声明支持矩阵式声明方式,从而帮助减少重复描述,如下所示: + +```yaml +on: + - type: webhook/note + git_repo: https://gitee.com/openeuler/radiaTest.git + branch: + - master + - dev + - test + notable_type: + - PullRequest + notes: + - /retry + - /retest +``` + +这个例子意味着多个分支下的PullReques被评论了"/retry"或"/retest"都会触发此流水线 + +以上关于webhook讲解较为粗略,建议阅读更详细的webhook配置文档,以便更好的使用: + + + +特别说明: 如果不仅仅需要触发,还需要在流水线中引用(该特性将在后文详述)触发事件中的字段,建议编辑者通过查阅不同git仓库的webhook文档了解。 + +1. Gitee: + +2. Github: + +3. Gitlab: + +#### 1.2.3. 定时触发事件 + + 当配置的触发事件type字段为[cron,interval,date]值时,说明该事件为定时事件,对于某一个定时任务,type仅可为其中某一个取值,以下为简单示例: + +```yaml +on: + - type: cron + crontab: 0 15 10 ? * MON-FRI + - type: interval + seconds: 60 + - type: date + run_date: 2024-01-01 00:00:00 + - type: date + run_date: 164900500 +``` + +以上配置,意味着时间满足任意一个场景时,流水线被执行。 + +关于三种类型的定时参数,参看以下官方文档配置即可: + + + + + + + +### 1.3. 流水线全局变量定义 + +流水线的全局变量通过vars字段声明,当前版本支持字符串、数组、对象(字典/哈希表)三种格式。 + +```yaml +version: v1.0 + +name: workflow + +vars: + # 字符串 + varA: string + # 数组 + varB: + - elementA + - elementB + # 对象(支持多级结构嵌套) + varC: + keyA: valueA + # 嵌套数组 + keyB: + - valueB1 + - valueB2 + # 嵌套对象 + keyC: + keyC1: +``` + +流水线变量定义的目的在于定义整个流水线可以利用的若干变量(常量),定义后的变量可以被流水线任意阶段任务引用,从而避免每个任务对于该变量的重复冗余声明。 + +举例而言,假设某个流水线的10个任务均需要上述案例的varB变量作为Input(输入/入参),则只需要引用varB赋予给对应参数即可。 + +具体的引用方式详见后文对于引用语法的介绍。 + +如果一个流水线不需要定义任何流水线变量时,vars关键字可以不存在: + +```yaml +version: v1.0 + +name: workflow + +other_keys: other_values +``` + +### 1.4. 额外事件声明 + +如果流水线内部的某个任务除了依赖于前置的任务外,还实际依赖于额外的webhook事件,或者依赖于一些额外的事件,则需要对这些额外的事件进行预声明。 + +用户通过events.xxx模式的key进行额外事件的声明,"xxx"为额外事件的命名。 + +**注意:**大多数情况下,用户不需要定义额外事件。额外事件不支持定时以及手动事件声明。 + +#### 1.4.1. webhook事件 + +当定义额外webhook事件时,该事件需求定义的key-values与上文流水线触发设置中介绍的一致,如下示例: + +```yaml +version: v1.0 + +name: workflow + +vars: + +events.eventA: + type: webhook/pr + git_repo: https://gitee.com/openeuler/repository.git + branch: + - master + - dev +``` + +#### 1.4.2. job事件 + +除了webhook事件外,额外事件可以定义一种新的事件类型,即job类型事件。job类型事件分为stage和step两个子类,如下示例: + +```yaml +version: v1.0 + +name: workflow + +vars: + +# 额外事件A - jobA进入boot阶段 +events.eventA: + type: job/stage + job: jobA + job_stage: boot + +# 额外事件B - jobA进入名为testcase001的步骤 +events.eventB: + type: job/step + job: jobA + job_step: testcase001 + +# 额外事件C - jobA进入finish阶段且incomplete +events.eventC: + type: job/stage + job: jobA + job_stage: finish + job_health: incomplete +``` + +job类型的事件除了type和job必填外,其他字段可以根据需求从job类型事件的全集keys中选取(job_stage/job_health/job_step/nickname)。 + +定义后的job类型事件如何使用见后文任务定义和控制流声明章节。 + +### 1.5. 任务定义 + +#### 1.5.1. 基础概念 + +对于所有流水线涉及的任务,都需要通过jobs.xxx模式的一级key进行一次声明,主要目的为定义任务的Input(输入/入参),且每个被声明job的value均要求为对象(字典/哈希表)格式(或者为空)。 + +jobs.xxx类关键字常见的两种二级关键字为**defaults**和**overrides**,这两个二级key可以不声明,但如果具备value,则value必须为对象(字典/哈希表)格式,用以声明待提交的job即为模板所具备的所有参数。 + +如下所示: + +```yaml +name: workflow + +vars: + +# 空value的job缺省声明 +jobs.jobA: + +# 空defaults value, 空overrides value声明 +jobs.jobB: + defaults: + overrides: + +# 缺省defaults,overrides非空声明 +jobs.jobB: + overrides: + # 字符串 + keyA: valueA + # 数组 + keyB: + - valueB1 + - valueB2 + # 对象(支持多级嵌套) + keyC: + keyC1: valueC1 + keyC2: + - valueC2 +``` + +除了嵌套的声明方式,流水线语法支持扁平化的方式减少声明的难度,如下示例: + +```yaml +jobs.jobB: + overrides: + keyC.keyC1: valueC1 + +# 等价于 +jobs.jobB: + overrides: + keyC: + keyC1: valueC1 +``` + +**注意:**这种等价仅于defaults和overrides下有效。 + +defaults和overrides意义如字面含义所示,defaults中定义的key-values如果原job中存在对应key,则以原job中的value为实际提交value;overrides中定义的key-values将无条件覆盖到原job的值提交。 + +对于job的概念,以及原job.yaml的内容,建议查阅compass-ci/lkp-tests的文档进行了解: + +1. 如何向compass-ci/lkp-tests新增job: +2. job的定义: +3. job示例: + +#### 1.5.2. 任务别名定义 + +通常情况下,jobs.xxx模式中xxx即为被声明的job名,如如果计划声明一个ltp-bm的任务,则声明jobs.ltp-bm。但在某些流水线中,可能同一个任务需要运行多次,且任务实际的入参并不相同,因此设计多次声明的可能。在这种情况下,则需要利用"别名"语法特性。 + +别名的声明方式如下示例: + +```yaml +jobs.ltp-bm:first-ltp-bm: + +jobs.ltp-bm:second-ltp-bm: +``` + +这两个被声明的任务实际指向的都是ltp-bm这同一个job,但是因为别名所以流水线会将其看作两个不同的个体。 + +#### 1.5.3. 额外事件依赖声明 + +除了defaults和overrides两种常用的二级keys外,jobs.xxx还支持声明depends字段,本字段用以声明额外依赖(额外事件,即上文**章节1.3**内容的应用) + +```yaml +events.eventA: + xxx: xxx + +events.eventC: + xxx: xxx + +jobs.jobA: + defaults: + default_keyA: valueA + overrides: + override_keyB: valueB + depends: + # 额外依赖于上文中通过events.eventA声明的事件 + # 只需要写key:的形式,不需要填value,填了也会被忽略 + eventA: + # 且额外依赖于上文中通过events.eventC声明的事件 + eventC: +``` + +对于jobA而言,depends字段相当于定义了若干AND逻辑关系的额外依赖,当且仅当所有依赖的事件均发生后jobA才会被提交执行。 + +当depends不声明的时候,jobA的依赖仅取决于其处于控制流的位置(详见后文控制流声明),否则为控制流依赖于额外依赖的逻辑与结果。 + +```yaml +submit_jobA = [jobA's depends parsed from controlflow] AND [jobA's depends defined from 'depends'] +``` + +### 1.6. 控制流声明 + +#### 1.6.1. 基础特性 + +流水线任务的串并行结构通过控制流声明对已通过一级key”jobs.xxx“预声明的各个任务进行编排,通过一级key“sequence”定义,如下所示: + +```yaml +version: v1.0 + +name: workflow + +# jobA:first进入boot阶段 +events.eventA: + type: job/stage + job: jobA + nickname: first + job_stage: boot + +# 定义别名为first的jobA +jobs.jobA:first: + overrides: + +jobs.jobB: + overrides: + # 额外依赖于"jobA:first进入boot阶段"事件 + depends: + eventA: + +# 控制流声明 +sequence: + # 声明并行子结构 + parallel: + # jobA:first和jobB并行 + jobA:first: + jobB: +``` + +控制流声明中,存在sequence、parallel、matrix三种关键字,除了关键字外,所有key都会被认作对已预声明的job的引用。对于所有job的引用,需要确保引用的job全称(包含别名)在流水线一级key中存在(以jobs.xxx预声明)。如果sequence中引用了jobA,但流水线一级key中缺少jobs.jobA这个key,解析器将不会给予通过。 + +**注意:**控制流声明的根(一级key)必须为sequence。 + +- 关键字sequence + + sequence意在声明一个串行结构,在sequence下的所有key将被解析为按声明顺序(从上到下)排列的一连串成员,每一个成员必然依赖于其上面一个的成员。 + + ```yaml + sequence: |---------| |---------| + jobA: = | jobA | =========> | jobB | + jobB: |---------| |---------| + ``` + + sequence和job一样,可以通过sequence:xxx:的方式定义别名,该别名仅在一级串行子结构中存在实际意义,非一级子结构的别名仅起标识作用,具体参考下文stage声明说明。 + + ```yaml + # 根sequence,不可添加别名,为控制流声明关键字 + sequence: + # 一级串行子结构,别名为seqA + sequence:seqA: + # 二级串行子结构,别名为seqB + sequence:seqB: + ``` + + 如上所示,sequence的key并不一定只能是job,当sequence内部的key同样是sequence时,意味着串行结构的嵌套。当然,对于纯sequence的嵌套是不具备实际意义的,仅为分组标识,单纯的串行嵌套相当于没有嵌套。 + + ```yaml + sequence: < - - - - - seqA - - - - - - > + sequence:seqA: |---------| |---------| |---------| + jobA: = | jobA | =========> | jobB | =========> | jobC | + jobB: |---------| |---------| |---------| + jobC: + ``` + +- 关键字parallel + + parallel意在声明一个并行结构,在parallel下的所有key将被解析为并列的若干成员,每一个成员都依赖于整个parallel都前置依赖,互相之间不存在控制流定义的依赖关系(可以存在通过depends额外声明的依赖,额外跳线依赖不被控制流声明控制) + + ```yaml + ___________|___________ + sequence: | | + parallel: |---------| |---------| + jobA: = | jobA | | jobB | + jobB: |---------| |---------| + |______________________| + | + ``` + + 注意,parallel一定不可以声明在workflow.yaml的一级key,对于控制流声明而言,根key一定是sequence。 + + 和sequence一致,parallel也可以以parallel:xxx:的方式定义别名,该别名同样仅在一级并行子结构中存在实际含义,非一级子结构的别名仅起标识作用,具体参考下文stage声明说明。 + + 同理,单纯的并行嵌套相当于没有嵌套,如下示例,等价于jobA、jobB、jobC三者并行。 + + ```yaml + ___ _________________|_______________ + sequence: | | _________|__________ ___ + parallel:prlA: | |---------| |----|----| |----|----| | + jobA: = prlA | jobA | | jobB | | jobC | prlB + parallel:prlB: | |---------| |----|----| |----|----| | + jobB: | | |__________________| _|_ + jobC: _|_ |_______________________________| + | + ``` + +#### 1.6.2. job的补充声明 + +由上文可知,job无论是defaults、overrides还是depends的声明,可以声明在jobs.xxx这个key之下,这也是比较推荐的用法。但其实在控制流声明中,用户可以对job进行补充声明,补充的声明将深层update到预定义的job声明中,如下所示: + +```yaml +name: workflow + +jobs.jobA: + defaults: + keyA: valueA + overrides: + keyB: + keyB1: valueB1 + keyB2: + keyB21: valueB21 + +sequence: + jobA: + overrides: + # 与上文中jobs下的overrides特性相同 + # 采用keyB.keyB2.keyB21和keyB.keyB2.keyB22为key,即 + # keyB.keyB2.keyB21: valueB21_new + # keyB.keyB2.keyB22: valueB22 + # 与下述声明方式等价 + keyB: + keyB2: + keyB21: valueB21_new + keyB22: valueB22 +``` + +在这个例子中,sequence中将jobA的预定义的overrides下的keyB21重新定义为valueB2_new,且在keyB2下新创建了一个keyB22的键值对。 + +补充声明特性以对象(字典/哈希表)的递归update实现,一定为控制流中的定义覆写jobs的预定义。 + +### 1.7. 流水线阶段(stage)声明 + +在**章节1.6. 控制流声明**中有提及,无论是sequence还是parallel分别可以通过sequence:xxx:和parallel:xxx:的形式声明别名。流水线web服务将基于下述规则划分控制流的不同阶段,规则如下所示: + +```yaml +1. 当且仅当sequence和parallel为根sequence下的一级结构时,其别名等同于阶段名。 +2. 当根sequence下存在job名时(非sequence也非parallel),该job以自身job的别名作为阶段名(若无别名则以job名)独立被识别为一个阶段。 +3. 阶段存在向后包裹的特点,直到下一个有效阶段声明前,所有结构属于同一个阶段。 +3. 沿着根sequence向下检索,在遇到第一个有效的stage命名之前,所有的结构均属于“未命名”阶段。 +sequence: + 阶段(stage) + parallel: ——| + job0: > 未命名 + job1: ——| + + job2:build-job: —— > build-job + + jobA: ——| + sequence: > jobA + jobB: ——| + + parallel:prlA: ——| + jobC: | + jobD: | + sequence:seqB: > prlA + jobE: | + jobF: ——| + + sequence:seqC: —— > seqC + jobG: ——| +``` + +p.s. 阶段仅会影响web端的渲染,控制流的实际意义不依赖于阶段的定义,换而言之,如果不考虑可视化的便利性,可以不对阶段命名深究。 + +### 1.8. Matrix语法特性 + +#### 1.8.1. 基本概念 + +用户可以在控制流**串行结构的任意位置**可以插入一个matrix关键字,用以混入(Mixin)局部的矩阵(参数组合),从而改变后续任务的上下文(Context)。 + +matrix关键字同样可以声明别名,用以避免对象(字典/哈希表)的重key异常,但除了区别外没有实际意义。 + +**注意:** matrix不能直接声明在parallel关键字下,只能声明在sequence关键字下。 + +matrix的声明结构一定为如下格式: + +```yaml +sequence: + matrix: + paramA: + - valueA1 + - valueA2 + - valueAn + paramB: + - valueB1 + - valueB2 +``` + +即,matrix是一个对象(字典/哈希表),且所有一级value均为数组(列表)。 + +上述例子中matrix的含义为,对所处位置的流水线上下文混入矩阵,其中paramA有三种可能的取值,paramB有两种可能的取值,即共3*2共6种取值组合。 + +```yaml +matrix: _ + paramA: | 1. paramA = valueA1; paramB = valueB1 + - valueA1 | 2. paramA = valueA1; paramB = valueB2 + - valueA2 | 3. paramA = valueA2; paramB = valueB1 + - valueAn => { 4. paramA = valueA2; paramB = valueB2 + paramB: | 5. paramA = valueAn; paramB = valueB1 + - valueB1 |_ 6. paramA = valueAn; paramB = valueB2 + - valueB2 +``` + +当流水线上下文混入(Mixin)一个局部的矩阵后,流水线的上下文将会根据参数取值组合的种数裂解成多个“分支”,每一个“分支”的上下文依据其中一种取值组合。当这个分支之后的任务直接引用上下文中的paramA时,会根据当前上下文的paramA取值,后续任务的驱动也会与其他”分支“独立。 + +举例而言: + +```yaml +sequence: + jobA: + parallel: + jobB: + sequence: + matrix: + arch: + - aarch64 + - x86_64 + jobC: + jobD: +``` + +根据 **章节1.5. 控制流声明** 的介绍,不难看出,这个描述声明的结构如下: + +```yaml + ________ + | | + |-------| jobB |----------------------------| + | |________| | + ________ | | ________ + | | | | | | +-------| jobA |-------| |-------| jobD |--------> + |________| | | |________| + | ________ | + | / \ | | | + |-------| matrix |-------| jobC |---------| + \ / |________| + 1. arch = aarch64; + 2. arch = x86_64 +``` + +对于jobA和jobB,如果他们在被提交的时候引用“当前上下文”(所谓当前为被提交的时间点)中的arch变量,他们将取不到任何值。 + +p.s. 关于引用的概念详见**章节1.6.** + +而对于jobC和jobD而言,他们实际上被裂解到了并行的两个“分支”上,其中一个分支上下文中的arch是aarch64而另一个分支上的arch是x86_64,即上述控制流结构等价于: + +```yaml +1. arch = aarch64; + ________ + | | + |----------| jobB |---------| + | |________| | + ________ | | ________ + | | | | | | +-------| jobA |-------| |-------| jobD |--------> + |________| | | |________| + | ________ | aarch64 + | | | | + |----------| jobC |---------| + |________| + aarch64 + +2. arch = x86_64 + ________ + | | + |----------| jobB |---------| + | |________| | + ________ | | ________ + | | | | | | +-------| jobA |-------| |-------| jobD |--------> + |________| | | |________| + | ________ | x86_64 + | | | | + |----------| jobC |---------| + |________| + x86_64 +``` + +这两个矩阵参数组合“分支”共享jobA和jobB的前置依赖,但aarch64的jobD只会依赖于aarch64的jobC,即各分支依赖独立。 + +这样避免了在很多场景下的相同结构的重复声明。 + +#### 1.8.2. 矩阵x矩阵 + +流水线控制流支持多matrix在不同位置声明,在这种情况下,下文矩阵受到上文矩阵影响,下文矩阵实际为上下文矩阵相乘的结果,如下示例: + +```yaml +sequence: + matrix:m1: + os: + - openeuler + os_version: + - 20.03 + - 22.03-LTS + jobA: + matrix:m2: + arch: + - aarch64 + - x86_64 + jobB: +``` + +对于这个例子而言,jobA共有两种上下文分支,而jobB共有4种,如下所示: + +```yaml + ________ ________ + | | | | +--------------| jobA |-----------------------------------------| jobB |-----------------------> + |________| |________| + 1. os=openeuler; os_version=20.03 1. os=openeuler;os_version=20.03;arch=aarch64; + 2. os=openeuler; os_version=22.03-LTS 2. os=openeuler;os_version=20.03;arch=x86_64; + 3. os=openeuler;os_version=22.03-LTS;arch=aarch64; + 4. os=openeuler;os_version=22.03-LTS;x86_64; +``` + +因此对于声明此例控制流的关于jobA和jobB的流水线,实际jobA将会被提交两次,jobB将会被提交4次,jobB的1和2分支依赖于jobA的1分支,jobB的3和4分支依赖于jobA的2分支,jobB的最终参数组合即jobA之前声明的matrix与jobB之前的matrix相乘的结果。 + +#### 1.8.3. excludes语法特性 + +matrix支持通过excludes声明排除特定的组合,如下所示: + +```yaml +sequence: + matrix: + os: + - openeuler + - centos + os_version: + - "20.03" + - 7 + excludes: + # 下述两种描述形式均可支持 + - {"os": "openeuler", "os_version": "7"} + - os: centos + os_version: "20.03" +``` + +此声明方式意为此矩阵只存在两种参数组合,即 ”os=openeuler;os_version=20.03“ 和 “os=centos;os_version=7”。 + +#### 1.8.4. 参数组合语法糖 + +同时,matrix具备一种简化excludes声明的语法糖"|",以上述样例可以改写为: + +```yaml +sequence: + matrix: + os|os_version: + - openeuler | 20.03 #有无空格或者制表符均支持 + - centos | 7 #推荐以制表符分隔,这样的声明较为直观 +``` + +### 1.9. "引用"表达式声明 + +#### 1.9.1. 基本概念 + +对于一条正在运作的流水线而言,其上下文是动态的,每执行完成一个任务,每感知到一个有效事件,“当前”上下文都会发生变化。 + +流水线运行上下文(Context)由六个固定的namespace组成: + +- vars,流水线变量空间(流水线静态变量全集) +- event,事件空间(事件数据全集) +- jobs,任务空间(前置已完成的任务数据) +- matrix,矩阵空间(当前矩阵参数组合分支的参数集合) +- depends,未满足的依赖事件清单(此namespace一般不会被引用) +- fulfilled,已履行的依赖事件清单(此namespace一般不会被引用) + +流水线不仅仅支持对定量的声明,流水线具备“引用”的语法特性,可以对“当前上下文”的变量进行引用,以及进行字符串拼接和python表达式运算。 + +“引用”由模式 ${{ xxxx }} 识别,通过"."的方式获取不同namespace下的所有value,支持下述两种使用方式: + +- 字符串拼接引用 + + ```yaml + # 取vars空间中的varA变量的值,并且与vars空间中的varB变量的值,最后通过"-"拼接 + key: ${{ vars.varA }}-${{ vars.varB }} + # 取当前矩阵参数组合的os、os_version、arch拼接命名 + project_name: my_project:${{ matrix.os }}:${{ matrix.os_version }}:${{ matrix.arch }} + ``` + + 对于这种拼接引用的方式,需要用户确保引用变量的值一定是字符串。如果实际的值不为字符串或者无法转换为字符串,那么采用这种引用声明的job很可能无法正常提交。 + +- 单引用 + + 单引用的情况下,引用表达式的结果可以为字符串、数字、数组(列表)或者哈希表(字典),不受类型影响。 + + ```yaml + # 取vars空间中的数组arrayA,作为key的值 + key: ${{ vars.arrayA }} + # 取前置已完成的jobA的输出result.arrayB,作为key的值 + key: ${{ jobs.jobA.result.arrayB }} + ``` + +**注意:**引用特性仅支持在defaults和overrides下使用,即jobs.xxx下的defaults和overrides或者sequence下某个job的defaults和overrides。后续演进的语法版本中将加入"在matrix中引用vars变量"的支持。 + +#### 1.9.2. python语法支持 + +对于任意引用内部而言,在引用的变量被实际的值替换后,替换后的内容将会被当作python表达式运行,如下示例: + +```yaml +# 取多个不同namespace的变量进行数值运算 +key: ${{ vars.numA + jobs.jobA.result.success_num }} + +# 调用python datetime模块,获取年月日并拼接字符串 +project_name: ${{ vars.my_name }}-${{ datetime.datetime.now().year }}-{{ datetime.datetime.now().month }}-${{ datetime.datetime.now().day }} + +# 调用字符串处理方法,对字符串进行大小写转换,split等操作 +key: ${{ vars.stringA.lower() }} +key: ${{ vars.stringA.split(':') }} + +# 单纯通过python表达式计算数值,不对变量进行引用,如计算一天一共有多少秒 +key: ${{ 24*60*60 }} +``` + +支持的非内置Python模块: + +| 模块名 | 作用 | 官方文档链接 | +| -------- | ---------------------- | ----------------------------------------------- | +| re | 提供正则表达式匹配操作 | | +| math | 提供数学运算函数 | | +| time | 提供时间相关函数 | | +| datetime | 提供日期和时间处理函数 | | + +支持的安全内置Python模块: + +| 类型 | 模块名 | +| ------------ | ------------------------------------------------------------ | +| 数据类型 | object, bool, int, float, complex, str, bytes, bytearray, tuple, list, set, frozenset, dict | +| 数学运算 | abs, round, pow, divmod | +| 迭代器 | iter, next | +| 集合操作 | len, sum, min, max, all, any, map, filter, zip, enumerate, sorted, reversed | +| 数字转换 | bin, hex, oct | +| 字符串格式化 | ascii, repr, chr, ord, format | +| 变量和内存 | dir, locals, globals, id, hash | +| 类型检查 | isinstance, issubclass, callable | + +### 1.10. 特殊语法 + +#### 1.10.1. 具有特殊含义配置项的变量 + +**group_sync_exec_id: 1** + +字段说明:当前变量值为1时,表明每次运行流水线会同步workflow_exec.id的值给group_id这个变量,这个配置项必须在group_id变>量存在的时候才起作用,不然只是一个普通变量 + +```yaml +vars: + # 当前流水线编号 + group_id: workflow_exec.200005545959096344 + group_sync_exec_id: 1 +``` + +## 2. workflow.yaml完整示例 + +以下是一个完整的workflow.yaml文件示例: + +```yaml +# 语法版本声明 +version: v1.0 + +# 流水线命名 +name: 每日构建 + +# 触发设置 +on: + # 设定定时触发事件,每天00:00触发 + - type: cron + week_day: + - Monday + - Tuesday + - Wednesday + - Thursday + - Friday + - Saturday + - Sunday + time: 00:00 + start_date: 2023-10-18 + +# 流水线变量设置 +vars: + eulermaker_account: account + eulermaker_password: passwd + os: os + os_version: version + +# 任务声明 +jobs.eulermaker-build-project:everything: + overrides: + project_name: ${{ vars.os }}-${{ vars.os_version }}:everything + build_type: full + build_arch: ${{ matrix.arch }} + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + testbox: vm-2p8g + +jobs.eulermaker-build-project:epol: + overrides: + project_name: ${{ vars.os }}-${{ vars.os_version }}:epol + build_type: full + build_arch: ${{ matrix.arch }} + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + testbox: vm-2p8g + +jobs.eulermaker-create-image: + overrides: + image_project_params: + pipeline_info: + pipeline_name: ${{ vars.os }}-${{ vars.os_version }}-${{ datetime.datetime.now().year }}-${{ datetime.datetime.now().month }}-${{ datetime.datetime.now().day }}-1 + group: dailybuild + category: standard + scene: cloud + image_format: qcow2 + arch: ${{ matrix.arch }} + image_config: + release_image_config: + repo_url: > + http://xxxxx/ + http://xxxx/ + http://xxx/ + http://xxxxxx/ + product: ${{ vars.os.lower() }} + version: ${{ vars.os_version }}-${{ datetime.datetime.now().year }}-${{ datetime.datetime.now().month }}-${{ datetime.datetime.now().day }} + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + testbox: vm-2p8g + +jobs.eulermaker-build-image: + overrides: + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + pipeline_id: ${{ jobs.eulermaker-create-image.result.id }} + testbox: vm-2p8g + runtime: ${{ 24*60*60 }} + +jobs.qcow2rootfs: + overrides: + qcow2rootfs.qcow2_os: ${{ jobs.eulermaker-build-image.result.product }} + qcow2rootfs.qcow2_arch: ${{ matrix.arch }} + qcow2rootfs.qcow2_version: ${{ jobs.eulermaker-build-image.result.version }} + qcow2rootfs.qcow2_url: ${{ jobs.eulermaker-build-image.result.image_link }} + qcow2rootfs.rootfs_protocol: nfs + qcow2rootfs.rootfs_server: "172.168.131.2" + qcow2rootfs.rootfs_path: os-rw + testbox: vm-2p32g + +jobs.mugen-smoke-baseinfo: + overrides: + os: ${{ jobs.qcow2rootfs.result.os }} + os_version: ${{ jobs.qcow2rootfs.result.version }} + os_mount: nfs + arch: ${{ jobs.qcow2rootfs.result.arch }} + testbox: vm-2p8g + +jobs.mugen-smoke-basic-os: + overrides: + os: ${{ jobs.qcow2rootfs.result.os }} + os_version: ${{ jobs.qcow2rootfs.result.version }} + os_mount: nfs + arch: ${{ jobs.qcow2rootfs.result.arch }} + testbox: vm-2p8g + +# 控制流声明 +sequence: + # 矩阵声明 + matrix: + arch: + - aarch64 + - x86_64 + # 并行子结构声明 + parallel:build: + eulermaker-build-project:everything: + eulermaker-build-project:epol: + # 串行子结构声明 + sequence:create-image: + eulermaker-create-image: + eulermaker-build-image: + qcow2rootfs: + parallel:AT: + mugen-smoke-baseinfo: + mugen-smoke-basic-os: +``` diff --git a/docs/zh/tools/devops/eulerpipeline/v1.1_grammar.md b/docs/zh/tools/devops/eulerpipeline/v1.1_grammar.md new file mode 100644 index 0000000000000000000000000000000000000000..354fca5b785e887d8233ffebc67baa3d06f248ad --- /dev/null +++ b/docs/zh/tools/devops/eulerpipeline/v1.1_grammar.md @@ -0,0 +1,1270 @@ +# V1.1语法说明文档 + +workflow,即流水线,是一连串具备一定串并联关系的任务组合,描述一连串的任务之间存在的依赖关系、输入输出参数,以及整个流水线的触发条件。 + +不同版本具备不同的语法规则,从零编写和学会workflow的声明方法请详阅对应版本的文档,避免无法正常解析。 + +## 版本信息 + +| 版本 | v1.1 | +| --- | --- | +| 维护者 | wanglin | +| 创建时间 | 2024-01-03 | +| 是否废弃 | 否 | + +## 1. 语法特性 + +流水线通过YAML描述,描述文件的YAML语法规则基于YAML 1.2版本,书写时需要基于YAML 1.2支持的书写方式进行书写。后文中提及的语法特性是描述的基于此之上的解析规则,不涉及YAML 1.2语法的说明。 + +> YAML(YAML Ain't Markup Language)是一种人类可读的数据序列化标准,它被广泛用于配置文件、数据交换语言、云计算等场景。YAML 1.2 是 YAML 的最新版本,于 2009 年发布。 +> +> 相比于之前的版本,做了一些重要的改进和修正,包括: +> +> - 更严格的类型转换规则,以避免一些常见的类型转换错误。 +> - 支持 JSON,即任何有效的 JSON 文件也是一个有效的 YAML 1.2 文件。 +> - 更好的 Unicode 支持。 +> +> YAML 1.2 的官方文档可以在以下链接找到:[YAML 1.2 官方文档](http://yaml.org/spec/1.2/spec.html)。这份文档详细地描述了 YAML 1.2 的所有特性和语法规则。 + +### 1.0. 编码风格 + +- 键命名风格 + + 为使流水线描述文档风格统一,建议所有的键命名均采用"lower_case"的命名方式,尽量不使用大写字符,如下示例: + + ```yaml + this_is_a_key: value + jobs.this_is_a_job: job + ``` + + 注意:命名风格不等于命名规则,如果不遵循建议的键命名风格并不会出现错误。 + +- 一级key声明风格 + + 一级key的含义为整个YAML文档的第一级键,虽然第一级键无论以何种顺序排列不会影响解析结果,但基于统一风格的出发点考虑,建议用户按照如下顺序对一级key进行排列,且一级key之间通过一行空行间隔,如下示例: + + ```yaml + # 版本声明,可以不存在,则默认使用v1.0语法解析 + version: v1.1 + + # 流水线命名,必填 + name: + + # 流水线触发设置,可以不存在 + on: + + # 流水线变量,可以不存在 + vars: + + # 流水线额外事件声明,可以不存在 + events.xxx: + + # 流水线job声明,至少需要声明一个job + jobs.xxx: + + # 流水线控制流说明 + sequence: + xxx: + ``` + + 对于本版本流水线语法而言,一级key仅识别上述6类关键字,在这七种关键字之外的一级key将被忽略。如果某个关键字不存在,比如vars,剩余关键字建议仍保持上述先后顺序排列。 + + 对于关键字的含义和详细语法说明见后文。 + +- 每行文本长度 + + 为了保持良好的可读性,建议每行文本长度不要超过**80**个字符。这是一种常见的编程规范,可以使代码在大多数编辑器和终端中看起来更清晰。但这并不是强制性的规定,根据实际情况和个人习惯,可以适当调整。 + + 对于长文本,可以利用YAML的特性转行声明,如下示例: + + ```yaml + # 通过"|"语法保留换行符"\n" + key: | + this is a long long story, + you could learn it step by step. + # key = "this is a long long story,\nyou could learn it step by step." + + # 通过"|+"语法保留所有换行符"\n" + key: |+ + this is a long long story, + you could learn it step by step. + + + # key = "this is a long long story,\nyou could learn it step by step.\n\n\n" + + # 通过"|-"语法,去除末尾换行符"\n" + key: |- + this is a long long story, + you could learn it step by step. + + + # key = "this is a long long story,\nyou could learn it step by step." + + # 通过">"语法,虽然内容书写存在换行,但解析后的内容去除换行,以空格代替 + key: > + https://repo1/ + https://repo2/ + # key = "https://repo1/ https://repo2" + ``` + + 更多的说明请参考YAML1.2官方文档(见 **章节1. 语法特性** 开头) + +### 1.1. 基本声明 + +基本声明包含**version**与**name**两个一级key,前者用以锚定语法解析版本,后者用以标识流水线名称。 + +#### 1.1.1. 语法版本声明 + +workflow支持多版本语法解析,对于不声明version的workflow而言,采用默认版本语法(v1.0)进行解析。 +声明版本通过关键字version定义: + +```yaml +# 一般情况下,version会被声明在workflow.yaml的顶部 +# 但version的位置并不会影响解析,确保version并非嵌套于其他key下即可 + +version: v1.1 +``` + +根据声明的version的不同,请查阅不同版本的语法特性介绍。 + +#### 1.1.2. 流水线命名 + +无论在什么版本,workflow的名字均由name字段定义。流水线的名字不要求唯一,可以是任意**字符串**。 + +name为一定需要定义的key,如果流水线yaml中缺少这个key解析器将不予通过。 + +```yaml +version: v1.0 + +name: my workflow +``` + +### 1.2. 触发条件定义 + +#### 1.2.1. workflow支持三种触发方式 + +- 手动触发: 基本的触发方式,不传递触发事件数据的方式,触发后将提交所有不存在依赖的任务 +- 定时触发: 周期性自动触发方式,通过设定时间条件,系统自动触发。 +- webhook触发: git仓库配置服务的webhook回调地址等信息,通过webhook回调请求自动触发。 + + 定时触发和webhook触发方式通过关键字"on"定义,如果不需要这两种触发方式,on可以不声明。 + + 示例: + + ```yaml + version: v1.1 + + name: workflow + + on: + # webhook触发事件定义 + - type: webhook/pr + git_repo: https://gitee.com/openeuler/radiaTest.git + branch: master + # 定时触发事件定义 + - type: cron + crontab: 0 15 10 ? * MON-FRI + + other_keys: other_values + ``` + +#### 1.2.2. webhook触发 + + webhook事件分为webhook/pr,webhook/push,webhook/note,webhook/issue四种类型。 + +- PullRequest类事件 + + 声明的事件键值对必须包含type(webhook/pr),git_repo(仓库地址),branch(仓库分支),action(场景,共8类) + + 即当对应的仓库分支存在PullRequest相关事件时,均会触发此流水线,包括新建PR/删除PR/合入PR/...等事件。 + + 如果需要对PR事件进行更细致的筛选,用户可以指定action进行过滤。 + +- Push类事件 + + 声明的事件键值对必须包含type(webhook/push),git_repo(仓库地址),branch(仓库分支) + + 即当对应的仓库分支被推送更新后,均会触发此流水线。 + +- 评论类事件 + + 声明的事件键值对必须包含type(webhook/note),git_repo(仓库地址),branch(仓库分支,仅支持PullRequest场景存在),notable_type(评论主体),notes(评论钩子) + + 即当对应的仓库分支的指定被评论主体(如PullRequest作为被评论主体)并且评论内容能够匹配评论钩子时,会触发此流水线。 + +- Issue类事件 + + 声明的事件键值对必须包含type(webhook/issue),git_repo(仓库地址),state(问题单状态) + + 即当对应的仓库分支存在Issue相关事件时,均会触发此流水线,包括新建issue/删除issue/...等事件。 + + state提供了对issue的场景细分能力,通过配置状态可以拆分不同场景。 + + webhook事件的声明支持矩阵式声明方式,从而帮助减少重复描述,如下所示: + + ```yaml + on: + - type: webhook/note + git_repo: https://gitee.com/openeuler/radiaTest.git + branch: + - master + - dev + - test + notable_type: + - PullRequest + notes: + - /retry + - /retest + ``` + +这个例子意味着多个分支下的PullReques被评论了"/retry"或"/retest"都会触发此流水线 + +以上关于webhook讲解较为粗略,建议阅读更详细的webhook配置文档,以便更好的使用: + + + +特别说明: 如果不仅仅需要触发,还需要在流水线中引用(该特性将在后文详述)触发事件中的字段,建议编辑者通过查阅不同git仓库的webhook文档了解。 + +1. Gitee: + +2. Github: + +3. Gitlab: + +#### 1.2.3. 定时触发事件 + + 当配置的触发事件type字段为[cron,interval,date]值时,说明该事件为定时事件,对于某一个定时任务,type仅可为其中某一个取值,以下为简单示例: + + ```yaml +on: + - type: cron + crontab: 0 15 10 ? * MON-FRI + - type: interval + seconds: 60 + - type: date + run_date: 2024-01-01 00:00:00 + - type: date + run_date: 164900500 + ``` + +以上配置,意味着时间满足任意一个场景时,流水线被执行。 + +关于三种类型的定时参数,参看以下官方文档配置即可: + + + + + + + +### 1.3. 流水线全局变量定义 + +流水线的全局变量通过vars字段声明,当前版本支持字符串、数组、对象(字典/哈希表)三种格式。 + +```yaml +version: v1.1 + +name: workflow + +vars: + # 字符串 + varA: string + # 数组 + varB: + - elementA + - elementB + # 对象(支持多级结构嵌套) + varC: + keyA: valueA + # 嵌套数组 + keyB: + - valueB1 + - valueB2 + # 嵌套对象 + keyC: + keyC1: +``` + +流水线变量定义的目的在于定义整个流水线可以利用的若干变量(常量),定义后的变量可以被流水线任意阶段任务引用,从而避免每个任务对于该变量的重复冗余声明。 + +举例而言,假设某个流水线的10个任务均需要上述案例的varB变量作为Input(输入/入参),则只需要引用varB赋予给对应参数即可。 + +具体的引用方式详见后文对于引用语法的介绍。 + +如果一个流水线不需要定义任何流水线变量时,vars关键字可以不存在: + +```yaml +version: v1.1 + +name: workflow + +other_keys: other_values +``` + +> 💡 注:v1.1相较上一个版本v1.0的新语法说明 + +除了在一级key中声明vars外,还可以在sequence中定义某些job特殊的vars,并且局部vars的优先级高于全局vars。 + +### 1.4. 额外事件声明 + +如果流水线内部的某个任务除了依赖于前置的任务外,还实际依赖于额外的webhook事件,或者依赖于一些额外的事件,则需要对这些额外的事件进行预声明。 + +用户通过events.xxx模式的key进行额外事件的声明,"xxx"为额外事件的命名。 + +**注意:**大多数情况下,用户不需要定义额外事件。额外事件不支持定时以及手动事件声明。 + +#### 1.4.1. webhook事件 + +当定义额外webhook事件时,该事件需求定义的key-values与上文流水线触发设置中介绍的一致,如下示例: + +```yaml +version: v1.1 + +name: workflow + +vars: + +events.eventA: + type: webhook/pr + git_repo: https://gitee.com/openeuler/repository.git + branch: + - master + - dev +``` + +#### 1.4.2. job事件 + +除了webhook事件外,额外事件可以定义一种新的事件类型,即job类型事件。job类型事件分为stage和step两个子类,如下示例: + +```yaml +version: v1.1 + +name: workflow + +vars: + +# 额外事件A - jobA进入boot阶段 +events.eventA: + type: job/stage + job: jobA + job_stage: boot + +# 额外事件B - jobA进入名为testcase001的步骤 +events.eventB: + type: job/step + job: jobA + job_step: testcase001 + +# 额外事件C - jobA进入finish阶段且incomplete +events.eventC: + type: job/stage + job: jobA + job_stage: finish + job_health: incomplete +``` + +job类型的事件除了type和job必填外,其他字段可以根据需求从job类型事件的全集keys中选取(job_stage/job_health/job_step/nickname)。 + +定义后的job类型事件如何使用见后文任务定义和控制流声明章节。 + +### 1.5. 任务定义 + +#### 1.5.1. 基础概念 + +对于所有流水线涉及的任务,都需要通过jobs.xxx模式的一级key进行一次声明,主要目的为定义任务的Input(输入/入参),且每个被声明job的value均要求为对象(字典/哈希表)格式(或者为空)。 + +jobs.xxx类关键字常见的两种二级关键字为**defaults**和**overrides**,这两个二级key可以不声明,但如果具备value,则value必须为对象(字典/哈希表)格式,用以声明待提交的job即为模板所具备的所有参数。 + +如下所示: + +```yaml +name: workflow + +vars: + +# 空value的job缺省声明 +jobs.jobA: + +# 空defaults value, 空overrides value声明 +jobs.jobB: + defaults: + overrides: + +# 缺省defaults,overrides非空声明 +jobs.jobB: + overrides: + # 字符串 + keyA: valueA + # 数组 + keyB: + - valueB1 + - valueB2 + # 对象(支持多级嵌套) + keyC: + keyC1: valueC1 + keyC2: + - valueC2 +``` + +除了嵌套的声明方式,流水线语法支持扁平化的方式减少声明的难度,如下示例: + +```yaml +jobs.jobB: + overrides: + keyC.keyC1: valueC1 + +# 等价于 +jobs.jobB: + overrides: + keyC: + keyC1: valueC1 +``` + +**注意:**这种等价仅于defaults和overrides下有效。 + +defaults和overrides意义如字面含义所示,defaults中定义的key-values如果原job中存在对应key,则以原job中的value为实际提交value;overrides中定义的key-values将无条件覆盖到原job的值提交。 + +对于job的概念,以及原job.yaml的内容,建议查阅compass-ci/lkp-tests的文档进行了解: + +1. 如何向compass-ci/lkp-tests新增job: +2. job的定义: +3. job示例: + +> 💡 注:v1.1相较上一个版本v1.0的新语法说明 + +在v1.1版语法中,允许jobs.XX方式定义job,在sequence控制流中并不全部引用,并不会解析报错。 + +#### 1.5.2. 任务别名定义 + +通常情况下,jobs.xxx模式中xxx即为被声明的job名,如如果计划声明一个ltp-bm的任务,则声明jobs.ltp-bm。但在某些流水线中,可能同一个任务需要运行多次,且任务实际的入参并不相同,因此设计多次声明的可能。在这种情况下,则需要利用"别名"语法特性。 + +别名的声明方式如下示例: + +```yaml +jobs.ltp-bm:first-ltp-bm: + +jobs.ltp-bm:second-ltp-bm: +``` + +这两个被声明的任务实际指向的都是ltp-bm这同一个job,但是因为别名所以流水线会将其看作两个不同的个体。 + +#### 1.5.3. 额外事件依赖声明 + +除了defaults和overrides两种常用的二级keys外,jobs.xxx还支持声明depends字段,本字段用以声明额外依赖(额外事件,即上文**章节1.3**内容的应用) + +```yaml +events.eventA: + xxx: xxx + +events.eventC: + xxx: xxx + +jobs.jobA: + defaults: + default_keyA: valueA + overrides: + override_keyB: valueB + depends: + # 额外依赖于上文中通过events.eventA声明的事件 + # 只需要写key:的形式,不需要填value,填了也会被忽略 + eventA: + # 且额外依赖于上文中通过events.eventC声明的事件 + eventC: +``` + +对于jobA而言,depends字段相当于定义了若干AND逻辑关系的额外依赖,当且仅当所有依赖的事件均发生后jobA才会被提交执行。 + +当depends不声明的时候,jobA的依赖仅取决于其处于控制流的位置(详见后文控制流声明),否则为控制流依赖于额外依赖的逻辑与结果。 + +```yaml +submit_jobA = [jobA's depends parsed from controlflow] AND [jobA's depends defined from 'depends'] +``` + +### 1.6. 控制流声明 + +#### 1.6.1. 基础特性 + +流水线任务的串并行结构通过控制流声明对已通过一级key”jobs.xxx“预声明的各个任务进行编排,通过一级key“sequence”定义,如下所示: + +```yaml +version: v1.1 + +name: workflow + +# jobA:first进入boot阶段 +events.eventA: + type: job/stage + job: jobA + nickname: first + job_stage: boot + +# 定义别名为first的jobA +jobs.jobA:first: + overrides: + +jobs.jobB: + overrides: + # 额外依赖于"jobA:first进入boot阶段"事件 + depends: + eventA: + +# 控制流声明 +sequence: + # 声明并行子结构 + parallel: + # jobA:first和jobB并行 + jobA:first: + jobB: +``` + +控制流声明中,存在sequence、parallel、matrix、vars四种关键字,除了关键字外,所有key都会被认作对已预声明的job的引用。对于所有job的引用,需要确保引用的job全称(包含别名)在流水线一级key中存在(以jobs.xxx预声明)。如果sequence中引用了jobA,但流水线一级key中缺少jobs.jobA这个key,解析器将不会给予通过。 + +**注意:**控制流声明的根(一级key)必须为sequence。 + +- 关键字sequence + + sequence意在声明一个串行结构,在sequence下的所有key将被解析为按声明顺序(从上到下)排列的一连串成员,每一个成员必然依赖于其上面一个的成员。 + + ```yaml + sequence: |---------| |---------| + jobA: = | jobA | =========> | jobB | + jobB: |---------| |---------| + ``` + + sequence和job一样,可以通过sequence:xxx:的方式定义别名,该别名仅在一级串行子结构中存在实际意义,非一级子结构的别名仅起标识作用,具体参考下文stage声明说明。 + + ```yaml + # 根sequence,不可添加别名,为控制流声明关键字 + sequence: + # 一级串行子结构,别名为seqA + sequence:seqA: + # 二级串行子结构,别名为seqB + sequence:seqB: + ``` + + 如上所示,sequence的key并不一定只能是job,当sequence内部的key同样是sequence时,意味着串行结构的嵌套。当然,对于纯sequence的嵌套是不具备实际意义的,仅为分组标识,单纯的串行嵌套相当于没有嵌套。 + + ```yaml + sequence: < - - - - - seqA - - - - - - > + sequence:seqA: |---------| |---------| |---------| + jobA: = | jobA | =========> | jobB | =========> | jobC | + jobB: |---------| |---------| |---------| + jobC: + ``` + +- 关键字parallel + + parallel意在声明一个并行结构,在parallel下的所有key将被解析为并列的若干成员,每一个成员都依赖于整个parallel都前置依赖,互相之间不存在控制流定义的依赖关系(可以存在通过depends额外声明的依赖,额外跳线依赖不被控制流声明控制) + + ```yaml + ___________|___________ + sequence: | | + parallel: |---------| |---------| + jobA: = | jobA | | jobB | + jobB: |---------| |---------| + |______________________| + | + ``` + + 注意,parallel一定不可以声明在workflow.yaml的一级key,对于控制流声明而言,根key一定是sequence。 + + 和sequence一致,parallel也可以以parallel:xxx:的方式定义别名,该别名同样仅在一级并行子结构中存在实际含义,非一级子结构的别名仅起标识作用,具体参考下文stage声明说明。 + + 同理,单纯的并行嵌套相当于没有嵌套,如下示例,等价于jobA、jobB、jobC三者并行。 + + ```yaml + ___ _________________|_______________ + sequence: | | _________|__________ ___ + parallel:prlA: | |---------| |----|----| |----|----| | + jobA: = prlA | jobA | | jobB | | jobC | prlB + parallel:prlB: | |---------| |----|----| |----|----| | + jobB: | | |__________________| _|_ + jobC: _|_ |_______________________________| + | + ``` + +- 关键字matrix + + matrix关键字将在1.7章节中详细说明。 + +> 💡 注:vars关键字为v1.1相较上一个版本v1.0的新语法 + +- 关键字vars + + sequence中声明的vars和一级key中vars的含义和用法完全相同,sequence中的vars存在局部作用域,并且局部作用域的优先级高于全局作用域的优先级,即声明位置越近优先级越高,常用于某些job要引用的变量与全局变量的值不同,需要覆盖全局定义变量的场景。另外,vars可以定义在任意sequence或parallel结构中。 + + 优先级的说明如下示例: + + ```yaml + # 全局定义的变量 + vars: + keyA: valueA + + jobs.job1: + overrides: + key1: ${{ vars.keyA }} + + jobs.job2: + overrides: + key1: ${{ vars.keyA }} + + jobs.job3: + overrides: + key1: ${{ vars.keyA }} + + sequence: + job1: + sequence:s1: + # 此处定义的vars只对sequence:s1结构生效 + vars: + keyA: valueB + job2: + parallel:p1: + # 此处定义的vars只对parallel:p1结构生效 + vars: + keyA: valueC + job3: + + # 各job变量引用的实际值: + # job1.key1 = valueA + # job2.key1 = valueB + # job3.key1 = valueC + + ``` + +#### 1.6.2. job的补充声明 + +由上文可知,job无论是defaults、overrides还是depends的声明,可以声明在jobs.xxx这个key之下,这也是比较推荐的用法。但其实在控制流声明中,用户可以对job进行补充声明,补充的声明将深层update到预定义的job声明中,如下所示: + +```yaml +name: workflow + +jobs.jobA: + defaults: + keyA: valueA + overrides: + keyB: + keyB1: valueB1 + keyB2: + keyB21: valueB21 + +sequence: + jobA: + overrides: + # 与上文中jobs下的overrides特性相同 + # 采用keyB.keyB2.keyB21和keyB.keyB2.keyB22为key,即 + # keyB.keyB2.keyB21: valueB21_new + # keyB.keyB2.keyB22: valueB22 + # 与下述声明方式等价 + keyB: + keyB2: + keyB21: valueB21_new + keyB22: valueB22 +``` + +在这个例子中,sequence中将jobA的预定义的overrides下的keyB21重新定义为valueB2_new,且在keyB2下新创建了一个keyB22的键值对。 + +补充声明特性以对象(字典/哈希表)的递归update实现,一定为控制流中的定义覆写jobs的预定义。 + +> 💡 注:以下为v1.1相较上一个版本v1.0的新语法 + +在sequence中除了可以补充定义job的overrides和defaults字段外,还支持定义always、if、unless执行条件语法。 + +- always关键字 + + always用于决定job是否一定会被提交。在常规控制流的依赖关系中,如果前置job执行失败,后面依赖它的job将会阻塞不会再被提交,如果在job中声明了**always: true**,前置job运行失败或者异常,后面的任务都会被提交。 + + ```yaml + sequence: + jobA: + jobB: + # jobB运行结束,运行结果成功、失败或是异常,jobC都会被提交运行 + jobC: + always: true + + ``` + + always关键字有一种语法糖的写法:jobX!,如下示例的写法和上面yaml作用相同: + + ```yaml + sequence: + jobA: + jobB: + # jobB运行结束,运行结果成功、失败或是异常,jobC都会被提交运行 + jobC!: + + ``` + +​ 另外,如果always关键字没有声明,缺省值取false。 + +- if/unless关键字 + + if和unless关键字用于控制job是否需要被提交,如果if条件判断的结果为true,job才会被提交,否则此job将被跳过,并将job_stage设置为finish,job_health设置为skipped,unless的判断逻辑和if正好相反。 + + ```yaml + sequence: + jobA: + jobB: + if: ${{ jobs.jobA.result.id }} # 如果jobA的result.id有值,jobB会被提交,否则jobB不会被运行 + jobC: + ``` + + 如果job中没有声明关键字if,缺省值取true;如果job中always和if关键字同时存在,优先判断if关键字的执行逻辑。 + +### 1.7. 流水线阶段(stage)声明 + +在**章节1.6. 控制流声明**中有提及,无论是sequence还是parallel分别可以通过sequence:xxx:和parallel:xxx:的形式声明别名。流水线web服务将基于下述规则划分控制流的不同阶段,规则如下所示: + +1. 当且仅当sequence和parallel为根sequence下的一级结构时,其别名等同于阶段名。 +2. 当根sequence下存在job名时(非sequence也非parallel),该job以自身job的别名作为阶段名(若无别名则以job名)独立被识别为一个阶段。 +3. 阶段存在向后包裹的特点,直到下一个有效阶段声明前,所有结构属于同一个阶段。 +4. 沿着根sequence向下检索,在遇到第一个有效的stage命名之前,所有的结构均属于“未命名”阶段。 + +```yaml +sequence: + 阶段(stage) + parallel: ——| + job0: > 未命名 + job1: ——| + + job2:build-job: —— > build-job + + jobA: ——| + sequence: > jobA + jobB: ——| + + parallel:prlA: ——| + jobC: | + jobD: | + sequence:seqB: > prlA + jobE: | + jobF: ——| + + sequence:seqC: —— > seqC + jobG: ——| +``` + +p.s. 阶段仅会影响web端的渲染,控制流的实际意义不依赖于阶段的定义,换而言之,如果不考虑可视化的便利性,可以不对阶段命名深究。 + +### 1.8. Matrix语法特性 + +#### 1.8.1. 基本概念 + +用户可以在控制流**串行结构的任意位置**可以插入一个matrix关键字,用以混入(Mixin)局部的矩阵(参数组合),从而改变后续任务的上下文(Context)。 + +matrix关键字同样可以声明别名,用以避免对象(字典/哈希表)的重key异常,但除了区别外没有实际意义。 + +**注意:** matrix不能直接声明在parallel关键字下,只能声明在sequence关键字下。 + +matrix的声明结构一定为如下格式: + +```yaml +sequence: + matrix: + paramA: + - valueA1 + - valueA2 + - valueAn + paramB: + - valueB1 + - valueB2 +``` + +即,matrix是一个对象(字典/哈希表),且所有一级value均为数组(列表)。 + +上述例子中matrix的含义为,对所处位置的流水线上下文混入矩阵,其中paramA有三种可能的取值,paramB有两种可能的取值,即共3*2共6种取值组合。 + +```yaml +matrix: _ + paramA: | 1. paramA = valueA1; paramB = valueB1 + - valueA1 | 2. paramA = valueA1; paramB = valueB2 + - valueA2 | 3. paramA = valueA2; paramB = valueB1 + - valueAn => { 4. paramA = valueA2; paramB = valueB2 + paramB: | 5. paramA = valueAn; paramB = valueB1 + - valueB1 |_ 6. paramA = valueAn; paramB = valueB2 + - valueB2 +``` + +当流水线上下文混入(Mixin)一个局部的矩阵后,流水线的上下文将会根据参数取值组合的种数裂解成多个“分支”,每一个“分支”的上下文依据其中一种取值组合。当这个分支之后的任务直接引用上下文中的paramA时,会根据当前上下文的paramA取值,后续任务的驱动也会与其他”分支“独立。 + +举例而言: + +```yaml +sequence: + jobA: + parallel: + jobB: + sequence: + matrix: + arch: + - aarch64 + - x86_64 + jobC: + jobD: +``` + +根据 **章节1.5. 控制流声明** 的介绍,不难看出,这个描述声明的结构如下: + +```yaml + ________ + | | + |-------| jobB |----------------------------| + | |________| | + ________ | | ________ + | | | | | | +-------| jobA |-------| |-------| jobD |--------> + |________| | | |________| + | ________ | + | / \ | | | + |-------| matrix |-------| jobC |---------| + \ / |________| + 1. arch = aarch64; + 2. arch = x86_64 +``` + +对于jobA和jobB,如果他们在被提交的时候引用“当前上下文”(所谓当前为被提交的时间点)中的arch变量,他们将取不到任何值。 + +p.s. 关于引用的概念详见**章节1.6.** + +而对于jobC和jobD而言,他们实际上被裂解到了并行的两个“分支”上,其中一个分支上下文中的arch是aarch64而另一个分支上的arch是x86_64,即上述控制流结构等价于: + +```yaml +1. arch = aarch64; + ________ + | | + |----------| jobB |---------| + | |________| | + ________ | | ________ + | | | | | | +-------| jobA |-------| |-------| jobD |--------> + |________| | | |________| + | ________ | aarch64 + | | | | + |----------| jobC |---------| + |________| + aarch64 + +2. arch = x86_64 + ________ + | | + |----------| jobB |---------| + | |________| | + ________ | | ________ + | | | | | | +-------| jobA |-------| |-------| jobD |--------> + |________| | | |________| + | ________ | x86_64 + | | | | + |----------| jobC |---------| + |________| + x86_64 +``` + +这两个矩阵参数组合“分支”共享jobA和jobB的前置依赖,但aarch64的jobD只会依赖于aarch64的jobC,即各分支依赖独立。 + +这样避免了在很多场景下的相同结构的重复声明。 + +#### 1.8.2. 矩阵x矩阵 + +流水线控制流支持多matrix在不同位置声明,在这种情况下,下文矩阵受到上文矩阵影响,下文矩阵实际为上下文矩阵相乘的结果,如下示例: + +```yaml +sequence: + matrix:m1: + os: + - openeuler + os_version: + - 20.03 + - 22.03-LTS + jobA: + matrix:m2: + arch: + - aarch64 + - x86_64 + jobB: +``` + +对于这个例子而言,jobA共有两种上下文分支,而jobB共有4种,如下所示: + +```yaml + ________ ________ + | | | | +--------------| jobA |-----------------------------------------| jobB |-----------------------> + |________| |________| + 1. os=openeuler; os_version=20.03 1. os=openeuler;os_version=20.03;arch=aarch64; + 2. os=openeuler; os_version=22.03-LTS 2. os=openeuler;os_version=20.03;arch=x86_64; + 3. os=openeuler;os_version=22.03-LTS;arch=aarch64; + 4. os=openeuler;os_version=22.03-LTS;x86_64; +``` + +因此对于声明此例控制流的关于jobA和jobB的流水线,实际jobA将会被提交两次,jobB将会被提交4次,jobB的1和2分支依赖于jobA的1分支,jobB的3和4分支依赖于jobA的2分支,jobB的最终参数组合即jobA之前声明的matrix与jobB之前的matrix相乘的结果。 + +#### 1.8.3. excludes语法特性 + +matrix支持通过excludes声明排除特定的组合,如下所示: + +```yaml +sequence: + matrix: + os: + - openeuler + - centos + os_version: + - "20.03" + - 7 + excludes: + # 下述两种描述形式均可支持 + - {"os": "openeuler", "os_version": "7"} + - os: centos + os_version: "20.03" +``` + +此声明方式意为此矩阵只存在两种参数组合,即 ”os=openeuler;os_version=20.03“ 和 “os=centos;os_version=7”。 + +#### 1.8.4. 参数组合语法糖 + +同时,matrix具备一种简化excludes声明的语法糖"|",以上述样例可以改写为: + +```yaml +sequence: + matrix: + os|os_version: + - openeuler | 20.03 #有无空格或者制表符均支持 + - centos | 7 #推荐以制表符分隔,这样的声明较为直观 +``` + +### 1.8. "引用"表达式声明 + +#### 1.8.1. 基本概念 + +对于一条正在运作的流水线而言,其上下文是动态的,每执行完成一个任务,每感知到一个有效事件,“当前”上下文都会发生变化。 + +流水线运行上下文(Context)由六个固定的namespace组成: + +- vars,流水线变量空间(流水线静态变量全集) +- event,事件空间(事件数据全集) +- jobs,任务空间(前置已完成的任务数据) +- matrix,矩阵空间(当前矩阵参数组合分支的参数集合) +- depends,未满足的依赖事件清单(此namespace一般不会被引用) +- fulfilled,已履行的依赖事件清单(此namespace一般不会被引用) + +流水线不仅仅支持对定量的声明,流水线具备“引用”的语法特性,可以对“当前上下文”的变量进行引用,以及进行字符串拼接和python表达式运算。 + +“引用”由模式 ${{ xxxx }} 识别,通过"."的方式获取不同namespace下的所有value,支持下述两种使用方式: + +- 字符串拼接引用 + + ```yaml + # 取vars空间中的varA变量的值,并且与vars空间中的varB变量的值,最后通过"-"拼接 + key: ${{ vars.varA }}-${{ vars.varB }} + # 取当前矩阵参数组合的os、os_version、arch拼接命名 + project_name: my_project:${{ matrix.os }}:${{ matrix.os_version }}:${{ matrix.arch }} + ``` + + 对于这种拼接引用的方式,需要用户确保引用变量的值一定是字符串。如果实际的值不为字符串或者无法转换为字符串,那么采用这种引用声明的job很可能无法正常提交。 + +- 单引用 + + 单引用的情况下,引用表达式的结果可以为字符串、数字、数组(列表)或者哈希表(字典),不受类型影响。 + + ```yaml + # 取vars空间中的数组arrayA,作为key的值 + key: ${{ vars.arrayA }} + # 取前置已完成的jobA的输出result.arrayB,作为key的值 + key: ${{ jobs.jobA.result.arrayB }} + ``` + +**注意:**引用特性仅支持在defaults和overrides下使用,即jobs.xxx下的defaults和overrides或者sequence下某个job的defaults和overrides。后续演进的语法版本中将加入"在matrix中引用vars变量"的支持。 + +#### 1.8.2. python语法支持 + +对于任意引用内部而言,在引用的变量被实际的值替换后,替换后的内容将会被当作python表达式运行,如下示例: + +```yaml +# 取多个不同namespace的变量进行数值运算 +key: ${{ vars.numA + jobs.jobA.result.success_num }} + +# 调用python datetime模块,获取年月日并拼接字符串 +project_name: ${{ vars.my_name }}-${{ datetime.datetime.now().year }}-{{ datetime.datetime.now().month }}-${{ datetime.datetime.now().day }} + +# 调用字符串处理方法,对字符串进行大小写转换,split等操作 +key: ${{ vars.stringA.lower() }} +key: ${{ vars.stringA.split(':') }} + +# 单纯通过python表达式计算数值,不对变量进行引用,如计算一天一共有多少秒 +key: ${{ 24*60*60 }} +``` + +支持的非内置Python模块: + +| 模块名 | 作用 | 官方文档链接 | +| ------ | ---- | ------------ | +| re | 提供正则表达式匹配操作 | | +| math | 提供数学运算函数 | | +| time | 提供时间相关函数 | | +| datetime | 提供日期和时间处理函数 | | + +支持的安全内置Python模块: + +| 类型 | 模块名 | +| ---- | ------ | +| 数据类型 | object, bool, int, float, complex, str, bytes, bytearray, tuple, list, set, frozenset, dict | +| 数学运算 | abs, round, pow, divmod | +| 迭代器 | iter, next | +| 集合操作 | len, sum, min, max, all, any, map, filter, zip, enumerate, sorted, reversed | +| 数字转换 | bin, hex, oct | +| 字符串格式化 | ascii, repr, chr, ord, format | +| 变量和内存 | dir, locals, globals, id, hash | +| 类型检查 | isinstance, issubclass, callable | + +### 1.9. 特殊语法 + +#### 1.9.1. 具有特殊含义配置项的变量 + +**group_sync_exec_id: 1** + +字段说明:当前变量值为1时,表明每次运行流水线会同步workflow_exec.id的值给group_id这个变量,这个配置项必须在group_id变量存在的时候才起作用,不然只是一个普通变量 + +```yaml +vars: + # 当前流水线编号 + group_id: workflow_exec.200005545959096344 + group_sync_exec_id: 1 +``` + +## 2. workflow.yaml完整示例 + +以下是一个完整的workflow.yaml文件示例: + +```yaml +# 语法版本声明 +version: v1.0 + +# 流水线命名 +name: 每日构建 + +# 触发设置 +on: + # 设定定时触发事件,每天00:00触发 + - type: cron + week_day: + - Monday + - Tuesday + - Wednesday + - Thursday + - Friday + - Saturday + - Sunday + time: "00:00" + start_date: "2023-10-18" + +# 流水线变量设置 +vars: + eulermaker_account: account + eulermaker_password: passwd + os: os + os_version: version + +# 任务声明 +jobs.eulermaker-build-project:everything: + overrides: + project_name: ${{ vars.os }}-${{ vars.os_version }}:everything + build_type: full + build_arch: ${{ matrix.arch }} + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + testbox: vm-2p8g + +jobs.eulermaker-build-project:epol: + overrides: + project_name: ${{ vars.os }}-${{ vars.os_version }}:epol + build_type: full + build_arch: ${{ matrix.arch }} + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + testbox: vm-2p8g + +jobs.eulermaker-create-image: + overrides: + image_project_params: + pipeline_info: + pipeline_name: ${{ vars.os }}-${{ vars.os_version }}-${{ datetime.datetime.now().year }}-${{ datetime.datetime.now().month }}-${{ datetime.datetime.now().day }}-1 + group: dailybuild + category: standard + scene: cloud + image_format: qcow2 + arch: ${{ matrix.arch }} + image_config: + release_image_config: + repo_url: > + http://xxxxx/ + http://xxxx/ + http://xxx/ + http://xxxxxx/ + product: ${{ vars.os.lower() }} + version: ${{ vars.os_version }}-${{ datetime.datetime.now().year }}-${{ datetime.datetime.now().month }}-${{ datetime.datetime.now().day }} + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + testbox: vm-2p8g + +jobs.eulermaker-build-image: + overrides: + secrets: + ACCOUNT: ${{ vars.eulermaker_account }} + PASSWORD: ${{ vars.eulermaker_password }} + pipeline_id: ${{ jobs.eulermaker-create-image.result.id }} + testbox: vm-2p8g + runtime: ${{ 24*60*60 }} + +jobs.qcow2rootfs: + overrides: + qcow2rootfs.qcow2_os: ${{ jobs.eulermaker-build-image.result.product }} + qcow2rootfs.qcow2_arch: ${{ matrix.arch }} + qcow2rootfs.qcow2_version: ${{ jobs.eulermaker-build-image.result.version }} + qcow2rootfs.qcow2_url: ${{ jobs.eulermaker-build-image.result.image_link }} + qcow2rootfs.rootfs_protocol: nfs + qcow2rootfs.rootfs_server: "172.168.131.2" + qcow2rootfs.rootfs_path: os-rw + testbox: vm-2p32g + +jobs.mugen-smoke-baseinfo: + overrides: + os: ${{ jobs.qcow2rootfs.result.os }} + os_version: ${{ jobs.qcow2rootfs.result.version }} + os_mount: nfs + arch: ${{ jobs.qcow2rootfs.result.arch }} + testbox: vm-2p8g + +jobs.mugen-smoke-basic-os: + overrides: + os: ${{ jobs.qcow2rootfs.result.os }} + os_version: ${{ jobs.qcow2rootfs.result.version }} + os_mount: nfs + arch: ${{ jobs.qcow2rootfs.result.arch }} + testbox: vm-2p8g + +# 控制流声明 +sequence: + # 矩阵声明 + matrix: + arch: + - aarch64 + - x86_64 + # 并行子结构声明 + parallel:build: + eulermaker-build-project:everything: + eulermaker-build-project:epol: + # 串行子结构声明 + sequence:create-image: + eulermaker-create-image: + eulermaker-build-image: + qcow2rootfs: + parallel:AT: + mugen-smoke-baseinfo: + mugen-smoke-basic-os: +``` + +## 3. v1.1新语法 + +### 3.1 sequence局部变量定义 + +控制流中新增对vars关键字的支持。sequence中声明的vars和一级key中vars的含义和用法完全相同,sequence中的vars存在局部作用域,并且局部作用域的优先级高于全局作用域的优先级,即声明位置越近优先级越高,常用于某些job要引用的变量与全局变量的值不同,需要覆盖全局定义变量的场景。另外,vars可以定义在任意sequence或parallel结构中。 + +优先级的说明如下示例: + +```yaml +# 全局定义的变量 +vars: + keyA: valueA + +jobs.job1: + overrides: + key1: ${{ vars.keyA }} + +jobs.job2: + overrides: + key1: ${{ vars.keyA }} + +jobs.job3: + overrides: + key1: ${{ vars.keyA }} + +sequence: + job1: + sequence:s1: + # 此处定义的vars只对sequence:s1结构生效 + vars: + keyA: valueB + job2: + parallel:p1: + # 此处定义的vars只对parallel:p1结构生效 + vars: + keyA: valueC + job3: + +# 各job变量引用的实际值: +# job1.key1 = valueA +# job2.key1 = valueB +# job3.key1 = valueC + +``` + +#### 3.2 判断job执行条件 + +在sequence中除了可以补充定义job的overrides和defaults字段外,还支持定义always、if、unless执行条件语法。 + +- always关键字 + + always用于决定job是否一定会被提交。在常规控制流的依赖关系中,如果前置job执行失败,后面依赖它的job将会阻塞不会再被提交,如果在job中声明了**always: true**,前置job运行失败或者异常,后面的任务都会被提交。 + + ```yaml + sequence: + jobA: + jobB: + # jobB运行结束,运行结果成功、失败或是异常,jobC都会被提交运行 + jobC: + always: true + + ``` + + always关键字有一种语法糖的写法:jobX!,如下示例的写法和上面yaml作用相同: + + ```yaml + sequence: + jobA: + jobB: + # jobB运行结束,运行结果成功、失败或是异常,jobC都会被提交运行 + jobC!: + + ``` + +​ 另外,如果always关键字没有声明,缺省值取false。 + +- if/unless关键字 + + if和unless关键字用于控制job是否需要被提交,如果if条件判断的结果为true,job才会被提交,否则此job将被跳过,并将job_stage设置为finish,job_health设置为skipped,unless的判断逻辑和if正好相反。 + + ```yaml + sequence: + jobA: + jobB: + if: ${{ jobs.jobA.result.id }} # 如果jobA的result.id有值,jobB会被提交,否则jobB不会被运行 + jobC: + ``` + + 如果job中没有声明关键字if,缺省值取true;如果job中always和if关键字同时存在,优先判断if关键字的执行逻辑。 + +#### 3.3 job声明不选用 + +通过jobs.jobX方式声明的job不一定全部在sequence中选用。 + +```yaml +jobs.jobA: +jobs.jobB: + +sequence: + jobB: +``` diff --git a/docs/zh/tools/devops/patch_tracking/_toc.yaml b/docs/zh/tools/devops/patch_tracking/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b53d41a6b44d5a86346c5abaf174b46837d55b54 --- /dev/null +++ b/docs/zh/tools/devops/patch_tracking/_toc.yaml @@ -0,0 +1,7 @@ +label: patch-tracking +isManual: true +description: 对软件包进行补丁管理 +sections: + - label: patch-tracking + href: ./patch_tracking.md + diff --git a/docs/zh/tools/devops/patch_tracking/images/Maintainer.jpg b/docs/zh/tools/devops/patch_tracking/images/Maintainer.jpg new file mode 100644 index 0000000000000000000000000000000000000000..da0d5f1b5d928eca3a0d63795f59c55331136065 Binary files /dev/null and b/docs/zh/tools/devops/patch_tracking/images/Maintainer.jpg differ diff --git a/docs/zh/tools/devops/patch_tracking/images/PatchTracking.jpg b/docs/zh/tools/devops/patch_tracking/images/PatchTracking.jpg new file mode 100644 index 0000000000000000000000000000000000000000..e12afd6227c18c333f289b9aa71abf608d8058a0 Binary files /dev/null and b/docs/zh/tools/devops/patch_tracking/images/PatchTracking.jpg differ diff --git a/docs/zh/tools/devops/patch_tracking/images/packagemanagement.png b/docs/zh/tools/devops/patch_tracking/images/packagemanagement.png new file mode 100644 index 0000000000000000000000000000000000000000..6d314e2c6ad6bafd321d9f76cd6aa5f17a8cb394 Binary files /dev/null and b/docs/zh/tools/devops/patch_tracking/images/packagemanagement.png differ diff --git a/docs/zh/tools/devops/patch_tracking/images/panel.png b/docs/zh/tools/devops/patch_tracking/images/panel.png new file mode 100644 index 0000000000000000000000000000000000000000..150eb8c8229f9e8cb47706f3b82f07516a505076 Binary files /dev/null and b/docs/zh/tools/devops/patch_tracking/images/panel.png differ diff --git a/docs/zh/tools/devops/patch_tracking/overview.md b/docs/zh/tools/devops/patch_tracking/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..fe3c8c35f056850ab21745c9be3dde27bf480460 --- /dev/null +++ b/docs/zh/tools/devops/patch_tracking/overview.md @@ -0,0 +1,3 @@ +# 工具集用户指南 + +本文主要介绍在openEuler 发行版本过程中使用到的工具集,主要包含工具的介绍,安装以及使用等方面内容。 diff --git a/docs/zh/tools/devops/patch_tracking/patch_tracking.md b/docs/zh/tools/devops/patch_tracking/patch_tracking.md new file mode 100644 index 0000000000000000000000000000000000000000..51c72abea2e25d2b9039fb503bf049b7e866a777 --- /dev/null +++ b/docs/zh/tools/devops/patch_tracking/patch_tracking.md @@ -0,0 +1,307 @@ +# patch-tracking + +## 简介 + +在 openEuler 发行版开发过程中,需要及时更新上游社区各个软件包的最新代码,修改功能 bug 及安全问题,确保发布的 openEuler 发行版尽可能避免缺陷和漏洞。 + +本工具主要功能是对软件包进行补丁管理,主动监控上游社区提交,自动生成补丁,并自动提交 issue 给对应的 maintainer,同时自动验证补丁基础功能,减少验证工作量支持 maintainer 快速决策。 + +## 架构 + +### C/S架构 + +patch-tracking采用 C/S 架构。 + +服务端(patch-tracking) :负责执行补丁跟踪任务,包括:维护跟踪项、识别上游仓库分支代码变更并形成补丁文件、向 Gitee 提交 issue 及 PR。同时 patch-tracking 提供 RESTful 接口,用于对跟踪项进行增删改查操作。 + +客户端:即命令行工具(patch-tracking-cli),通过调用 patch-tracking 的 RESTful 接口,实现对跟踪项的增删改查操作。 + +### 核心流程 + +a. 补丁跟踪服务流程 + + 主要步骤: + + 1. 通过命令行工具添加跟踪项。 + 2. 自动从跟踪项配置的上游仓库(例如GitHub)获取补丁文件。 + 3. 创建临时分支,将获取到的补丁文件提交到临时分支。 + 4. 自动提交 issue 到对应仓库,并生成关联 issue 的 PR。 + +![PatchTracking](./images/PatchTracking.jpg) + +b. Maintainer对提交的补丁处理流程 + + 主要步骤: + 1. Maintainer 分析 PR。 + 2. 执行 CI,执行成功后判断是否合入 PR。 + +![Maintainer](./images/Maintainer.jpg) + +### 数据结构 + +* Tracking表 + +| 序号 | 名称 | 说明 | 类型 | 键 | 允许空 | +|:----:| ----| ----| ----| ----| ----| +| 1 | id | 自增补丁跟踪项序号 | int | - | NO | +| 2 | version_control | 上游SCM的版本控制系统类型 | String | - | NO | +| 3 | scm_repo | 上游SCM仓库地址 | String | - | NO | +| 4 | scm_branch | 上游SCM跟踪分支 | String | - | NO | +| 5 | scm_commit | 上游代码最新处理过的Commit ID | String | - | YES | +| 6 | repo | 包源码在Gitee的仓库地址 | String | Primary | NO | +| 7 | branch | 包源码在Gitee的仓库分支 | String | Primary | NO | +| 8 | enabled | 是否启动跟踪 | Boolean | -| NO | + +* Issue表 + +| 序号 | 名称 | 说明 | 类型 | 键 | 允许空 | +|:----:| ----| ----| ----| ----| ----| +| 1 | issue | issue编号 | String | Primary | NO | +| 2 | repo | 包源码在Gitee的仓库地址 | String | - | NO | +| 3 | branch | 包源码在Gitee的仓库分支 | String | - | NO | + +## 工具部署 + +### 软件下载 + +Repo 源地址:[https://repo.openeuler.org](https://repo.openeuler.org) + +rpm 包获取地址:[https://repo.openeuler.org](https://repo.openeuler.org),依次选择正确的版本号、everything、正确的架构、Packages,找到需要的rpm包,点击即可下载。 + +### 安装工具 + +方法1:从repo源安装 + +1. 使用 dnf 挂载 repo源(具体方法参考《[应用开发指南](../../../server/development/application_dev/preparations_for_development_environment.md)》。 + +2. 执行以下命令安装`patch-tracking`及其依赖。 + + ```shell + # dnf install patch-tracking + ``` + +方法2:直接使用rpm安装 + +1. 首先安装相关依赖。 + + ```shell + # dnf install python3-uWSGI python3-flask python3-Flask-SQLAlchemy python3-Flask-APScheduler python3-Flask-HTTPAuth python3-requests python3-pandas + ``` + +2. 安装patch-tracking包。 + + ```shell + # rpm -ivh patch-tracking-xxx.rpm + ``` + +### 生成证书 + +执行如下命令生成证书。 + +```shell +# openssl req -x509 -days 3650 -subj "/CN=self-signed" -nodes -newkey rsa:4096 -keyout self-signed.key -out self-signed.crt +``` + +将生成的 `self-signed.key` 和 `self-signed.crt` 文件拷贝到 /etc/patch-tracking 目录。 + +### 配置参数 + +在配置文件中对相应参数进行配置,配置文件路径为 `/etc/patch-tracking/settings.conf`。 + +1. 配置服务监听地址。 + + ```text + LISTEN = "127.0.0.1:5001" + ``` + +2. GitHub Token, 用于访问托管在 GitHub 上游开源软件仓的仓库信息 , 生成 GitHub Token 的方法参考 [Creating a personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) 。 + + ```text + GITHUB_ACCESS_TOKEN = "" + ``` + +3. 对于托管在gitee上的需要跟踪的仓库,配置一个有该仓库权限的gitee的token,用于提交patch文件,提交issue,提交PR等操作。 + + ```text + GITEE_ACCESS_TOKEN = "" + ``` + +4. 定时扫描数据库中是否有新增或修改的跟踪项,对扫描到的跟踪项执行获取上游补丁任务,在这里配置扫描的时间间隔,数字单位是秒。 + + ```text + SCAN_DB_INTERVAL = 3600 + ``` + +5. 命令行工具运行过程中,POST接口需要填写进行认证的用户名和口令哈希值。 + + ```text + USER = "admin" + PASSWORD = "" + ``` + + > `USER`默认值为`admin`。 + + 执行如下指令,获取口令的哈希值,其中Test@123为设置的口令。 + + ```shell + # generate_password Test@123 + ``` + + > `口令值`需要满足如下复杂度要求: + > + > * 长度大于等于6个字符 + > * 必须包含大写字母、小写字母、数字、特殊字符(~!@#%^*-_=+) + + 将口令的哈希值复制到`PASSWORD = ""`引号中。 + +### 启动补丁跟踪服务 + +* 使用systemd方式。 + + ```shell + # systemctl start patch-tracking + ``` + +* 直接执行可执行程序。 + + ```shell + # /usr/bin/patch-tracking + ``` + +## 工具使用 + +### 添加跟踪项 + +将需要跟踪的软件仓库和分支与其上游开源软件仓库与分支关联起来,可以通过以下方式实现。 + +* 命令行直接添加 + + 参数含义: + > --user :POST接口需要进行认证的用户名,同settings.conf中的USER参数 + > --password :POST接口需要进行认证的口令,为settings.conf中的PASSWORD哈希值对应的实际的口令字符串 + > --server :启动Patch Tracking服务的URL,例如:127.0.0.1:5001 + > --version_control :上游仓库版本的控制工具,只支持github + > --repo: 需要进行跟踪的仓库名称,格式:组织/仓库 + > --branch :需要进行跟踪的仓库的分支名称 + > --scm_repo :被跟踪的上游仓库的仓库名称,github格式:组织/仓库 + > --scm_branch: 被跟踪的上游仓库的仓库的分支 + > --scm_commit: 指定跟踪的起始commit,选填,默认从当前最新commit开始跟踪 + > --enabled :是否自动跟踪该仓库 + + 例如: + + ```shell + # patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --version_control github --repo testPatchTrack/testPatch1 --branch master --scm_repo BJMX/testPatch01 --scm_branch test --enabled true + ``` + +* 指定文件添加 + + 参数含义: + >--server :启动Patch Tracking服务的URL,例如:127.0.0.1:5001 \ + --user :POST接口需要进行认证的用户名,同settings.conf中的USER参数 \ + --password :POST接口需要进行认证的口令,为settings.conf中的PASSWORD哈希值对应的实际的口令字符串 \ + --file :yaml文件路径 + + 将仓库、分支、版本管理工具、是否启动监控等信息写入yaml文件(例如tracking.yaml),文件路径作为`--file`的入参调用命令。 + + 例如: + + ```shell + # patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --file tracking.yaml + ``` + + yaml文件内容格式如下,冒号左边的内容不可修改,右边内容根据实际情况填写。 + + ```text + version_control: github + scm_repo: xxx/xxx + scm_branch: master + repo: xxx/xxx + branch: master + enabled: true + ``` + + >version_control :上游仓库版本的控制工具,只支持github \ + scm_repo :被跟踪的上游仓库的仓库名称,github格式:组织/仓库 \ + scm_branch :被跟踪的上游仓库的仓库的分支 \ + repo :需要进行跟踪的仓库名称,格式:组织/仓库 \ + branch :需要进行跟踪的仓库的分支名称 \ + enabled :是否自动跟踪该仓库 + +* 指定目录添加 + + 在指定的目录,例如`test_yaml`下放入多个`xxx.yaml`文件,执行如下命令,记录指定目录下所有yaml文件的跟踪项。 + + 参数含义: + >--user :POST接口需要进行认证的用户名,同settings.conf中的USER参数 \ + --password :POST接口需要进行认证的口令,为settings.conf中的PASSWORD哈希值对应的实际的口令字符串 \ + --server :启动Patch Tracking服务的URL,例如:127.0.0.1:5001 \ + --dir :存放yaml文件目录的路径 + + ```shell + # patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --dir /home/Work/test_yaml/ + ``` + +### 查询跟踪项 + +参数含义: +>--server :必选参数,启动Patch Tracking服务的URL,例如:127.0.0.1:5001 \ +--table :必选参数,需要查询的表 \ +--repo :可选参数,需要查询的repo;如果没有该参数查询表中所有内容 \ +--branch :可选参数,需要查询的branch + +```shell +# patch-tracking-cli query --server SERVER --table tracking +``` + +例如: + +```shell +# patch-tracking-cli query --server 127.0.0.1:5001 --table tracking +``` + +### 查询生成的 Issue + +```shell +# patch-tracking-cli query --server SERVER --table issue +``` + +例如: + +```shell +# patch-tracking-cli query --server 127.0.0.1:5001 --table issue +``` + +### 删除跟踪项 + +```shell +# patch-tracking-cli delete --server SERVER --user USER --password PWD --repo REPO [--branch BRANCH] +``` + +例如: + +```shell +# patch-tracking-cli delete --server 127.0.0.1:5001 --user admin --password Test@123 --repo testPatchTrack/testPatch1 --branch master +``` + +> 可以删除指定repo和branch的单条数据;也可直接删除指定repo下所有branch的数据。 + +### 码云查看 issue 及 PR + +登录Gitee上进行跟踪的软件项目,在该项目的Issues和Pull Requests页签下,可以查看到名为`[patch tracking] TIME`,例如`[patch tracking] 20200713101548`的条目,该条目即是刚生成的补丁文件的issue和对应PR。 + +## FAQ + +### 访问 api.github.com Connection refused 异常 + +#### 问题描述 + +patch-tracking 运行过程中,可能会出现如下报错: + +``` + 9月 21 22:00:10 localhost.localdomain patch-tracking[36358]: 2020-09-21 22:00:10,812 - patch_tracking.util.github_api - WARNING - HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /user (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) +``` + +#### 原因分析 + +以上问题是 patch-tracking 与 GitHub API 服务之间网络访问不稳定导致,请确保在与 GitHub API 服务之间网络稳定的环境中(如使用[华为云ECS弹性云服务器](https://console.huaweicloud.com/))运行 patch-tracking。 diff --git a/docs/zh/tools/devops/pkgship/_toc.yaml b/docs/zh/tools/devops/pkgship/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..623114571ed9b6d2706a843ff1d7babb1877664e --- /dev/null +++ b/docs/zh/tools/devops/pkgship/_toc.yaml @@ -0,0 +1,6 @@ +label: pkgship +isManual: true +description: 提供软件包依赖查询、生命周期管理、补丁查询等功能 +sections: + - label: pkgship + href: ./pkgship.md diff --git a/docs/zh/tools/devops/pkgship/images/Maintainer.jpg b/docs/zh/tools/devops/pkgship/images/Maintainer.jpg new file mode 100644 index 0000000000000000000000000000000000000000..da0d5f1b5d928eca3a0d63795f59c55331136065 Binary files /dev/null and b/docs/zh/tools/devops/pkgship/images/Maintainer.jpg differ diff --git a/docs/zh/tools/devops/pkgship/images/PatchTracking.jpg b/docs/zh/tools/devops/pkgship/images/PatchTracking.jpg new file mode 100644 index 0000000000000000000000000000000000000000..e12afd6227c18c333f289b9aa71abf608d8058a0 Binary files /dev/null and b/docs/zh/tools/devops/pkgship/images/PatchTracking.jpg differ diff --git a/docs/zh/tools/devops/pkgship/images/packagemanagement.png b/docs/zh/tools/devops/pkgship/images/packagemanagement.png new file mode 100644 index 0000000000000000000000000000000000000000..6d314e2c6ad6bafd321d9f76cd6aa5f17a8cb394 Binary files /dev/null and b/docs/zh/tools/devops/pkgship/images/packagemanagement.png differ diff --git a/docs/zh/tools/devops/pkgship/images/panel.png b/docs/zh/tools/devops/pkgship/images/panel.png new file mode 100644 index 0000000000000000000000000000000000000000..150eb8c8229f9e8cb47706f3b82f07516a505076 Binary files /dev/null and b/docs/zh/tools/devops/pkgship/images/panel.png differ diff --git a/docs/zh/tools/devops/pkgship/pkgship.md b/docs/zh/tools/devops/pkgship/pkgship.md new file mode 100644 index 0000000000000000000000000000000000000000..c08375b53b2a220360a5d7641b736af3b2cbc8a5 --- /dev/null +++ b/docs/zh/tools/devops/pkgship/pkgship.md @@ -0,0 +1,426 @@ +# pkgship + +## 介绍 + +pkgship是一款管理OS软件包依赖关系,提供依赖和被依赖关系完整图谱的查询工具,pkgship提供软件包依赖查询、生命周期管理等功能。 + +1. 软件包基本信息查询:方便社区人员快速获取软件包的名称、版本,描述等基本信息。 +2. 软件包依赖查询:方便社区人员在软件包引入、更新和删除的时候了解软件的影响范围。 + +## 架构 + +系统采用flask-restful开发,架构如下图所示。 + +![avatar](./images/packagemanagement.png) + +## 在线使用 + +pkgship提供了公网地址,若无定制化需求,可直接使用在线查询。 + +若需要定制查询数据源,可按照文档进行本地安装、配置、使用。 + +## 软件下载 + +- Repo源挂载正式发布地址: +- 源码获取地址: +- RPM包版本获取地址: + +## 运行环境 + +- 硬件配置: + +| 配置项 | 推荐规格 | +| -------- | ----------- | +| CPU | 8核 | +| 内存 | 32G,最小4G | +| 硬盘 | 20G | +| 网络带宽 | 300M | +| I/O | 375MB/sec | + +- 软件配置: + +| 软件名 | 版本和规格 | +| ------------- | ------------------------------------------ | +| Elasticsearch | 版本7.10.1;单机部署可用;有能力可部署集群 | +| Redis | 建议5.0.4及以上;建议大小配置为内存的3/4 | +| Python | 版本 3.8及以上 | + +## 安装工具 + +> 说明:该软件支持在docker下运行。 + +**1、pkgship工具安装** + + 工具安装可通过以下两种方式中的任意一种实现。 + +- 方法一:通过dnf挂载repo源实现。 + 先使用dnf挂载pkgship软件所在repo源(具体方法可参考《[应用开发指南](https://openeuler.org/zh/docs/24.03_LTS_SP1/docs/ApplicationDev/%E5%BC%80%E5%8F%91%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.html)》),然后执行如下指令下载以及安装pkgship及其依赖。 + + ```bash + dnf install pkgship + ``` + +- 方法二:通过安装rpm包实现。 + 先下载pkgship的rpm包,然后执行如下命令进行安装(其中“x.x-x”表示版本号,请用实际情况代替)。 + + ```bash + rpm -ivh pkgship-x.x-x.oe1.noarch.rpm + ``` + + 或者 + + ```bash + dnf install pkgship-x.x-x.oe1.noarch.rpm + ``` + +**2、Elasticsearch和Redis安装** + + 如果环境没有安装Elasticsearch或者Redis,可以在pkgship安装之后执行自动化安装脚本。 + + 脚本路径默认为: + +``` +/etc/pkgship/auto_install_pkgship_requires.sh +``` + + 执行方法为 + +``` +/bin/bash auto_install_pkgship_requires.sh elasticsearch +``` + + 或者 + +``` + /bin/bash auto_install_pkgship_requires.sh redis +``` + +>**说明:** +>以rpm包方式安装Elasticsearch默认为无密码模式,且pkgship需使用无密码设置的Elasticsearch,因此,当前建议Elasticsearch和pkgship需安装在同一服务器,通过网络隔离提高安全性。后续版本将支持Elasticsearch设置用户名密码。 + +**3、安装后添加用户** + +在安装pkgship软件后,会自动创建名为pkgshipuser的用户和名为pkgshipuser的用户组,无需手动创建,后续服务启动和运行时,都会以该用户角色操作。 + +## 配置参数 + +1.在配置文件中对相应参数进行配置,系统的默认配置文件存放在 /etc/pkgship/package.ini,请根据实际情况进行配置更改。 + +``` +vim /etc/pkgship/package.ini +``` + +```ini +[SYSTEM-系统配置] +; 初始化数据库时导入的yaml文件存放位置,该yaml中记录导入的sqlite文件位置 +init_conf_path=/etc/pkgship/conf.yaml + +; 若部署为客户端-服务端方式,服务端需保证query_ip_addr为本机ip或者(0.0.0.0), +; 客户端可通过query_ip_addr和query_port访问服务端,或者通过设置映射的remote_host访问服务端 + +; 服务查询端口 +query_port=8090 + +; 服务查询ip +query_ip_addr=127.0.0.1 + +; 远程服务的地址,命令行可以直接调用远程服务来完成数据请求 +remote_host=https://api.openeuler.org/pkgmanage + +; 初始化和下载临时文件存放目录,不会长时间占用,建议可用空间至少1G +temporary_directory=/opt/pkgship/tmp/ + +[LOG-日志] +; 业务日志存放路径 +log_path=/var/log/pkgship/ + +; 打印日志级别,支持如下: +; INFO DEBUG WARNING ERROR CRITICAL +log_level=INFO + +; 单个业务日志文件最大容量,超过该值会自动压缩转储,默认为30M +max_bytes=31457280 + +; 备份日志保留的最大数量,默认为30 +backup_count=30 + +[UWSGI-Web服务器配置] +; 操作日志路径 +daemonize=/var/log/pkgship-operation/uwsgi.log +; 前后端传输数据大小 +buffer-size=65536 +; 网络连接超时时间 +http-timeout=600 +; 服务响应时间 +harakiri=600 + +[REDIS-缓存配置] +; Redis缓存服务器的地址可以是已发布的可以正常访问的域或IP地址 +;链接地址默认为127.0.0.1 +redis_host=127.0.0.1 + +;Redis缓存服务器的端口,默认为6379 +redis_port=6379 + +;Redis服务器一次允许的最大连接数 +redis_max_connections=10 + +[DATABASE-数据库] +;数据库访问地址,建议设置为本机地址 +database_host=127.0.0.1 + +;数据库访问端口,默认为9200 +database_port=9200 + +``` + +2.创建初始化数据库的yaml配置文件: +conf.yaml 文件默认存放在 /etc/pkgship/ 路径下,pkgship会通过该配置读取要建立的数据库名称以及需要导入的sqlite文件,也支持配置sqlite文件所在的repo地址。conf.yaml 示例如下所示。 + +```yaml +dbname: oe{version} #数据库名称 +src_db_file: /etc/pkgship/repo/openEuler-{version}/src #源码包所在的本地路径 +bin_db_file: /etc/pkgship/repo/openEuler-{version}/bin #二进制包所在的本地路径 +priority: 1 #数据库优先级 + +dbname: oe{version} +src_db_file: https://repo.openeuler.org/openEuler-{version}/source #源码包所在的repo源 +bin_db_file: https://repo.openeuler.org/openEuler-{version}/everything/aarch64 #二进制包所在的repo源 +priority: 2 +``` + +> 如需更改存放路径,请更改package.ini下的 init_conf_path 选项。 +> +> 不支持直接配置sqlite文件路径。 +> +> dbname请使用小写字母或者数字开头和结尾,支持括号内字符(. - _ +),不支持大写字母。 + +## 服务启动和停止 + +pkgship启动和停止方式有两种,systemctl方式和pkgshipd方式,其中systemctl方式启动可以有异常停止自启动的机制。两种方式的执行命令为: + +```shell +systemctl start pkgship.service 启动服务 + +systemctl stop pkgship.service 停止服务 + +systemctl restart pkgship.service 重启服务 +``` + +```sh +pkgshipd start 启动服务 + +pkgshipd stop 停止服务 +``` + +> 每次启停周期内仅支持一种方式,不允许两种操作同时使用。 +> +> pkgshipd启动方式只允许在pkgshipuser用户下操作。 +> +> docker环境下如果不支持systemctl命令,请使用pkgshipd启停方式。 + +## 工具使用 + +1. 数据库初始化。 + + > 使用场景:服务启动后,为了能查询对应的数据库(比如oe{version})中的包信息及包依赖关系,需要将这些数据库通过createrepo生成的sqlite(分为源码库和二进制库)导入进服务内,生成对应的包信息json体然后插入Elasticsearch对应的数据库中。数据库名为根据conf.yaml中配置的dbname生成的dbname-source/binary。 + + ```bash + pkgship init [-filepath path] + ``` + + > 参数说明: + > -filepath:指定初始化配置文件config.yaml的路径,可以使用相对路径和绝对路径,不带参数则使用默认配置初始化,可选参数。 + +2. 单包查询。 + + 用户可查询源码包或者二进制包(packagename)在指定数据库表(database)中的具体信息。 + + > 使用场景:用户可查询源码包或者二进制包在指定数据库中的具体信息。 + + ```bash + pkgship pkginfo $packageName $database [-s] + ``` + + > 参数说明: + > packagename:指定要查询的软件包名,必传参数。 + > database:指定具体的数据库名称,必传参数。 + > + > -s: 指定`-s`将查询的是`src`源码包信息;若未指定 默认查询`bin`二进制包信息,可选参数。 + +3. 所有包查询。 + + 查询数据库下包含的所有包的信息。 + + > 使用场景:用户可查询指定数据库下包含的所有软件包信息。 + + ```bash + pkgship list $database [-s] + ``` + + > 参数说明: + > database:指定具体的数据库名称,必传参数。 + > -s: 指定`-s`将查询的是`src`源码包信息;若未指定 默认查询`bin`二进制包信息,可选参数。 + +4. 安装依赖查询。 + + 查询二进制包(binaryName)的安装依赖。 + + > 使用场景:用户需要安装某个二进制包A时,需要将该二进制包A的安装依赖B,及B的安装依赖C等等,直至所有的安装依赖全部安装到系统才能成功安装二进制包A。因此,在用户安装二进制包A之前,可能会需要查询二进制包A的所有安装依赖。该命令提供了此功能,允许用户根据平台默认的优先级在多个数据库之间进行查询;同时也支持用户自定义数据库查询优先级。 + + ```bash + pkgship installdep [$binaryName $binaryName1 $binaryName2...] [-dbs] [db1 db2...] [-level] $level + ``` + + > 参数说明: + > binaryName:需要查询安装的依赖的二进制包名字,支持传多个;必传参数。 + > + > -dbs:指定需要查询的database优先级,不传按照系统默认优先级搜索;可选参数。 + > + > -level:指定需要查询的依赖层级,不传默认为0,查询所有层级;可选参数。 + +5. 编译依赖查询。 + + 查询源码包(sourceName)的所有编译依赖。 + + > 使用场景:用户要编译某个源码包A的时候,需要安装源码包A的编译依赖B,要成功安装编译依赖B需要获取B的所有安装依赖。因此,在用户编译源码包A之前,可能会需要查询源码包的编译依赖以及这些编译依赖的所有安装依赖。该命令提供了此功能,允许用户根据平台默认的优先级在多个数据库之间进行查询;同时也支持用户自定义数据库查询优先级。 + + ```bash + pkgship builddep [$sourceName $sourceName1 $sourceName2..] -dbs [db1 db2 ..] [-level] $level + ``` + + > 参数说明: + > sourceName:需要查询编译依赖的源码包名字,支持多个查询;必传参数。 + > + > -dbs: 指定需要查询的database优先级,不传按照系统默认优先级搜索;可选参数。 + > + > -level:指定需要查询的依赖层级,不传默认为0,查询所有层级;可选参数。 + +6. 自编译自安装依赖查询。 + + 查询指定二进制包(binaryName)或源码包(sourceName )的安装及编译依赖,其中[pkgName]为查询的二进制包或者源码包的名称。当查询二进制包时,可以查询到该二进制包的所有安装依赖以及该二进制包对应的源码包的编译依赖,及这些编译依赖的所有安装依赖;当查询源码包时,可以查询该源码包的编译依赖,及这些编译依赖的所有安装依赖,并且查询该源码包生成的所有二进制包的所有安装依赖。同时,配合对应参数使用,该命令也支持查询软件包的自编译依赖查询,和包含子包的依赖查询。 + + > 使用场景:如果开发者想在现有的版本库的基础上引入新的软件包,应同时引入该软件包的所有编译、安装依赖。该命令提供开发者一个同时查询这两种依赖关系的功能,能让开发者知晓该软件包会引入哪些其他的包,该命令支持查询二进制包和源码包。 + + ```bash + pkgship selfdepend [$pkgName1 $pkgName2 $pkgName3 ..] [-dbs] [db1 db2..] [-b] [-s] [-w] + ``` + + > 参数说明: + > + > pkgName:需要查询安装的依赖的软件包名字,支持传多个;必传参数。 + > + > -dbs: 指定需要查询的database优先级,不传按照系统默认优先级搜索;可选参数。 + > + > -b:指定`-b`表示查询的包是二进制,不指定默认查询源码包;可选参数。 + > + > -s: 指定-s表示查询软件包的所有安装依赖和所有编译依赖(即编译依赖的源码包的编译依赖),以及所有编译依赖的安装依赖;如果不增加-s参数表示只查询软件包的所有安装依赖和一层编译依赖,以及一层编译依赖的所有安装依赖;可选参数。 + > + > -w:指定-w表示引入某个二进制包的时候,查询结果会显示出该二进制包对应的源码包以及该源码包生成的所有二进制包;如果不指定-w参数表示引入某个二进制包的时候,查询结果只显示对应的源码包;可选参数。 + +7. 被依赖查询。 + 查询软件包(pkgName)在某数据库(dbName)中被哪些包所依赖。 + + > 使用场景:针对软件包A,在升级或删除的情况下会影响哪些软件包,可通过该命令查询。该命令会显示源码包A(若为源码包)生成的所有二进制包(若输入为二进制包,那此处即为输入的二进制包)被哪些源码包(比如B)编译依赖,被哪些二进制包(比如C1)安装依赖;以及B生成的二进制包及C1被哪些源码包(比如D)编译依赖,被哪些二进制包(比如E1)安装依赖,以此类推,遍历这些二进制包的被依赖。 + + ```bash + pkgship bedepend dbName [$pkgName1 $pkgName2 $pkgName3] [-w] [-b] [-install/build] + ``` + + > 参数说明: + > + > dbName:需要查询依赖关系的仓库,不支持多个;必选参数。 + > + > pkgName:待查询的软件包名称,支持多个;必选参数。 + > + > -w :当不指定-w 时,查询结果默认不包含对应源码包的子包;当命令后指定配置参数[-w] 时,不仅会查询二进制包C1的被依赖关系,还会进一步去查询C1对应的源码包C生成的其他二进制包(比如:C2,C3)的被依赖关系;可选参数。 + > + > -b:指定`-b`表示查询的包是二进制,默认查询源码包;可选参数。 + > + > -install/build:指定`-install`表示查询的是安装被依赖,指定`-build`表示查询的是编译被依赖,默认查全部, 不能`-install`和`-build`同时存在;可选参数。 + +8. 数据库信息。 + + > 使用场景,查看Elasticsearch中初始化了哪些数据库,该功能会按照优先级顺序返回已经初始化的数据库列表。 + + `pkgship dbs` + +9. 获取版本号。 + + > 使用场景:获取pkgship软件的版本号。 + + `pkgship -v` + +## 日志查看和转储 + + **日志查看** + + pkgship服务在运行时会产生两种日志,业务日志和操作日志。 + + 1、业务日志: + + 路径:/var/log/pkgship/log_info.log(支持在package.ini中通过log_path字段自定义路径)。 + + 功能:主要记录代码内部运行的日志,方便问题定位。 + + 权限:路径权限755,日志文件权限644,普通用户可以查看。 + +2、操作日志: + +路径:/var/log/pkgship-operation/uwsgi.log (支持在package.ini中通过daemonize字段自定义路径)。 + +功能:记录使用者操作信息,包括ip,访问时间,访问url,访问结果等,方便后续查阅以及记录攻击者信息。 + +权限:路径权限700,日志文件权限644,只有root和pkgshipuser可以查看。 + +**日志转储** + +1、业务日志转储: + +- 转储机制 + + 使用python自带的logging内置函数的转储机制,按照日志大小来备份。 + +> 配置项,package.ini中配置每个日志的容量和备份数量 +> +> ```ini +> ; Maximum capacity of each file, the unit is byte, default is 30M +> max_bytes=31457280 +> +> ; Number of old logs to keep;default is 30 +> backup_count=30 +> ``` + +- 转储过程 + + 当某次日志写入后,日志文件大小超过配置的日志容量时,会自动压缩转储,压缩后文件名为log_info.log.x.gz, x是数字,数字越小为越新的备份。 + + 当备份日志数量到达配置的备份数量之后,最早的备份日志会被删除掉,然后备份一个最新的压缩日志文件。 + +2、操作日志转储: + +- 转储机制 + + 使用脚本进行转储,按照时间转储,每日转储一次,共保留30天,不支持自定义配置。 + + > 脚本位置:/etc/pkgship/uwsgi_logrotate.sh + +- 转储过程 + + pkgship启动时转储脚本后台运行,从启动时,每隔1天进行转储压缩,共保留30份压缩文件,压缩文件名称为uwsgi.log-20201010x.zip, x为压缩时的小时数。 + + pkgship停止后转储脚本停止,不再进行转储,再次启动时,转储脚本重新执行。 + +## 扩展工具pkgship-panel + +### 介绍 + +pkgship-panel旨在将软件包构建信息和维护信息集成到一起,方便版本维护人员可以快速识别构建异常软件包并快速邮件通知相关责任人去解决,保证构建工程稳定性,提高OS构建成功率。 + +### 架构 + +![](images/panel.png) + +### 工具使用 + +由于工具数据源不可配置,所以建议直接使用pkgship-panel官网: diff --git a/docs/zh/tools/maintenance/_toc.yaml b/docs/zh/tools/maintenance/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6240136944adf8430bbd09b71555904fc6fe8324 --- /dev/null +++ b/docs/zh/tools/maintenance/_toc.yaml @@ -0,0 +1,8 @@ +label: 系统运维 +sections: + - label: 热补丁制作 + sections: + - href: ../../server/maintenance/syscare/_toc.yaml + - label: 系统监控 + sections: + - href: ../../server/maintenance/sysmonitor/_toc.yaml diff --git a/docs/zh/tools/security/_toc.yaml b/docs/zh/tools/security/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8fc05523a19a7ae549d6988db06384d8bc43991e --- /dev/null +++ b/docs/zh/tools/security/_toc.yaml @@ -0,0 +1,5 @@ +label: 安全 +sections: + - href: + upstream: https://gitee.com/openeuler/secGear/blob/master/docs/zh/2403_LTS_SP2/_toc.yaml + path: ./secgear diff --git a/docs/zh/virtualization/_toc.yaml b/docs/zh/virtualization/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..43721ca19c0fc5958bd66c1c308ba9d2ef211d9e --- /dev/null +++ b/docs/zh/virtualization/_toc.yaml @@ -0,0 +1,14 @@ +label: 虚拟化 +sections: + - label: 虚拟化平台 + sections: + - href: + upstream: https://gitee.com/openeuler/Virt-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/virtualization_platform/virtualization/_toc.yaml + path: ./virtulization_platform/virtulization + - href: + upstream: https://gitee.com/openeuler/Virt-docs/blob/openEuler-24.03-LTS-SP2/docs/zh/virtualization_platform/stratovirt/_toc.yaml + path: ./virtulization_platform/stratovirt + - label: openStack用户指南 + href: >- + https://openstack-sig.readthedocs.io/zh/latest/ + description: 一个开源的云计算管理平台项目 \ No newline at end of file diff --git a/others/certification/figures/0690939843730385b79e4cd21d504059.png b/others/certification/figures/0690939843730385b79e4cd21d504059.png new file mode 100644 index 0000000000000000000000000000000000000000..987f57873ce86442fab32785a2576957729e0b7c Binary files /dev/null and b/others/certification/figures/0690939843730385b79e4cd21d504059.png differ diff --git a/others/certification/figures/171f947111911ab0e662e2d7d802c86a.png b/others/certification/figures/171f947111911ab0e662e2d7d802c86a.png new file mode 100644 index 0000000000000000000000000000000000000000..a26be78a8413f9370f1f68ca928b0e8544f58ca3 Binary files /dev/null and b/others/certification/figures/171f947111911ab0e662e2d7d802c86a.png differ diff --git a/others/certification/figures/17cbce82b9379286ad4cb1e77833538a.png b/others/certification/figures/17cbce82b9379286ad4cb1e77833538a.png new file mode 100644 index 0000000000000000000000000000000000000000..35b4360f7f4a1663d19a53e9d7664e17a8974dbc Binary files /dev/null and b/others/certification/figures/17cbce82b9379286ad4cb1e77833538a.png differ diff --git a/others/certification/figures/1ba51dfdafc88634029eea1fb0337f4f.png b/others/certification/figures/1ba51dfdafc88634029eea1fb0337f4f.png new file mode 100644 index 0000000000000000000000000000000000000000..acd8c34910bf1dba03a562640b293e1463ea18ff Binary files /dev/null and b/others/certification/figures/1ba51dfdafc88634029eea1fb0337f4f.png differ diff --git a/others/certification/figures/222ce6304c11c1f08232890ef4c3fe06.png b/others/certification/figures/222ce6304c11c1f08232890ef4c3fe06.png new file mode 100644 index 0000000000000000000000000000000000000000..15c7e1674e41ac164560b34ec0804bd0dd2daf28 Binary files /dev/null and b/others/certification/figures/222ce6304c11c1f08232890ef4c3fe06.png differ diff --git a/others/certification/figures/2345e6304c11c1f08232890ef4c3fe06.png b/others/certification/figures/2345e6304c11c1f08232890ef4c3fe06.png new file mode 100644 index 0000000000000000000000000000000000000000..103772dda69538a4c7be5c4e42de83c8febcb6a0 Binary files /dev/null and b/others/certification/figures/2345e6304c11c1f08232890ef4c3fe06.png differ diff --git a/others/certification/figures/3238b62e2848115d441eb30d7ab17681.png b/others/certification/figures/3238b62e2848115d441eb30d7ab17681.png new file mode 100644 index 0000000000000000000000000000000000000000..faeb07403f1cf116662fc379516a2bab79d37da5 Binary files /dev/null and b/others/certification/figures/3238b62e2848115d441eb30d7ab17681.png differ diff --git a/others/certification/figures/446a61dbb880c4e40e5c54e7eb305427.png b/others/certification/figures/446a61dbb880c4e40e5c54e7eb305427.png new file mode 100644 index 0000000000000000000000000000000000000000..04be72c75fa7b3f829e48943b04d6140d8da7ce7 Binary files /dev/null and b/others/certification/figures/446a61dbb880c4e40e5c54e7eb305427.png differ diff --git a/others/certification/figures/4dfbf191b6d574d05b925f2a72ff1a26.png b/others/certification/figures/4dfbf191b6d574d05b925f2a72ff1a26.png new file mode 100644 index 0000000000000000000000000000000000000000..ab335f055ca24efe50ea6755847f45309e04f21a Binary files /dev/null and b/others/certification/figures/4dfbf191b6d574d05b925f2a72ff1a26.png differ diff --git a/others/certification/figures/5af0166ab06e30d2483ef6f442811cd1.png b/others/certification/figures/5af0166ab06e30d2483ef6f442811cd1.png new file mode 100644 index 0000000000000000000000000000000000000000..aa57a0ba81359396dd8166460f35eaa550dba28b Binary files /dev/null and b/others/certification/figures/5af0166ab06e30d2483ef6f442811cd1.png differ diff --git a/others/certification/figures/68d556565c59f7819326a9b6a1c364a5.png b/others/certification/figures/68d556565c59f7819326a9b6a1c364a5.png new file mode 100644 index 0000000000000000000000000000000000000000..cf02e181d6b2cda3b84cedd7ff2439008c3dc384 Binary files /dev/null and b/others/certification/figures/68d556565c59f7819326a9b6a1c364a5.png differ diff --git a/others/certification/figures/72287e9eac379e88d9f6e70a0fd0a82a.png b/others/certification/figures/72287e9eac379e88d9f6e70a0fd0a82a.png new file mode 100644 index 0000000000000000000000000000000000000000..1390252d26f8c431c0aeef60204b9d40dced612a Binary files /dev/null and b/others/certification/figures/72287e9eac379e88d9f6e70a0fd0a82a.png differ diff --git a/others/certification/figures/805b547fdd5f083ec5bdaf14f70c8709.png b/others/certification/figures/805b547fdd5f083ec5bdaf14f70c8709.png new file mode 100644 index 0000000000000000000000000000000000000000..d63d0852c72d480712df5a6b87d817e264d5206f Binary files /dev/null and b/others/certification/figures/805b547fdd5f083ec5bdaf14f70c8709.png differ diff --git a/others/certification/figures/8257c421f3e44c53246752925c67f43f.png b/others/certification/figures/8257c421f3e44c53246752925c67f43f.png new file mode 100644 index 0000000000000000000000000000000000000000..760ce368ca0c6adafbc35bbbbd7f571429585487 Binary files /dev/null and b/others/certification/figures/8257c421f3e44c53246752925c67f43f.png differ diff --git a/others/certification/figures/8a844cc8f6d5083ac494ff5938ccf6ab.png b/others/certification/figures/8a844cc8f6d5083ac494ff5938ccf6ab.png new file mode 100644 index 0000000000000000000000000000000000000000..bcea1a2d2ce9313b941da9b0a4eb0274b5bd8796 Binary files /dev/null and b/others/certification/figures/8a844cc8f6d5083ac494ff5938ccf6ab.png differ diff --git a/others/certification/figures/a0edd4aec65418587c8b47c16e4ef274.png b/others/certification/figures/a0edd4aec65418587c8b47c16e4ef274.png new file mode 100644 index 0000000000000000000000000000000000000000..9a34b9f1e60137939c62cf81fdcdf10d8501a427 Binary files /dev/null and b/others/certification/figures/a0edd4aec65418587c8b47c16e4ef274.png differ diff --git a/others/certification/figures/a795a7e01a6d22e6f0889c424eed33af.png b/others/certification/figures/a795a7e01a6d22e6f0889c424eed33af.png new file mode 100644 index 0000000000000000000000000000000000000000..b7ccad2e2e50623aae240e66727d758e84760f09 Binary files /dev/null and b/others/certification/figures/a795a7e01a6d22e6f0889c424eed33af.png differ diff --git a/others/certification/figures/acd692cfed9c6c69b6130831b3cc0d64.png b/others/certification/figures/acd692cfed9c6c69b6130831b3cc0d64.png new file mode 100644 index 0000000000000000000000000000000000000000..788da6e97239a42cb62afb9aa9e02dd125eb07c5 Binary files /dev/null and b/others/certification/figures/acd692cfed9c6c69b6130831b3cc0d64.png differ diff --git a/others/certification/figures/b8746f18193a74d78e134e48fe305a0c.png b/others/certification/figures/b8746f18193a74d78e134e48fe305a0c.png new file mode 100644 index 0000000000000000000000000000000000000000..51e1296715b23192308e96b624740f4f9610b4a6 Binary files /dev/null and b/others/certification/figures/b8746f18193a74d78e134e48fe305a0c.png differ diff --git a/others/certification/figures/c13a837bb42a395df9865931ebcf23ab.png b/others/certification/figures/c13a837bb42a395df9865931ebcf23ab.png new file mode 100644 index 0000000000000000000000000000000000000000..bc25fa72c02e3b38c6e69dd1a8dbd9ba24f0ea1c Binary files /dev/null and b/others/certification/figures/c13a837bb42a395df9865931ebcf23ab.png differ diff --git a/others/certification/figures/c2a52ef70ae2b9ada562a623a492c64f.png b/others/certification/figures/c2a52ef70ae2b9ada562a623a492c64f.png new file mode 100644 index 0000000000000000000000000000000000000000..c00c50d44cdd30edfccfe453dc5ca9b23ada2f1b Binary files /dev/null and b/others/certification/figures/c2a52ef70ae2b9ada562a623a492c64f.png differ diff --git a/others/certification/figures/d28d66a605aa980563a72f07c0220bae.png b/others/certification/figures/d28d66a605aa980563a72f07c0220bae.png new file mode 100644 index 0000000000000000000000000000000000000000..c74b7321dc524bea83a9be6d4492762d93631136 Binary files /dev/null and b/others/certification/figures/d28d66a605aa980563a72f07c0220bae.png differ diff --git a/others/certification/figures/ec46ba2ca4b8f9b57c5c5f0d97ec2482.png b/others/certification/figures/ec46ba2ca4b8f9b57c5c5f0d97ec2482.png new file mode 100644 index 0000000000000000000000000000000000000000..2609da3df7502292c505f74dad14c2a657d6da03 Binary files /dev/null and b/others/certification/figures/ec46ba2ca4b8f9b57c5c5f0d97ec2482.png differ diff --git a/others/certification/figures/fa46b29668836f5dc009d17b71e8275e.png b/others/certification/figures/fa46b29668836f5dc009d17b71e8275e.png new file mode 100644 index 0000000000000000000000000000000000000000..b78855df159f8fe293d0d76ad6e06057db5e5f23 Binary files /dev/null and b/others/certification/figures/fa46b29668836f5dc009d17b71e8275e.png differ diff --git a/others/certification/figures/fff3093b3569cfe731087db579cf95df.png b/others/certification/figures/fff3093b3569cfe731087db579cf95df.png new file mode 100644 index 0000000000000000000000000000000000000000..6778a80885b2699b1c1a23ed8e7bfc445d63d4db Binary files /dev/null and b/others/certification/figures/fff3093b3569cfe731087db579cf95df.png differ diff --git "a/others/certification/openEuler\346\212\200\346\234\257\346\265\213\350\257\204\346\214\207\345\257\274\344\271\246.md" "b/others/certification/openEuler\346\212\200\346\234\257\346\265\213\350\257\204\346\214\207\345\257\274\344\271\246.md" new file mode 100644 index 0000000000000000000000000000000000000000..3c086f7b02433148b1d30844855b2d0b981c3a7f --- /dev/null +++ "b/others/certification/openEuler\346\212\200\346\234\257\346\265\213\350\257\204\346\214\207\345\257\274\344\271\246.md" @@ -0,0 +1,956 @@ +目 录 + +[1 概述](#_Toc256000000) + +[1.1 目的](#_Toc256000001) + +[1.2 适用范围](#_Toc256000002) + +[1.3 定义](#_Toc256000003) + +[2 openEuler技术测评场景说明](#_Toc256000004) + +[2.1 技术测评](#_Toc256000005) + +[2.1.1 场景说明](#场景说明) + +[2.1.2 软件和硬件测评流程说明](#软件和硬件测评流程说明) + +[2.1.2.1 整体流程](#整体流程) + +[2.1.2.2 流程节点说明](#流程节点说明) + +[2.2 操作系统测评流程说明](#操作系统测评流程说明) + +[2.2.1 场景说明](#_Toc256000011) + +[2.2.2 整体流程](#_Toc256000012) + +[2.2.3 流程节点说明](#_Toc256000013) + +[3 测试标准和测试工具](#_Toc256000014) + +[3.1 商用软件](#商用软件) + +[3.1.1 测试用例](#_Toc256000016) + +[3.1.2 测试工具](#测试步骤) + +[3.2 硬件](#硬件) + +[3.2.1 测试用例](#测试标准) + +[3.2.2 测试工具](#测试步骤-1) + +[3.3 操作系统](#操作系统) + +[3.3.1 测试用例](#测试标准-1) + +[3.3.2 测试工具](#测试步骤-2) + +[4 平台操作指导](#平台操作指导) + +[4.1 用户注册](#用户注册) + +[4.2 企业认证](#企业认证) + +[4.3 测评申请](#测评申请) + +[4.4 测评审批](#测评审批) + +[4.4 证书签发](#证书签发) + +[5 附录](#_Toc256000029) + +[5.1 修改商业软件测试安装和卸载命令](#修改商业软件测试安装和卸载命令) + +# 概述 + +[1.1 目的](#目的) + +[1.2 适用范围](#适用范围) + +[1.3 定义](#定义) + +## 目的 + +openEuler技术测评,是openEuler社区面向产业伙伴提供的一项技术性服务,由openEuler社区针对伙伴产品进行集成、构建、测试和验证,以证明伙伴产品与openEuler操作系统间的技术关系,以及伙伴基于openEuler的产品构建能力,帮助伙伴为客户提供更好的解决方案。 + +openEuler技术测评,是openEuler社区针对使用openEuler OS的生态伙伴解决方案的技术测评服务。本文描述了openEuler技术测评标准,本标准不仅仅适用于openEuler社区,也适用于获得欧拉社区授权,开展openEuler技术测评活动的测试机构(如欧拉生态创新中心等)。本文档旨在提供统一的测试标准、流程和测试工具,简化伙伴测试的复杂度。 + +## 适用范围 + +本文档描述范围是openEuler技术测评。适用但不限于如下组织: + +- openEuler社区授权的测试/测评机构,openEuler兼容性SIG组 +- 各地域openEuler创新中心、生态实验室 + +## 定义 + +| **术语** | **释义** | +| ----------------- | ------------------------------------------------------------ | +| openEuler技术测评 | openEuler社区针对使用openEuler OS的生态伙伴解决方案的技术测评服务。 | +| ISV | 独立软件开发商。 | +| IHV | 独立硬件厂商。 | +| OSV | 操作系统供应商。 | + +# openEuler技术测评场景说明 + +[2.1 技术测评](#技术测评) + +[2.2 交叉测评](#测试标准和测试工具) + +## 技术测评 + +### 场景说明 + +openEuler是面向商业软件、硬件、操作系统发行版及开发openEuler Compatible技术测评项目,根据证书类型,分为通用证书及OS证书。 + +| **证书类型** | **证明效力** | **测评场景** | +| ----------------------------------------- | ------------------------------------ | ------------------------------------------------------------ | +| openEuler技术测评 通用证书 (软件、硬件) | 伙伴产品兼容 openEuler社区发行版 | 针对软件伙伴产品(除操作系统外),硬件伙伴的产品(整机或板卡),基于openEuler社区发行版在多样性算力平台上进行兼容性测评,满足openEuler技术测评标准后,可申请获取openEuler技术测评通用证书。 | +| openEuler技术测评OS证书 | 伙伴发行版兼容 openEuler社区技术路线 | 伙伴openEuler商业发行版及企业自用版操作系统,在多样性算力平台下,进行兼容性测试验证,满足openEuler系OS技术测评标准后,可申请openEuler技术测评OS证书。 | + +证书样式如下: + +| **通用证书首页** | ![](figures/17cbce82b9379286ad4cb1e77833538a.png) | +|------------------|-------------------------------------------------| +| **OS证书首页** | ![](figures/a795a7e01a6d22e6f0889c424eed33af.png) | +| **证书背面** | ![](figures/fa46b29668836f5dc009d17b71e8275e.png) | + +### 软件和硬件测评流程说明 + +#### 整体流程 + +![](figures/8257c421f3e44c53246752925c67f43f.png) + +> 说明: +> +> 申请技术测评需先完成帐号注册、完善企业信息,签署CLA协议(步骤001-004)。如已完成上述步骤001-004,可直接提交技术测评申请(步骤005)。 + +#### 流程节点说明 + +| **活动序号** | **活动属性** | **内容** | +| ------------ | ------------ | ------------------------------------------------------------ | +| **001** | **活动名称** | 帐号注册。 | +| **001** | **活动描述** | 申请测评企业需先在技术测评平台:[https://certification.openeuler.org](https://certification.openeuler.org/),进行帐号注册,提交姓名、手机号/邮箱、验证密码,同意隐私声明和兼容性协议,验证完成后,完成帐号注册。 | +| **001** | **责任角色** | 测评企业。 | +| **001** | **参与角色** | - | +| **002** | **活动名称** | 签署CLA协议。 | +| **002** | **活动描述** | 完成帐号注册后登录测评平台,测评企业需完成CLA签署,才能进行后续操作,CLA签署攻略:,测评企业请签署企业CLA或企业员工CLA。 注意:签署CLA无需测评企业贡献代码和技术测评的测试报告等信息至社区,默认仅贡献兼容性清单。如有特殊需求,可在技术测评申请流程中,选择不发布到兼容性清单。 | +| **002** | **责任角色** | 测评企业。 | +| **002** | **参与角色** | - | +| **003** | **活动名称** | 完善企业信息。 | +| **003** | **活动描述** | 完成CLA签署后,测评企业需完善企业信息,需提交企业LOGO、工商注册国家/地区、企业邮箱、营业执照等信息,用以确认当前申请人确实获得企业授权进行技术测评。 | +| **003** | **责任角色** | 测评企业。 | +| **003** | **参与角色** | - | +| **004** | **活动名称** | 资质审核。 | +| **004** | **活动描述** | 测评企业完善企业信息后,平台会自动对提交信息进行校验,确认邮箱、企业资质等无误后,完成企业资质审核。 | +| **004** | **责任角色** | openEuler社区。 | +| **004** | **参与角色** | - | +| **005** | **活动名称** | 申请测评。 | +| **005** | **活动描述** | 申请测评企业产品类型,选择待测评的产品和解决方案,并填写产品相关信息,提交测评申请。测评申请平台:。 | +| **005** | **责任角色** | 测评企业。 | +| **005** | **参与角色** | - | +| **006** | **活动名称** | 方案审核。 | +| **006** | **活动描述** | openEuler社区接收到测评申请后,需审核测评方案合理性:审核测评方案是否和已有测评重复、测评方案是否符合技术测评范畴、测评评方案必备信息的完整性和内容质量。 | +| **006** | **责任角色** | openEuler社区。 | +| **006** | **参与角色** | - | +| **007** | **活动名称** | 发放环境。 | +| **007** | **活动描述** | 测评审核通过后,openEuler社区会引导测评企业按照测评标准进行测试,测评企业如无测试条件,可提交资源申请。 对于商业软件,openEuler社区或创新中心会发放服务器作为测试环境。对于整机&板卡,openEuler社区或创新中心可接收整机/板卡,协助测评企业测试。 | +| **007** | **责任角色** | openEuler社区/创新中心。 | +| **007** | **参与角色** | - | +| **008** | **活动名称** | 迁移适配。 | +| **008** | **活动描述** | 测评企业依靠测评方案对测评产品完成openEuler适配 ,确保产品功能正常。 | +| **008** | **责任角色** | 测评企业。 | +| **008** | **参与角色** | openEuler社区,创新中心。 | +| **009** | **活动名称** | 测试执行。 | +| **009** | **活动描述** | 测评企业依靠测评方案对测评产品完成技术测评用例测试,验证用例是否通过。 | +| **009** | **责任角色** | 测评企业。 | +| **009** | **参与角色** | openEuler社区,创新中心。 | +| **010** | **活动名称** | 测试结果收集提交。 | +| **010** | **活动描述** | 完成测试并自检通过后,测评企业需收集测试日志,并提交到测评平台。 | +| **010** | **责任角色** | 测评企业。 | +| **010** | **参与角色** | openEuler社区,创新中心。 | +| **011** | **活动名称** | 生成测试报告。 | +| **011** | **活动描述** | 测评平台接收到测评企业提交的测试日志后,根据规则分析日志并生成测试报告。 | +| **011** | **责任角色** | openEuler社区。 | +| **011** | **参与角色** | - | +| **012** | **活动名称** | 测试报告初审。 | +| **012** | **活动描述** | 测试报告生成后,创新中心需根据测评方案和测评标准,对测试报告进行审核。如果测试用例均通过且满足测评标准,则通过复审。如果存在失败用例或不满足测评标准,则驳回到伙伴重新测试提交测试日志。 | +| **012** | **责任角色** | 创新中心。 | +| **012** | **参与角色** | - | +| **013** | **活动名称** | 测试报告复审。 | +| **013** | **活动描述** | 创新中心初审报告通过后,由openEuler社区进行报告的最终审核,确认满足测评标准后,完成测试报告复审。 | +| **013** | **责任角色** | openEuler社区。 | +| **013** | **参与角色** | - | +| **014** | **活动名称** | 证书初审。 | +| **014** | **活动描述** | 基于测试报告审核意见给出测评证书签发意见,完成openEuler社区侧证书初审。 | +| **014** | **责任角色** | openEuler社区。 | +| **014** | **参与角色** | - | +| **015** | **活动名称** | 伙伴确认。 | +| **015** | **活动描述** | 测评企业从测评平台预览测评证书,完成测评企业侧领导签发,将签名或扫描件上传到测评平台。 | +| **015** | **责任角色** | 测评企业。 | +| **015** | **参与角色** | - | +| **016** | **活动名称** | 证书签发。 | +| **016** | **活动描述** | openEuler社区下载测评企业签发后的测评证书,需确认证书内容的一致性和正确性: 1、双方领导签名的正确性和大小规格一致性 ,2、测评企业软件名称、版本正确性, 3、测评企业公司名称正确性和一致性。 | +| **016** | **责任角色** | openEuler社区。 | +| **016** | **参与角色** | - | +| **017** | **活动名称** | 兼容清单刷新。 | +| **017** | **活动描述** | 证书签发完成后,如果测评伙伴在测评流程选择发布兼容性清单,测评平台自动将兼容性信息发布到openEuler官网兼容性列表。 | +| **017** | **责任角色** | openEuler社区。 | +| **017** | **参与角色** | - | + +### 操作系统测评流程说明 + +#### 整体流程 + +![](figures/3238b62e2848115d441eb30d7ab17681.png) + +> 说明: +> +> 申请技术测评需先完成帐号注册、完善企业信息及签署CLA协议(步骤001-004)。如已完成上述步骤001-004,可直接提交技术测评申请(步骤005)。 + +#### 流程节点说明 + +| **活动序号** | **活动属性** | **内容** | +| ------------ | ------------ | ------------------------------------------------------------ | +| **001** | **活动名称** | 帐号注册。 | +| **001** | **活动描述** | 申请测评企业需先在技术测评平台:[https://certification.openeuler.org](https://certification.openeuler.org/),进行帐号注册,提交姓名、手机号/邮箱、验证密码,同意隐私声明和兼容性协议,验证完成后,完成帐号注册。 | +| **001** | **责任角色** | 测评企业。 | +| **001** | **参与角色** | - | +| **002** | **活动名称** | 签署CLA协议。 | +| **002** | **活动描述** | 完成帐号注册并登录测评平台后,测评企业需完成CLA签署,才能进行后续操作,CLA签署攻略:,测评企业请签署企业CLA或企业员工CLA。 注意:签署CLA无需测评企业贡献代码和技术测评的测试报告等信息至社区,默认仅贡献兼容性清单。如有特殊需求,可在技术测评申请流程中,选择不发布到兼容性清单。 | +| **002** | **责任角色** | 测评企业。 | +| **002** | **参与角色** | - | +| **003** | **活动名称** | 完善企业信息。 | +| **003** | **活动描述** | 完成CLA签署后,测评企业需完善企业信息,提交企业LOGO、工商注册国家/地区、企业邮箱、营业执照等信息,用以确认当前申请人确实获得企业授权进行技术测评。 | +| **003** | **责任角色** | 测评企业。 | +| **003** | **参与角色** | - | +| **004** | **活动名称** | 资质审核。 | +| **004** | **活动描述** | 测评企业完善企业信息后,平台会自动对提交信息进行校验,确认邮箱、企业资质等无误后,完成企业资质审核。 | +| **004** | **责任角色** | openEuler社区。 | +| **004** | **参与角色** | - | +| **005** | **活动名称** | 申请测评。 | +| **005** | **活动描述** | 申请测评企业产品类型,选择待测评的产品和解决方案,并填写产品相关信息,提交测评申请。测评申请平台:。 | +| **005** | **责任角色** | 测评企业。 | +| **005** | **参与角色** | - | +| **006** | **活动名称** | 方案审核。 | +| **006** | **活动描述** | openEuler社区接收到测评申请后,需审核测评方案合理性: 审核测评方案是否和已有测评重复,测评方案是否符合技术测评范畴, 测评方案必备信息的完整性和内容质量。 | +| **006** | **责任角色** | openEuler社区。 | +| **006** | **参与角色** | - | +| **007** | **活动名称** | 提供ISO。 | +| **007** | **活动描述** | 方案审核通过后,测评企业需提供待测评ISO的下载地址,用于后续测试。 | +| **007** | **责任角色** | 测评企业。 | +| **007** | **参与角色** | - | +| **008** | **活动名称** | ISO测试。 | +| **008** | **活动描述** | 创新中心依靠测评方案对测评ISO完成技术测评用例测试,验证用例是否通过。 | +| **008** | **责任角色** | 创新中心。 | +| **008** | **参与角色** | openEuler社区,测评企业。 | +| **009** | **活动名称** | 生成测试报告。 | +| **009** | **活动描述** | 测评平台收到测评企业提交的测试日志后,根据规则分析日志并生成测试报告。 | +| **009** | **责任角色** | openEuler社区 | +| **009** | **参与角色** | - | +| **010** | **活动名称** | 测试报告初审。 | +| **010** | **活动描述** | 测试报告生成后,创新中心需根据测评方案和测评标准,对测试报告进行审核。如果测试用例均通过且满足测评标准,则通过复审。如果存在失败用例或不满足测评标准,则驳回到伙伴重新测试提交测试日志。 | +| **010** | **责任角色** | 创新中心。 | +| **010** | **参与角色** | - | +| **011** | **活动名称** | 测试报告复审。 | +| **011** | **活动描述** | 创新中心初审报告通过后,由openEuler社区进行报告的最终审核,确认满足测评标准后,完成测试报告复审。 | +| **011** | **责任角色** | openEuler社区。 | +| **011** | **参与角色** | - | +| **012** | **活动名称** | 证书初审。 | +| **012** | **活动描述** | 基于测试报告审核意见给出测评证书签发意见,完成openEuler社区侧证书初审。 | +| **012** | **责任角色** | openEuler社区。 | +| **012** | **参与角色** | - | +| **013** | **活动名称** | 伙伴确认。 | +| **013** | **活动描述** | 测评企业从测评平台预览测评证书,完成测评企业侧领导签发,将签名/扫描件上传到测评平台。 | +| **013** | **责任角色** | 测评企业。 | +| **013** | **参与角色** | - | +| **014** | **活动名称** | 证书签发。 | +| **014** | **活动描述** | openEuler社区下载测评企业签发后的测评证书,需确认证书内容的一致性和正确性: 1、双方领导签名的正确性和大小规格一致性 ,2、测评企业软件名称、版本正确性, 3、测评企业公司名称正确性和一致性。 | +| **014** | **责任角色** | openEuler社区。 | +| **014** | **参与角色** | - | +| **015** | **活动名称** | 兼容清单刷新。 | +| **015** | **活动描述** | 证书签发完成后,如果测评伙伴在测评流程选择发布兼容性清单,测评平台自动将兼容性信息发布到openEuler官网兼容性列表。 | +| **015** | **责任角色** | openEuler社区。 | +| **015** | **参与角色** | - | + +# 测试标准和测试工具 + +[3.1 ISV](#商用软件) + +[3.2 IHV](#硬件) + +[3.3 OSV](#操作系统) + +## 商用软件 + +### 测试标准 + +经openEuler兼容性SIG组评定,针对商用软件技术测评的测试方案如下。 + +| **测试维度** | **检测项** | **评定标准** | **是否可选** | +| ----------------- | ------------------ | ------------------------------------------------------------ | ------------ | +| 构建测试 | 软件构建测试 | 目标软件可以在指定架构、操作系统上构建成功。 | 可选 | +| 兼容性测试 | 软件包安装测试 | 目标软件可以在指定架构、操作系统上安装成功。 | 必选 | +| 兼容性测试 | 软件包卸载测试 | 目标软件可以在指定架构、操作系统上卸载成功。 | 必选 | +| 兼容性测试 | 软件服务启动测试 | 目标软件可以在指定架构、操作系统上启动成功。 | 必选 | +| 兼容性测试 | 软件服务停止测试 | 目标软件可以在指定架构、操作系统上停止成功。 | 必选 | +| 兼容性测试 | 强制杀死进程测试 | 目标软件可以在指定架构、操作系统上异常终止后可以启动成功。 | 必选 | +| 兼容性测试 | 软件命令调用测试 | 目标软件可以在指定架构、操作系统上运行基本的命令。 | 必选 | +| 兼容性测试 | 软件依赖库查询 | 目标软件可以在指定架构、操作系统上查询依赖库。 | 必选 | +| 兼容性测试 | 软件依赖库差异识别 | 目标软件可以在指定架构、操作系统上依赖库兼容。 | 必选 | +| 性能测试 (可选) | CPU波动测试 | 目标软件在稳定运行期间的系统资源CPU的波动正常。 | 可选 | +| 性能测试 (可选) | 内存波动测试 | 目标软件在稳定运行期间的系统资源内存的波动正常。 | 可选 | +| 性能测试 (可选) | 磁盘波动测试 | 目标软件在稳定运行期间的系统资源IO的波动正常。 | 可选 | +| 性能测试 (可选) | 网络波动测试 | 目标软件在稳定运行期间的系统资源网络的波动正常。 | 可选 | +| 性能测试 (可选) | 压力长稳测试 | 目标软件在压力测试下能够长时间稳定运行,且指标数据波动范围在预期范围内。 | 可选 | +| 安全测试 | 端口安全测试 | 目标软件在运行期间的监控端口是否与端口矩阵中的端口信息一致。 | 必选 | +| 安全测试 | 病毒扫描测试 | 目标软件无携带病毒文件。 | 必选 | +| 安全测试 | CVE漏洞扫描测试 | 目标软件不存在已知的CVE漏洞。 | 必选 | + +### 测试步骤 + +#### 工具简介 + +为了解决欧拉技术测评过程中涉及的ISV商用软件兼容性测试问题,特基于《欧拉技术测评兼容性测试用例(ISV商用软件)》 集成了lkp-tests和x2openEuler测试工具。 + +#### 环境要求 + +| **项目** | **要求** | +| -------- | ------------------------------------------------- | +| 操作系统 | openEuler系操作系统。 | +| 依赖软件 | 请使用此命令安装依赖包:yum install -y wget git。 | + +> #### 注意 +> +> - 请勿在生产环境安装和执行测试工具。 +> - 工具安装过程需从外网下载代码和依赖包,请确保网络连接正常(如无法连接外网,需要将gem相关依赖完全离线并进行安装)。 +> - 工具默认安装在当前目录,请确保目录剩余空间足够。 +> + +#### 工具安装 + +##### Lkp-tests + +1. 安装依赖。 + + ``` + yum install -y wget git rubygems + ``` + +2. 安装Lkp-tests。 + + ``` + git clone https://gitee.com/wu_fengguang/lkp-tests + + cd lkp-tests + + sed -i "s/rubygems.org/gems.ruby-china.com/g" Gemfile + + gem sources --remove https://rubygems.org/ + + gem sources -a https://gems.ruby-china.com/ + + make install + ``` + +3. 写入环境变量。 + + 将lkp-tests所在路径增加到/etc/profile末尾,便于后续测试。 + + ``` + + vi /etc/profile + + export LKP_PATH="填写lkp-tests所在路径"。 + + ``` + + - vi 打开文件后,"shift"+"g"跳到文件末尾,然后按下"o" 编辑下一行。 + + - 输入完成后,"esc"退出编辑,然后输入":wq"+"enter"保存并退出文件。 + + ``` + source /etc/profile + ``` + +4. 下载测试套。 + + ``` + git clone https://gitee.com/whatamaze/compatibility-test + + cd compatibility-test + + sh install.sh + ``` + +##### x2openEuler安装 + +1. 安装依赖。 + + ``` + + yum install -y bzip2 bzip2-devel + + ``` + +2. 安装x2openEuler。 + + 访问 获取x2openEuler软件包并上传至服务器。 + + ```shell + yum install x2openEuler-xxx.rpm + ``` + +3. 设置x2openEuler密码。 + + ```shell + + passwd x2openEuler + ``` + + > 说明: + > + > 用户登录的密码,建议满足如下复杂度要求: + > + > - 密码长度为8\~32个字符。 + > - 使用包含大写字母、小写字母、数字、特殊字符(\~!@\#\$%\^&\*()-_=+\|[{}];:'",\<.\>/?)中的两种及以上类型的组合。 + > - 密码中不包含空格。 + > - 密码中不使用用户名。 + +#### 测试执行 + +##### Lkp-tests测试 + +1. 安装通用依赖。 + + ```shell + export arch=\`arch\` + + gem install git -v 1.9.1 + + lkp install + ``` + + > 注意: + > + > 此处必须安装1.12以下版本的git,否则会导致接口传参出错。 + +2. 安装兼容性测试依赖。 + + ```shell + lkp split-job $LKP_PATH/jobs/compatibility-test.yaml + lkp install -f compatibility-test-defaults.yaml + ``` + + 执行成功后会在执行命令目录中生成 compatibility-test-defaults.yaml 文件,用于后续任务调度,后续执行[执行兼容性测试](#执行兼容性测试),也需切换到此目录。 + +3. 执行兼容性测试。 + + 将待测软件包放至当前目录下,执行以下命令,最终测试结果在compatibilityLog文件中。 + + ```shell + lkp run ./compatibility-test-defaults.yaml -s 'package_name: xxxxxx' >compatibilityLog 2\>& 1 + ``` + + > 说明: + > + > - package_name: 后必须有一个空格,否则导致报错无法进行测试。 + > - 此处package_name后需填写软件包文件全名,例如nginx-1.14.2-1.oe1.aarch + > - 当前脚本适配rpm包,如无法直接使用rpm -ivh等rpm命令进行安装、卸载,请在脚本中修改安装卸载命令,详见附录[商业软件测试安装和卸载命令](#商业软件测试安装和卸载命令)。 + > + +##### x2openEuler测试 + +1. 切换到x2openEuler用户。 + + ```shell + su - x2openEuler + ``` + + > 须知: + > + > 使用前请务必切换用户为x2openEuler用户 + +2. 执行扫描。 + + ```shell + + x2openEuler scan [-batch] [-arch ARCH] [-os_name OS_NAME] [-target_os_name TARGET_OS_NAME] {filename \| directoryname} + ``` + + | **命令** | **参数选项** | **说明** | + | ---------------- | ------------------------ | ------------------------------------------------------------ | + | -batch | - | 多应用场景,配合directoryname,扫描文件夹下多个软件包若无此参数,仅扫描单个软件包。 | + | -arch | ARCH | 操作系统架构 可选参数。 可选x86_64或aarch64,默认为x86_64。 例如"-arch x86_64" 选择操作系统架构为x86_64。 | + | -os_name | OS_NAME | 源操作系统 可选参数,默认参数为centos7.6。例如"-os_name centos8.2" 选择源操作系统为CentOS 8.2。说明:当前源操作系统支持CentOS 6.8/CentOS 7.6/CentOS 8.2。 | + | - target_os_name | TARGET_OS_NAME | 目标操作系统 可选参数,默认参数为openEuler20.03-LTS-SP1。例如"-target_os_name openEuler20.03-LTS-SP1" 选择目标操作系统为openEuler20.03-LTS-SP1。 | + | - | filename\| directoryname | 需扫描的应用包或目录,例如"x2openEuler scan file_name_version.rpm" 选择扫描的应用包为file_name_version.rpm。说明:当前扫描支持rpm/tar/zip/gzip/jar/py/pyc/sh/bin文件。 | + + 此处以评估CUnit-2.1.3-21.oel.aarch64.rpm_应用包并输出软件评估报告为例,请根据实际情况选择所需参数并替换为需要扫描的软件包或软件包目录。 + + ```shell + x2openEuler scan -arch x86_64 CUnit-2.1.3-21.oel.x86_64.rpm + ``` + + ![](figures/8a844cc8f6d5083ac494ff5938ccf6ab.png) + +3. 结果查看。 + + 报告为html格式,建议下载报告并在浏览器查看。 + + ![](figures/446a61dbb880c4e40e5c54e7eb305427.png) + +## 硬件 + +### 测试标准 + +#### 整机测试标准 + +经openEuler兼容性SIG组评定,硬件技术测评分为整机和板卡,整机测试方案如下。 + +| **测试维度** | **检测项** | **评定标准** | **是否可选** | +| ------------ | ----------------- | ------------------------------------------------------------ | ------------ | +| ACPI测试 | ACPI测试 | 提取ACPI表,查看电源配置是否合理。 | 必选 | +| 时钟测试 | 系统时间偏差测试 | 测试系统时间没有偏差。 | 必选 | +| 时钟测试 | RTC时钟稳定性测试 | 测试RTC硬件时钟稳定性。 | 必选 | +| CPU测试 | CPU调频策略测试 | 测试 cpu 在不同调频策略下运行频率是否预期,测试 cpu 在不同频率下完全同规格计算量所需时间是否与频率值吻合。 | 必选 | +| Kdump测试 | 预留内存测试 | 查看系统是否为捕获内核提供预留内存。 | 必选 | +| Kdump测试 | Kdump可用性测试 | Kdump服务能否正常使用。 | 必选 | +| Kdump测试 | vmcore分析测试 | 通过crash分析kdump生成的vmcore文件。 | 必选 | +| 系统测试 | 系统事件捕获测试 | 测试perf是否可以捕获系统事件信息。 | 必选 | +| 系统测试 | 基本信息检查 | 查询硬件型号信息,系统版本信息,系统内核模块信息。 | 必选 | +| 系统测试 | 内核检查 | 检查是否为debug kernel。检查os版本和kerner版本是否匹配。 检查内核是否被污染或者内核rpm包是否被修改。 查看内核启动参数。 | 必选 | +| 系统测试 | selinux检查 | 检测selinux是否可用,可设置为enforcing。 | 必选 | +| IPMI测试 | IPMI测试 | 使用ipmitool查询ipmi信息。 | 必选 | +| 看门狗测试 | watchdog测试 | 触发watchdog,测试系统是否可以正常复位。 | 必选 | +| 内存测试 | 内存读写测试 | 测试内存读写是否成功。 | 必选 | +| 内存测试 | 内存占用测试 | 测试此内存是否成功。 | 必选 | +| 内存测试 | 内存大页测试 | 大页内存分配成功,大页内存测试成功。 | 必选 | +| 内存测试 | 内存热插拔测试 | 测试内存热插拔。 | 必选 | +| 磁盘测试 | 磁盘分区测试 | 成功获取空闲磁盘。 | 必选 | +| 磁盘测试 | 磁盘读写测试 | 裸盘顺序读写成功,裸盘随机读写成功,文件系统顺序读写成功,文件系统随机读写成功。 | 必选 | +| 网卡测试 | 获取IP地址 | 是否可以获取C/S的IP地址。 | 必选 | +| 网卡测试 | 网卡启停测试 | 网卡是否可以正常启动、关闭,获取网卡速率。 | 必选 | +| 网卡测试 | 网卡连通性测试 | 客户端是否可以ping通服务端,是否有丢包。 | 必选 | +| 网卡测试 | 延迟和带宽测试 | 测试C/S之间的网络延迟和Server的带宽。 | 必选 | +| 网卡测试 | 文件上传下载测试 | 客户端是否可以从服务端上传和下载文件。 | 必选 | +| USB测试 | USB插拔测试 | 检测是否有新设备插入 检测是否有设备拔掉。 | 必选 | +| RAID测试 | 分区测试 | 能成功获取空闲磁盘个数。 | 必选 | +| RAID测试 | 读写测试 | 裸盘顺序读写成功,裸盘随机读写成功,文件系统顺序读写成功,文件系统随机读写成功。 | 必选 | + +#### 板卡测试标准 + +经openEuler兼容性SIG组评定,硬件技术测评分为整机和板卡,板卡测试方案如下: + +##### NVMe测试标准 + +| **测试维度** | **检测项** | **评定标准** | **是否可选** | +| ------------ | ---------- | ------------------------ | ------------ | +| NVMe测试 | 格式化测试 | 测试硬盘格式化是否成功。 | 必选 | +| NVMe测试 | 读测试 | 测试硬盘读是否成功。 | - | +| NVMe测试 | 写测试 | 测试硬盘写是否成功。 | - | +| NVMe测试 | smart测试 | 磁盘读取samrt信息成功。 | - | +| NVMe测试 | log测试 | 分析smart信息成功。 | - | + +##### 网卡测试标准 + +| **测试维度** | **检测项** | **评定标准** | **是否可选** | +| ------------ | ---------------- | ------------------------------------------ | ------------ | +| 网卡测试 | 获取IP地址 | 是否可以获取C/S的IP地址。 | - | +| 网卡测试 | 网卡启停测试 | 网卡是否可以正常启动、关闭,获取网卡速率。 | - | +| 网卡测试 | 网卡连通性测试 | 客户端是够能ping通服务端,是否有丢包。 | - | +| 网卡测试 | 延迟和带宽测试 | 测试C/S之间的网络延迟和Server的带宽。 | - | +| 网卡测试 | 文件上传下载测试 | 客户端能否从服务端上传和下载文件。 | - | + +##### FC测试标准 + +| **测试维度** | **检测项** | **评定标准** | **是否可选** | +| ------------ | ---------- | ------------------------------------------------------------ | ------------ | +| FC卡测试 | lun测试 | 获取可测试的磁盘阵列成功。 | - | +| FC卡测试 | 读写测试 | 裸盘顺序读写成功,裸盘随机读写成功,文件系统顺序读写成功,文件系统随机读写成功。 | - | + +##### GPU测试标准 + +| **测试维度** | **检测项** | **评定标准** | **是否可选** | +| ------------ | ------------ | ------------------------------------------------------ | ------------ | +| GPU测试 | GPU burn测试 | gpu-burn工具压力测试,nvidia-sim工具监测性能指标正常。 | - | +| GPU测试 | 样例测试 | 样例测试结果为PASS。 | - | + +### 测试步骤 + +#### 工具简介 + +为了解决欧拉技术测评过程中涉及的整机和板卡兼容性测试问题,基于《欧拉技术测评兼容性测试用例(整机&板卡)》 集成了oec-hardware测试工具。 此工具将根据《欧拉技术测评兼容性测试用例(整机&板卡)》提取为58个自动化测试用例,分为整机测试用例集和板卡测试用例集。 + +#### 环境要求 + +整机测试环境要求。 + +| **项目** | **要求** | +| -------- | ----------------------------------------------- | +| 整机数量 | 需要两台整机,业务网口互通。 | +| 硬件 | 至少有一张RAID卡和一张网卡(包括集成主板硬件)。 | +| 内存 | 建议满配。 | +| 操作系统 | openEuler系操作系统(支持dnf/yum/pip3)。 | + +板卡测试环境要求。 + +| **项目** | **要求** | +| ---------- | ------------------------------------------------------------ | +| 服务器型号 | Taishan200(Model 2280)、2288H V5或同等类型的服务器,对于x86_64服务器,icelake/cooperlake/cascade可任选一种,优选icelake。 | +| RAID卡 | 需要组raid,至少组raid0。 | +| NIC/IB卡 | 服务端和测试端需要分别插入一张同类型板卡,配置同网段IP,保证直连互通。 | +| FC卡 | 需要连接磁阵,至少组两个lun。 | +| 操作系统 | openEuler系操作系统(支持dnf/yum/pip3)。 | + +> #### 注意 +> +> - 部分测试用例会重启机器,请勿在生产环境安装和执行测试工具。 +> - 工具安装过程需要从外网下载代码和依赖包,请确保网络连接正常(如无法连接外网,需要下载相关依赖并进行安装)。 +> - 工具日志默认存放在/usr/share,请确保目录剩余空间足够。 +> + +#### 工具安装 + +客户端: + +1. 配置 openEuler 官方 repo 中对应版本的 everything 和 update 源,使用 dnf 安装客户端 oec-hardware。 + + ```shell + dnf install oec-hardware + ``` + +2. 输入 `oech` 命令,可正常运行,则表示安装成功。 + +服务端: + +1. 配置 openEuler 官方 repo 中对应版本的 everything 和 update 源,使用 dnf 安装服务端 oec-hardware-server。 + + ```shell + dnf install oec-hardware-server + ``` + +2. 服务端 web 展示页面需要的部分组件系统本身不提供,需要使用 pip3 安装(请自行配置可用 pip 源)。 + + ```shell + pip3 install Flask Flask-bootstrap uwsgi + ``` + +3. 启动服务:本服务默认使用 8080 端口,同时搭配 nginx(默认端口 80)提供 web 服务,请确认端口未被占用。 + + ```shell + systemctl start oech-server.service + systemctl start nginx.service + ``` + +4. 关闭防火墙和 SElinux。 + + ```shell + systemctl stop firewalld + iptables -F + setenforce 0 + ``` + +​#### 测试执行 + +- /usr/share/oech/kernelrelease.json 文件中列出了当前支持的所有系统版本,使用`uname -a` 命令确认当前系统内核版本是否属于框架支持的版本。 +- 框架默认会扫描所有网卡,对网卡进行测试前,请自行筛选被测网卡,并为其配置能够 ping 通服务端的IP。如果客户端对 InfiniBand 网卡进行测试,服务端也需要有一个 InfiniBand 网卡并提前配 IP 。建议不使用业务网口进行网卡测试。 +- 部分用例需要root权限,请使用root用户执行。 + +1. 启动测试工具 + + 在完成安装oec-hardware软件包的客户端执行 oech,填写ID、URL、Server配置项,ID 建议填写 gitee 上的 issue ID(注意:ID中不能带特殊字符)、URL建议填写产品链接。Server 需填写客户端可直接访问的服务器域名或 ip,用于展示测试报告和作网络测试的服务端。 + + ```shell + \# oech + The openEuler Hardware Compatibility Test Suite + Please provide your Compatibility Test ID: + Please provide your Product URL: + Please provide the Compatibility Test Server (Hostname or Ipaddr): + ``` + +2. 进入测试套选择界面 + + 在用例选择界面,框架将自动扫描硬件并选取当前环境可供测试的测试套,输入 edit 可以进入测试套选择界面。 + + - 板卡测试请选择对应的板卡测试项。 + - 整机测试建议测试全部类型的测试项,至少需要测试一张RAID卡和网卡,网卡测试选择一个网口即可,注意不要使用业务网口进行测试。 + + ```shell + These tests are recommended to complete the compatibility test: + + No. Run-Now? Status Class Device + 1 yes NotRun acpi + 2 yes NotRun clock + 3 yes NotRun cpufreq + 4 yes NotRun disk + 5 yes NotRun ethernet enp3s0 + 6 yes NotRun ethernet enp4s0 + 7 yes NotRun ethernet enp5s0 + 8 yes NotRun kdump + 9 yes NotRun memory + 10 yes NotRun perf + 11 yes NotRun system + 12 yes NotRun usb + 13 yes NotRun watchdog + Ready to begin testing? (run\|edit\|quit) + ``` + + 1. 选择测试套 + + all\|none 分别用于 全选\|全取消(必测项 system 不可取消,多次执行成功后 system 的状态会变为Force),数字编号可选择测试套,每次只能选择一个数字,按 enter 之后 no 变为 yes,表示已选择该测试套。 + + 2. 开始测试 + + 选择完成后输入 run 开始测试。 + + 3. 上传测试结果 + + 测试完成后可以上传测试结果到安装oec-hardware-server软件包的服务端,便于展示结果和日志分析。如果上传失败,请检查网络配置,重新上传测试结果。 + + 4. 查看工具的测试日志 + + 客户端详细的测试日志路径为 /usr/share/oech/logs/oech-yyyymmddxxxx-xxxxxxx.tar 。 + + 5. 查看测试结果。 + + 测试结果上传到服务端后,在浏览器打开服务端 IP 地址,点击导航栏 Results 界面,找到对应的测试 id 进入,可看到具体的测试结果展示,包括环境信息和执行结果等。 + +## 操作系统 + +### 测试标准 + +经openEuler兼容性SIG组评定,OSV商用发行版/企业自用版技术测评的测试方案如下。 + +| **测试维度** | **检测项** | **检测点描述** | **评定标准** | **是否可选** | +| ------------ | --------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------ | +| 工具检测 | 核心包 | 核心包一致性比例 | 名称、小版本完全一致,核心包包括核心包内容一致性,内核、gcc、glibc、qemu、docker、openJDK、systemd、openssh、lvm2、busybox、initscripts核心模块一致性,JDK如果没有,则不会纳入比较项。 | 必选 | +| 工具检测 | 软件包 | L1/L2 软件包一致性比例 | L1 100%兼容,L2 95%以上兼容,参考社区等级清单定义(附上链接)。 | 必选 | +| 工具检测 | 内核KABI接口 | OSV内核KABI接口白名单与openEuler内核KABI接口白名单一致性比例 | 内核-KABI白名单 90%以上兼容。 | 可选 | +| 工具检测 | 用户态ABI接口 | OSV软件包ABI接口与openEuler软件包ABI一致性比例 | L1 100%兼容,L2 95%以上兼容,参考社区等级清单定义。 | 必选 | +| 工具检测 | Service默认配置 | OSV软件包Service文件与openEuler软件包Service文件一致性比例 | 全量默认配置一致性90%以上。 | 可选 | +| 工具检测 | 软件包默认配置 | OSV软件包配置文件与openEuler软件包配置文件一致性比例 | 全量默认配置一致性90%以上,目前对于OSV厂商新增的配置,不会作为差异比较。 | 可选 | +| 工具检测 | 内核特性配置 | 内核特性配置 | 内核关键配置一致性,达90%以上。 | 必选 | +| 平台验证 | 仓库 | EPOL仓/软件所仓库在OSV版本上安装成功比例 | 仓库复用度90%以上。 | 必选 | +| 平台验证 | 基本功能 | 社区AT用例运行结果 | 社区AT用例运行结果100%通过。 | 必选 | +|平台验证 | 基础性能 | 基础性能测试结果 | 性能浮动5%以内。 | 必选 | +| 平台验证 | 运行时默认配置 | 运行时默认配置 | 全量运行时默认配置一致性90%以上。 | 可选 | + +### 测试步骤 + +#### 工具简介 + +OECP工具比较2个ISO之间的静态差异,OECP工具需借助compass-ci才能比较2个ISO之间的动态差异。在测试完成后输出的OSV认证报告中,静态差异测试工具检测的检测项,动态差异才包括平台验证的检测项。 + +#### 环境要求 + +| **项目** | **要求** | +| -------- | ------------------------------------------------------------ | +| 服务器 | 当前支持Kunpeng和X86等多个底座,有其他平台的适配需求欢迎提交issue。 | +| 操作系统 | openEuler系操作系统。 | +| 依赖软件 | python3-devel,sqlite,libabigail,japi-compliancechecker,安装方法见工具安装。 | + +> #### 注意 +> +> - 请勿在生产环境安装和执行测试工具 +> - 工具安装过程需要从外网下载代码和依赖包,请确保网络连接正常(如无法连接外网,需要将gem相关依赖完全离线并进行安装)。 +> - 工具默认安装在当前目录,请确保目录剩余空间足够。 +> + +#### 工具安装 + +1. 安装依赖。 + + ```shell + yum install -y python3-devel sqlite libabigail-devel python3-pip + pip3 install pyyaml + git clone https://github.com/lvc/japi-compliance-checker.git + cd japi-compliance-checker + make install prefix=/usr + ``` + + 安装结果检测。 + + ```shell + japi-compliance-checker -test + ``` + + ![](figures/805b547fdd5f083ec5bdaf14f70c8709.png) + +2. 工具安装。 + + ```shell + git clone + cd oecp + pip3 install -r requirement + ``` + +​#### 测试执行 + +1. 执行测试。 + + ```shell + python3 cli.py file1 file2 + ``` + + > 说明: + > + > - file1: 基准ISO + > - file2: 待测评的ISO + +2. 查看结果。 + + 在结果文件osv_data_summary.xlsx中查看测试结果。 + + ![](figures/a0edd4aec65418587c8b47c16e4ef274.png) + +# 平台操作指导 + +[4.1 用户注册](#用户注册登录) + +[4.2 企业认证](#访问技术测评平台) + +[4.3 测评申请](#测评申请) + +[4.4 测评审批](#测评审批) + +[4.5 证书签发](#证书签发) + +## 用户注册登录 + +### 访问技术测评平台 + +在浏览器地址栏输入: 进行访问,填写如下信息。 + +![](figures/72287e9eac379e88d9f6e70a0fd0a82a.png) + +- 如已完成帐号注册,可在①处填写帐号密码登录平台。 + +- 如未注册帐号,需点击②处进行帐号注册,详见[注册帐号](#注册帐号)。 + +### 注册帐号 + +注册页面填写手机号进行注册,并且需同意《openEuler隐私声明》和《兼容性协议》。 + +![](figures/b8746f18193a74d78e134e48fe305a0c.png) + +完成注册后会自动登录进平台,如下图。 + +![](figures/fff3093b3569cfe731087db579cf95df.png) + +## 完善个人信息 + +### 完善平台个人信息 + +首次登录时请先完善个人信息,点击页面右上角 “用户名(注册时填写的用户名)” -\> “帐号中心”。 + +![](figures/171f947111911ab0e662e2d7d802c86a.png) + +![](figures/c13a837bb42a395df9865931ebcf23ab.png) + +点击修改,进入编辑界面,完善邮箱信息。 + +> 说明:邮箱后续和CLA邮箱关联,建议填写企业邮箱 + +![](figures/acd692cfed9c6c69b6130831b3cc0d64.png) + +### 签署CLA + +点击首页的“CLA签署”或者访问“ + +![](figures/1ba51dfdafc88634029eea1fb0337f4f.png) + +如果作为企业的员工进行技术测评,建议在公司政策允许情况下,签署“员工CLA”。进入签署页面后,需填写Gitee帐号(用于后续欧拉相关仓库相关活动)、邮箱帐号(必须和测评平台的邮箱帐号一致)、姓名。 + +## 企业认证 + +在“个人中心”点击左下的“企业信息”,如下图。 + +![](figures/d28d66a605aa980563a72f07c0220bae.png) + +点击“企业实名认证”进入提交页面,如下图。 + +![](figures/4dfbf191b6d574d05b925f2a72ff1a26.png) + +需提交企业LOGO(透明底)、工商注册国家/地区、企业邮箱、上传营业执照。 + +> 说明:自动提取有一定的失败率,提取后请再次确认。确认无误后,点击“提交”完成企业认证。系统会自动根据提交的信息,确认企业信息是否有效。 +> + +## 测评申请 + +伙伴访问技术测评平台(, 根据提示,完善方案信息和测试环境信息。 + +![](figures/0690939843730385b79e4cd21d504059.png) + +欧拉兼容性技术测评要求适配多算力平台,因此,此处的算力平台需至少选择两个算力平台。 + +完善提交后,自动返回主页面,可在“测评申请”列表查看到对应的方案,点击方案,进入详情页查看方案详情和各个阶段的处理人。 + +![](figures/5af0166ab06e30d2483ef6f442811cd1.png) + +## 测评审批 + +### 提交测试报告 + +提交测评申请后,会由社区的相关负责人进行方案的审批。 + +- 如果审批不通过,方案会驳回到提交人,此时提交人需查看驳回原因,修改后重新提交。 +- 如果通过,则进入测试阶段,此时提交人需根据欧拉兼容性技术测评标准对方案进行测试,并提交测试报告。 + +![](figures/68d556565c59f7819326a9b6a1c364a5.png) + +上传后,创新中心及社区负责人会对测试报告进行审核,通过审核后,即可进入证书签发的流程,社区负责人对证书信息进行初审,确认证书信息与实际测试内容一致后通过审核,由伙伴进行证书确认。 + +### 证书确认 + +在openEuler社区和创新中心报告评审通过后,社区会进行证书初审,初审通过后,申请人需要进行证书确认,如下图所示: + +![](figures/c2a52ef70ae2b9ada562a623a492c64f.png) + +申请人需要确认证书上软件的信息、测试环境信息等是否准确无误,确认准确无误后,需上传伙伴的签名/签章(透明底),用于后续证书生成。 + +申请人也可以点击“证书预览”,查看证书预览页面。 + +确认证书信息无误并且上传签名/签章后,点击提交即可。 + +## 证书签发 + +### openEuler社区签发证书 + +申请人确认证书信息无误并上传签名/签章后,openEuler社区对证书的内容一致性和正确性进行最终审核,确认无误后,进行证书签发 + +![](figures/2345e6304c11c1f08232890ef4c3fe06.png) + +### 发布兼容性清单 + +证书签发后,兼容性信息会自动发布到openEuler官网兼容性清单( + +# 附录 + +## 修改商业软件测试安装和卸载命令 + +1. 修改安装命令 + + ```shell + vi $LKP_PATH/tests/compatibility-test + ``` + + 修改72行的安装命令,将安装命令的执行结果保存到变量a中 + + 下面76行将出现"error"报错识别为失败,如安装过程失败提示非"error"字样,请根据实际情况修改。 + + ![](figures/222ce6304c11c1f08232890ef4c3fe06.png) + +2. 修改卸载命令 + + ```shell + vi $LKP_PATH/tests/compatibility-test + ``` + + 修改208行的卸载命令,如无出现报错,即认为修改成功 + + ![](figures/ec46ba2ca4b8f9b57c5c5f0d97ec2482.png) diff --git a/package.json b/package.json new file mode 100644 index 0000000000000000000000000000000000000000..909a6f70df873bedaef61403ce6b5ec24ad3dd5e --- /dev/null +++ b/package.json @@ -0,0 +1,16 @@ +{ + "name": "website-v2", + "version": "0.0.1", + "description": "", + "main": "index.js", + "scripts": { + "dev": "vuepress dev docs", + "build": "vuepress build docs" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + "vuepress": "^1.5.2" + } +} diff --git a/score_admins.yaml b/score_admins.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8f9d3d3db444b1f467dac6a606952d16d70875de --- /dev/null +++ b/score_admins.yaml @@ -0,0 +1,10 @@ +score_admins: + amy_mayun + zhangcuihong + lanlanbenming + rachel_123456 + hebin03 + xuewenzhen + hujunjune + echo10111111 + kklover. \ No newline at end of file